urlscan.io logo urlscan.io
SecurityTrails logo

reurl.cc Open in urlscan Pro
35.229.143.32  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://web.alipearlhair.com/dhKS_JSq#Conditions
Effective URL: https://reurl.cc/k8qxzL
Submission: On December 06 via api from FR — Scanned from ES
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 85 IPs in 11 countries across 63 domains to perform 400 HTTP transactions. The main IP is 35.229.143.32, located in Taipei, Taiwan and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is reurl.cc. The Cisco Umbrella rank of the primary domain is 313900.
TLS certificate: Issued by E7 on October 30th 2025. Valid for: 3 months.
This is the only time reurl.cc was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 170.106.34.222 132203 (TENCENT-N...)
7 35.229.143.32 396982 (GOOGLE-CL...)
2 2a04:4e42::485 54113 (FASTLY)
2 151.101.1.55 54113 (FASTLY)
3 2a00:1450:400... 15169 (GOOGLE)
42 2600:9000:208... 16509 (AMAZON-02)
2 203.74.221.1 131660 (CHTCDN Da...)
15 142.250.186.130 15169 (GOOGLE)
14 157.240.0.6 32934 (FACEBOOK)
6 2600:9000:208... 16509 (AMAZON-02)
4 107.178.241.176 396982 (GOOGLE-CL...)
4 157.240.0.35 32934 (FACEBOOK)
19 35.75.180.237 16509 (AMAZON-02)
6 2a00:1450:400... 15169 (GOOGLE)
2 35.185.136.122 396982 (GOOGLE-CL...)
6 18.66.122.129 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
3 216.58.206.72 15169 (GOOGLE)
2 142.250.185.67 15169 (GOOGLE)
6 116.50.36.71 18046 (DONGFONG-...)
12 13.159.234.135 16509 (AMAZON-02)
6 34.95.67.231 396982 (GOOGLE-CL...)
6 54.238.82.241 16509 (AMAZON-02)
38 203.75.214.136 3462 (HINET Dat...)
6 12 35.201.76.93 396982 (GOOGLE-CL...)
9 20 142.250.184.226 15169 (GOOGLE)
6 35.227.249.156 396982 (GOOGLE-CL...)
2 2a03:2880:f17... 32934 (FACEBOOK)
3 2001:4860:480... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 34.102.146.192 396982 (GOOGLE-CL...)
1 13.226.244.20 16509 (AMAZON-02)
1 34.96.70.87 396982 (GOOGLE-CL...)
3 2a02:2638:3::28 44788 (ASN-CRITE...)
3 2a00:1450:400... 15169 (GOOGLE)
1 1 54.171.119.250 16509 (AMAZON-02)
1 35.71.131.137 16509 (AMAZON-02)
1 3.122.214.165 16509 (AMAZON-02)
1 1 2a04:4e42::300 54113 (FASTLY)
6 2a03:2880:f08... 32934 (FACEBOOK)
12 35.201.76.198 396982 (GOOGLE-CL...)
2 142.250.186.174 15169 (GOOGLE)
3 6 35.190.36.98 396982 (GOOGLE-CL...)
3 3 172.104.64.149 63949 (AKAMAI-LI...)
1 210.59.219.34 3462 (HINET Dat...)
1 103.132.192.30 138552 (RTBHOUSE-...)
1 2 2a02:2638:3::d 44788 (ASN-CRITE...)
1 2a02:2638:3::27 44788 (ASN-CRITE...)
1 6 35.214.168.80 19527 (GOOGLE-2)
2 34.111.60.239 396982 (GOOGLE-CL...)
11 2a00:1450:400... 15169 (GOOGLE)
24 142.251.140.162 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 34.111.133.51 396982 (GOOGLE-CL...)
1 178.250.1.12 44788 (ASN-CRITE...)
4 142.250.185.98 15169 (GOOGLE)
2 142.250.185.129 15169 (GOOGLE)
8 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 172.67.222.174 13335 (CLOUDFLAR...)
1 188.114.97.3 13335 (CLOUDFLAR...)
1 192.0.78.24 2635 (AUTOMATTIC)
1 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 65.8.131.76 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
2 142.250.185.228 15169 (GOOGLE)
2 142.250.186.162 15169 (GOOGLE)
3 5 104.18.26.193 13335 (CLOUDFLAR...)
1 216.58.206.38 15169 (GOOGLE)
4 2.17.100.193 20940 (AKAMAI-AS...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 1 80.82.210.217 24961 (MYLOC-AS ...)
1 174.137.133.49 27257 (WEBAIR-IN...)
1 108.128.35.4 16509 (AMAZON-02)
1 100.24.190.87 14618 (AMAZON-AES)
2 2 76.223.111.18 16509 (AMAZON-02)
1 1 208.93.169.131 46244 (WEBMD-IDC...)
1 1 2620:1ec:50::12 8075 (MICROSOFT...)
2 2 134.122.57.34 14061 (DIGITALOC...)
1 1 34.206.232.238 14618 (AMAZON-AES)
1 1 69.173.144.165 26667 (RUBICONPR...)
1 1 54.246.85.69 16509 (AMAZON-02)
1 89.149.193.84 60781 (LEASEWEB-...)
1 1 35.214.236.30 19527 (GOOGLE-2)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 52.222.136.120 16509 (AMAZON-02)
2 142.250.185.130 15169 (GOOGLE)
1 216.239.36.181 15169 (GOOGLE)
1 216.239.32.36 15169 (GOOGLE)
1 18.244.18.94 16509 (AMAZON-02)
2 18.202.153.236 16509 (AMAZON-02)
2 2600:9000:264... 16509 (AMAZON-02)
1 65.9.175.36 16509 (AMAZON-02)
3 130.211.115.4 396982 (GOOGLE-CL...)
400 85
1    170.106.34.222 (Ashburn, United States)

ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)
web.alipearlhair.com
7    35.229.143.32 (Taipei, Taiwan)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 32.143.229.35.bc.googleusercontent.com
reurl.cc
2    2a04:4e42::485 (United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
2    151.101.1.55 (United States)

ASN54113 (FASTLY, US)
anymind360.com
3    2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
42    2600:9000:208a:8000:0:e06c:e940:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.holmesmind.com
2    203.74.221.1 (New Taipei City, Taiwan)

ASN131660 (CHTCDN Data Communication Business Group, TW)
PTR: 203-74-221-1.hinet-ip.hinet.net
ad-specs.guoshipartners.com
15    142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net
securepubads.g.doubleclick.net
14    157.240.0.6 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-fra3.fbcdn.net
connect.facebook.net
static.xx.fbcdn.net
scontent.xx.fbcdn.net
6    2600:9000:208a:b400:0:e06c:e940:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.holmesmind.com
4    107.178.241.176 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 176.241.178.107.bc.googleusercontent.com
onead.onevision.com.tw
4    157.240.0.35 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-02-fra3.facebook.com
www.facebook.com
19    35.75.180.237 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-75-180-237.ap-northeast-1.compute.amazonaws.com
ad.holmesmind.com
6    2a00:1450:4001:81d::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fundingchoicesmessages.google.com
www.google-analytics.com
2    35.185.136.122 (Taipei, Taiwan)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 122.136.185.35.bc.googleusercontent.com
re-news.tw
6    18.66.122.129 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-129.fra60.r.cloudfront.net
tracking-client.91app.com
4    2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
analytics.google.com
4    2a00:1450:400c:c06::9d (Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
3    216.58.206.72 (United States)

ASN15169 (GOOGLE, US)
PTR: lhr35s11-in-f8.1e100.net
www.googletagmanager.com
2    142.250.185.67 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f3.1e100.net
www.google.co.in
6    116.50.36.71 (Taiwan)

ASN18046 (DONGFONG-TW DongFong Technology Co. Ltd., TW)
PTR: 116-50-36-71.dft.tw
cm.lndata.com
12    13.159.234.135 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-159-234-135.ap-northeast-1.compute.amazonaws.com
cm-dev-poc.holmesmind.com
6    34.95.67.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.67.95.34.bc.googleusercontent.com
fcm.holmesmind.com
6    54.238.82.241 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-238-82-241.ap-northeast-1.compute.amazonaws.com
fcm2.holmesmind.com
38    203.75.214.136 (Taipei, Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)
PTR: 203-75-214-136.hinet-ip.hinet.net
t.ssp.hinet.net
83a8eb42-6ef1-4f83-b0a8-8311ce7c1584.t.ssp.hinet.net
9f56552c-16c7-4550-86c4-b2f06a3a3997.t.ssp.hinet.net
12    35.201.76.93 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 93.76.201.35.bc.googleusercontent.com
c.holmesmind.com
20    142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net
cm.g.doubleclick.net
6    35.227.249.156 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 156.249.227.35.bc.googleusercontent.com
m.holmesmind.com
2    2a03:2880:f177:185:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
3    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
3    2a00:1450:4001:81d::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.es
1    34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com
oa.openxcdn.net
1    13.226.244.20 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-244-20.fra56.r.cloudfront.net
tags.crwdcntrl.net
1    34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com
invstatic101.creativecdn.com
3    2a02:2638:3::28 (France)

ASN44788 (ASN-CRITEO-EUROPE Criteo Technology SAS, FR)
static.criteo.net
3    2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com
cdn.ampproject.org
1    54.171.119.250 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-119-250.eu-west-1.compute.amazonaws.com
bcp.crwdcntrl.net
1    35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com
match.adsrvr.org
1    3.122.214.165 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-214-165.eu-central-1.compute.amazonaws.com
ps.eyeota.net
1    2a04:4e42::300 (United States)

ASN54113 (FASTLY, US)
trc.taboola.com
6    2a03:2880:f084:105:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
12    35.201.76.198 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 198.76.201.35.bc.googleusercontent.com
track.91app.io
2    142.250.186.174 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f14.1e100.net
fundingchoicesmessages.google.com
6    35.190.36.98 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 98.36.190.35.bc.googleusercontent.com
ad2.apx.appier.net
3    172.104.64.149 (Tokyo, Japan)

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: li1674-149.members.linode.com
gocm.c.appier.net
1    210.59.219.34 (Taichung, Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)
PTR: 210-59-219-34.hinet-ip.hinet.net
prebid.scupio.com
1    103.132.192.30 (Singapore)

ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG)
PTR: ip-103-132-192-30.rtbhouse.net
prebid-asia.creativecdn.com
2    2a02:2638:3::d (France)

ASN44788 (ASN-CRITEO-EUROPE Criteo Technology SAS, FR)
gumi.criteo.com
1    2a02:2638:3::27 (France)

ASN44788 (ASN-CRITEO-EUROPE Criteo Technology SAS, FR)
buy.criteo.com
6    35.214.168.80 (Groningen, Netherlands)

ASN19527 (GOOGLE-2, US)
PTR: 80.168.214.35.bc.googleusercontent.com
trace-eu.mediago.io
gtrace.mediago.io
2    34.111.60.239 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 239.60.111.34.bc.googleusercontent.com
images.mediago.io
11    2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
24    142.251.140.162 (United States)

ASN15169 (GOOGLE, US)
PTR: lcfraa-bt-in-f2.1e100.net
pagead2.googlesyndication.com
1    2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
1    34.111.133.51 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 51.133.111.34.bc.googleusercontent.com
cdn.mediago.io
1    178.250.1.12 (France)

ASN44788 (ASN-CRITEO-EUROPE Criteo Technology SAS, FR)
mug.criteo.com
4    142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net
ep1.adtrafficquality.google
2    142.250.185.129 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f1.1e100.net
082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
8    2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ep2.adtrafficquality.google
1    2606:4700::6812:5fe1 (None, )

ASN13335 (CLOUDFLARENET, US)
mma.prnasia.com
1    172.67.222.174 (Ascension Island)

ASN13335 (CLOUDFLARENET, US)
nearbymed.com
1    188.114.97.3 (Ascension Island)

ASN13335 (CLOUDFLARENET, US)
img.gbyhn.com.tw
1    192.0.78.24 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
creditcards.com.tw
1    2a06:98c1:3120::3 (None, )

ASN13335 (CLOUDFLARENET, US)
img.racingcharger.tw
1    65.8.131.76 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-8-131-76.fra60.r.cloudfront.net
static.wixstatic.com
2    2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com
2    142.250.185.228 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f4.1e100.net
www.google.com
2    142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net
googleads.g.doubleclick.net
5    104.18.26.193 (Ascension Island)

ASN13335 (CLOUDFLARENET, US)
dsum-sec.casalemedia.com
1    216.58.206.38 (United States)

ASN15169 (GOOGLE, US)
PTR: mil07s07-in-f6.1e100.net
ad.doubleclick.net
4    2.17.100.193 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a2-17-100-193.deploy.static.akamaitechnologies.com
servedby.flashtalking.com
1    2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
1    80.82.210.217 (Wuppertal, Germany)

ASN24961 (MYLOC-AS WIIT AG, DE)
dsp-cookie.adfarm1.adition.com
1    174.137.133.49 (Garden City, United States)

ASN27257 (WEBAIR-INTERNET, US)
dsp.adkernel.com
1    108.128.35.4 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-35-4.eu-west-1.compute.amazonaws.com
match.360yield.com
1    100.24.190.87 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-100-24-190-87.compute-1.amazonaws.com
sync.1rx.io
2    76.223.111.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com
eb2.3lift.com
1    208.93.169.131 (Amsterdam, Netherlands)

ASN46244 (WEBMD-IDC1-AS, US)
bh.contextweb.com
1    2620:1ec:50::12 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
2    134.122.57.34 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)
match.adsby.bidtheatre.com
1    34.206.232.238 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-206-232-238.compute-1.amazonaws.com
sync.srv.stackadapt.com
1    69.173.144.165 (Germany)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
1    54.246.85.69 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-246-85-69.eu-west-1.compute.amazonaws.com
ads.yieldmo.com
1    89.149.193.84 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 LeaseWeb Netherlands B.V., NL)
ssbsync.smartadserver.com
1    35.214.236.30 (Groningen, Netherlands)

ASN19527 (GOOGLE-2, US)
PTR: 30.236.214.35.bc.googleusercontent.com
csync.loopme.me
1    2a00:1450:4001:831::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s0.2mdn.net
1    2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    52.222.136.120 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-136-120.fra50.r.cloudfront.net
ajs-assets.ftstatic.com
2    142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net
ep1.adtrafficquality.google
1    216.239.36.181 (United States)

ASN15169 (GOOGLE, US)
analytics.google.com
1    216.239.32.36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
1    18.244.18.94 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-244-18-94.fra56.r.cloudfront.net
agen-assets.ftstatic.com
2    18.202.153.236 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-202-153-236.eu-west-1.compute.amazonaws.com
d9.flashtalking.com
2    2600:9000:2646:1e00:a:deb0:3380:93a1 (United States)

ASN16509 (AMAZON-02, US)
js.ad-score.com
1    65.9.175.36 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-175-36.fra60.r.cloudfront.net
cdn.flashtalking.com
3    130.211.115.4 (Council Bluffs, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 4.115.211.130.bc.googleusercontent.com
data.ad-score.com
Apex Domain
Subdomains		 Transfer
109 holmesmind.com
cdn.holmesmind.com — Cisco Umbrella Rank: 237692
ad.holmesmind.com — Cisco Umbrella Rank: 143825
cm-dev-poc.holmesmind.com — Cisco Umbrella Rank: 230074
fcm.holmesmind.com — Cisco Umbrella Rank: 295745
fcm2.holmesmind.com — Cisco Umbrella Rank: 280119
c.holmesmind.com — Cisco Umbrella Rank: 157999
m.holmesmind.com — Cisco Umbrella Rank: 264664
349 KB
42 googlesyndication.com
f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 202
pagead2.googlesyndication.com — Cisco Umbrella Rank: 126
082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com
193 KB
42 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 255
stats.g.doubleclick.net — Cisco Umbrella Rank: 159
cm.g.doubleclick.net — Cisco Umbrella Rank: 296
googleads.g.doubleclick.net — Cisco Umbrella Rank: 58
ad.doubleclick.net — Cisco Umbrella Rank: 150
329 KB
38 hinet.net
t.ssp.hinet.net — Cisco Umbrella Rank: 89836
83a8eb42-6ef1-4f83-b0a8-8311ce7c1584.t.ssp.hinet.net
9f56552c-16c7-4550-86c4-b2f06a3a3997.t.ssp.hinet.net
13 KB
17 google.com
fundingchoicesmessages.google.com — Cisco Umbrella Rank: 780
analytics.google.com — Cisco Umbrella Rank: 151
region1.analytics.google.com — Cisco Umbrella Rank: 3717
www.google.com — Cisco Umbrella Rank: 2
74 KB
14 adtrafficquality.google
ep1.adtrafficquality.google — Cisco Umbrella Rank: 334
ep2.adtrafficquality.google — Cisco Umbrella Rank: 343
86 KB
12 91app.io
track.91app.io — Cisco Umbrella Rank: 145118
2 KB
12 fbcdn.net
static.xx.fbcdn.net — Cisco Umbrella Rank: 865
scontent.xx.fbcdn.net — Cisco Umbrella Rank: 655
243 KB
9 mediago.io
trace-eu.mediago.io — Cisco Umbrella Rank: 15104
images.mediago.io — Cisco Umbrella Rank: 8476
cdn.mediago.io — Cisco Umbrella Rank: 9034
gtrace.mediago.io — Cisco Umbrella Rank: 2420
13 KB
9 appier.net
ad2.apx.appier.net — Cisco Umbrella Rank: 121001
gocm.c.appier.net — Cisco Umbrella Rank: 3048
3 KB
8 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 212
201 KB
7 flashtalking.com
servedby.flashtalking.com — Cisco Umbrella Rank: 898
d9.flashtalking.com — Cisco Umbrella Rank: 1672
cdn.flashtalking.com — Cisco Umbrella Rank: 1204
78 KB
7 reurl.cc
reurl.cc — Cisco Umbrella Rank: 313900
11 KB
6 lndata.com
cm.lndata.com — Cisco Umbrella Rank: 222357
2 KB
6 91app.com
tracking-client.91app.com — Cisco Umbrella Rank: 200848
17 KB
6 facebook.com
www.facebook.com — Cisco Umbrella Rank: 121
198 KB
6 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 36
898 KB
5 ad-score.com
js.ad-score.com — Cisco Umbrella Rank: 3498
data.ad-score.com — Cisco Umbrella Rank: 3007
291 KB
5 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 627
2 KB
4 criteo.com
gumi.criteo.com — Cisco Umbrella Rank: 50341
buy.criteo.com
mug.criteo.com — Cisco Umbrella Rank: 3902
8 KB
4 onevision.com.tw
onead.onevision.com.tw — Cisco Umbrella Rank: 165591
2 KB
3 criteo.net
static.criteo.net — Cisco Umbrella Rank: 1000
59 KB
3 google.es
www.google.es — Cisco Umbrella Rank: 25525
622 B
2 ftstatic.com
ajs-assets.ftstatic.com — Cisco Umbrella Rank: 1840
agen-assets.ftstatic.com — Cisco Umbrella Rank: 1478
33 KB
2 bidtheatre.com
match.adsby.bidtheatre.com — Cisco Umbrella Rank: 3353
1 KB
2 3lift.com
eb2.3lift.com — Cisco Umbrella Rank: 494
919 B
2 gstatic.com
www.gstatic.com
fonts.gstatic.com
65 KB
2 creativecdn.com
invstatic101.creativecdn.com — Cisco Umbrella Rank: 2208
prebid-asia.creativecdn.com — Cisco Umbrella Rank: 34260
3 KB
2 crwdcntrl.net
tags.crwdcntrl.net — Cisco Umbrella Rank: 1077
bcp.crwdcntrl.net — Cisco Umbrella Rank: 1101
13 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 57
21 KB
2 google.co.in
www.google.co.in — Cisco Umbrella Rank: 21114
126 B
2 re-news.tw
re-news.tw
27 KB
2 guoshipartners.com
ad-specs.guoshipartners.com — Cisco Umbrella Rank: 183614
25 KB
2 anymind360.com
anymind360.com — Cisco Umbrella Rank: 19502
174 KB
2 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 284
58 KB
1 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 447
490 B
1 loopme.me
csync.loopme.me — Cisco Umbrella Rank: 860
436 B
1 smartadserver.com
ssbsync.smartadserver.com — Cisco Umbrella Rank: 807
45 B
1 yieldmo.com
ads.yieldmo.com — Cisco Umbrella Rank: 725
757 B
1 rubiconproject.com
pixel.rubiconproject.com — Cisco Umbrella Rank: 437
644 B
1 stackadapt.com
sync.srv.stackadapt.com — Cisco Umbrella Rank: 708
1 KB
1 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 354
674 B
1 contextweb.com
bh.contextweb.com — Cisco Umbrella Rank: 738
1001 B
1 1rx.io
sync.1rx.io — Cisco Umbrella Rank: 530
44 B
1 360yield.com
match.360yield.com — Cisco Umbrella Rank: 2647
199 B
1 adkernel.com
dsp.adkernel.com — Cisco Umbrella Rank: 4850
233 B
1 adition.com
dsp-cookie.adfarm1.adition.com — Cisco Umbrella Rank: 2098
418 B
1 ampproject.org
cdn.ampproject.org — Cisco Umbrella Rank: 566
33 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 44
2 KB
1 wixstatic.com
static.wixstatic.com — Cisco Umbrella Rank: 6375
1010 KB
1 racingcharger.tw
img.racingcharger.tw
742 KB
1 creditcards.com.tw
creditcards.com.tw
47 KB
1 gbyhn.com.tw
img.gbyhn.com.tw
61 KB
1 nearbymed.com
nearbymed.com
14 KB
1 prnasia.com
mma.prnasia.com — Cisco Umbrella Rank: 491627
19 KB
1 scupio.com
prebid.scupio.com — Cisco Umbrella Rank: 109415
168 B
1 taboola.com
trc.taboola.com — Cisco Umbrella Rank: 749
546 B
1 eyeota.net
ps.eyeota.net — Cisco Umbrella Rank: 1030
354 B
1 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 419
149 B
1 openxcdn.net
oa.openxcdn.net — Cisco Umbrella Rank: 2436
8 KB
1 alipearlhair.com
web.alipearlhair.com
1 KB
0 adnxs.com Failed
ib.adnxs.com Failed
0 33across.com Failed
cdn-ima.33across.com Failed
400 63
Domain Requested by
48 cdn.holmesmind.com reurl.cc
cdn.holmesmind.com
ad.holmesmind.com
29 t.ssp.hinet.net cdn.holmesmind.com
t.ssp.hinet.net
25 pagead2.googlesyndication.com f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com
securepubads.g.doubleclick.net
pagead2.googlesyndication.com
082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
reurl.cc
ep2.adtrafficquality.google
googleads.g.doubleclick.net
f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com
20 cm.g.doubleclick.net 9 redirects reurl.cc
f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com
082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
19 ad.holmesmind.com cdn.holmesmind.com
reurl.cc
15 securepubads.g.doubleclick.net anymind360.com
securepubads.g.doubleclick.net
reurl.cc
12 track.91app.io tracking-client.91app.com
12 c.holmesmind.com 6 redirects cdn.holmesmind.com
12 cm-dev-poc.holmesmind.com cdn.holmesmind.com
11 tpc.googlesyndication.com f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com
082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com
11 static.xx.fbcdn.net www.facebook.com
static.xx.fbcdn.net
8 ep2.adtrafficquality.google securepubads.g.doubleclick.net
ep2.adtrafficquality.google
googleads.g.doubleclick.net
reurl.cc
8 83a8eb42-6ef1-4f83-b0a8-8311ce7c1584.t.ssp.hinet.net reurl.cc
t.ssp.hinet.net
8 connect.facebook.net reurl.cc
connect.facebook.net
fcm2.holmesmind.com
7 reurl.cc reurl.cc
6 ep1.adtrafficquality.google securepubads.g.doubleclick.net
ep2.adtrafficquality.google
reurl.cc
082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
6 ad2.apx.appier.net 3 redirects reurl.cc
6 m.holmesmind.com cdn.holmesmind.com
6 fcm2.holmesmind.com cdn.holmesmind.com
6 fcm.holmesmind.com cdn.holmesmind.com
6 cm.lndata.com cdn.holmesmind.com
6 tracking-client.91app.com cdn.holmesmind.com
6 fundingchoicesmessages.google.com securepubads.g.doubleclick.net
6 www.facebook.com reurl.cc
connect.facebook.net
static.xx.fbcdn.net
6 www.googletagmanager.com reurl.cc
www.googletagmanager.com
5 dsum-sec.casalemedia.com 3 redirects googleads.g.doubleclick.net
5 analytics.google.com www.googletagmanager.com
4 servedby.flashtalking.com 082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
reurl.cc
4 region1.analytics.google.com www.googletagmanager.com
4 stats.g.doubleclick.net www.googletagmanager.com
4 onead.onevision.com.tw ad-specs.guoshipartners.com
reurl.cc
3 data.ad-score.com js.ad-score.com
3 gtrace.mediago.io 1 redirects cdn.mediago.io
f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com
3 trace-eu.mediago.io reurl.cc
f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com
3 gocm.c.appier.net 3 redirects
3 static.criteo.net securepubads.g.doubleclick.net
cdn.holmesmind.com
3 www.google.es reurl.cc
2 js.ad-score.com ajs-assets.ftstatic.com
js.ad-score.com
2 d9.flashtalking.com ajs-assets.ftstatic.com
d9.flashtalking.com
2 match.adsby.bidtheatre.com 2 redirects
2 eb2.3lift.com 2 redirects
2 googleads.g.doubleclick.net 082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
pagead2.googlesyndication.com
2 www.google.com ep2.adtrafficquality.google
082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com
2 f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com securepubads.g.doubleclick.net
2 082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com securepubads.g.doubleclick.net
2 images.mediago.io f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com
2 gumi.criteo.com 1 redirects static.criteo.net
2 f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com securepubads.g.doubleclick.net
2 www.google-analytics.com reurl.cc
www.google-analytics.com
2 www.google.co.in reurl.cc
2 re-news.tw reurl.cc
2 ad-specs.guoshipartners.com reurl.cc
2 anymind360.com reurl.cc
2 cdn.jsdelivr.net reurl.cc
1 cdn.flashtalking.com reurl.cc
1 agen-assets.ftstatic.com ajs-assets.ftstatic.com
1 ajs-assets.ftstatic.com servedby.flashtalking.com
1 fonts.gstatic.com fonts.googleapis.com
1 s0.2mdn.net 082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
1 csync.loopme.me 1 redirects
1 ssbsync.smartadserver.com 082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
1 ads.yieldmo.com 1 redirects
1 pixel.rubiconproject.com 1 redirects
1 sync.srv.stackadapt.com 1 redirects
1 px.ads.linkedin.com 1 redirects
1 bh.contextweb.com 1 redirects
1 sync.1rx.io f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com
1 match.360yield.com f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com
1 dsp.adkernel.com f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com
1 dsp-cookie.adfarm1.adition.com 1 redirects
1 www.gstatic.com f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com
1 cdn.ampproject.org f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com
1 fonts.googleapis.com f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com
1 9f56552c-16c7-4550-86c4-b2f06a3a3997.t.ssp.hinet.net reurl.cc
1 ad.doubleclick.net 082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
1 static.wixstatic.com reurl.cc
1 img.racingcharger.tw reurl.cc
1 creditcards.com.tw reurl.cc
1 img.gbyhn.com.tw reurl.cc
1 nearbymed.com reurl.cc
1 mma.prnasia.com reurl.cc
1 mug.criteo.com reurl.cc
1 cdn.mediago.io f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com
1 buy.criteo.com static.criteo.net
1 prebid-asia.creativecdn.com cdn.holmesmind.com
1 prebid.scupio.com cdn.holmesmind.com
1 trc.taboola.com 1 redirects
1 ps.eyeota.net reurl.cc
1 match.adsrvr.org reurl.cc
1 bcp.crwdcntrl.net 1 redirects
1 invstatic101.creativecdn.com securepubads.g.doubleclick.net
1 tags.crwdcntrl.net securepubads.g.doubleclick.net
1 oa.openxcdn.net securepubads.g.doubleclick.net
1 scontent.xx.fbcdn.net www.facebook.com
1 web.alipearlhair.com 1 redirects
0 ib.adnxs.com Failed googleads.g.doubleclick.net
0 cdn-ima.33across.com Failed securepubads.g.doubleclick.net
400 97
Subject Issuer Validity Valid
reurl.cc
E7		 2025-10-30 -
2026-01-28		 3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2025 Q2		 2025-06-02 -
2026-07-04		 a year crt.sh
anymind360.com
R13		 2025-10-13 -
2026-01-11		 3 months crt.sh
*.google-analytics.com
WE2		 2025-10-27 -
2026-01-19		 3 months crt.sh
*.holmesmind.com
Go Daddy Secure Certificate Authority - G2		 2025-03-06 -
2026-04-07		 a year crt.sh
ad-specs.guoshipartners.com
Go Daddy Secure Certificate Authority - G2		 2025-01-08 -
2026-01-21		 a year crt.sh
*.g.doubleclick.net
WE2		 2025-10-27 -
2026-01-19		 3 months crt.sh
*.facebook.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2025-09-15 -
2025-12-14		 3 months crt.sh
*.onevision.com.tw
R13		 2025-12-01 -
2026-03-01		 3 months crt.sh
*.google.com
WE2		 2025-10-27 -
2026-01-19		 3 months crt.sh
re-news.tw
R12		 2025-12-04 -
2026-03-04		 3 months crt.sh
*.91app.com
Amazon RSA 2048 M04		 2025-07-25 -
2026-08-22		 a year crt.sh
*.google.co.in
WE2		 2025-10-27 -
2026-01-19		 3 months crt.sh
*.lndata.com
GeoTrust G5 TLS RSA4096 SHA384 2022 CA1		 2024-11-11 -
2025-12-12		 a year crt.sh
*.t.ssp.hinet.net
HiPKI OV TLS CA - G1		 2025-02-12 -
2026-02-12		 a year crt.sh
*.google.es
WE2		 2025-10-27 -
2026-01-19		 3 months crt.sh
oa.openxcdn.net
WR3		 2025-11-06 -
2026-02-04		 3 months crt.sh
*.crwdcntrl.net
Amazon RSA 2048 M04		 2025-08-09 -
2026-09-07		 a year crt.sh
invstatic101.creativecdn.com
WR3		 2025-12-06 -
2026-03-06		 3 months crt.sh
*.criteo.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2025-10-16 -
2026-01-18		 3 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2025-03-19 -
2026-04-02		 a year crt.sh
eyeota.net
GoGetSSL RSA DV CA		 2025-04-01 -
2026-05-02		 a year crt.sh
track.91app.io
WR3		 2025-10-28 -
2026-01-26		 3 months crt.sh
*.scupio.com
Sectigo RSA Organization Validation Secure Server CA		 2025-09-02 -
2026-10-03		 a year crt.sh
*.creativecdn.com
RapidSSL TLS RSA CA G1		 2025-04-17 -
2026-05-02		 a year crt.sh
*.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2025-11-14 -
2026-02-11		 3 months crt.sh
*.mediago.io
GeoTrust TLS RSA CA G1		 2024-12-17 -
2025-12-16		 a year crt.sh
images.mediago.io
WR3		 2025-12-04 -
2026-03-04		 3 months crt.sh
tpc.googlesyndication.com
WE2		 2025-10-27 -
2026-01-19		 3 months crt.sh
cdn.mediago.io
WR3		 2025-12-04 -
2026-03-04		 3 months crt.sh
adtrafficquality.google
WE2		 2025-10-27 -
2026-01-19		 3 months crt.sh
*.prnasia.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2025-10-21 -
2026-11-21		 a year crt.sh
nearbymed.com
WE1		 2025-11-14 -
2026-02-12		 3 months crt.sh
gbyhn.com.tw
WE1		 2025-10-29 -
2026-01-27		 3 months crt.sh
tls.automattic.com
E7		 2025-10-20 -
2026-01-18		 3 months crt.sh
racingcharger.tw
WE1		 2025-10-10 -
2026-01-08		 3 months crt.sh
*.wixstatic.com
R12		 2025-11-16 -
2026-02-14		 3 months crt.sh
*.doubleclick.net
WE2		 2025-10-27 -
2026-01-19		 3 months crt.sh
servedby.flashtalking.com
R13		 2025-10-29 -
2026-01-27		 3 months crt.sh
upload.video.google.com
WE2		 2025-10-27 -
2026-01-19		 3 months crt.sh
misc-sni.google.com
WE2		 2025-10-27 -
2026-01-19		 3 months crt.sh
*.gstatic.com
WE2		 2025-10-27 -
2026-01-19		 3 months crt.sh
*.adkernel.com
GlobalSign GCC R6 AlphaSSL CA 2023		 2025-01-22 -
2026-02-23		 a year crt.sh
*.360yield.com
Amazon RSA 2048 M03		 2025-03-29 -
2026-04-27		 a year crt.sh
*.1rx.io
Sectigo Public Server Authentication CA DV R36		 2025-06-23 -
2026-07-24		 a year crt.sh
*.smartadserver.com
DigiCert Global G3 TLS ECC SHA384 2020 CA1		 2025-01-09 -
2026-02-09		 a year crt.sh
*.ftstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2025-02-10 -
2026-03-11		 a year crt.sh
*.flashtalking.com
Amazon RSA 2048 M04		 2025-06-30 -
2026-07-29		 a year crt.sh
*.ad-score.com
Go Daddy Secure Certificate Authority - G2		 2025-09-06 -
2026-10-08		 a year crt.sh

This page contains 47 frames:

Primary Page: https://reurl.cc/k8qxzL
Frame ID: C5254E2E63EA90ABD23E1661A5123682
Requests: 72 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: E048CACD3B782E0D6026058797E36AF8
Requests: 16 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: EA0A84F59927A6E19F35B586EA8E152E
Requests: 10 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: 36150B94E3EE1A32F3D38865E0976D9F
Requests: 26 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: 365E8375501BEAB375E4546C29C37EBC
Requests: 8 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: AF7B6F4466471BC821EEFC5AF0151CE3
Requests: 9 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: 30436CD8C368BACC381B45DEEFD1AAD4
Requests: 16 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: C862999B2C98255A45C692A1167B7428
Requests: 8 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: C218EB9D1172B532F70017718C4E4C77
Requests: 11 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: EE0B9463D00CBA9CD3A7DEA3CC8A5545
Requests: 11 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: 03F705885029217A06C1D3BD7FB2BEAA
Requests: 11 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: 1E85EA519FED8E8317FF56860C5F39B6
Requests: 11 HTTP requests in this frame

Frame: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fhref%3Dhttps%253A%252F%252Fwww.facebook.com%252Freurl.cc%252F%26tabs%3Dtimeline%26width%3D340%26height%3D500%26small_header%3Dfalse%26adapt_container_width%3Dtrue%26hide_cover%3Dfalse%26show_facepile%3Dtrue%26appId
Frame ID: 0D74BC9EA31D619AD96D99F61BC5E7B0
Requests: 19 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: A7B2FA0D586B8B5428F7E2993DDF8A4A
Requests: 11 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: 358C23C75AA7E8A8938BC092C7B62669
Requests: 12 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: 96D51A356F01A5D9821B864CFED54FFE
Requests: 17 HTTP requests in this frame

Frame: https://cm-dev-poc.holmesmind.com/fp
Frame ID: A8394799422722F53B141C95734AEDB0
Requests: 1 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: 15A332D2C27A475E6CD1208E76AE43AA
Requests: 1 HTTP requests in this frame

Frame: https://cm-dev-poc.holmesmind.com/fp
Frame ID: 47D055CA266685643DE5D30A8C405D3E
Requests: 1 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: 7A90E6B14ED1740D8966A06BAB3C6286
Requests: 1 HTTP requests in this frame

Frame: https://cm-dev-poc.holmesmind.com/fp
Frame ID: 19077CF2949426E68C04F6C36A9293AB
Requests: 1 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: 77D8CFB944280A4674AB9DEF2D5B1D1B
Requests: 1 HTTP requests in this frame

Frame: https://cm-dev-poc.holmesmind.com/fp
Frame ID: F5641F00CD3A5808C390E801D577A34D
Requests: 1 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: DC9C7ED1FAE6A5153F1B0C4A6F25B253
Requests: 1 HTTP requests in this frame

Frame: https://cm-dev-poc.holmesmind.com/fp
Frame ID: A1B09372F55CBD584DA2364B4352AC43
Requests: 1 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: 728F4FB327E59222E103B88C2A986E68
Requests: 1 HTTP requests in this frame

Frame: https://cm-dev-poc.holmesmind.com/fp
Frame ID: 04FE53CCDFD3BF1C26A5A6B4294DABA6
Requests: 1 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: 9B170725883E7B47D0B2305DBC8FFBF9
Requests: 1 HTTP requests in this frame

Frame: https://f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Frame ID: 28367AC6A1EC058ACEAD6F0C128D5C4F
Requests: 1 HTTP requests in this frame

Frame: https://gumi.criteo.com/syncframe?origin=publishertagids&topUrl=reurl.cc&gdpr=0&gdpr_consent=
Frame ID: 8298D522F428C2B029353A13F9BB6ED8
Requests: 2 HTTP requests in this frame

Frame: https://f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Frame ID: 1AE95D2EE55ECF33D147119542C1A7F7
Requests: 17 HTTP requests in this frame

Frame: https://cdn.mediago.io/js/cookieSync.html?tn=41b6e88a2b85b0e731ef8e73e5558712
Frame ID: 1B01937657153AE304F22375BBD6F755
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: AECE62C341D5A2485F6960FE869FD850
Requests: 8 HTTP requests in this frame

Frame: https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Frame ID: D0785501E17D65A451E709F910AF9957
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 805D9D996E1B40187BF6F5CC072B63F4
Requests: 8 HTTP requests in this frame

Frame: https://f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Frame ID: EB4B38B75F1DD4F034BCE4C417EE5EC6
Requests: 1 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/237/runner.html
Frame ID: 3EFEEA8DA1279FCE33B8D81736BEA998
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 07874DB00774D270E3B3B1F85D58F616
Requests: 2 HTTP requests in this frame

Frame: https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Frame ID: 63CA34349C69F5275D265043255E0ABA
Requests: 39 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/237/runner.html
Frame ID: 49C8116703FD68D710951AC3C1F01069
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 0C20D252886BE283D2D38EE6C15F816C
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQ0-KBvxkYmYz_swIwAQ&v=APEucNUKmOKoS9x3ZOG2s_IkKSGzJbSm4sirrk-On8ZqMfeBYz7hY0IGTXMjNFVg6EVrSfAT7kTJvkKDjXHUYPOYEF8ayLzhe7i7eEsDLdpLpQiDbEI1awU
Frame ID: 7147A6B986392D99808FCC1B0BBCE4C3
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: AD401233B92C299AB38DAD9BF6BD9C2B
Requests: 9 HTTP requests in this frame

Frame: https://f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Frame ID: 870D5B335501C67362CDF54738FF2DF1
Requests: 15 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 297F428782E8C6DEA9195E36FF828BD6
Requests: 9 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/Klz6NWr5.html
Frame ID: 72BA829382C9186F3BD0DB2B6457B3E2
Requests: 3 HTTP requests in this frame

Frame: data://truncated
Frame ID: 4342B0E735884CB7910406AD380075C0
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Warning
This screenshot might contain NSFW content. Hover to show image.

Page Title

Meilleur IPTV Abonnement en France

Page URL History Show full URLs

  1. https://web.alipearlhair.com/dhKS_JSq HTTP 301
    https://reurl.cc/k8qxzL Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • (?:/([\d.]+))?/vue(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • tpc\.googlesyndication\.com/safeframe
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

400
Requests

89 %
HTTPS

29 %
IPv6

63
Domains

97
Subdomains

85
IPs

11
Countries

5424 kB
Transfer

16191 kB
Size

69
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://web.alipearlhair.com/dhKS_JSq HTTP 301
    https://reurl.cc/k8qxzL Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 73
  • https://c.holmesmind.com/cm HTTP 302
  • https://c.holmesmind.com/cm?tc=getIn&
Request Chain 74
  • https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined HTTP 302
  • https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_error=1
Request Chain 77
  • https://c.holmesmind.com/cm HTTP 302
  • https://c.holmesmind.com/cm?tc=getIn&
Request Chain 81
  • https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined HTTP 302
  • https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_error=1
Request Chain 84
  • https://c.holmesmind.com/cm HTTP 302
  • https://c.holmesmind.com/cm?tc=getIn&
Request Chain 88
  • https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined HTTP 302
  • https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_error=1
Request Chain 91
  • https://c.holmesmind.com/cm HTTP 302
  • https://c.holmesmind.com/cm?tc=getIn&
Request Chain 95
  • https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined HTTP 302
  • https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_error=1
Request Chain 98
  • https://c.holmesmind.com/cm HTTP 302
  • https://c.holmesmind.com/cm?tc=getIn&
Request Chain 102
  • https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined HTTP 302
  • https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_error=1
Request Chain 105
  • https://c.holmesmind.com/cm HTTP 302
  • https://c.holmesmind.com/cm?tc=getIn&
Request Chain 109
  • https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined HTTP 302
  • https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_error=1
Request Chain 150
  • https://bcp.crwdcntrl.net/map/c=15135/tp=ONEA/lac=y?https://onead.onevision.com.tw/v2/pixel/ltm?id=${profile_id} HTTP 302
  • https://onead.onevision.com.tw/v2/pixel/ltm?id=
Request Chain 153
  • https://trc.taboola.com/sg/onedata/1/cm HTTP 302
  • https://onead.onevision.com.tw/v2/pixel/taboola?id=ebd72884-67f8-4aad-b34f-2097f35f6c76-tuct102e4472
Request Chain 176
  • https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=vMMUgGyUAJGQDwox8740aQ
Request Chain 178
  • https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=Y3ErQzhmABW05hrf8740aQ
Request Chain 179
  • https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=QaZw5_zSD1q5FlFw8740aQ
Request Chain 247
  • https://gumi.criteo.com/sid/json?origin=publishertagids&domain=reurl.cc&sn=ChromeSyncframe&so=0&topUrl=reurl.cc&topicsavail=1&fledgeavail=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=bADyDHxsc3RBR0lsaldEODZmNUxJQ1NaT0s5UzRHajJpTVlHNVAwM2JtUlc4ckx6N2d5c3ZKM285amZMRXM1N2x1TDlhbHBVNnNpL212UlozcnRSTWRWeTROVWROZTVydnZkNnNCV1hNN3FsK2JVOERUbmExTTByWTVQaFlvMzNmTVJHaUkxdFc5alAyeHVDN0tGY3A5Vy9tVkdERnN2bXl0L2FOK3BJS0lhYlF2UndUbUFlcGZ0M3BmK1Z0bTAvR2ErcndxTnZwRXA5VEVTWGJqUkd6ak4reFdnRUpmOGhkRTJvbmFuWjd4QXk4cFpMb09aa0xxcFpaUTBHenFKT2dlQTM1THhvcFpwTzhiT0ZLdWpWTmFwUzVWcjBFU29SYVM3dG1zMTRaeHowaE9WMFN3bEgvKzcvaHJYdjIvTEFtaHcyTHw&cppv=2
Request Chain 323
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=0 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECP6kBWcRtj9s9HjtLX5FxI&google_cver=1&gdpr=0 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECP6kBWcRtj9s9HjtLX5FxI&google_cver=1&gdpr=0&C=1
Request Chain 324
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=0&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgdpr%3D0%26google_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&gdpr=0&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=casale_media2_dsp_secure&google_cm&google_hm=aTS.9bmqPysAJI.OAkxdfwAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECP6kBWcRtj9s9HjtLX5FxI&google_cver=1&gdpr=0&google_hm=2
Request Chain 325
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm&gdpr=0 HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEGEQq40hAOKjsJz0zFZZEaE&google_cver=1
Request Chain 356
  • https://dsp-cookie.adfarm1.adition.com/?ssp=2&google_gid=CAESEHM8v1s7sf6fPDuD5I87El0&google_cver=1&google_push=AXcoOmRM9wNTgCYF3on9QqNx3N9heMjYtOnBtCVpvkKFKdFxEGxaivJgJKZbjMq2lqWDp3QoIcL0dXIEOS1MMT6HGokkjdMn8oEh HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzU4MDg5NDAzNjU3NzgxMDc5Ng%3D%3D&google_push=AXcoOmRM9wNTgCYF3on9QqNx3N9heMjYtOnBtCVpvkKFKdFxEGxaivJgJKZbjMq2lqWDp3QoIcL0dXIEOS1MMT6HGokkjdMn8oEh
Request Chain 360
  • https://eb2.3lift.com/ebda?sync=1&google_gid=CAESED7iRGnc7HnDyhZ8FQTQ9JQ&google_cver=1&google_push=AXcoOmRlJZO_V5giOZwKCTk91-ULug_Fmgh7rIT1b8TBRUY-CBjzdio3MTsAvG0d3KcOhQUEFs5g_qxlED3GnH__PldtB4p5grJy HTTP 302
  • https://eb2.3lift.com/ebda?sync=1&google_gid=CAESED7iRGnc7HnDyhZ8FQTQ9JQ&google_cver=1&google_push=AXcoOmRlJZO_V5giOZwKCTk91-ULug_Fmgh7rIT1b8TBRUY-CBjzdio3MTsAvG0d3KcOhQUEFs5g_qxlED3GnH__PldtB4p5grJy&ld=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_push=AXcoOmRlJZO_V5giOZwKCTk91-ULug_Fmgh7rIT1b8TBRUY-CBjzdio3MTsAvG0d3KcOhQUEFs5g_qxlED3GnH__PldtB4p5grJy&google_hm=MTY2OTQ2ODQ1MzMwMzEzMDAzMzg0OQ%3D%3D
Request Chain 361
  • https://bh.contextweb.com/bh/rtset?pid=559960&gp=1&google_gid=CAESEISWxZCiH3JVZqS0vuqKzn4&google_cver=1&google_push=AXcoOmSigWQrt9UaiDeTSbli5xDpZDJPp1qEeZF7Z-B3q2wVH64bks3B0EltfRtUdBDElJlY_z3X_w65BJsHGrDcLl9KbGlRp5XAYQ HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pulsepoint_inc_&google_push=AXcoOmSigWQrt9UaiDeTSbli5xDpZDJPp1qEeZF7Z-B3q2wVH64bks3B0EltfRtUdBDElJlY_z3X_w65BJsHGrDcLl9KbGlRp5XAYQ&google_hm=dlp4YjJGNWRudG5u
Request Chain 362
  • https://gtrace.mediago.io/ju/cs/google?google_gid=CAESEAsyew6Hru920MAfbk6Jb_E&google_cver=1&google_push=AXcoOmTaBbsT8wsQSDiu_i7l-3RRs3jKCpNqoR1dTIqkqerZYwHmD9Lca2OLMx8Bg3HiF0RA70AsrQuQHU9WXwHqJ9IxuokoNOaM5Zc HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=AXcoOmTaBbsT8wsQSDiu_i7l-3RRs3jKCpNqoR1dTIqkqerZYwHmD9Lca2OLMx8Bg3HiF0RA70AsrQuQHU9WXwHqJ9IxuokoNOaM5Zc&google_hm=8df1d1e1917c925f2th64n00miuxsifq
Request Chain 364
  • https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESEJJanQJ9OSij_Au9vWNfM6c&google_cver=1&google_push=AXcoOmShGm-j2rr0vwu33fqqEAh-ppGS6-sGIgEEmon7_1mCdbBiclwOwnOZ7iVBQrCHU6ow5-tGHaeB-4bXbV6yNBIcDraemoR0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmShGm-j2rr0vwu33fqqEAh-ppGS6-sGIgEEmon7_1mCdbBiclwOwnOZ7iVBQrCHU6ow5-tGHaeB-4bXbV6yNBIcDraemoR0
Request Chain 365
  • https://match.adsby.bidtheatre.com/adxcookie?id=&google_gid=CAESEBM5_5JN1XlUxrsHktrjA-s&google_cver=1&google_push=AXcoOmS7QhhW2qUcuhKp7Cv3qRdlfbXif8oHkyEzqvNpfh3XYZrqjLEMZPHHHTjQKE362R-FQCnFlRmtRvdpjqVcJQYFdHbM7X7Fkg HTTP 302
  • https://match.adsby.bidtheatre.com/adxcookie?redirected=true&id=&google_gid=CAESEBM5_5JN1XlUxrsHktrjA-s&google_cver=1&google_push=AXcoOmS7QhhW2qUcuhKp7Cv3qRdlfbXif8oHkyEzqvNpfh3XYZrqjLEMZPHHHTjQKE362R-FQCnFlRmtRvdpjqVcJQYFdHbM7X7Fkg HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_push=AXcoOmS7QhhW2qUcuhKp7Cv3qRdlfbXif8oHkyEzqvNpfh3XYZrqjLEMZPHHHTjQKE362R-FQCnFlRmtRvdpjqVcJQYFdHbM7X7Fkg&google_hm=NGUzZTQ3MTQtZjVjNy00OTFjLTgzZGUtMWIzN2Q1MmIzZWIz&google_nid=bt
Request Chain 366
  • https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESELqiVo9Z9bL6Y-V3yhsrl8c&google_cver=1&google_push=AXcoOmSpzsMJvlYjEBqUd8xNkilrQ3ZbP_s9dvW4PNrjTrypsFE_JESl-pXot_YSMHyzRYfBzlKCfMb_pHpsfUz-rHXLb2E5pYiW HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=8KdvP_-eW7ZmeaS9SmwNHLm8PfQ&google_push=AXcoOmSpzsMJvlYjEBqUd8xNkilrQ3ZbP_s9dvW4PNrjTrypsFE_JESl-pXot_YSMHyzRYfBzlKCfMb_pHpsfUz-rHXLb2E5pYiW
Request Chain 367
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_push=AXcoOmQdl7BkpFhVtRDeMULBmQ6JGxIv3WqJ7e_44dr2ulqzZoInrDNlDflOX_6GlbgiTjnZrC-IaXgalqal70owcmFC1QMBjaauYw&google_gid=CAESEFOu9E9c3LJfq8JUmrhg90s&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TUlVWFNLSFQtMUotRktIOQ==&google_push=AXcoOmQdl7BkpFhVtRDeMULBmQ6JGxIv3WqJ7e_44dr2ulqzZoInrDNlDflOX_6GlbgiTjnZrC-IaXgalqal70owcmFC1QMBjaauYw
Request Chain 368
  • https://ads.yieldmo.com/exptsync?google_gid=CAESECWyUsp7_HsJ8iH9il9sfcE&google_cver=1&google_push=AXcoOmSDeB8rRoW1O828htidrm4-XfgyV8-fA4pA5aYj3M81rKUHmVz9SEaUIHJJ0Y3u5b0cYTdhbx4GsE6ZFVGdP6z4axZRCx5Mng HTTP 302
  • https://cm.g.doubleclick.net/pixel?process_consent=T&google_nid=yieldmo&google_push=AXcoOmSDeB8rRoW1O828htidrm4-XfgyV8-fA4pA5aYj3M81rKUHmVz9SEaUIHJJ0Y3u5b0cYTdhbx4GsE6ZFVGdP6z4axZRCx5Mng&google_hm=eHpobVZlZWtpeGVQVldubEY3RWY=
Request Chain 370
  • https://csync.loopme.me/?pubid=11537&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_109}&redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dloopme_eb_%26google_hm%3D{viewer_token}&google_gid=CAESEI0F8EjvpvzoZJJcwIcEtk4&google_cver=1&google_push=AXcoOmTqYyzXB5kFInKXnjwVFLVZkE8jVFDtLBH7PUwXBW7lt6fdqX8vhR3lG_hJhFot4lLhjIyl_Yuk8GSU5mMMh6azzI55PUroGoY HTTP 307
  • https://cm.g.doubleclick.net/pixel?google_nid=loopme_eb_&google_hm=14e7f6ac-8498-4f38-8fd4-d3637d662a37&google_cver=1&google_gid=CAESEI0F8EjvpvzoZJJcwIcEtk4&gdpr_consent=${GDPR_CONSENT_109}&google_push=AXcoOmTqYyzXB5kFInKXnjwVFLVZkE8jVFDtLBH7PUwXBW7lt6fdqX8vhR3lG_hJhFot4lLhjIyl_Yuk8GSU5mMMh6azzI55PUroGoY&gdpr=${GDPR} HTTP 302
  • https://s0.2mdn.net/dot.gif?gdpr_consent=${GDPR_CONSENT_109}&gdpr=${GDPR}&google_error=1

400 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request k8qxzL
reurl.cc/
Redirect Chain
  • https://web.alipearlhair.com/dhKS_JSq
  • https://reurl.cc/k8qxzL
16 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://reurl.cc/k8qxzL
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
35.229.143.32 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.143.229.35.bc.googleusercontent.com
Software
nginx/1.22.1 /
Resource Hash
327f7d71b98a7d85095eb5d8fd4a3c451e1373df4a95e06aee097399dc939356

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Date
Sat, 06 Dec 2025 23:40:29 GMT
Server
nginx/1.22.1
Transfer-Encoding
chunked

Redirect headers

cache-control
no-cache
content-type
text/html; charset=UTF-8
date
Sat, 06 Dec 2025 23:40:27 GMT
location
https://reurl.cc/k8qxzL
server
nginx
strict-transport-security
max-age=31536000
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/ 		152 KB
26 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/bootstrap.min.css
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"2606e-bhA1SChFSJj9qA9V897LNH/Z7SE"
age
2809416
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT, HIT
date
Sat, 06 Dec 2025 23:40:29 GMT
content-type
text/css; charset=utf-8
x-served-by
cache-fra-etou8220110-FRA, cache-mad22028-MAD
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
25648
x-jsd-version
4.3.1
style.css
reurl.cc/asset/stylesheets/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://reurl.cc/asset/stylesheets/style.css?v=1
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
35.229.143.32 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.143.229.35.bc.googleusercontent.com
Software
nginx/1.22.1 /
Resource Hash
351966dece7214af3b43d9a94f07c1c936176ad5dd81f0bbe1f6b319b4cd96d1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/k8qxzL

Response headers

Transfer-Encoding
chunked
Cache-Control
max-age=604800
Content-Encoding
gzip
ETag
W/"69159a16-16bb"
Connection
keep-alive
Expires
Sat, 13 Dec 2025 23:40:29 GMT
Date
Sat, 06 Dec 2025 23:40:29 GMT
Content-Type
text/css
Last-Modified
Thu, 13 Nov 2025 08:43:02 GMT
Server
nginx/1.22.1
Vary
Accept-Encoding
ats.js
anymind360.com/js/9479/ 		380 KB
114 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://anymind360.com/js/9479/ats.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.55 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
a7c26694861bbd926c7d903f707b406aa8eaa6a5065a3acb6c8e0028e8eaee6e
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-goog-metageneration
1
access-control-expose-headers
Content-Type
content-encoding
gzip
x-goog-hash
crc32c=+l4scw==, md5=RPhira7MebZTO3yL8IH51w==
etag
"44f862adaecc79b6533b7c8bf081f9d7"
age
89560
x-goog-stored-content-encoding
gzip
expires
Fri, 05 Dec 2025 22:47:50 GMT
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-goog-stored-content-length
115683
x-cache
HIT, HIT
date
Sat, 06 Dec 2025 23:40:29 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Tue, 23 Sep 2025 04:37:48 GMT
x-served-by
cache-tyo11968-TYO, cache-toj-leto2350045-TOJ
x-cache-hits
699, 0
x-guploader-uploadid
AOCedOEBypisPU4nuGn5AvPoahXoSvH_TUV7b8_c1svMWIOd_m7hdAyaIzdrvhXtM6TyUYDaekOf4MM
strict-transport-security
max-age=31557600
vary
Accept-Encoding
cache-control
max-age=1200
x-goog-storage-class
STANDARD
x-timer
S1765064430.883402,VS0,VE2
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1758602268219650
content-length
115683
server
UploadServer
clickforce_anchor.js
reurl.cc/asset/javascripts/common/ 		1 KB
907 B 		Script
General
Check archive.org
Download Go to
Full URL
https://reurl.cc/asset/javascripts/common/clickforce_anchor.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
35.229.143.32 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.143.229.35.bc.googleusercontent.com
Software
nginx/1.22.1 /
Resource Hash
873b90cdbff7dcb26e9ea34c647a5d15e83daecca768a816619dd38a503c09b5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/k8qxzL

Response headers

Transfer-Encoding
chunked
Cache-Control
max-age=604800
Content-Encoding
gzip
ETag
W/"687f3443-4bf"
Connection
keep-alive
Expires
Sat, 13 Dec 2025 23:40:31 GMT
Date
Sat, 06 Dec 2025 23:40:31 GMT
Content-Type
application/javascript
Last-Modified
Tue, 22 Jul 2025 06:48:35 GMT
Server
nginx/1.22.1
Vary
Accept-Encoding
pixel.js
reurl.cc/asset/javascripts/common/ 		470 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://reurl.cc/asset/javascripts/common/pixel.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
35.229.143.32 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.143.229.35.bc.googleusercontent.com
Software
nginx/1.22.1 /
Resource Hash
6e9ab8ab1d57a0695a66577e348ae4343e1a92f70cb4835a52c4863f11114037

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/k8qxzL

Response headers

Cache-Control
max-age=604800
ETag
"680babe3-1d6"
Connection
keep-alive
Expires
Sat, 13 Dec 2025 23:40:31 GMT
Accept-Ranges
bytes
Content-Length
470
Date
Sat, 06 Dec 2025 23:40:31 GMT
Content-Type
application/javascript
Last-Modified
Fri, 25 Apr 2025 15:36:03 GMT
Server
nginx/1.22.1
ga.js
reurl.cc/asset/javascripts/common/ 		566 B
888 B 		Script
General
Check archive.org
Download Go to
Full URL
https://reurl.cc/asset/javascripts/common/ga.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
35.229.143.32 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.143.229.35.bc.googleusercontent.com
Software
nginx/1.22.1 /
Resource Hash
3774a7ce325859b32b6b0b01bde2879c75b81131fafe4a584b18b744711bd75d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/k8qxzL

Response headers

Cache-Control
max-age=604800
ETag
"680babe3-236"
Connection
keep-alive
Expires
Sat, 13 Dec 2025 23:40:32 GMT
Accept-Ranges
bytes
Content-Length
566
Date
Sat, 06 Dec 2025 23:40:32 GMT
Content-Type
application/javascript
Last-Modified
Fri, 25 Apr 2025 15:36:03 GMT
Server
nginx/1.22.1
js
www.googletagmanager.com/gtag/ 		432 KB
146 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-ZDFZCDVDK1
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
5fc8514d50f52140ddcbff791b0d52d7e88237a6c46634990d7046e4e9f7d13f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
content-encoding
zstd
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
expires
Sat, 06 Dec 2025 23:40:31 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
148634
date
Sat, 06 Dec 2025 23:40:31 GMT
x-xss-protection
0
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
Google Tag Manager
access-control-allow-headers
Cache-Control
js
www.googletagmanager.com/gtag/ 		493 KB
161 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d89a7a0a9265bdace4e74cf1d770347e274868849d6f50c4176520023ef15407
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
content-encoding
zstd
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
expires
Sat, 06 Dec 2025 23:40:31 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
164845
date
Sat, 06 Dec 2025 23:40:31 GMT
x-xss-protection
0
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
Google Tag Manager
access-control-allow-headers
Cache-Control
init.js
cdn.holmesmind.com/js/ 		9 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/init.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ab187b70940d331c60646d5731fa8e86d6958ba69dfa241361e39d30d81c2d31

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
PKBfBRh_ckEc5dxIcFkl8Hvvqrcpi_Dy
etag
"daceea64521f6f981e4b58edc119028a"
age
23
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
9646
x-amz-cf-id
9ijHx3sThLwSB6DUF0yNYu0AGOAu9WeQawPWoYXSzQzrEc5JQTZMbA==
date
Sat, 06 Dec 2025 23:40:30 GMT
content-type
application/javascript
last-modified
Fri, 09 May 2025 03:01:34 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
ad-serv.min.js
ad-specs.guoshipartners.com/static/js/ 		52 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad-specs.guoshipartners.com/static/js/ad-serv.min.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
203.74.221.1 New Taipei City, Taiwan, ASN131660 (CHTCDN Data Communication Business Group, TW),
Reverse DNS
203-74-221-1.hinet-ip.hinet.net
Software
HiNetCDN / OneAD
Resource Hash
57e3fef09cab4680c25c4a06c9c1ce195325f5d502d4d75b5d53a7c2f14e2916
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

content-encoding
br
etag
W/"68c28bcb-cfd3"
age
0
access-control-allow-methods
GET,POST,OPTIONS,PUT
x-varnish
24594342
x-cache
HIT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date
Sat, 06 Dec 2025 23:40:31 GMT
content-type
application/javascript
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified
Thu, 11 Sep 2025 08:43:55 GMT
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=360
access-control-allow-credentials
true
via
1.1 google
access-control-allow-origin
*
x-powered-by
OneAD
server
HiNetCDN
onead-lib.min.js
ad-specs.guoshipartners.com/static/js/ 		25 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad-specs.guoshipartners.com/static/js/onead-lib.min.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
203.74.221.1 New Taipei City, Taiwan, ASN131660 (CHTCDN Data Communication Business Group, TW),
Reverse DNS
203-74-221-1.hinet-ip.hinet.net
Software
HiNetCDN / OneAD
Resource Hash
620a382665ff035abb643a19e12f088aef2bc27b55398d4ae3f131b773be6355
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

content-encoding
br
etag
W/"68c0e8bd-65e4"
age
0
access-control-allow-methods
GET,POST,OPTIONS,PUT
x-varnish
130662986
x-cache
HIT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date
Sat, 06 Dec 2025 23:40:31 GMT
content-type
application/javascript
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified
Wed, 10 Sep 2025 02:55:57 GMT
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=360
access-control-allow-credentials
true
via
1.1 google
access-control-allow-origin
*
x-powered-by
OneAD
server
HiNetCDN
vue.min.js
cdn.jsdelivr.net/npm/vue@2.5.16/dist/ 		84 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/vue@2.5.16/dist/vue.min.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4da2dc78cc23591a9ee3285ba8f3891fa57b506b7902fbdd35fa5a2172566c55
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"151b4-KLsckeN7U/TrtIzkgtzLJAAD4Hg"
age
2046564
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT, HIT
date
Sat, 06 Dec 2025 23:40:31 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-fra-eddf8230088-FRA, cache-mad22028-MAD
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
32610
x-jsd-version
2.5.16
renews.js
reurl.cc/asset/javascripts/common/ 		690 B
1012 B 		Script
General
Check archive.org
Download Go to
Full URL
https://reurl.cc/asset/javascripts/common/renews.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
35.229.143.32 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.143.229.35.bc.googleusercontent.com
Software
nginx/1.22.1 /
Resource Hash
100d72a28123bcee974e8642b8bf1c0865bf1034c9b59f59597d53809e192fdc

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/k8qxzL

Response headers

Cache-Control
max-age=604800
ETag
"680babe3-2b2"
Connection
keep-alive
Expires
Sat, 13 Dec 2025 23:40:31 GMT
Accept-Ranges
bytes
Content-Length
690
Date
Sat, 06 Dec 2025 23:40:31 GMT
Content-Type
application/javascript
Last-Modified
Fri, 25 Apr 2025 15:36:03 GMT
Server
nginx/1.22.1
loading.js
reurl.cc/asset/javascripts/redirect/ 		240 B
561 B 		Script
General
Check archive.org
Download Go to
Full URL
https://reurl.cc/asset/javascripts/redirect/loading.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
35.229.143.32 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.143.229.35.bc.googleusercontent.com
Software
nginx/1.22.1 /
Resource Hash
25355805f44af99037c6b951f9afd762f5fd74eb126aba4b2f82cafa563c0f90

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/k8qxzL

Response headers

Cache-Control
max-age=604800
ETag
"680babe3-f0"
Connection
keep-alive
Expires
Sat, 13 Dec 2025 23:40:31 GMT
Accept-Ranges
bytes
Content-Length
240
Date
Sat, 06 Dec 2025 23:40:31 GMT
Content-Type
application/javascript
Last-Modified
Fri, 25 Apr 2025 15:36:03 GMT
Server
nginx/1.22.1
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		105 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: anymind360.com
URL: https://anymind360.com/js/9479/ats.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
090c5dbe03c9cc652f75b74bee6dfa2291037ace8ab00603ee530a747cd62279
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

content-encoding
br
etag
555 / 20428 / 31096008 / config-hash: 5063855111797697403
x-content-type-options
nosniff
expires
Sat, 06 Dec 2025 23:40:31 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Sat, 06 Dec 2025 23:40:31 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
34189
x-xss-protection
0
server
cafe
init.js
cdn.holmesmind.com/js/ 		9 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/init.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ab187b70940d331c60646d5731fa8e86d6958ba69dfa241361e39d30d81c2d31

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
PKBfBRh_ckEc5dxIcFkl8Hvvqrcpi_Dy
etag
"daceea64521f6f981e4b58edc119028a"
age
23
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
9646
x-amz-cf-id
9ijHx3sThLwSB6DUF0yNYu0AGOAu9WeQawPWoYXSzQzrEc5JQTZMbA==
date
Sat, 06 Dec 2025 23:40:30 GMT
content-type
application/javascript
last-modified
Fri, 09 May 2025 03:01:34 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
js
www.googletagmanager.com/gtag/ 		424 KB
143 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-S9B9ZLEX4D
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
5cf5651c64c58c1d6ebdc4f2a85fb77389a0f4d17c6e17eb89765666123888e4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
content-encoding
zstd
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
expires
Sat, 06 Dec 2025 23:40:31 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
146623
date
Sat, 06 Dec 2025 23:40:31 GMT
x-xss-protection
0
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
Google Tag Manager
access-control-allow-headers
Cache-Control
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/ 		611 KB
193 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/pubads_impl.js?cb=31096008
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
9d6d7342264129047aedc4df11db9bdf238eec8fed367c7289ab11ca6ef6ccbe
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

content-encoding
br
etag
11880664601459717268
age
29353
x-content-type-options
nosniff
expires
Sun, 06 Dec 2026 15:31:18 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Sat, 06 Dec 2025 15:31:18 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
197457
x-xss-protection
0
server
cafe
fbevents.js
connect.facebook.net/en_US/ 		332 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/asset/javascripts/common/pixel.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-fra3.fbcdn.net
Software
/
Resource Hash
eff958d6a66dede8a64c252dcf84e69d34c888460d5fcf6f835e655ab487d352
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;script-src 'nonce-bHAGkXaK' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: 'self';style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com;font-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;img-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;media-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;child-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;frame-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;manifest-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;object-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;worker-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Sat, 06 Dec 2025 23:40:31 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;script-src 'nonce-bHAGkXaK' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: 'self';style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com;font-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;img-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;media-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;child-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;frame-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;manifest-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;object-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;worker-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
GOOD; q=0.7, rtt=64, rtx=0, c=23, mss=1232, tbw=4973, tp=9, tpl=0, uplat=1, ullat=-1
pragma
public
x-fb-debug
L3dslzLcgB6G9X84ihI+8+SFvLiKVoUNnUFoHbQTMOBI8PxXKrFPWZI0yzBly/lTyct3vIArZLJsB5VcMWWB0g==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top, include-js-call-stacks-in-crash-reports
content-length
88493
x-xss-protection
0
origin-agent-cluster
?1
gpt
securepubads.g.doubleclick.net/pagead/managed/dict/m202512040101/ 		64 KB
22 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/dict/m202512040101/gpt
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
8d23693251d0923a21dba7083e1e3a58a18123b146cebbcefb828e1caa7c3aa3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
br
etag
4740477158928784528
age
40363
x-content-type-options
nosniff
expires
Sat, 13 Dec 2025 12:27:50 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Sat, 06 Dec 2025 12:27:50 GMT
content-type
text/plain; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=604800, stale-while-revalidate=7200
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
22756
x-xss-protection
0
server
cafe
use-as-dictionary
match="/gampad/ads", id="m202512040101"
capmapping.htm
cdn.holmesmind.com/js/ Frame E048 		12 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/capmapping.htm
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:b400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
37cd16af9680e2eac2b065fe88fbc0ca6d80583c67a9d8c69969e5dcbe27b14d

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
24
content-length
12184
content-type
text/html
date
Sat, 06 Dec 2025 23:40:32 GMT
etag
"313c12f57383ae26248323c3b33af799"
last-modified
Mon, 17 Mar 2025 05:33:47 GMT
server
AmazonS3
via
1.1 1d665d877b0e9ec09e9ec07fe3b6c7b6.cloudfront.net (CloudFront)
x-amz-cf-id
41trva5UeiGr7UuwVtioUwTcI6MSZgzms9ns_eEopQWXEtQ_artF8g==
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
x-amz-version-id
rSOjRFL3ruqyCRzzCV6Gk2MSJ9yPXZwf
x-cache
Hit from cloudfront
presetfn.js
cdn.holmesmind.com/js/ Frame EA0A 		11 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag
"1ff97ce94c5a1127f915e6bf2a02c6a9"
age
50
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
10957
x-amz-cf-id
0J6bYTJlUrWhUTJWiTcYUv9zuCKNSmvZsYdoVyfxtYItWj9GNwtoUw==
date
Sat, 06 Dec 2025 23:39:47 GMT
content-type
application/javascript
last-modified
Thu, 16 Jan 2025 06:05:08 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
presetfn.js
cdn.holmesmind.com/js/ Frame 3615 		11 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag
"1ff97ce94c5a1127f915e6bf2a02c6a9"
age
50
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
10957
x-amz-cf-id
0J6bYTJlUrWhUTJWiTcYUv9zuCKNSmvZsYdoVyfxtYItWj9GNwtoUw==
date
Sat, 06 Dec 2025 23:39:47 GMT
content-type
application/javascript
last-modified
Thu, 16 Jan 2025 06:05:08 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
presetfn.js
cdn.holmesmind.com/js/ Frame 365E 		11 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag
"1ff97ce94c5a1127f915e6bf2a02c6a9"
age
50
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
10957
x-amz-cf-id
0J6bYTJlUrWhUTJWiTcYUv9zuCKNSmvZsYdoVyfxtYItWj9GNwtoUw==
date
Sat, 06 Dec 2025 23:39:47 GMT
content-type
application/javascript
last-modified
Thu, 16 Jan 2025 06:05:08 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
presetfn.js
cdn.holmesmind.com/js/ Frame AF7B 		11 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag
"1ff97ce94c5a1127f915e6bf2a02c6a9"
age
50
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
10957
x-amz-cf-id
0J6bYTJlUrWhUTJWiTcYUv9zuCKNSmvZsYdoVyfxtYItWj9GNwtoUw==
date
Sat, 06 Dec 2025 23:39:47 GMT
content-type
application/javascript
last-modified
Thu, 16 Jan 2025 06:05:08 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
presetfn.js
cdn.holmesmind.com/js/ Frame 3043 		11 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag
"1ff97ce94c5a1127f915e6bf2a02c6a9"
age
50
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
10957
x-amz-cf-id
0J6bYTJlUrWhUTJWiTcYUv9zuCKNSmvZsYdoVyfxtYItWj9GNwtoUw==
date
Sat, 06 Dec 2025 23:39:47 GMT
content-type
application/javascript
last-modified
Thu, 16 Jan 2025 06:05:08 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
presetfn.js
cdn.holmesmind.com/js/ Frame C862 		11 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag
"1ff97ce94c5a1127f915e6bf2a02c6a9"
age
50
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
10957
x-amz-cf-id
0J6bYTJlUrWhUTJWiTcYUv9zuCKNSmvZsYdoVyfxtYItWj9GNwtoUw==
date
Sat, 06 Dec 2025 23:39:47 GMT
content-type
application/javascript
last-modified
Thu, 16 Jan 2025 06:05:08 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
capmapping.htm
cdn.holmesmind.com/js/ Frame C218 		12 KB
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/capmapping.htm
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:b400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
37cd16af9680e2eac2b065fe88fbc0ca6d80583c67a9d8c69969e5dcbe27b14d

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
24
content-length
12184
content-type
text/html
date
Sat, 06 Dec 2025 23:40:32 GMT
etag
"313c12f57383ae26248323c3b33af799"
last-modified
Mon, 17 Mar 2025 05:33:47 GMT
server
AmazonS3
via
1.1 1d665d877b0e9ec09e9ec07fe3b6c7b6.cloudfront.net (CloudFront)
x-amz-cf-id
41trva5UeiGr7UuwVtioUwTcI6MSZgzms9ns_eEopQWXEtQ_artF8g==
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
x-amz-version-id
rSOjRFL3ruqyCRzzCV6Gk2MSJ9yPXZwf
x-cache
Hit from cloudfront
capmapping.htm
cdn.holmesmind.com/js/ Frame EE0B 		12 KB
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/capmapping.htm
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:b400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
37cd16af9680e2eac2b065fe88fbc0ca6d80583c67a9d8c69969e5dcbe27b14d

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
24
content-length
12184
content-type
text/html
date
Sat, 06 Dec 2025 23:40:32 GMT
etag
"313c12f57383ae26248323c3b33af799"
last-modified
Mon, 17 Mar 2025 05:33:47 GMT
server
AmazonS3
via
1.1 1d665d877b0e9ec09e9ec07fe3b6c7b6.cloudfront.net (CloudFront)
x-amz-cf-id
41trva5UeiGr7UuwVtioUwTcI6MSZgzms9ns_eEopQWXEtQ_artF8g==
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
x-amz-version-id
rSOjRFL3ruqyCRzzCV6Gk2MSJ9yPXZwf
x-cache
Hit from cloudfront
capmapping.htm
cdn.holmesmind.com/js/ Frame 03F7 		12 KB
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/capmapping.htm
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:b400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
37cd16af9680e2eac2b065fe88fbc0ca6d80583c67a9d8c69969e5dcbe27b14d

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
24
content-length
12184
content-type
text/html
date
Sat, 06 Dec 2025 23:40:32 GMT
etag
"313c12f57383ae26248323c3b33af799"
last-modified
Mon, 17 Mar 2025 05:33:47 GMT
server
AmazonS3
via
1.1 1d665d877b0e9ec09e9ec07fe3b6c7b6.cloudfront.net (CloudFront)
x-amz-cf-id
41trva5UeiGr7UuwVtioUwTcI6MSZgzms9ns_eEopQWXEtQ_artF8g==
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
x-amz-version-id
rSOjRFL3ruqyCRzzCV6Gk2MSJ9yPXZwf
x-cache
Hit from cloudfront
capmapping.htm
cdn.holmesmind.com/js/ Frame 1E85 		12 KB
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/capmapping.htm
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:b400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
37cd16af9680e2eac2b065fe88fbc0ca6d80583c67a9d8c69969e5dcbe27b14d

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
24
content-length
12184
content-type
text/html
date
Sat, 06 Dec 2025 23:40:32 GMT
etag
"313c12f57383ae26248323c3b33af799"
last-modified
Mon, 17 Mar 2025 05:33:47 GMT
server
AmazonS3
via
1.1 1d665d877b0e9ec09e9ec07fe3b6c7b6.cloudfront.net (CloudFront)
x-amz-cf-id
41trva5UeiGr7UuwVtioUwTcI6MSZgzms9ns_eEopQWXEtQ_artF8g==
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
x-amz-version-id
rSOjRFL3ruqyCRzzCV6Gk2MSJ9yPXZwf
x-cache
Hit from cloudfront
oid
onead.onevision.com.tw/v2/et/ 		372 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://onead.onevision.com.tw/v2/et/oid?cb=window.text_etag_callback_52ood
Requested by
Host: ad-specs.guoshipartners.com
URL: https://ad-specs.guoshipartners.com/static/js/ad-serv.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
107.178.241.176 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
176.241.178.107.bc.googleusercontent.com
Software
gws / OneAD
Resource Hash
eba78fe8e3e278785cd48235cf567273bba7d587a166784062a797d45304226c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-onead-version
29cc6b37
etag
f4de05a2-d2fc-11f0-8060-42010a000023
age
0
access-control-allow-methods
GET,POST,OPTIONS,PUT
expires
Mon, 01 Jan 1990 00:00:00 GMT
x-varnish
10355345
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
application/javascript
last-modified
Sat, 06 Dec 2025 23:40:33 GMT
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=600
pragma
no-cache
access-control-allow-credentials
true
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
content-length
372
x-onead-backend
onead-http-event-7l5v-gohttp
server
gws
x-powered-by
OneAD
page.php
www.facebook.com/plugins/ Frame 0D74 		47 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Freurl.cc%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-fra3.facebook.com
Software
/
Resource Hash
3c52736cd90e13a1953ad6f794222da0ccaf7024416b519231efbb5924925c95
Security Headers
Name Value
Content-Security-Policy default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-60kaeXAU' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-encoding
zstd
content-security-policy
default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-60kaeXAU' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type
text/html; charset="utf-8"
cross-origin-opener-policy
unsafe-none
cross-origin-resource-policy
cross-origin
date
Sat, 06 Dec 2025 23:40:32 GMT
document-policy
force-load-at-top include-js-call-stacks-in-crash-reports
expires
Sat, 01 Jan 2000 00:00:00 GMT
origin-agent-cluster
?1
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self "https://www.fbsbx.com"), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
pragma
no-cache
priority
u=0,i
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7580894011873605803&cpp=C3&cv=1030734632&st=1765064432592"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7580894011873605803&cpp=C3&cv=1030734632&st=1765064432592", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
strict-transport-security
max-age=15552000; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-fb-connection-quality
GOOD; q=0.7, rtt=64, rtx=1, c=23, mss=1232, tbw=6193, tp=10, tpl=1, uplat=155, ullat=0
x-fb-debug
MgeN+QTKL9HgnZxR1tvh9j1cJyvKeAGVYIXsKkr/AMaDZ5twkEctFvceY6JYIjrWtSC6VbmKCKVe1ZpbEXWh4w==
x-xss-protection
0
Preset.js
ad.holmesmind.com/adserver/ Frame EA0A 		2 KB
633 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/Preset.js?z=13858
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.75.180.237 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-75-180-237.ap-northeast-1.compute.amazonaws.com
Software
nginx /
Resource Hash
f8063f5d2cccee6b95940117c0075891185d908e26aff971d6115c92ec667502

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

access-control-allow-origin
https://reurl.cc
content-encoding
gzip
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx
access-control-allow-credentials
true
js-md5.js
cdn.holmesmind.com/js/ Frame EA0A 		30 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/js-md5.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag
"ab3f6a2aedec7585237d5fb727bebcbb"
age
24
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
30621
x-amz-cf-id
nbq_55YgHeLJVU06YuUGH-YuwxquxhdTd9U3VRQuRHahETnCe5k-UA==
date
Sat, 06 Dec 2025 23:40:32 GMT
content-type
application/javascript
last-modified
Tue, 14 Nov 2023 14:04:56 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
Preset.js
ad.holmesmind.com/adserver/ Frame 3615 		2 KB
852 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/Preset.js?z=14210
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.75.180.237 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-75-180-237.ap-northeast-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e2200f2b73fa36292ab8f7a174fb828a3a6dd25ef77e720223c0cbe6f85fdcd4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

access-control-allow-origin
https://reurl.cc
content-encoding
gzip
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx
access-control-allow-credentials
true
js-md5.js
cdn.holmesmind.com/js/ Frame 3615 		30 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/js-md5.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag
"ab3f6a2aedec7585237d5fb727bebcbb"
age
24
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
30621
x-amz-cf-id
nbq_55YgHeLJVU06YuUGH-YuwxquxhdTd9U3VRQuRHahETnCe5k-UA==
date
Sat, 06 Dec 2025 23:40:32 GMT
content-type
application/javascript
last-modified
Tue, 14 Nov 2023 14:04:56 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
Preset.js
ad.holmesmind.com/adserver/ Frame 3043 		820 B
505 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/Preset.js?z=18535
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.75.180.237 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-75-180-237.ap-northeast-1.compute.amazonaws.com
Software
nginx /
Resource Hash
cf3fb0b2562c4fbd38a7e6d30f826c985fd6b5cbab568c306f766fbcd639a597

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

access-control-allow-origin
https://reurl.cc
content-encoding
gzip
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx
access-control-allow-credentials
true
js-md5.js
cdn.holmesmind.com/js/ Frame 3043 		30 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/js-md5.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag
"ab3f6a2aedec7585237d5fb727bebcbb"
age
24
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
30621
x-amz-cf-id
nbq_55YgHeLJVU06YuUGH-YuwxquxhdTd9U3VRQuRHahETnCe5k-UA==
date
Sat, 06 Dec 2025 23:40:32 GMT
content-type
application/javascript
last-modified
Tue, 14 Nov 2023 14:04:56 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
Preset.js
ad.holmesmind.com/adserver/ Frame 365E 		2 KB
632 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/Preset.js?z=13860
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.75.180.237 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-75-180-237.ap-northeast-1.compute.amazonaws.com
Software
nginx /
Resource Hash
f8063f5d2cccee6b95940117c0075891185d908e26aff971d6115c92ec667502

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

access-control-allow-origin
https://reurl.cc
content-encoding
gzip
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx
access-control-allow-credentials
true
js-md5.js
cdn.holmesmind.com/js/ Frame 365E 		30 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/js-md5.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag
"ab3f6a2aedec7585237d5fb727bebcbb"
age
24
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
30621
x-amz-cf-id
nbq_55YgHeLJVU06YuUGH-YuwxquxhdTd9U3VRQuRHahETnCe5k-UA==
date
Sat, 06 Dec 2025 23:40:32 GMT
content-type
application/javascript
last-modified
Tue, 14 Nov 2023 14:04:56 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
Preset.js
ad.holmesmind.com/adserver/ Frame C862 		820 B
505 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/Preset.js?z=22213
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.75.180.237 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-75-180-237.ap-northeast-1.compute.amazonaws.com
Software
nginx /
Resource Hash
cf3fb0b2562c4fbd38a7e6d30f826c985fd6b5cbab568c306f766fbcd639a597

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

access-control-allow-origin
https://reurl.cc
content-encoding
gzip
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx
access-control-allow-credentials
true
js-md5.js
cdn.holmesmind.com/js/ Frame C862 		30 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/js-md5.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag
"ab3f6a2aedec7585237d5fb727bebcbb"
age
24
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
30621
x-amz-cf-id
nbq_55YgHeLJVU06YuUGH-YuwxquxhdTd9U3VRQuRHahETnCe5k-UA==
date
Sat, 06 Dec 2025 23:40:32 GMT
content-type
application/javascript
last-modified
Tue, 14 Nov 2023 14:04:56 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
Preset.js
ad.holmesmind.com/adserver/ Frame AF7B 		1 KB
608 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/Preset.js?z=13861
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.75.180.237 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-75-180-237.ap-northeast-1.compute.amazonaws.com
Software
nginx /
Resource Hash
8d845b7d524ee76d5a4279de4d698ca8b130c69024d5907e3305e5592f8ec8ac

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

access-control-allow-origin
https://reurl.cc
content-encoding
gzip
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx
access-control-allow-credentials
true
js-md5.js
cdn.holmesmind.com/js/ Frame AF7B 		30 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/js-md5.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag
"ab3f6a2aedec7585237d5fb727bebcbb"
age
24
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
30621
x-amz-cf-id
nbq_55YgHeLJVU06YuUGH-YuwxquxhdTd9U3VRQuRHahETnCe5k-UA==
date
Sat, 06 Dec 2025 23:40:32 GMT
content-type
application/javascript
last-modified
Tue, 14 Nov 2023 14:04:56 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
128002626
fundingchoicesmessages.google.com/i/ 		214 KB
69 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/i/128002626?ers=3
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/pubads_impl.js?cb=31096008
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7796bc98ebfc9a7ad34235e113ce32471fdf6e41447fb9165b1abfeb748bff42
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-CbVwV-gB70IElUTw0_fJdg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
application/javascript; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjWsCoxSXFEKghxXDi1m2mC0DcevMc62Qg7lp0nnUGEBsqXGK1B-IP9ZdZfwBxkcQV1gYg_lR1g1Wg-gZrEvtN1gIgNvO7zWoHxNXuXmzNQGzr78PmCsTfin3ZWEp82fb992U7BsR7c_zYjgJxZqcfWyEQn9_rx3YdiFff9GPbDMQrvPzZNoCwnz_bDiAW4ub4-PfSSTaBDwsmiytpJOUXxifn55UUZSaVluQXpSWnpRanFpWlFsUbGRiZGhoZmOgZmMcXGAAAnT1TQQ"
content-security-policy
script-src 'report-sample' 'nonce-CbVwV-gB70IElUTw0_fJdg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control
no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin
*
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection
0
server
ESF
feeds
re-news.tw/ 		5 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://re-news.tw/feeds
Requested by
Host: reurl.cc
URL: https://reurl.cc/asset/javascripts/common/renews.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.185.136.122 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
122.136.185.35.bc.googleusercontent.com
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
f07483995ced4582275d913949d0cad65c977e65393068dc864005e0d5d7a5c8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

content-encoding
gzip
etag
W/"14e2-khfL2q3W8MAc6TqDPQdRLzAxrcI"
access-control-allow-origin
https://reurl.cc
date
Sat, 06 Dec 2025 23:40:34 GMT
content-type
text/html; charset=utf-8
x-powered-by
Express
server
nginx/1.18.0 (Ubuntu)
vary
Origin
keywordCategories.json
anymind360.com/ 		148 KB
61 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://anymind360.com/keywordCategories.json
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.55 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
9aa92a9a076fd2e55f339cd82c8b540e96ea0a4e4c7c12da6602edfadf2a0819
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-goog-metageneration
2
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash
crc32c=hYq3+w==, md5=ZJdPIhH4R+FB2zz6x81gJg==
content-encoding
gzip
etag
"64974f2211f847e141db3cfac7cd6026"
age
56918
x-goog-stored-content-encoding
identity
expires
Wed, 27 Aug 2025 11:36:24 GMT
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-goog-stored-content-length
151503
x-cache
HIT, HIT
date
Sat, 06 Dec 2025 23:40:32 GMT
content-type
application/json
last-modified
Wed, 27 Aug 2025 06:51:59 GMT
x-served-by
cache-tyo11981-TYO, cache-mad22059-MAD
x-cache-hits
490119, 1
x-guploader-uploadid
ABgVH8_WbYCDB2LaOxaydMbIBmzZEeTdmD__y3SdRPYQiipklanNaJ-DP_0DBH49PGWyFZEEI1nzUSM
strict-transport-security
max-age=31557600
vary
Accept-Encoding
cache-control
max-age=1200
x-goog-storage-class
STANDARD
x-timer
S1765064433.872969,VS0,VE1
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1756277519403323
content-length
61163
server
UploadServer
capmapping.htm
cdn.holmesmind.com/js/ Frame A7B2 		12 KB
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/capmapping.htm
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:b400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
37cd16af9680e2eac2b065fe88fbc0ca6d80583c67a9d8c69969e5dcbe27b14d

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
24
content-length
12184
content-type
text/html
date
Sat, 06 Dec 2025 23:40:32 GMT
etag
"313c12f57383ae26248323c3b33af799"
last-modified
Mon, 17 Mar 2025 05:33:47 GMT
server
AmazonS3
via
1.1 1d665d877b0e9ec09e9ec07fe3b6c7b6.cloudfront.net (CloudFront)
x-amz-cf-id
41trva5UeiGr7UuwVtioUwTcI6MSZgzms9ns_eEopQWXEtQ_artF8g==
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
x-amz-version-id
rSOjRFL3ruqyCRzzCV6Gk2MSJ9yPXZwf
x-cache
Hit from cloudfront
presetfn.js
cdn.holmesmind.com/js/ Frame 358C 		11 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag
"1ff97ce94c5a1127f915e6bf2a02c6a9"
age
50
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
10957
x-amz-cf-id
0J6bYTJlUrWhUTJWiTcYUv9zuCKNSmvZsYdoVyfxtYItWj9GNwtoUw==
date
Sat, 06 Dec 2025 23:39:47 GMT
content-type
application/javascript
last-modified
Thu, 16 Jan 2025 06:05:08 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
presetfn.js
cdn.holmesmind.com/js/ Frame 96D5 		11 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag
"1ff97ce94c5a1127f915e6bf2a02c6a9"
age
50
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
10957
x-amz-cf-id
0J6bYTJlUrWhUTJWiTcYUv9zuCKNSmvZsYdoVyfxtYItWj9GNwtoUw==
date
Sat, 06 Dec 2025 23:39:47 GMT
content-type
application/javascript
last-modified
Thu, 16 Jan 2025 06:05:08 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
1675200226052423
connect.facebook.net/signals/config/ 		98 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1675200226052423?v=2.9.244&r=stable&domain=reurl.cc&hme=c8d728dcf66fcd6d2ba9e956bab53b4a2845b1d25a57eb74dd7839b3bf40323c&ex_m=90%2C149%2C129%2C19%2C66%2C67%2C122%2C62%2C42%2C123%2C71%2C61%2C9%2C136%2C79%2C14%2C89%2C27%2C117%2C110%2C69%2C72%2C116%2C133%2C98%2C138%2C7%2C3%2C4%2C6%2C5%2C2%2C80%2C88%2C139%2C217%2C160%2C56%2C219%2C220%2C49%2C175%2C26%2C68%2C225%2C224%2C163%2C29%2C55%2C8%2C58%2C84%2C85%2C86%2C91%2C113%2C28%2C25%2C115%2C112%2C111%2C130%2C70%2C132%2C131%2C44%2C54%2C106%2C13%2C135%2C39%2C205%2C208%2C170%2C22%2C23%2C24%2C16%2C17%2C38%2C34%2C36%2C35%2C75%2C81%2C83%2C96%2C121%2C124%2C40%2C97%2C20%2C18%2C102%2C63%2C32%2C126%2C125%2C127%2C118%2C21%2C31%2C53%2C95%2C134%2C64%2C15%2C128%2C30%2C185%2C156%2C281%2C203%2C147%2C188%2C181%2C157%2C93%2C114%2C74%2C104%2C48%2C41%2C103%2C109%2C52%2C59%2C108%2C43%2C99%2C47%2C50%2C46%2C87%2C137%2C0%2C107%2C12%2C105%2C10%2C1%2C51%2C82%2C57%2C60%2C101%2C78%2C77%2C45%2C119%2C76%2C73%2C65%2C100%2C92%2C37%2C120%2C33%2C94%2C11%2C140
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-fra3.fbcdn.net
Software
/
Resource Hash
98bb90ae4668a40747db1271ecdde49ce976e0312194b8e708243806ece09fc4
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob: *;script-src 'nonce-xPWzaY7I' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Sat, 06 Dec 2025 23:40:32 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' blob: *;script-src 'nonce-xPWzaY7I' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
GOOD; q=0.7, rtt=64, rtx=24, c=38, mss=1232, tbw=128941, tp=117, tpl=24, uplat=5, ullat=-1
pragma
public
x-fb-debug
iqzcBMjwOXNnSdovoNr/1nm/3M047NUISF5P4pRYmHCKPErQMm+3NXqlXpvPjwmi/p7iM5VmQk2TeTxljKJA/A==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top, include-js-call-stacks-in-crash-reports
content-length
25531
x-xss-protection
0
origin-agent-cluster
?1
Preset.js
ad.holmesmind.com/adserver/ Frame 358C 		7 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/Preset.js?z=22214
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.75.180.237 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-75-180-237.ap-northeast-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1e8f74dd0484e5a2c83b0a373201f8f911241bba94a2d3ecb2db6014bb392c29

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

access-control-allow-origin
https://reurl.cc
content-encoding
gzip
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx
access-control-allow-credentials
true
js-md5.js
cdn.holmesmind.com/js/ Frame 358C 		30 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/js-md5.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag
"ab3f6a2aedec7585237d5fb727bebcbb"
age
24
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
30621
x-amz-cf-id
nbq_55YgHeLJVU06YuUGH-YuwxquxhdTd9U3VRQuRHahETnCe5k-UA==
date
Sat, 06 Dec 2025 23:40:32 GMT
content-type
application/javascript
last-modified
Tue, 14 Nov 2023 14:04:56 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
Preset.js
ad.holmesmind.com/adserver/ Frame 96D5 		7 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/Preset.js?z=14209
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.75.180.237 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-75-180-237.ap-northeast-1.compute.amazonaws.com
Software
nginx /
Resource Hash
fa73b65b37ac9d1b642cf38e370e1717e790452a9fc7afc0ceac66bae0a2ad12

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

access-control-allow-origin
https://reurl.cc
content-encoding
gzip
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx
access-control-allow-credentials
true
js-md5.js
cdn.holmesmind.com/js/ Frame 96D5 		30 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/js-md5.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag
"ab3f6a2aedec7585237d5fb727bebcbb"
age
24
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
30621
x-amz-cf-id
nbq_55YgHeLJVU06YuUGH-YuwxquxhdTd9U3VRQuRHahETnCe5k-UA==
date
Sat, 06 Dec 2025 23:40:32 GMT
content-type
application/javascript
last-modified
Tue, 14 Nov 2023 14:04:56 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
nineyi.tracking.client.iife.js
tracking-client.91app.com/1.2.0/ Frame E048 		42 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-129.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b638cc2de9f4bf30cd980830ebfba0b586d5ce5da10903f126d0dd4350e5aea3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

vary
accept-encoding
cache-control
max-age=no-cache
content-encoding
gzip
etag
W/"3087e8bcd78cce0b2b4e3454c1fcd923"
age
111
via
1.1 598a1f878f2efc16baaf47787ffe82d2.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
d-VmvrrVahA5Ye04aWqskJukcrGNln4gMdHA5a5vYbnWpn7lAAb1Wg==
date
Sat, 06 Dec 2025 23:38:56 GMT
content-type
application/javascript
last-modified
Mon, 20 Jan 2025 10:42:14 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
x-amz-server-side-encryption
AES256
nineyi.tracking.client.iife.js
tracking-client.91app.com/1.2.0/ Frame C218 		42 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-129.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b638cc2de9f4bf30cd980830ebfba0b586d5ce5da10903f126d0dd4350e5aea3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

vary
accept-encoding
cache-control
max-age=no-cache
content-encoding
gzip
etag
W/"3087e8bcd78cce0b2b4e3454c1fcd923"
age
111
via
1.1 598a1f878f2efc16baaf47787ffe82d2.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
d-VmvrrVahA5Ye04aWqskJukcrGNln4gMdHA5a5vYbnWpn7lAAb1Wg==
date
Sat, 06 Dec 2025 23:38:56 GMT
content-type
application/javascript
last-modified
Mon, 20 Jan 2025 10:42:14 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
x-amz-server-side-encryption
AES256
nineyi.tracking.client.iife.js
tracking-client.91app.com/1.2.0/ Frame EE0B 		42 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-129.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b638cc2de9f4bf30cd980830ebfba0b586d5ce5da10903f126d0dd4350e5aea3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

vary
accept-encoding
cache-control
max-age=no-cache
content-encoding
gzip
etag
W/"3087e8bcd78cce0b2b4e3454c1fcd923"
age
111
via
1.1 598a1f878f2efc16baaf47787ffe82d2.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
d-VmvrrVahA5Ye04aWqskJukcrGNln4gMdHA5a5vYbnWpn7lAAb1Wg==
date
Sat, 06 Dec 2025 23:38:56 GMT
content-type
application/javascript
last-modified
Mon, 20 Jan 2025 10:42:14 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
x-amz-server-side-encryption
AES256
nineyi.tracking.client.iife.js
tracking-client.91app.com/1.2.0/ Frame 03F7 		42 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-129.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b638cc2de9f4bf30cd980830ebfba0b586d5ce5da10903f126d0dd4350e5aea3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

vary
accept-encoding
cache-control
max-age=no-cache
content-encoding
gzip
etag
W/"3087e8bcd78cce0b2b4e3454c1fcd923"
age
111
via
1.1 598a1f878f2efc16baaf47787ffe82d2.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
d-VmvrrVahA5Ye04aWqskJukcrGNln4gMdHA5a5vYbnWpn7lAAb1Wg==
date
Sat, 06 Dec 2025 23:38:56 GMT
content-type
application/javascript
last-modified
Mon, 20 Jan 2025 10:42:14 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
x-amz-server-side-encryption
AES256
nineyi.tracking.client.iife.js
tracking-client.91app.com/1.2.0/ Frame 1E85 		42 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-129.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b638cc2de9f4bf30cd980830ebfba0b586d5ce5da10903f126d0dd4350e5aea3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

vary
accept-encoding
cache-control
max-age=no-cache
content-encoding
gzip
etag
W/"3087e8bcd78cce0b2b4e3454c1fcd923"
age
111
via
1.1 598a1f878f2efc16baaf47787ffe82d2.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
d-VmvrrVahA5Ye04aWqskJukcrGNln4gMdHA5a5vYbnWpn7lAAb1Wg==
date
Sat, 06 Dec 2025 23:38:56 GMT
content-type
application/javascript
last-modified
Mon, 20 Jan 2025 10:42:14 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
x-amz-server-side-encryption
AES256
nineyi.tracking.client.iife.js
tracking-client.91app.com/1.2.0/ Frame A7B2 		42 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-129.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b638cc2de9f4bf30cd980830ebfba0b586d5ce5da10903f126d0dd4350e5aea3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

vary
accept-encoding
cache-control
max-age=no-cache
content-encoding
gzip
etag
W/"3087e8bcd78cce0b2b4e3454c1fcd923"
age
111
via
1.1 598a1f878f2efc16baaf47787ffe82d2.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
d-VmvrrVahA5Ye04aWqskJukcrGNln4gMdHA5a5vYbnWpn7lAAb1Wg==
date
Sat, 06 Dec 2025 23:38:56 GMT
content-type
application/javascript
last-modified
Mon, 20 Jan 2025 10:42:14 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
x-amz-server-side-encryption
AES256
collect
analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-ZDFZCDVDK1&gtm=45je5c31v9181474282za200zd9181474282&_p=1765064431180&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&cid=1498954258.1765064433&ecid=1722941976&ul=es-es&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&ec_mode=a&_s=1&tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391253~115583767~115616985~115938466~115938469~116184927~116184929~116217636~116217638~116251938~116251940~116518834&sid=1765064432&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2Fk8qxzL&dt=Meilleur%20IPTV%20Abonnement%20en%20France&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=6101
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZDFZCDVDK1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:169:0
report-to
{"group":"ascnsrsggc:169:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:169:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://reurl.cc
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:169:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
text/plain
server
Golfe2
collect
stats.g.doubleclick.net/g/ 		0
544 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-ZDFZCDVDK1&cid=1498954258.1765064433&gtm=45je5c31v9181474282za200zd9181474282&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391253~115583767~115616985~115938466~115938469~116184927~116184929~116217636~116217638~116251938~116251940~116518834
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZDFZCDVDK1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c06::9d , Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:138:0
report-to
{"group":"ascnsrsggc:138:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:138:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://reurl.cc
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:138:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
text/plain
server
Golfe2
js
www.googletagmanager.com/gtag/ 		493 KB
161 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0&cx=c&gtm=4e5c31
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZDFZCDVDK1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.72 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s11-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
0ce21b5609c1c5130807ad9a438c4081b25a3cdf8f27381e9753b9c6bed94e25
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
content-encoding
zstd
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
expires
Sat, 06 Dec 2025 23:40:32 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
164898
date
Sat, 06 Dec 2025 23:40:32 GMT
x-xss-protection
0
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
Google Tag Manager
access-control-allow-headers
Cache-Control
js
www.googletagmanager.com/gtag/ 		424 KB
143 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-S9B9ZLEX4D&cx=c&gtm=4e5c31
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZDFZCDVDK1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.72 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s11-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
2f8ac6527cdffe85b3748a1fd3c26b38aae2ae1e1d8e1a2743c7bec82c2100be
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
content-encoding
zstd
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
expires
Sat, 06 Dec 2025 23:40:32 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
146679
date
Sat, 06 Dec 2025 23:40:32 GMT
x-xss-protection
0
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
Google Tag Manager
access-control-allow-headers
Cache-Control
ga-audiences
www.google.co.in/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.co.in/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-ZDFZCDVDK1&cid=1498954258.1765064433&gtm=45je5c31v9181474282za200zd9181474282&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391253~115583767~115616985~115938466~115938469~116184927~116184929~116217636~116217638~116251938~116251940~116518834&z=140422255
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.67 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Sat, 06 Dec 2025 23:40:33 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
/
cm.lndata.com/ Frame E048 		35 B
470 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.lndata.com/?tid=4084&uid=media_cookie_id
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
116.50.36.71 , Taiwan, ASN18046 (DONGFONG-TW DongFong Technology Co. Ltd., TW),
Reverse DNS
116-50-36-71.dft.tw
Software
TornadoServer/1.2.1 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

Content-Length
35
P3P
CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR
Date
Sat, 06 Dec 2025 23:40:35 GMT
Etag
"0f4e929dd5bb2564f7ab9c76338e04e292a42ace"
Content-Type
image/gif
Connection
keep-alive
Server
TornadoServer/1.2.1
fp
cm-dev-poc.holmesmind.com/ Frame A839 		0
217 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm-dev-poc.holmesmind.com/fp
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.159.234.135 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-159-234-135.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cdn.holmesmind.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Sat, 06 Dec 2025 23:40:33 GMT
server
nginx/1.18.0 (Ubuntu)
cm.php
fcm.holmesmind.com/ Frame 15A3 		39 B
182 B 		Document
General
Check archive.org
Download Go to
Full URL
https://fcm.holmesmind.com/cm.php
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.67.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
231.67.95.34.bc.googleusercontent.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
d51ae4a1096fac36fe9055d5c3f4daa85de0120b567636c89327b544a2a6a795

Request headers

Referer
https://cdn.holmesmind.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
39
content-type
text/html; charset=UTF-8
date
Sat, 06 Dec 2025 23:40:36 GMT
server
Apache/2.4.29 (Ubuntu)
via
1.1 google
cm.js
fcm2.holmesmind.com/ Frame E048 		409 B
632 B 		Script
General
Check archive.org
Download Go to
Full URL
https://fcm2.holmesmind.com/cm.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.238.82.241 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-238-82-241.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
c205c874491530a4288b8f643e5da8fbcf7c54bee71bb787f4444e77de90e821

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

access-control-allow-origin
*
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
application/javascript; charset=utf-8
server
nginx/1.18.0 (Ubuntu)
utag.js
t.ssp.hinet.net/ Frame E048 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/utag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

strict-transport-security
max-age=0
cache-control
max-age=600
content-encoding
gzip
etag
W/"65e6c0fa-15e4"
expires
Sat, 06 Dec 2025 23:50:36 GMT
date
Sat, 06 Dec 2025 23:40:36 GMT
content-type
application/javascript
last-modified
Tue, 05 Mar 2024 06:51:38 GMT
server
nginx
vary
Accept-Encoding
fp
cm-dev-poc.holmesmind.com/ Frame E048 		0
218 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm-dev-poc.holmesmind.com/fp
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.159.234.135 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-159-234-135.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

content-encoding
gzip
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
text/html; charset=UTF-8
server
nginx/1.18.0 (Ubuntu)
cm
c.holmesmind.com/ Frame E048
Redirect Chain
  • https://c.holmesmind.com/cm
  • https://c.holmesmind.com/cm?tc=getIn&
0
500 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.holmesmind.com/cm?tc=getIn&
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Server
35.201.76.93 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
93.76.201.35.bc.googleusercontent.com
Software
nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/7.0.18-0ubuntu0.17.04.1
server
nginx/1.10.3 (Ubuntu)

Redirect headers

location
https://c.holmesmind.com/cm?tc=getIn&
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/7.0.18-0ubuntu0.17.04.1
server
nginx/1.10.3 (Ubuntu)
google
m.holmesmind.com/ml/ Frame E048
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined
  • https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_error=1
0
460 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_error=1
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Server
35.227.249.156 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
156.249.227.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

x-goog-metageneration
1
x-goog-hash
crc32c=AAAAAA==, md5=1B2M2Y8AsgTpgAmY7PhCfg==
etag
"d41d8cd98f00b204e9800998ecf8427e"
age
475
x-goog-stored-content-encoding
identity
expires
Sun, 07 Dec 2025 00:32:38 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
0
date
Sat, 06 Dec 2025 23:32:38 GMT
last-modified
Wed, 21 Feb 2018 07:36:41 GMT
content-type
image/png
x-guploader-uploadid
AHVrFxMC4kMKp03EIbHGmxhmFLFGZ5EcLMwz4ZNSfb6WtrIZioziAL1NShATByLS1q-IICargOoT5bM
cache-control
public, max-age=3600
x-goog-storage-class
REGIONAL
accept-ranges
bytes
x-goog-generation
1519198601160228
content-length
0
server
UploadServer

Redirect headers

cache-control
no-cache, must-revalidate
location
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_error=1
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
286
date
Sat, 06 Dec 2025 23:40:33 GMT
x-xss-protection
0
content-type
text/html; charset=UTF-8
server
HTTP server (unknown)
/
cm.lndata.com/ Frame C218 		35 B
394 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.lndata.com/?tid=4084&uid=media_cookie_id
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
116.50.36.71 , Taiwan, ASN18046 (DONGFONG-TW DongFong Technology Co. Ltd., TW),
Reverse DNS
116-50-36-71.dft.tw
Software
TornadoServer/1.2.1 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

P3P
CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR
Content-Length
35
Date
Sat, 06 Dec 2025 23:40:36 GMT
Etag
"0f4e929dd5bb2564f7ab9c76338e04e292a42ace"
Content-Type
image/gif
Server
TornadoServer/1.2.1
fp
cm-dev-poc.holmesmind.com/ Frame C218 		0
217 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm-dev-poc.holmesmind.com/fp
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.159.234.135 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-159-234-135.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

content-encoding
gzip
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
text/html; charset=UTF-8
server
nginx/1.18.0 (Ubuntu)
cm
c.holmesmind.com/ Frame C218
Redirect Chain
  • https://c.holmesmind.com/cm
  • https://c.holmesmind.com/cm?tc=getIn&
0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.holmesmind.com/cm?tc=getIn&
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H3
Server
35.201.76.93 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
93.76.201.35.bc.googleusercontent.com
Software
nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/7.0.18-0ubuntu0.17.04.1
server
nginx/1.10.3 (Ubuntu)

Redirect headers

location
https://c.holmesmind.com/cm?tc=getIn&
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/7.0.18-0ubuntu0.17.04.1
server
nginx/1.10.3 (Ubuntu)
fp
cm-dev-poc.holmesmind.com/ Frame 47D0 		0
217 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm-dev-poc.holmesmind.com/fp
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.159.234.135 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-159-234-135.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cdn.holmesmind.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Sat, 06 Dec 2025 23:40:34 GMT
server
nginx/1.18.0 (Ubuntu)
cm.php
fcm.holmesmind.com/ Frame 7A90 		39 B
88 B 		Document
General
Check archive.org
Download Go to
Full URL
https://fcm.holmesmind.com/cm.php
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.67.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
231.67.95.34.bc.googleusercontent.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
d51ae4a1096fac36fe9055d5c3f4daa85de0120b567636c89327b544a2a6a795

Request headers

Referer
https://cdn.holmesmind.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
39
content-type
text/html; charset=UTF-8
date
Sat, 06 Dec 2025 23:40:39 GMT
server
Apache/2.4.29 (Ubuntu)
via
1.1 google
cm.js
fcm2.holmesmind.com/ Frame C218 		409 B
631 B 		Script
General
Check archive.org
Download Go to
Full URL
https://fcm2.holmesmind.com/cm.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.238.82.241 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-238-82-241.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
c205c874491530a4288b8f643e5da8fbcf7c54bee71bb787f4444e77de90e821

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

access-control-allow-origin
*
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
application/javascript; charset=utf-8
server
nginx/1.18.0 (Ubuntu)
google
m.holmesmind.com/ml/ Frame C218
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined
  • https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_error=1
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_error=1
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Server
35.227.249.156 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
156.249.227.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

x-goog-metageneration
1
x-goog-hash
crc32c=AAAAAA==, md5=1B2M2Y8AsgTpgAmY7PhCfg==
etag
"d41d8cd98f00b204e9800998ecf8427e"
age
475
x-goog-stored-content-encoding
identity
expires
Sun, 07 Dec 2025 00:32:38 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
0
date
Sat, 06 Dec 2025 23:32:38 GMT
last-modified
Wed, 21 Feb 2018 07:36:41 GMT
content-type
image/png
x-guploader-uploadid
AHVrFxMC4kMKp03EIbHGmxhmFLFGZ5EcLMwz4ZNSfb6WtrIZioziAL1NShATByLS1q-IICargOoT5bM
cache-control
public, max-age=3600
x-goog-storage-class
REGIONAL
accept-ranges
bytes
x-goog-generation
1519198601160228
content-length
0
server
UploadServer

Redirect headers

cache-control
no-cache, must-revalidate
location
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_error=1
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
286
date
Sat, 06 Dec 2025 23:40:33 GMT
x-xss-protection
0
content-type
text/html; charset=UTF-8
server
HTTP server (unknown)
/
cm.lndata.com/ Frame EE0B 		35 B
394 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.lndata.com/?tid=4084&uid=media_cookie_id
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
116.50.36.71 , Taiwan, ASN18046 (DONGFONG-TW DongFong Technology Co. Ltd., TW),
Reverse DNS
116-50-36-71.dft.tw
Software
TornadoServer/1.2.1 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

P3P
CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR
Content-Length
35
Date
Sat, 06 Dec 2025 23:40:36 GMT
Etag
"0f4e929dd5bb2564f7ab9c76338e04e292a42ace"
Content-Type
image/gif
Server
TornadoServer/1.2.1
fp
cm-dev-poc.holmesmind.com/ Frame EE0B 		0
217 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm-dev-poc.holmesmind.com/fp
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.159.234.135 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-159-234-135.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

content-encoding
gzip
date
Sat, 06 Dec 2025 23:40:34 GMT
content-type
text/html; charset=UTF-8
server
nginx/1.18.0 (Ubuntu)
cm
c.holmesmind.com/ Frame EE0B
Redirect Chain
  • https://c.holmesmind.com/cm
  • https://c.holmesmind.com/cm?tc=getIn&
0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.holmesmind.com/cm?tc=getIn&
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H3
Server
35.201.76.93 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
93.76.201.35.bc.googleusercontent.com
Software
nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/7.0.18-0ubuntu0.17.04.1
server
nginx/1.10.3 (Ubuntu)

Redirect headers

location
https://c.holmesmind.com/cm?tc=getIn&
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/7.0.18-0ubuntu0.17.04.1
server
nginx/1.10.3 (Ubuntu)
fp
cm-dev-poc.holmesmind.com/ Frame 1907 		0
217 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm-dev-poc.holmesmind.com/fp
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.159.234.135 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-159-234-135.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cdn.holmesmind.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Sat, 06 Dec 2025 23:40:34 GMT
server
nginx/1.18.0 (Ubuntu)
cm.php
fcm.holmesmind.com/ Frame 77D8 		39 B
54 B 		Document
General
Check archive.org
Download Go to
Full URL
https://fcm.holmesmind.com/cm.php
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.95.67.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
231.67.95.34.bc.googleusercontent.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
d51ae4a1096fac36fe9055d5c3f4daa85de0120b567636c89327b544a2a6a795

Request headers

Referer
https://cdn.holmesmind.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
39
content-type
text/html; charset=UTF-8
date
Sat, 06 Dec 2025 23:40:42 GMT
server
Apache/2.4.29 (Ubuntu)
via
1.1 google
cm.js
fcm2.holmesmind.com/ Frame EE0B 		409 B
631 B 		Script
General
Check archive.org
Download Go to
Full URL
https://fcm2.holmesmind.com/cm.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.238.82.241 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-238-82-241.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
c205c874491530a4288b8f643e5da8fbcf7c54bee71bb787f4444e77de90e821

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

access-control-allow-origin
*
date
Sat, 06 Dec 2025 23:40:34 GMT
content-type
application/javascript; charset=utf-8
server
nginx/1.18.0 (Ubuntu)
google
m.holmesmind.com/ml/ Frame EE0B
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined
  • https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_error=1
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_error=1
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Server
35.227.249.156 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
156.249.227.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

x-goog-metageneration
1
x-goog-hash
crc32c=AAAAAA==, md5=1B2M2Y8AsgTpgAmY7PhCfg==
etag
"d41d8cd98f00b204e9800998ecf8427e"
age
475
x-goog-stored-content-encoding
identity
expires
Sun, 07 Dec 2025 00:32:38 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
0
date
Sat, 06 Dec 2025 23:32:38 GMT
last-modified
Wed, 21 Feb 2018 07:36:41 GMT
content-type
image/png
x-guploader-uploadid
AHVrFxMC4kMKp03EIbHGmxhmFLFGZ5EcLMwz4ZNSfb6WtrIZioziAL1NShATByLS1q-IICargOoT5bM
cache-control
public, max-age=3600
x-goog-storage-class
REGIONAL
accept-ranges
bytes
x-goog-generation
1519198601160228
content-length
0
server
UploadServer

Redirect headers

cache-control
no-cache, must-revalidate
location
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_error=1
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
286
date
Sat, 06 Dec 2025 23:40:33 GMT
x-xss-protection
0
content-type
text/html; charset=UTF-8
server
HTTP server (unknown)
/
cm.lndata.com/ Frame 03F7 		35 B
394 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.lndata.com/?tid=4084&uid=media_cookie_id
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
116.50.36.71 , Taiwan, ASN18046 (DONGFONG-TW DongFong Technology Co. Ltd., TW),
Reverse DNS
116-50-36-71.dft.tw
Software
TornadoServer/1.2.1 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

P3P
CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR
Content-Length
35
Date
Sat, 06 Dec 2025 23:40:36 GMT
Etag
"0f4e929dd5bb2564f7ab9c76338e04e292a42ace"
Content-Type
image/gif
Server
TornadoServer/1.2.1
fp
cm-dev-poc.holmesmind.com/ Frame 03F7 		0
217 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm-dev-poc.holmesmind.com/fp
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.159.234.135 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-159-234-135.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

content-encoding
gzip
date
Sat, 06 Dec 2025 23:40:34 GMT
content-type
text/html; charset=UTF-8
server
nginx/1.18.0 (Ubuntu)
cm
c.holmesmind.com/ Frame 03F7
Redirect Chain
  • https://c.holmesmind.com/cm
  • https://c.holmesmind.com/cm?tc=getIn&
0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.holmesmind.com/cm?tc=getIn&
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H3
Server
35.201.76.93 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
93.76.201.35.bc.googleusercontent.com
Software
nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/7.0.18-0ubuntu0.17.04.1
server
nginx/1.10.3 (Ubuntu)

Redirect headers

location
https://c.holmesmind.com/cm?tc=getIn&
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/7.0.18-0ubuntu0.17.04.1
server
nginx/1.10.3 (Ubuntu)
fp
cm-dev-poc.holmesmind.com/ Frame F564 		0
217 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm-dev-poc.holmesmind.com/fp
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.159.234.135 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-159-234-135.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cdn.holmesmind.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Sat, 06 Dec 2025 23:40:34 GMT
server
nginx/1.18.0 (Ubuntu)
cm.php
fcm.holmesmind.com/ Frame DC9C 		39 B
54 B 		Document
General
Check archive.org
Download Go to
Full URL
https://fcm.holmesmind.com/cm.php
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.95.67.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
231.67.95.34.bc.googleusercontent.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
d51ae4a1096fac36fe9055d5c3f4daa85de0120b567636c89327b544a2a6a795

Request headers

Referer
https://cdn.holmesmind.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
39
content-type
text/html; charset=UTF-8
date
Sat, 06 Dec 2025 23:40:42 GMT
server
Apache/2.4.29 (Ubuntu)
via
1.1 google
cm.js
fcm2.holmesmind.com/ Frame 03F7 		409 B
631 B 		Script
General
Check archive.org
Download Go to
Full URL
https://fcm2.holmesmind.com/cm.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.238.82.241 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-238-82-241.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
c205c874491530a4288b8f643e5da8fbcf7c54bee71bb787f4444e77de90e821

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

access-control-allow-origin
*
date
Sat, 06 Dec 2025 23:40:34 GMT
content-type
application/javascript; charset=utf-8
server
nginx/1.18.0 (Ubuntu)
google
m.holmesmind.com/ml/ Frame 03F7
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined
  • https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_error=1
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_error=1
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Server
35.227.249.156 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
156.249.227.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

x-goog-metageneration
1
x-goog-hash
crc32c=AAAAAA==, md5=1B2M2Y8AsgTpgAmY7PhCfg==
etag
"d41d8cd98f00b204e9800998ecf8427e"
age
475
x-goog-stored-content-encoding
identity
expires
Sun, 07 Dec 2025 00:32:38 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
0
date
Sat, 06 Dec 2025 23:32:38 GMT
last-modified
Wed, 21 Feb 2018 07:36:41 GMT
content-type
image/png
x-guploader-uploadid
AHVrFxMC4kMKp03EIbHGmxhmFLFGZ5EcLMwz4ZNSfb6WtrIZioziAL1NShATByLS1q-IICargOoT5bM
cache-control
public, max-age=3600
x-goog-storage-class
REGIONAL
accept-ranges
bytes
x-goog-generation
1519198601160228
content-length
0
server
UploadServer

Redirect headers

cache-control
no-cache, must-revalidate
location
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_error=1
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
286
date
Sat, 06 Dec 2025 23:40:33 GMT
x-xss-protection
0
content-type
text/html; charset=UTF-8
server
HTTP server (unknown)
/
cm.lndata.com/ Frame 1E85 		35 B
394 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.lndata.com/?tid=4084&uid=media_cookie_id
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
116.50.36.71 , Taiwan, ASN18046 (DONGFONG-TW DongFong Technology Co. Ltd., TW),
Reverse DNS
116-50-36-71.dft.tw
Software
TornadoServer/1.2.1 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

P3P
CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR
Content-Length
35
Date
Sat, 06 Dec 2025 23:40:38 GMT
Etag
"0f4e929dd5bb2564f7ab9c76338e04e292a42ace"
Content-Type
image/gif
Server
TornadoServer/1.2.1
fp
cm-dev-poc.holmesmind.com/ Frame 1E85 		0
217 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm-dev-poc.holmesmind.com/fp
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.159.234.135 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-159-234-135.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

content-encoding
gzip
date
Sat, 06 Dec 2025 23:40:34 GMT
content-type
text/html; charset=UTF-8
server
nginx/1.18.0 (Ubuntu)
cm
c.holmesmind.com/ Frame 1E85
Redirect Chain
  • https://c.holmesmind.com/cm
  • https://c.holmesmind.com/cm?tc=getIn&
0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.holmesmind.com/cm?tc=getIn&
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H3
Server
35.201.76.93 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
93.76.201.35.bc.googleusercontent.com
Software
nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/7.0.18-0ubuntu0.17.04.1
server
nginx/1.10.3 (Ubuntu)

Redirect headers

location
https://c.holmesmind.com/cm?tc=getIn&
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/7.0.18-0ubuntu0.17.04.1
server
nginx/1.10.3 (Ubuntu)
fp
cm-dev-poc.holmesmind.com/ Frame A1B0 		0
217 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm-dev-poc.holmesmind.com/fp
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.159.234.135 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-159-234-135.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cdn.holmesmind.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Sat, 06 Dec 2025 23:40:35 GMT
server
nginx/1.18.0 (Ubuntu)
cm.php
fcm.holmesmind.com/ Frame 728F 		39 B
52 B 		Document
General
Check archive.org
Download Go to
Full URL
https://fcm.holmesmind.com/cm.php
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.95.67.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
231.67.95.34.bc.googleusercontent.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
d51ae4a1096fac36fe9055d5c3f4daa85de0120b567636c89327b544a2a6a795

Request headers

Referer
https://cdn.holmesmind.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
39
content-type
text/html; charset=UTF-8
date
Sat, 06 Dec 2025 23:40:42 GMT
server
Apache/2.4.29 (Ubuntu)
via
1.1 google
cm.js
fcm2.holmesmind.com/ Frame 1E85 		409 B
631 B 		Script
General
Check archive.org
Download Go to
Full URL
https://fcm2.holmesmind.com/cm.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.238.82.241 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-238-82-241.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
c205c874491530a4288b8f643e5da8fbcf7c54bee71bb787f4444e77de90e821

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

access-control-allow-origin
*
date
Sat, 06 Dec 2025 23:40:34 GMT
content-type
application/javascript; charset=utf-8
server
nginx/1.18.0 (Ubuntu)
google
m.holmesmind.com/ml/ Frame 1E85
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined
  • https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_error=1
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_error=1
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Server
35.227.249.156 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
156.249.227.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

x-goog-metageneration
1
x-goog-hash
crc32c=AAAAAA==, md5=1B2M2Y8AsgTpgAmY7PhCfg==
etag
"d41d8cd98f00b204e9800998ecf8427e"
age
475
x-goog-stored-content-encoding
identity
expires
Sun, 07 Dec 2025 00:32:38 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
0
date
Sat, 06 Dec 2025 23:32:38 GMT
last-modified
Wed, 21 Feb 2018 07:36:41 GMT
content-type
image/png
x-guploader-uploadid
AHVrFxMC4kMKp03EIbHGmxhmFLFGZ5EcLMwz4ZNSfb6WtrIZioziAL1NShATByLS1q-IICargOoT5bM
cache-control
public, max-age=3600
x-goog-storage-class
REGIONAL
accept-ranges
bytes
x-goog-generation
1519198601160228
content-length
0
server
UploadServer

Redirect headers

cache-control
no-cache, must-revalidate
location
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_error=1
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
286
date
Sat, 06 Dec 2025 23:40:33 GMT
x-xss-protection
0
content-type
text/html; charset=UTF-8
server
HTTP server (unknown)
/
cm.lndata.com/ Frame A7B2 		35 B
394 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.lndata.com/?tid=4084&uid=media_cookie_id
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
116.50.36.71 , Taiwan, ASN18046 (DONGFONG-TW DongFong Technology Co. Ltd., TW),
Reverse DNS
116-50-36-71.dft.tw
Software
TornadoServer/1.2.1 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

P3P
CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR
Content-Length
35
Date
Sat, 06 Dec 2025 23:40:38 GMT
Etag
"0f4e929dd5bb2564f7ab9c76338e04e292a42ace"
Content-Type
image/gif
Server
TornadoServer/1.2.1
fp
cm-dev-poc.holmesmind.com/ Frame A7B2 		0
217 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm-dev-poc.holmesmind.com/fp
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.159.234.135 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-159-234-135.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

content-encoding
gzip
date
Sat, 06 Dec 2025 23:40:35 GMT
content-type
text/html; charset=UTF-8
server
nginx/1.18.0 (Ubuntu)
cm
c.holmesmind.com/ Frame A7B2
Redirect Chain
  • https://c.holmesmind.com/cm
  • https://c.holmesmind.com/cm?tc=getIn&
0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.holmesmind.com/cm?tc=getIn&
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H3
Server
35.201.76.93 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
93.76.201.35.bc.googleusercontent.com
Software
nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Sat, 06 Dec 2025 23:40:34 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/7.0.18-0ubuntu0.17.04.1
server
nginx/1.10.3 (Ubuntu)

Redirect headers

location
https://c.holmesmind.com/cm?tc=getIn&
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/7.0.18-0ubuntu0.17.04.1
server
nginx/1.10.3 (Ubuntu)
fp
cm-dev-poc.holmesmind.com/ Frame 04FE 		0
217 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm-dev-poc.holmesmind.com/fp
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.159.234.135 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-159-234-135.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cdn.holmesmind.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Sat, 06 Dec 2025 23:40:35 GMT
server
nginx/1.18.0 (Ubuntu)
cm.php
fcm.holmesmind.com/ Frame 9B17 		39 B
54 B 		Document
General
Check archive.org
Download Go to
Full URL
https://fcm.holmesmind.com/cm.php
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.95.67.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
231.67.95.34.bc.googleusercontent.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
d51ae4a1096fac36fe9055d5c3f4daa85de0120b567636c89327b544a2a6a795

Request headers

Referer
https://cdn.holmesmind.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
39
content-type
text/html; charset=UTF-8
date
Sat, 06 Dec 2025 23:40:42 GMT
server
Apache/2.4.29 (Ubuntu)
via
1.1 google
cm.js
fcm2.holmesmind.com/ Frame A7B2 		409 B
631 B 		Script
General
Check archive.org
Download Go to
Full URL
https://fcm2.holmesmind.com/cm.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.238.82.241 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-238-82-241.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
c205c874491530a4288b8f643e5da8fbcf7c54bee71bb787f4444e77de90e821

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

access-control-allow-origin
*
date
Sat, 06 Dec 2025 23:40:34 GMT
content-type
application/javascript; charset=utf-8
server
nginx/1.18.0 (Ubuntu)
google
m.holmesmind.com/ml/ Frame A7B2
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined
  • https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_error=1
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_error=1
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Server
35.227.249.156 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
156.249.227.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

x-goog-metageneration
1
x-goog-hash
crc32c=AAAAAA==, md5=1B2M2Y8AsgTpgAmY7PhCfg==
etag
"d41d8cd98f00b204e9800998ecf8427e"
age
475
x-goog-stored-content-encoding
identity
expires
Sun, 07 Dec 2025 00:32:38 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
0
date
Sat, 06 Dec 2025 23:32:38 GMT
last-modified
Wed, 21 Feb 2018 07:36:41 GMT
content-type
image/png
x-guploader-uploadid
AHVrFxMC4kMKp03EIbHGmxhmFLFGZ5EcLMwz4ZNSfb6WtrIZioziAL1NShATByLS1q-IICargOoT5bM
cache-control
public, max-age=3600
x-goog-storage-class
REGIONAL
accept-ranges
bytes
x-goog-generation
1519198601160228
content-length
0
server
UploadServer

Redirect headers

cache-control
no-cache, must-revalidate
location
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_error=1
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
286
date
Sat, 06 Dec 2025 23:40:33 GMT
x-xss-protection
0
content-type
text/html; charset=UTF-8
server
HTTP server (unknown)
iXGJEr7Orjl.css
static.xx.fbcdn.net/rsrc.php/v5/yg/l/0,cross/ Frame 0D74 		20 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v5/yg/l/0,cross/iXGJEr7Orjl.css
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Freurl.cc%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-fra3.fbcdn.net
Software
/
Resource Hash
60280ebcf60053f7d378a772ecfabb60b0b69b9634e19105cb2307b126918447
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin
https://www.facebook.com
Referer
https://www.facebook.com/

Response headers

content-md5
z/mgktkHqyjk5kjdOFxmUA==
content-encoding
zstd
report-to
{"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Fri, 04 Dec 2026 11:09:30 GMT
alt-svc
h3=":443"; ma=86400
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
text/css; charset=utf-8
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug
q61wx31P4Dm8z+83qnp3NajXI2M3PUw+lHnb3uQY0Xfz8En8yF1JQp1m280VXzMKHYio1YTdqtOctcu+k3pZrQ==
priority
u=0
vary
Origin
reporting-endpoints
permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
x-fb-connection-quality
GOOD; q=0.7, rtt=76, rtx=2, c=5, mss=1232, tbw=17257, tp=24, tpl=2, uplat=3, ullat=-1
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin
https://www.facebook.com
content-length
5633
origin-agent-cluster
?1
WCTiQ6kREY8.js
static.xx.fbcdn.net/rsrc.php/v4/yL/r/ Frame 0D74 		339 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v4/yL/r/WCTiQ6kREY8.js
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Freurl.cc%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-fra3.fbcdn.net
Software
/
Resource Hash
88eec3b46d536658d7c59b2dd03b35dffdda8d03a2eaff9674a4d53b4b1ee8aa
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin
https://www.facebook.com
Referer
https://www.facebook.com/

Response headers

content-md5
/9udU619KlsNkrdgdC3lqg==
content-encoding
zstd
report-to
{"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 05 Dec 2026 20:08:34 GMT
alt-svc
h3=":443"; ma=86400
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
application/x-javascript; charset=utf-8
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug
GdvkIBOshcbjKH0b3PBYsxC6TzX2zmHk7UPiP3Ti0w7F+h+c4OIGNTPq3VSqayWCljeCnYDNY4YlAnKFsKfv3g==
priority
u=1
vary
Origin
reporting-endpoints
permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
x-fb-connection-quality
GOOD; q=0.7, rtt=76, rtx=2, c=5, mss=1232, tbw=9593, tp=17, tpl=2, uplat=2, ullat=-1
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin
https://www.facebook.com
content-length
92051
origin-agent-cluster
?1
XZtOE_fK9iK.js
static.xx.fbcdn.net/rsrc.php/v4/yK/r/ Frame 0D74 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v4/yK/r/XZtOE_fK9iK.js
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Freurl.cc%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-fra3.fbcdn.net
Software
/
Resource Hash
8f7636a0b0dd99d49730dd0dd8f91db5bc76ead8b17b834c2071fdeac92ce0f4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin
https://www.facebook.com
Referer
https://www.facebook.com/

Response headers

content-md5
PSFvzQDInesB10SfR39pWA==
content-encoding
zstd
report-to
{"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Thu, 03 Dec 2026 09:05:47 GMT
alt-svc
h3=":443"; ma=86400
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
application/x-javascript; charset=utf-8
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug
Z+5jsU4D4idmkTgTdGcZc7dUM6BpMhjMp2YTI/Z5LwsEBW3RknYTHsfHRIu8V1vADhTd5DeaOIo6oJ/2DK1Qbw==
priority
u=1
vary
Origin
reporting-endpoints
permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
x-fb-connection-quality
GOOD; q=0.7, rtt=77, rtx=4, c=21, mss=1232, tbw=39433, tp=42, tpl=4, uplat=2, ullat=-1
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin
https://www.facebook.com
content-length
2665
origin-agent-cluster
?1
XlAQ_TwXTjN.js
static.xx.fbcdn.net/rsrc.php/v4iEpO4/yT/l/es_ES~es_LA-j/ Frame 0D74 		185 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v4iEpO4/yT/l/es_ES~es_LA-j/XlAQ_TwXTjN.js
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Freurl.cc%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-fra3.fbcdn.net
Software
/
Resource Hash
cda14c5d442d3a25a325ba897930f31245b21c1639ff0f7abaef684cdce5a951
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin
https://www.facebook.com
Referer
https://www.facebook.com/

Response headers

content-md5
fvzGaDxlkWgcwwj6qybBsA==
content-encoding
zstd
report-to
{"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 05 Dec 2026 20:35:51 GMT
alt-svc
h3=":443"; ma=86400
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
application/x-javascript; charset=utf-8
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug
nZR3XBjr2r9CKkOMxffU5hp4SFI3z/qZujf5nGP5MklatX/hqojblJYBDw7QVuteUbEowD7hV++6vA17/Cy4sA==
priority
u=1
vary
Origin
reporting-endpoints
permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
x-fb-connection-quality
GOOD; q=0.7, rtt=77, rtx=4, c=21, mss=1232, tbw=39433, tp=42, tpl=4, uplat=82, ullat=-1
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin
https://www.facebook.com
content-length
50865
origin-agent-cluster
?1
YvNVhqsZ8kM.js
static.xx.fbcdn.net/rsrc.php/v4/y-/r/ Frame 0D74 		36 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v4/y-/r/YvNVhqsZ8kM.js
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Freurl.cc%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-fra3.fbcdn.net
Software
/
Resource Hash
120a67e10b39b6b70dc52c65c77d016cba6e33b0ecc86d3fd49dda8f9efc2657
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin
https://www.facebook.com
Referer
https://www.facebook.com/

Response headers

content-md5
tXa15XQP+ilpiX2Yn0SYsQ==
content-encoding
zstd
report-to
{"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sun, 06 Dec 2026 17:17:04 GMT
alt-svc
h3=":443"; ma=86400
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
application/x-javascript; charset=utf-8
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug
dumri3Bz7mMl8IpHgy66xwzPv2OKuIuWmRqjaExLEXLJjPTlUPTGPWW1eLN4Ed7eCofRLT5ng8b6tqgFJLMGUg==
priority
u=1
vary
Origin
reporting-endpoints
permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
x-fb-connection-quality
GOOD; q=0.7, rtt=77, rtx=2, c=20, mss=1232, tbw=35737, tp=39, tpl=2, uplat=79, ullat=-1
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin
https://www.facebook.com
content-length
12336
origin-agent-cluster
?1
8wypiAW_bfk.js
static.xx.fbcdn.net/rsrc.php/v4/yb/r/ Frame 0D74 		557 B
465 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v4/yb/r/8wypiAW_bfk.js
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Freurl.cc%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-fra3.fbcdn.net
Software
/
Resource Hash
c2bfe20d9d58935828e75bc753e2655f240621077408ae64f9b40a20f5125487
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin
https://www.facebook.com
Referer
https://www.facebook.com/

Response headers

content-md5
WrWgdG79ReerxOLSJDvtvA==
content-encoding
zstd
report-to
{"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Thu, 03 Dec 2026 07:47:42 GMT
alt-svc
h3=":443"; ma=86400
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
application/x-javascript; charset=utf-8
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug
44gnyMJFbexgBmCwAgE+DJAPr4Y7ORgjKIPI+F/66sG0p/p/LWWXgV067qNdAyzj6tsjZRQs9Ht13GXDRpV0jQ==
priority
u=1
vary
Origin
reporting-endpoints
permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
x-fb-connection-quality
GOOD; q=0.7, rtt=77, rtx=4, c=21, mss=1232, tbw=39433, tp=42, tpl=4, uplat=81, ullat=-1
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin
https://www.facebook.com
content-length
323
origin-agent-cluster
?1
2v2nU1TtjgO.js
static.xx.fbcdn.net/rsrc.php/v4iLl54/ym/l/es_ES~es_LA-j/ Frame 0D74 		30 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v4iLl54/ym/l/es_ES~es_LA-j/2v2nU1TtjgO.js
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Freurl.cc%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-fra3.fbcdn.net
Software
/
Resource Hash
0609da224daf4b439c3f1bfe1aa1e2f1f19a45f2eba1687a9cb17aec5150c529
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin
https://www.facebook.com
Referer
https://www.facebook.com/

Response headers

content-md5
H3areomtCrWZseeOSp9pog==
content-encoding
zstd
report-to
{"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 05 Dec 2026 17:56:33 GMT
alt-svc
h3=":443"; ma=86400
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
application/x-javascript; charset=utf-8
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug
79x7DYp0x9zX8REW4cpMKttJTKsMXj7mwGqpy5za0VvBUqlTHb8/V4g9Y5GM99dpmpwqObTv3Z6lUrjiUHdKSQ==
priority
u=1
vary
Origin
reporting-endpoints
permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
x-fb-connection-quality
GOOD; q=0.7, rtt=77, rtx=4, c=21, mss=1232, tbw=39433, tp=42, tpl=4, uplat=84, ullat=-1
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin
https://www.facebook.com
content-length
8789
origin-agent-cluster
?1
302181889_449668210518240_1343224774275673253_n.png
scontent.xx.fbcdn.net/v/t39.30808-1/ Frame 0D74 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://scontent.xx.fbcdn.net/v/t39.30808-1/302181889_449668210518240_1343224774275673253_n.png?stp=cp0_dst-png_s50x50&_nc_cat=105&ccb=1-7&_nc_sid=f907e8&_nc_ohc=wjho_hblH3IQ7kNvwHXKTeV&_nc_oc=AdnXr1Zx8YdCLE4QySMkbU8glp5KZlSNktv7FI4ctaGKtNIB5jYr5GYVVH1MnS-k8Yc&_nc_zt=24&_nc_ht=scontent.xx&edm=ADwHzz8EAAAA&_nc_gid=efGbvnJiPGoe_7jN3KWffw&oh=00_Afk25421aCfvBswfCo5GTMkoXpdYwngMri9-EyZiUxxCpQ&oe=693A95D5
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Freurl.cc%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-fra3.fbcdn.net
Software
/
Resource Hash
352d0915216b13b935f1abedea04d4a039802faaf69153ae71c377410990e322

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://www.facebook.com/

Response headers

x-robots-tag
noarchive, noindex
alt-svc
h3=":443"; ma=86400
date
Sat, 06 Dec 2025 23:40:33 GMT
no-vary-search
key-order, params=("_nc_gid" "oh" "oe" "_nc_oc" "_nc_ohc" "_nc_cat" "_nc_ht" "_nc_cb")
last-modified
Tue, 06 Sep 2022 22:20:57 GMT
x-fb-ptm-uuid
08413EAB703521C33A603B1E4FF435B8
content-type
image/png
priority
u=3,i
cache-control
max-age=1209600, no-transform
timing-allow-origin
*
x-fb-connection-quality
GOOD; q=0.7, rtt=65, rtx=0, c=23, mss=1232, tbw=4970, tp=9, tpl=0, uplat=0, ullat=-1
x-crypto-project
0
cross-origin-resource-policy
cross-origin
content-digest
adler32=747767112
access-control-allow-origin
*
accept-ranges
bytes
content-length
2066
x-additional-error-detail
/
www.facebook.com/privacy_sandbox/topics/registration/ 		67 B
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/privacy_sandbox/topics/registration/?id=1675200226052423
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/signals/config/1675200226052423?v=2.9.244&r=stable&domain=reurl.cc&hme=c8d728dcf66fcd6d2ba9e956bab53b4a2845b1d25a57eb74dd7839b3bf40323c&ex_m=90%2C149%2C129%2C19%2C66%2C67%2C122%2C62%2C42%2C123%2C71%2C61%2C9%2C136%2C79%2C14%2C89%2C27%2C117%2C110%2C69%2C72%2C116%2C133%2C98%2C138%2C7%2C3%2C4%2C6%2C5%2C2%2C80%2C88%2C139%2C217%2C160%2C56%2C219%2C220%2C49%2C175%2C26%2C68%2C225%2C224%2C163%2C29%2C55%2C8%2C58%2C84%2C85%2C86%2C91%2C113%2C28%2C25%2C115%2C112%2C111%2C130%2C70%2C132%2C131%2C44%2C54%2C106%2C13%2C135%2C39%2C205%2C208%2C170%2C22%2C23%2C24%2C16%2C17%2C38%2C34%2C36%2C35%2C75%2C81%2C83%2C96%2C121%2C124%2C40%2C97%2C20%2C18%2C102%2C63%2C32%2C126%2C125%2C127%2C118%2C21%2C31%2C53%2C95%2C134%2C64%2C15%2C128%2C30%2C185%2C156%2C281%2C203%2C147%2C188%2C181%2C157%2C93%2C114%2C74%2C104%2C48%2C41%2C103%2C109%2C52%2C59%2C108%2C43%2C99%2C47%2C50%2C46%2C87%2C137%2C0%2C107%2C12%2C105%2C10%2C1%2C51%2C82%2C57%2C60%2C101%2C78%2C77%2C45%2C119%2C76%2C73%2C65%2C100%2C92%2C37%2C120%2C33%2C94%2C11%2C140
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-fra3.facebook.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 127.0.0.1:* 'nonce-nxfjjEIF' blob: 'self' 'wasm-unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

access-control-expose-headers
X-FB-Debug, X-Loader-Length, X-Stack, Error-MID
content-encoding
zstd
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7580894016954855914&cpp=C3&cv=1030734632&st=1765064433629"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
observe-browsing-topics
?1
expires
Sat, 01 Jan 2000 00:00:00 GMT
access-control-allow-methods
OPTIONS
alt-svc
h3=":443"; ma=86400
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
image/png
vary
Origin, Accept-Encoding
x-fb-debug
c2nfEVAtuLIhp7I1uZeAgZO6rWak7tysNenlwRh5pRxKG14JUDV558oqdKSoviFkyVCxj6pChlTYqNeyWeuhMw==
priority
u=1,i
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7580894016954855914&cpp=C3&cv=1030734632&st=1765064433629", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 127.0.0.1:* 'nonce-nxfjjEIF' blob: 'self' 'wasm-unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cache-control
private, no-store, no-cache, must-revalidate
x-fb-connection-quality
GOOD; q=0.7, rtt=66, rtx=0, c=24, mss=1232, tbw=7433, tp=11, tpl=0, uplat=113, ullat=0
cross-origin-opener-policy
same-origin-allow-popups
pragma
no-cache
cross-origin-resource-policy
same-origin
access-control-allow-credentials
true
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self "https://www.fbsbx.com"), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin
*
x-xss-protection
0
origin-agent-cluster
?1
/
www.facebook.com/tr/ 		0
270 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1675200226052423&ev=PageView&dl=https%3A%2F%2Freurl.cc%2Fk8qxzL%23Conditions&rl=&if=false&ts=1765064432958&sw=1600&sh=1200&v=2.9.244&r=stable&ec=0&o=4124&fbp=fb.1.1765064432955.970278867548499958&cs_est=true&ler=empty&cdl=API_unavailable&plt=5669.800003051758&it=1765064432518&coo=false&expv2[0]=pl0&expv2[1]=el2&expv2[2]=bc1&expv2[3]=mr0&expv2[4]=im0&rqm=GET
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
GOOD; q=0.7, rtt=67, rtx=0, c=10, mss=1308, tbw=4564, tp=-1, tpl=-1, uplat=0, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
text/plain
server
proxygen-bolt
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1675200226052423&ev=PageView&dl=https%3A%2F%2Freurl.cc%2Fk8qxzL%23Conditions&rl=&if=false&ts=1765064432958&sw=1600&sh=1200&v=2.9.244&r=stable&ec=0&o=4124&fbp=fb.1.1765064432955.970278867548499958&cs_est=true&ler=empty&cdl=API_unavailable&plt=5669.800003051758&it=1765064432518&coo=false&expv2[0]=pl0&expv2[1]=el2&expv2[2]=bc1&expv2[3]=mr0&expv2[4]=im0&rqm=FGET
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-X2CqDais' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

content-encoding
zstd
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7580894016195846641&cpp=C3&cv=1030734632&st=1765064433710"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
image/png
vary
Accept-Encoding
x-fb-debug
CNqrY6jboIQ+9HgnCwpjYapSxLmNbNZ7DtgwqFhk2VZHodKUVmrqs3OzydY22lhXlsBIdAq0TMAS4Z0o3VAcvQ==
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7580894016195846641&cpp=C3&cv=1030734632&st=1765064433710", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-X2CqDais' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control
private, no-store, no-cache, must-revalidate
x-fb-connection-quality
GOOD; q=0.7, rtt=67, rtx=0, c=12, mss=1308, tbw=4878, tp=-1, tpl=-1, uplat=147, ullat=0
cross-origin-opener-policy
same-origin-allow-popups
pragma
no-cache
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self "https://www.fbsbx.com"), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top, include-js-call-stacks-in-crash-reports
x-xss-protection
0
origin-agent-cluster
?1
analytics.js
www.google-analytics.com/ 		51 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/asset/javascripts/common/ga.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
f1a61277e3f902f50ab42015d8b07218db9b7601bb0967e54a52bfdcb4fa7e81
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

content-encoding
gzip
age
3049
report-to
{"group":"ascnsrsgac:225:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options
nosniff
expires
Sun, 07 Dec 2025 00:49:44 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 06 Dec 2025 22:49:44 GMT
last-modified
Tue, 15 Jul 2025 00:44:26 GMT
content-type
text/javascript
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsgac:225:0
content-length
20737
server
Golfe2
adsrv
onead.onevision.com.tw/v2/ 		176 B
477 B 		Script
General
Check archive.org
Download Go to
Full URL
https://onead.onevision.com.tw/v2/adsrv?version=20250516&uid=1000480&category=-1&cookie=true&ip=&guid=f4de05b8-d2fc-11f0-8060-42010a000023&channel=0&volume=0.5&r=&adid=&response_freq_multiple=native-drive.0&web_location=https%3A%2F%2Freurl.cc%2Fk8qxzL%23Conditions&title=Meilleur%20IPTV%20Abonnement%20en%20France&fp=359e083d5ee45feaaa21a747017edef7&_t=1765064433175&cb=ONEAD_text_response_52ood&pb=0&spid=&player_type=NATIVE_LIST&bgid=0
Requested by
Host: ad-specs.guoshipartners.com
URL: https://ad-specs.guoshipartners.com/static/js/ad-serv.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
107.178.241.176 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
176.241.178.107.bc.googleusercontent.com
Software
gws / OneAD
Resource Hash
552bcecf5134233103a959c9454df5670f589815e987e0ac38673ec1598a0f1e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-onead-version
29cc6b37
age
0
access-control-allow-methods
GET,POST,OPTIONS,PUT
expires
Mon, 01 Jan 1990 00:00:00 GMT
x-varnish
123937775
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
application/javascript
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
x-onead-guid
f4de05b8-d2fc-11f0-8060-42010a000023
x-onead-force-backend
false
access-control-allow-credentials
true
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
content-length
176
x-onead-hit-counter
1
x-onead-backend
onead-http-query-s7hc-gohttp
server
gws
x-powered-by
OneAD
collect
analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-N394QBRGC0&gtm=45je5c31v897965293za200zb9181474282zd9181474282&_p=1765064431180&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&cid=1498954258.1765064433&ul=es-es&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391252~115583767~115938466~115938468~116184927~116184929~116217636~116217638~116518834&sid=1765064433&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2Fk8qxzL&dt=Meilleur%20IPTV%20Abonnement%20en%20France&en=page_view&_fv=1&_ss=1&_ee=1&tfd=6520
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:169:0
report-to
{"group":"ascnsrsggc:169:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:169:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://reurl.cc
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:169:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
text/plain
server
Golfe2
collect
stats.g.doubleclick.net/g/ 		0
48 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-N394QBRGC0&cid=1498954258.1765064433&gtm=45je5c31v897965293za200zb9181474282zd9181474282&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391252~115583767~115938466~115938468~116184927~116184929~116217636~116217638~116518834
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c06::9d , Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:138:0
report-to
{"group":"ascnsrsggc:138:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:138:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://reurl.cc
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:138:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
text/plain
server
Golfe2
ga-audiences
www.google.co.in/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.co.in/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-N394QBRGC0&cid=1498954258.1765064433&gtm=45je5c31v897965293za200zb9181474282zd9181474282&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391252~115583767~115938466~115938468~116184927~116184929~116217636~116217638~116518834&z=442766723
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.67 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Sat, 06 Dec 2025 23:40:33 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
collect
analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-N394QBRGC0&gtm=45je5c31v897965293za200zb9181474282zd9181474282&_p=1765064431180&gcd=13l3l3l3l1l1&npa=0&dma=0&cid=1498954258.1765064433&ul=es-es&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=gAAAAAQ&_s=2&tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391252~115583767~115938466~115938468~116184927~116184929~116217636~116217638~116518834&sid=1765064433&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2Fk8qxzL&dt=Meilleur%20IPTV%20Abonnement%20en%20France&en=1&ep.event_category=pause&ep.event_label=MTg1LjE4OC42MS4yNDQ&epn.value=1&_et=14&tfd=6538
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:169:0
report-to
{"group":"ascnsrsggc:169:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:169:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://reurl.cc
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:169:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
text/plain
server
Golfe2
collect
region1.analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-S9B9ZLEX4D&gtm=45je5c31v9235665865za200zb9181474282zd9181474282&_p=1765064431180&_gaz=1&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&cid=1498954258.1765064433&ul=es-es&sr=1600x1200&_ng=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&tag_exp=103116026~103200004~104527907~104528500~104684208~104684211~105391252~115583767~115616986~115938466~115938469~116184927~116184929~116217636~116217638~116251938~116251940~116518834&sid=1765064433&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2Fk8qxzL&dt=Meilleur%20IPTV%20Abonnement%20en%20France&en=page_view&_fv=1&_ss=1&_ee=1&tfd=6674
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S9B9ZLEX4D&cx=c&gtm=4e5c31
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:169:0
report-to
{"group":"ascnsrsggc:169:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:169:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://reurl.cc
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:169:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 06 Dec 2025 23:40:34 GMT
content-type
text/plain
server
Golfe2
collect
stats.g.doubleclick.net/g/ 		0
48 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&_ng=1&tid=G-S9B9ZLEX4D&cid=1498954258.1765064433&gtm=45je5c31v9235665865za200zb9181474282zd9181474282&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=103116026~103200004~104527907~104528500~104684208~104684211~105391252~115583767~115616986~115938466~115938469~116184927~116184929~116217636~116217638~116251938~116251940~116518834
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S9B9ZLEX4D&cx=c&gtm=4e5c31
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c06::9d , Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:138:0
report-to
{"group":"ascnsrsggc:138:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:138:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://reurl.cc
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:138:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
text/plain
server
Golfe2
ga-audiences
www.google.es/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.es/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ng=1&tid=G-S9B9ZLEX4D&cid=1498954258.1765064433&gtm=45je5c31v9235665865za200zb9181474282zd9181474282&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=103116026~103200004~104527907~104528500~104684208~104684211~105391252~115583767~115616986~115938466~115938469~116184927~116184929~116217636~116217638~116251938~116251940~116518834&z=103760597
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Sat, 06 Dec 2025 23:40:34 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
AGSKWxXYNvavRW1te_d3bI1kMUAirsrIL9Azt3K4xXjM11TnmgRxbMsDkEkeZO9KRduF6-SqMf9o8tXxoAyJP-HCqgVQRtz7ce52_qbS-5zb1NSpbUje2TllNH0OS2KquDKJJSTnaUqkmA==
fundingchoicesmessages.google.com/el/ 		0
396 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxXYNvavRW1te_d3bI1kMUAirsrIL9Azt3K4xXjM11TnmgRxbMsDkEkeZO9KRduF6-SqMf9o8tXxoAyJP-HCqgVQRtz7ce52_qbS-5zb1NSpbUje2TllNH0OS2KquDKJJSTnaUqkmA==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.es.RcR3kUpOxDM.es5.O/d=1/rs=AJlcJMx7F2XITpaLmV314czjUExTYL4ubA/m=kernel_loader,loader_js_executable
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Cb2nwHfJQAcV1RqJwjEoUA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://reurl.cc/

Response headers

access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 06 Dec 2025 23:40:34 GMT
content-type
text/html; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzj8tDikmJw0pBi-FB_mfUHEJv53Wa1A-Jqdy-2ZiC29fdhcwXivTl-bEeBOLPTj60QiM_v9WO7DsSrb_qxbQZiIW6OT38vnWQTeLF0kbSSS1J-YXxyfl5Jal6JbmJKsS6IXZSZVFqSX4TCTi0DqcjJT0_PzEuPNzIwMjU0MjDRMzCPLzAAAD3tOL0"
content-security-policy
script-src 'report-sample' 'nonce-Cb2nwHfJQAcV1RqJwjEoUA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin
https://reurl.cc
content-length
0
x-xss-protection
0
server
ESF
AGSKWxXYNvavRW1te_d3bI1kMUAirsrIL9Azt3K4xXjM11TnmgRxbMsDkEkeZO9KRduF6-SqMf9o8tXxoAyJP-HCqgVQRtz7ce52_qbS-5zb1NSpbUje2TllNH0OS2KquDKJJSTnaUqkmA==
fundingchoicesmessages.google.com/el/ 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxXYNvavRW1te_d3bI1kMUAirsrIL9Azt3K4xXjM11TnmgRxbMsDkEkeZO9KRduF6-SqMf9o8tXxoAyJP-HCqgVQRtz7ce52_qbS-5zb1NSpbUje2TllNH0OS2KquDKJJSTnaUqkmA==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.es.RcR3kUpOxDM.es5.O/d=1/rs=AJlcJMx7F2XITpaLmV314czjUExTYL4ubA/m=kernel_loader,loader_js_executable
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-yyGtHk_CsXsWdCFEu13NCQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://reurl.cc/

Response headers

access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 06 Dec 2025 23:40:34 GMT
content-type
text/html; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzj8tDikmJw0ZBi-FB_mfUHEJv53Wa1A-Jqdy-2ZiC29fdhcwXivTl-bEeBOLPTj60QiM_v9WO7DsSrb_qxbQZiIW6OT38vnWQT-LGvV0rJJSm_MD45P68kNa9ENzGlWBfELspMKi3JL0Jhp5aBVOTkp6dn5qXHGxkYmRoaGZjoGZjHFxgAAEStONI"
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-yyGtHk_CsXsWdCFEu13NCQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin
https://reurl.cc
content-length
0
x-xss-protection
0
server
ESF
AGSKWxUeYr8M2kyM0bP2qqc689pmBkCEpVcPxoM8Cf9Bv4A2mnM7jHE_oG1YUChBF1oUx7HKmHWv2DdJhJN6Mob3SnRgVpKXkU3UzZzi-TIsr3WHHj04De9y2qezkY4-0o7D0Xb6dDT6Ew==
fundingchoicesmessages.google.com/f/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxUeYr8M2kyM0bP2qqc689pmBkCEpVcPxoM8Cf9Bv4A2mnM7jHE_oG1YUChBF1oUx7HKmHWv2DdJhJN6Mob3SnRgVpKXkU3UzZzi-TIsr3WHHj04De9y2qezkY4-0o7D0Xb6dDT6Ew==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzY1MDY0NDMzLDU4OTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9yZXVybC5jYy9rOHF4ekwiLG51bGwsW1s4LCJSY1Iza1VwT3hETSJdLFs5LCJlcyJdLFsxOSwiMiJdLFsxNywiWzBdIl0sWzI0LCIiXSxbMjksImZhbHNlIl1dXQ
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.es.RcR3kUpOxDM.es5.O/d=1/rs=AJlcJMx7F2XITpaLmV314czjUExTYL4ubA/m=kernel_loader,loader_js_executable
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d4131870032e7d42fa278dbb33233d9d712fbb0552adceb3ea3e3decf6047fa2
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-p7K4nIqGy_WDUylF0ZkICg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
application/javascript; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjmsCoxSXF4KQhxdB68xzrZCDuWnSedQYQGypcYrUH4g_1l1l_AHGRxBXWBiD-VHWDVaD6BmsS-03WAiA287vNagfE1e5ebM1AbOvvw-YKxN-KfdlYSnzZ9v33ZTsGxHtz_NiOAnFmpx9bIRCf3-vHdh2IV9_0Y9sMxCu8_Nk2ALEQD8fHv5dOsgkcmN-2mUlJIym_MD45P6-kKDOptCS_KC05LbU4tagstSjeyMDI1NDIwETPwDy-wAAAadpLzw"
content-security-policy
script-src 'report-sample' 'nonce-p7K4nIqGy_WDUylF0ZkICg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control
no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin
*
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection
0
server
ESF
esp.js
oa.openxcdn.net/ 		24 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://oa.openxcdn.net/esp.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/pubads_impl.js?cb=31096008
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.146.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-goog-metageneration
1
content-encoding
gzip
x-goog-hash
crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
etag
"df5542b88bc0e368c6999754a5b9e2ba"
age
1311027
x-goog-stored-content-encoding
gzip
expires
Sat, 21 Nov 2026 19:30:06 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
7927
date
Fri, 21 Nov 2025 19:30:06 GMT
last-modified
Thu, 27 May 2021 18:30:51 GMT
content-type
application/javascript
x-guploader-uploadid
AOCedOFwJEP34RVyw3aOisOZ-2CDOd437VPZnGenMA1IIntAw6-BCic0ArpS4gam6nKHBH6flFzHOag
cache-control
no-transform
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
bytes
x-goog-generation
1622140251693895
content-length
7927
server
UploadServer
sync.min.js
tags.crwdcntrl.net/lt/c/16589/ 		43 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/pubads_impl.js?cb=31096008
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.244.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-244-20.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b08fe2a6deb6fa610692639720cbb4a1a2d82cbe93d16b7a092bccbdf5d98943

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

vary
Accept-Encoding
cache-control
public, max-age=86400
content-encoding
gzip
etag
W/"cd6ce03a454ab439d4a51f5fce171e54"
age
51627
via
1.1 fa5fdff0565bac70f31c39c016fef732.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
kO3Yrk8pnaomEnh9cZFyJu2dso2XYOa52bjLw8u79kd1E2tq1ntJVA==
date
Sat, 06 Dec 2025 09:20:07 GMT
content-type
text/javascript
last-modified
Thu, 16 Oct 2025 16:31:03 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P14
x-amz-server-side-encryption
AES256
encrypted-tag-g.js
invstatic101.creativecdn.com/encrypted-signals/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/pubads_impl.js?cb=31096008
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
87.70.96.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
2e5f5cb912c0619933ea6c3ad8ac1466a005f792e3338d96a8432d144c63520f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

etag
861bdaf24bda5c0db45c6ebe1c94a9eb
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2729
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
text/javascript; charset=utf-8
last-modified
Wed, 05 Feb 2025 14:45:21 GMT
server
Google Frontend
x-cloud-trace-context
a6ea3866b097af8977cde679937ff039
publishertag.ids.js
static.criteo.net/js/ld/ 		42 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.ids.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/pubads_impl.js?cb=31096008
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::28 , France, ASN44788 (ASN-CRITEO-EUROPE Criteo Technology SAS, FR),
Reverse DNS
Software
nginx /
Resource Hash
1eee35895c34e1be650b2a93e0ee862b25a29777136bcb1908e852bc32b66940
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

strict-transport-security
max-age=31536000; preload;
cache-control
max-age=86400, public
timing-allow-origin
*
content-encoding
gzip
cross-origin-resource-policy
cross-origin
expires
Sun, 07 Dec 2025 23:40:33 GMT
access-control-allow-origin
*
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
text/javascript
vary
x-geo-country
server
nginx
ob.js
cdn-ima.33across.com/ 		0
0
ads
securepubads.g.doubleclick.net/gampad/ 		62 KB
25 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=7401848847162852&correlator=430308145102343&eid=31095250%2C31095912%2C31096008%2C83321073&output=ldjh&gdfp_req=1&vrg=202512040101&ptt=17&impl=fifs&gdpr=0&iu_parts=21787810958%2CTW_reurl.cc_res_all_truvid_1x1%2CTW_reurl.cc_res_allsite_top_avs&enc_prev_ius=%2F0%2F1%2C%2F0%2F2&prev_iu_szs=300x250%7C336x280%7C1x1%2C1x1&ifi=1&didk=3347717449~2825456951&dids=ats-slider-10~ats-insert_ads-8&adfs=2335287240~3992581161&sfv=1-0-45&sc=1&cookie_enabled=1&abxe=1&dt=1765064433615&lmt=1765064433&adxs=15%2C800&adys=33%2C171&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0&ucis=1%7C2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Freurl.cc%2Fk8qxzL%23Conditions&vis=1&psz=1570x0%7C1600x0&msz=1570x0%7C1600x0&fws=0%2C0&ohw=0%2C0&a3p=EhwKDWNyd2RjbnRybC5uZXQYxb-nsK8zSABSAghkEhQKBW9wZW54GMW_p7CvM0gAUgIIZBIbCgwzM2Fjcm9zcy5jb20Yxb-nsK8zSABSAghkEh0KDmVzcC5jcml0ZW8uY29tGMW_p7CvM0gAUgIIZBIXCghydGJob3VzZRjFv6ewrzNIAFICCGQ.&psd=WzMxLFtdXQ..&dlt=1765064429209&idt=3124&cust_params=url%3D%252Fk8qxzL%26ref%3Dnull&adks=3936558959%2C940499867&frm=20&eoidce=1&pgls=CAs.
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/pubads_impl.js?cb=31096008
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
cb0b7e59ac2eef11006bebdcfd28fc93484e960290e7c2b59751a11d51535f10
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

content-encoding
br
google-lineitem-id
-1,-2
observe-browsing-topics
?1
x-content-type-options
nosniff
google-mediationtag-id
-2
google-mediationgroup-id
-2
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
text/plain; charset=UTF-8
google-creative-id
-1,-2
cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
content-length
25905
x-xss-protection
0
server
cafe
container.html
f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com/safeframe/1-0-45/html/ Frame 2836 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/pubads_impl.js?cb=31096008
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f1a68bf826c55985468304f4284a09cb8a68e82503d764166e611a7c58a85a4b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
br
content-length
3121
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Sat, 06 Dec 2025 23:40:33 GMT
expires
Sat, 06 Dec 2025 23:40:33 GMT
last-modified
Thu, 08 May 2025 23:15:48 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
ads.js
ad.holmesmind.com/adserver/ Frame EA0A 		1 KB
852 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/ads.js?z=13858&rf=https%3A%2F%2Freurl.cc%2Fk8qxzL%23Conditions&n=661&o=4&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=9686-TeftXPByfrBByQsJSO45jsQQ4pxXhJkZ&fp_uuid=9686-0565e32eebf1cf109ba77bee4b3f7377&initver=230627P
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.75.180.237 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-75-180-237.ap-northeast-1.compute.amazonaws.com
Software
nginx /
Resource Hash
051e80a1c57abf8110179c702d7422232d6f838dc7e8c3a25f17e83d8f930298

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

access-control-allow-origin
https://reurl.cc
content-encoding
gzip
date
Sat, 06 Dec 2025 23:40:34 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx
access-control-allow-credentials
true
ads.js
ad.holmesmind.com/adserver/ Frame 3615 		4 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/ads.js?z=14210&rf=https%3A%2F%2Freurl.cc%2Fk8qxzL%23Conditions&n=817&o=4&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=9686-TeftXPByfrBByQsJSO45jsQQ4pxXhJkZ&fp_uuid=9686-0565e32eebf1cf109ba77bee4b3f7377&initver=230627P
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.75.180.237 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-75-180-237.ap-northeast-1.compute.amazonaws.com
Software
nginx /
Resource Hash
37404452844e37efda6359bb72a1e18f344b0308330229d25dcdd9a2183a32cf

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

access-control-allow-origin
https://reurl.cc
content-encoding
gzip
date
Sat, 06 Dec 2025 23:40:34 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx
access-control-allow-credentials
true
rtbhouseV2.js
cdn.holmesmind.com/js/ Frame 3615 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b97b6a79b734e9323aa8c3847d0b2a1bb5db32fc6a7df92ac69653d1c8ba13c5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
BhYfibf8ln9C4F8AF59WvZqelYblDtF0
etag
"519bf06eca29382b4ee4cc4f1dace214"
age
21
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
2905
x-amz-cf-id
4G_kyU9vdg-4TuidD0GF7tNRWEPaRxrbo-NIoKxhPSERChQGMwTsuQ==
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
application/javascript
last-modified
Mon, 04 Sep 2023 03:28:50 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
publishertag.js
static.criteo.net/js/ld/ Frame 3615 		128 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::28 , France, ASN44788 (ASN-CRITEO-EUROPE Criteo Technology SAS, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
330e8275601d733c96e356c4fda9f1f94c6665e03379eb9cbace4416b4da05d3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

strict-transport-security
max-age=31536000; preload;
cache-control
public, max-age=86400
timing-allow-origin
*
content-encoding
br
cross-origin-resource-policy
cross-origin
expires
Sun, 07 Dec 2025 23:40:33 GMT
access-control-allow-origin
*
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
text/javascript
vary
x-geo-country, Accept-Encoding
server
Kestrel
criteoV2.js
cdn.holmesmind.com/js/ Frame 3615 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/criteoV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cef005a7925817203365e696b47631a1bb7741d6b22f19399f5b958069a09eda

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
ScZOn53LDZH9EqQBQtTybn_n.yFFnixh
etag
"13519f9e63c9828d93a698c47992e115"
age
49
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
3197
x-amz-cf-id
64cvMWeRbTLjTqkvZt-FoNbp339AYvYBumA3pp-g79pOWC-kTp9Bsg==
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
application/javascript
last-modified
Thu, 27 Jul 2023 02:29:01 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
bridgewellV3.js
cdn.holmesmind.com/js/ Frame 3615 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/bridgewellV3.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f3c5e5a0064eec4419f514718f35b3eb4ff163a77ebf16445041f5498a84638b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
DID93KRiG7PHJMF22E9BP3B26tce7ZQK
etag
"41ecd67a1e57b2a3aa7cf0c876da0a59"
age
49
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
3470
x-amz-cf-id
D0sKAee9fNNo_1TLA5dDWZseVpyhjsNCwK-GT-0h_PkO6xJ5taxKEg==
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
application/javascript
last-modified
Mon, 02 Oct 2023 08:50:04 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
appier_mainV3.js
cdn.holmesmind.com/js/ Frame 3615 		5 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/appier_mainV3.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8f73a10773dae7dadd7ca1e735ae7da6028aca748f9d01cff8aeebb462767c6e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
ku3H1MOUSfLuWtW9r59UrEXWrMCJMqc1
etag
"ec9ddd169f5fd01f28f9b31866cd4701"
age
49
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
5467
x-amz-cf-id
vMhfoRD8g4ueKmwzsJY8HLulh4nLIgzVmZh2-dV36uuK2twHa5wxdA==
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
application/javascript
last-modified
Tue, 14 Nov 2023 14:15:25 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
teads_mainV3.js
cdn.holmesmind.com/js/ Frame 3615 		46 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/teads_mainV3.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6d4c444108925dc2ec8fe761f55a6760241c123740591e1348f0f94a653a3985

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
0GyqAf7LKhNiqEjX8VRsAWlYH_I2gXHI
etag
"a7e4fcfdedcaf972df92c41e4c9dc6b0"
age
21
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
46892
x-amz-cf-id
GzAimElQVZTmpbgjeH9rg7icQQLSbrfh-bK-RCEEyY0Er4DVu6AC6w==
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
application/javascript
last-modified
Thu, 16 May 2024 06:07:06 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
ucfunnel.js
cdn.holmesmind.com/js/ Frame 3615 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/ucfunnel.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6215cea030001547475bd19ec624e50c85af367309e115d7813ae4eaff664d32

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
7FnOHKe__pwg0dVwIyTfAcdImUIZ6pwv
etag
"8ebabc4e0b1d40fe52514166c7db7048"
age
21
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
2166
x-amz-cf-id
OStdVNS5G99gjpVM6tDpb2TVCrcTUfxjelR9cFlQI6yZoEHKF_nJhQ==
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
application/javascript
last-modified
Fri, 21 Jul 2023 03:54:43 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
ads.js
ad.holmesmind.com/adserver/ Frame 365E 		0
201 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/ads.js?z=13860&rf=https%3A%2F%2Freurl.cc%2Fk8qxzL%23Conditions&n=337&o=4&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=9686-TeftXPByfrBByQsJSO45jsQQ4pxXhJkZ&fp_uuid=9686-0565e32eebf1cf109ba77bee4b3f7377&initver=230627P
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.75.180.237 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-75-180-237.ap-northeast-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

access-control-allow-origin
https://reurl.cc
content-encoding
gzip
date
Sat, 06 Dec 2025 23:40:34 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx
access-control-allow-credentials
true
ltm
onead.onevision.com.tw/v2/pixel/
Redirect Chain
  • https://bcp.crwdcntrl.net/map/c=15135/tp=ONEA/lac=y?https://onead.onevision.com.tw/v2/pixel/ltm?id=${profile_id}
  • https://onead.onevision.com.tw/v2/pixel/ltm?id=
170 B
202 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onead.onevision.com.tw/v2/pixel/ltm?id=
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H3
Server
107.178.241.176 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
176.241.178.107.bc.googleusercontent.com
Software
gws / OneAD
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-onead-version
29cc6b37
x-vendor
ltm
age
0
access-control-allow-methods
GET,POST,OPTIONS,PUT
expires
Mon, 01 Jan 1990 00:00:00 GMT
x-varnish
9244356
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date
Sat, 06 Dec 2025 23:40:35 GMT
content-type
image/png
last-modified
Tue, 27 Oct 2020 13:57:49 GMT
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-status
okay
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
content-length
170
x-onead-backend
onead-http-event-7l5v-gohttp
server
gws
x-powered-by
OneAD

Redirect headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
no-cache
location
https://onead.onevision.com.tw/v2/pixel/ltm?id=
pragma
no-cache
expires
0
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
content-length
0
date
Sat, 06 Dec 2025 23:40:35 GMT
generic
match.adsrvr.org/track/cmf/ 		70 B
149 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=r1jlltl&ttd_tpi=1
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

content-length
70
date
Sat, 06 Dec 2025 23:40:34 GMT
content-type
image/gif
server
Kestrel
pixel
ps.eyeota.net/ 		0
354 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ps.eyeota.net/pixel?pid=3m51m51&uid=f4de05b8-d2fc-11f0-8060-42010a000023&t=ajs
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.122.214.165 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-122-214-165.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

Content-Length
0
Date
Sat, 06 Dec 2025 23:40:34 GMT
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
taboola
onead.onevision.com.tw/v2/pixel/
Redirect Chain
  • https://trc.taboola.com/sg/onedata/1/cm
  • https://onead.onevision.com.tw/v2/pixel/taboola?id=ebd72884-67f8-4aad-b34f-2097f35f6c76-tuct102e4472
170 B
203 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onead.onevision.com.tw/v2/pixel/taboola?id=ebd72884-67f8-4aad-b34f-2097f35f6c76-tuct102e4472
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H3
Server
107.178.241.176 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
176.241.178.107.bc.googleusercontent.com
Software
gws / OneAD
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-onead-version
29cc6b37
x-vendor
taboola
age
0
access-control-allow-methods
GET,POST,OPTIONS,PUT
expires
Mon, 01 Jan 1990 00:00:00 GMT
x-varnish
33772715
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date
Sat, 06 Dec 2025 23:40:35 GMT
content-type
image/png
last-modified
Tue, 27 Oct 2020 13:57:49 GMT
x-vendor-client-id
ebd72884-67f8-4aad-b34f-2097f35f6c76-tuct102e4472
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-status
okay
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
content-length
170
x-onead-backend
onead-http-event-k2g5-gohttp
server
gws
x-powered-by
OneAD

Redirect headers

x-fastly-to-nlb-rtt
86407
location
https://onead.onevision.com.tw/v2/pixel/taboola?id=ebd72884-67f8-4aad-b34f-2097f35f6c76-tuct102e4472
x-timer
S1765064435.566348,VS0,VE175
x-vcl-time-ms
175
via
1.1 varnish
accept-ranges
bytes
x-cache
MISS
content-length
0
date
Sat, 06 Dec 2025 23:40:34 GMT
x-service-version
v1
server
nginx
x-cache-hits
0
x-served-by
cache-mad22044-MAD
ads.js
ad.holmesmind.com/adserver/ Frame C862 		0
201 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/ads.js?z=22213&rf=https%3A%2F%2Freurl.cc%2Fk8qxzL%23Conditions&n=959&o=4&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=9686-TeftXPByfrBByQsJSO45jsQQ4pxXhJkZ&fp_uuid=9686-0565e32eebf1cf109ba77bee4b3f7377&initver=230627P
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.75.180.237 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-75-180-237.ap-northeast-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

access-control-allow-origin
https://reurl.cc
content-encoding
gzip
date
Sat, 06 Dec 2025 23:40:34 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx
access-control-allow-credentials
true
ads.js
ad.holmesmind.com/adserver/ Frame AF7B 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/ads.js?z=13861&rf=https%3A%2F%2Freurl.cc%2Fk8qxzL%23Conditions&n=710&o=4&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=9686-TeftXPByfrBByQsJSO45jsQQ4pxXhJkZ&fp_uuid=9686-0565e32eebf1cf109ba77bee4b3f7377&initver=230627P
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.75.180.237 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-75-180-237.ap-northeast-1.compute.amazonaws.com
Software
nginx /
Resource Hash
3a9443f2e25afa543914b6e2d9c901d888a7ade71e34557bcc92bb83fdd8c0c6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

access-control-allow-origin
https://reurl.cc
content-encoding
gzip
date
Sat, 06 Dec 2025 23:40:34 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx
access-control-allow-credentials
true
ads.js
ad.holmesmind.com/adserver/ Frame 96D5 		0
201 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/ads.js?z=14209&rf=https%3A%2F%2Freurl.cc%2Fk8qxzL%23Conditions&n=266&o=4&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=9686-TeftXPByfrBByQsJSO45jsQQ4pxXhJkZ&fp_uuid=9686-0565e32eebf1cf109ba77bee4b3f7377&initver=230627P
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.75.180.237 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-75-180-237.ap-northeast-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

access-control-allow-origin
https://reurl.cc
content-encoding
gzip
date
Sat, 06 Dec 2025 23:40:34 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx
access-control-allow-credentials
true
rtbhouseV2.js
cdn.holmesmind.com/js/ Frame 96D5 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b97b6a79b734e9323aa8c3847d0b2a1bb5db32fc6a7df92ac69653d1c8ba13c5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
BhYfibf8ln9C4F8AF59WvZqelYblDtF0
etag
"519bf06eca29382b4ee4cc4f1dace214"
age
21
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
2905
x-amz-cf-id
4G_kyU9vdg-4TuidD0GF7tNRWEPaRxrbo-NIoKxhPSERChQGMwTsuQ==
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
application/javascript
last-modified
Mon, 04 Sep 2023 03:28:50 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
publishertag.js
static.criteo.net/js/ld/ Frame 96D5 		128 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::28 , France, ASN44788 (ASN-CRITEO-EUROPE Criteo Technology SAS, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
330e8275601d733c96e356c4fda9f1f94c6665e03379eb9cbace4416b4da05d3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

cache-control
public, max-age=86400
timing-allow-origin
*
content-encoding
br
cross-origin-resource-policy
cross-origin
expires
Sun, 07 Dec 2025 23:40:33 GMT
access-control-allow-origin
*
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
text/javascript
vary
x-geo-country, Accept-Encoding
server
Kestrel
criteoV2.js
cdn.holmesmind.com/js/ Frame 96D5 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/criteoV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cef005a7925817203365e696b47631a1bb7741d6b22f19399f5b958069a09eda

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
ScZOn53LDZH9EqQBQtTybn_n.yFFnixh
etag
"13519f9e63c9828d93a698c47992e115"
age
49
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
3197
x-amz-cf-id
64cvMWeRbTLjTqkvZt-FoNbp339AYvYBumA3pp-g79pOWC-kTp9Bsg==
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
application/javascript
last-modified
Thu, 27 Jul 2023 02:29:01 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
bridgewellV3.js
cdn.holmesmind.com/js/ Frame 96D5 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/bridgewellV3.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f3c5e5a0064eec4419f514718f35b3eb4ff163a77ebf16445041f5498a84638b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
DID93KRiG7PHJMF22E9BP3B26tce7ZQK
etag
"41ecd67a1e57b2a3aa7cf0c876da0a59"
age
49
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
3470
x-amz-cf-id
D0sKAee9fNNo_1TLA5dDWZseVpyhjsNCwK-GT-0h_PkO6xJ5taxKEg==
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
application/javascript
last-modified
Mon, 02 Oct 2023 08:50:04 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
appierV2.js
cdn.holmesmind.com/js/ Frame 96D5 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/appierV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2650f0bf9347561322354447171981c0a052401f826695fec1281e29fa16c840

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
L_ytFJI.iZbA3Ys9mJ75ciLmXqmRfuVO
etag
"21253aa5d7ee0c3b700ce5f1a4a1b4d1"
age
49
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
3446
x-amz-cf-id
iVILmQSrNPBFdI98AQVriAjIah3xstIXuZ7VPk5-jC7nbXzjmpypQg==
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
application/javascript
last-modified
Thu, 14 Dec 2023 06:52:43 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
appier_mainV3.js
cdn.holmesmind.com/js/ Frame 96D5 		5 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/appier_mainV3.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8f73a10773dae7dadd7ca1e735ae7da6028aca748f9d01cff8aeebb462767c6e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
ku3H1MOUSfLuWtW9r59UrEXWrMCJMqc1
etag
"ec9ddd169f5fd01f28f9b31866cd4701"
age
49
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
5467
x-amz-cf-id
vMhfoRD8g4ueKmwzsJY8HLulh4nLIgzVmZh2-dV36uuK2twHa5wxdA==
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
application/javascript
last-modified
Tue, 14 Nov 2023 14:15:25 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
prebid_mainV3.js
cdn.holmesmind.com/js/ Frame 96D5 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/prebid_mainV3.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
979da208bbb4e7e775544f9ea351afe3cae32b74ca9b980e05762c5b0533fe17

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
qFW_bhDMYXaROfK7pGZd0YtcGDNChS4b
etag
"3a64d41cf3ddc5d6b7a060ad46bee403"
age
13
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
3414
x-amz-cf-id
eokvd_6zlPJpJ-WI03_9YGyJ5qoRFUCFv8hT3IGw80qd20AIybo7qA==
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
application/javascript
last-modified
Fri, 14 Jul 2023 03:27:51 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
ads.js
ad.holmesmind.com/adserver/ Frame 3043 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/ads.js?z=18535&rf=https%3A%2F%2Freurl.cc%2Fk8qxzL%23Conditions&n=569&o=4&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=9686-TeftXPByfrBByQsJSO45jsQQ4pxXhJkZ&fp_uuid=9686-0565e32eebf1cf109ba77bee4b3f7377&initver=230627P
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.75.180.237 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-75-180-237.ap-northeast-1.compute.amazonaws.com
Software
nginx /
Resource Hash
f9f7ef12c3df44b4d7fe83a2a0b1e5b84870c52eea52932eeeab44d082cf4416

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

access-control-allow-origin
https://reurl.cc
content-encoding
gzip
date
Sat, 06 Dec 2025 23:40:34 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx
access-control-allow-credentials
true
ads.js
ad.holmesmind.com/adserver/ Frame 358C 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/ads.js?z=22214&rf=https%3A%2F%2Freurl.cc%2Fk8qxzL%23Conditions&n=728&o=4&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=9686-TeftXPByfrBByQsJSO45jsQQ4pxXhJkZ&fp_uuid=9686-0565e32eebf1cf109ba77bee4b3f7377&initver=230627P
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.75.180.237 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-75-180-237.ap-northeast-1.compute.amazonaws.com
Software
nginx /
Resource Hash
ac421c08584fd8d7372de9a74755f20bb6f6922c3823ff66273c84c6fcd624a2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

access-control-allow-origin
https://reurl.cc
content-encoding
gzip
date
Sat, 06 Dec 2025 23:40:34 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx
access-control-allow-credentials
true
fbevents.js
connect.facebook.net/en_US/ Frame E048 		332 KB
89 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: fcm2.holmesmind.com
URL: https://fcm2.holmesmind.com/cm.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
eff958d6a66dede8a64c252dcf84e69d34c888460d5fcf6f835e655ab487d352
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob: *;script-src 'nonce-WF6qwDSJ' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Sat, 06 Dec 2025 23:40:34 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' blob: *;script-src 'nonce-WF6qwDSJ' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
GOOD; q=0.7, rtt=66, rtx=2, c=13, mss=1308, tbw=4530, tp=-1, tpl=-1, uplat=2, ullat=-1
pragma
public
x-fb-debug
Ph4xGj4+jyVoAFgC0oSEEOQsqRVF6lyeuJ+UFjWiPDsD0Aq5NLrW5syZW8A3uSwhah3MJhf8F9FSwi2so4tiDA==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top, include-js-call-stacks-in-crash-reports
content-length
88493
x-xss-protection
0
origin-agent-cluster
?1
collect
www.google-analytics.com/j/ 		3 B
433 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j102&a=1589574745&t=pageview&_s=1&dl=https%3A%2F%2Freurl.cc%2Fk8qxzL&ul=es-es&dt=Meilleur%20IPTV%20Abonnement%20en%20France&sr=1600x1200&vp=1600x1200&_u=IADAAEABAAAAACAAI~&jid=1532301528&gjid=1118192270&cid=1498954258.1765064433&tid=UA-102456694-1&_gid=1829154156.1765064434&_r=1&_slc=1&z=2026141409
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://reurl.cc/

Response headers

report-to
{"group":"ascnsrsgac:211:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:211:0"}],}
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 06 Dec 2025 23:40:33 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
text/plain
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:211:0
access-control-allow-origin
https://reurl.cc
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsgac:211:0
content-length
3
server
Golfe2
collect
track.91app.io/ext/v1/ Frame A7B2 		46 B
418 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://track.91app.io/ext/v1/collect?v=1&ch=web&ul=es-ES&ht=1765064433818&evtid=46fbcedc-74f8-405a-b061-444973bf052e&tid=5&cid=505937-kb4hQg6EJ8otltsWOFcPUr9XVwrTTqrD&evtn=pixel
Requested by
Host: tracking-client.91app.com
URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.76.198 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
198.76.201.35.bc.googleusercontent.com
Software
Google Frontend / Express
Resource Hash
0f99735761fe2d501496fb7fc41052ec3be141043d88c2eca3b2344628c6dc32

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

cache-control
no-cache
access-control-allow-credentials
true
via
1.1 google
access-control-allow-origin
https://cdn.holmesmind.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
46
date
Sat, 06 Dec 2025 23:40:34 GMT
x-cloud-trace-context
19f386ccc4d5df4bc967323bab670c34
content-type
application/json; charset=utf-8
x-powered-by
Express
server
Google Frontend
vary
Accept-Encoding
collect
track.91app.io/ext/v1/ Frame 1E85 		46 B
227 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://track.91app.io/ext/v1/collect?v=1&ch=web&ul=es-ES&ht=1765064433830&evtid=4cf6e452-9d1e-40d0-aff2-9268c245a9c6&tid=5&cid=505937-kb4hQg6EJ8otltsWOFcPUr9XVwrTTqrD&evtn=pixel
Requested by
Host: tracking-client.91app.com
URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.76.198 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
198.76.201.35.bc.googleusercontent.com
Software
Google Frontend / Express
Resource Hash
aa71c7883856a878e8eeced239b93f964a0a24378debb30f86c3c84f9e2b3aa4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

cache-control
no-cache
access-control-allow-credentials
true
via
1.1 google
access-control-allow-origin
https://cdn.holmesmind.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
46
date
Sat, 06 Dec 2025 23:40:34 GMT
x-cloud-trace-context
dc42a9b25d8aa69cc967323bab6703e2
content-type
application/json; charset=utf-8
x-powered-by
Express
server
Google Frontend
vary
Accept-Encoding
collect
track.91app.io/ext/v1/ Frame 03F7 		46 B
228 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://track.91app.io/ext/v1/collect?v=1&ch=web&ul=es-ES&ht=1765064433831&evtid=974be785-1953-4a7a-b55a-6e1abb7c9f62&tid=5&cid=505937-kb4hQg6EJ8otltsWOFcPUr9XVwrTTqrD&evtn=pixel
Requested by
Host: tracking-client.91app.com
URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.76.198 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
198.76.201.35.bc.googleusercontent.com
Software
Google Frontend / Express
Resource Hash
49daae6a1ded3247cfedf52edf1bc7bacb579117b10adf237dd6b173ade15c71

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

cache-control
no-cache
access-control-allow-credentials
true
via
1.1 google
access-control-allow-origin
https://cdn.holmesmind.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
46
date
Sat, 06 Dec 2025 23:40:34 GMT
x-cloud-trace-context
ca0d2f595467a4a6c967323bab67008e
content-type
application/json; charset=utf-8
x-powered-by
Express
server
Google Frontend
vary
Accept-Encoding
collect
track.91app.io/ext/v1/ Frame C218 		46 B
227 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://track.91app.io/ext/v1/collect?v=1&ch=web&ul=es-ES&ht=1765064433833&evtid=ba14eabc-8e4f-49ab-962d-8e5eebef7f52&tid=5&cid=505937-kb4hQg6EJ8otltsWOFcPUr9XVwrTTqrD&evtn=pixel
Requested by
Host: tracking-client.91app.com
URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.76.198 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
198.76.201.35.bc.googleusercontent.com
Software
Google Frontend / Express
Resource Hash
281d1da1383d84e2a41d76911a6aa68a7c094232366f08eb1263aadf30b9d96b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

cache-control
no-cache
access-control-allow-credentials
true
via
1.1 google
access-control-allow-origin
https://cdn.holmesmind.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
46
date
Sat, 06 Dec 2025 23:40:34 GMT
x-cloud-trace-context
2929e769985d9053c967323bab670963
content-type
application/json; charset=utf-8
x-powered-by
Express
server
Google Frontend
vary
Accept-Encoding
collect
track.91app.io/ext/v1/ Frame EE0B 		46 B
228 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://track.91app.io/ext/v1/collect?v=1&ch=web&ul=es-ES&ht=1765064433834&evtid=a73acbdc-42f9-466b-9892-9e26a1927007&tid=5&cid=505937-kb4hQg6EJ8otltsWOFcPUr9XVwrTTqrD&evtn=pixel
Requested by
Host: tracking-client.91app.com
URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.76.198 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
198.76.201.35.bc.googleusercontent.com
Software
Google Frontend / Express
Resource Hash
421ccf7311753040565423d2d4e10d2f7ba8275745a0c84186a666bd0274e23f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

cache-control
no-cache
access-control-allow-credentials
true
via
1.1 google
access-control-allow-origin
https://cdn.holmesmind.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
46
date
Sat, 06 Dec 2025 23:40:34 GMT
x-cloud-trace-context
6caced1652047109c967323bab6708e0
content-type
application/json; charset=utf-8
x-powered-by
Express
server
Google Frontend
vary
Accept-Encoding
collect
track.91app.io/ext/v1/ Frame E048 		46 B
228 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://track.91app.io/ext/v1/collect?v=1&ch=web&ul=es-ES&ht=1765064433836&evtid=81f5b605-c1d0-4c86-9499-9b45422e93be&tid=5&cid=505937-kb4hQg6EJ8otltsWOFcPUr9XVwrTTqrD&evtn=pixel
Requested by
Host: tracking-client.91app.com
URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.76.198 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
198.76.201.35.bc.googleusercontent.com
Software
Google Frontend / Express
Resource Hash
de9a01c7615e32fbb245e24d694c5a6491f96ac2545345c668183fb186c56679

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

cache-control
no-cache
access-control-allow-credentials
true
via
1.1 google
access-control-allow-origin
https://cdn.holmesmind.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
46
date
Sat, 06 Dec 2025 23:40:34 GMT
x-cloud-trace-context
d32ac6fdae4b7f6fc967323bab6701b5
content-type
application/json; charset=utf-8
x-powered-by
Express
server
Google Frontend
vary
Accept-Encoding
AGSKWxU9pW9lvTJOc07U_9tyNHUdL78mQFnsjywsjVXgylV7TX_y9UldtgsjWU04gdTRFaWjrYqeWitIYp6R3MvK3S4NBABbAWBCCXokCfe9XNbYuvLnUVzOqUG2H-07MB7Px6D_3Am_ew==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxU9pW9lvTJOc07U_9tyNHUdL78mQFnsjywsjVXgylV7TX_y9UldtgsjWU04gdTRFaWjrYqeWitIYp6R3MvK3S4NBABbAWBCCXokCfe9XNbYuvLnUVzOqUG2H-07MB7Px6D_3Am_ew==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.es.RcR3kUpOxDM.es5.O/d=1/rs=AJlcJMx7F2XITpaLmV314czjUExTYL4ubA/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.174 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-C7hBEWcdVI3_CtEs1hiKIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://reurl.cc/

Response headers

access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 06 Dec 2025 23:40:34 GMT
content-type
text/html; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzj8tDikmII0pBi-FB_mfUHEJv53Wa1A-Jqdy-2ZiC29fdhcwXivTl-bEeBOLPTj60QiM_v9WO7DsSrb_qxbQZiIW6OT38vnWQTmLDxSaCSS1J-YXxyfl5Jal6JbmJKsS6IXZSZVFqSX4TCTi0DqcjJT0_PzEuPNzIwMjU0MjDRMzCPLzAAAFLjOPk"
content-security-policy
script-src 'report-sample' 'nonce-C7hBEWcdVI3_CtEs1hiKIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin
https://reurl.cc
content-length
0
x-xss-protection
0
server
ESF
AGSKWxX9wHbH6KC-e6Bd0Gb0SosbI-26uK9pC6njxwBEr_mS2B121LICyl87W2bJ3D-tt6_FXUhLSc5r_fNNvoeKg2imdzp4ikgxp3-qnz_vO8kRf2yAeEoh7B7ZwfsM8jFRSUE5foQgPw==
fundingchoicesmessages.google.com/f/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxX9wHbH6KC-e6Bd0Gb0SosbI-26uK9pC6njxwBEr_mS2B121LICyl87W2bJ3D-tt6_FXUhLSc5r_fNNvoeKg2imdzp4ikgxp3-qnz_vO8kRf2yAeEoh7B7ZwfsM8jFRSUE5foQgPw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzY1MDY0NDMzLDg0MjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVzIl0sImh0dHBzOi8vcmV1cmwuY2MvazhxeHpMIixudWxsLFtbOCwiUmNSM2tVcE94RE0iXSxbOSwiZXMiXSxbMTksIjIiXSxbMTcsIlswXSJdLFsyNCwiIl0sWzI5LCJmYWxzZSJdXV0
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.es.RcR3kUpOxDM.es5.O/d=1/rs=AJlcJMx7F2XITpaLmV314czjUExTYL4ubA/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.174 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f14.1e100.net
Software
ESF /
Resource Hash
0578ddd28edb6f0644cac5bff26af2ff57860496269f2f5b16254c67c236e139
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-oK-EGc1SExb5_RIu1ohepg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 06 Dec 2025 23:40:33 GMT
content-type
application/javascript; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjmsCoxSXF4KYhxdB68xzrdCDuWnSedQ4QGypcYnUG4g_1l1l_AHGRxBXWFiD-VHWDVaT6BmsS-03WEiA287vNagfE1e5ebM1AbOvvw-YKxN-Kfdk4SnzZ9v33ZTsGxHtz_NiOAnFmpx9bIRCf3-vHdh2IV9_0Y9sMxCu8_Nk2ALEQD8fHv5dOsgmsuNuwhllJIym_MD45P6-kKDOptCS_KC05LbU4tagstSjeyMDI1NDIwETPwDy-wAAAgp9MCQ"
content-security-policy
script-src 'report-sample' 'nonce-oK-EGc1SExb5_RIu1ohepg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control
no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin
*
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection
0
server
ESF
bid
ad2.apx.appier.net/v1/prebid/ Frame 3615
Redirect Chain
  • https://ad2.apx.appier.net/v1/prebid/bid
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=vMMUgGyUAJGQDwox8740aQ
2 B
130 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ad2.apx.appier.net/v1/prebid/bid?acid=vMMUgGyUAJGQDwox8740aQ
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Server
35.190.36.98 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
98.36.190.35.bc.googleusercontent.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

cache-control
no-store
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
access-control-allow-credentials
true
critical-ch
Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
via
1.1 google
access-control-allow-origin
null
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
date
Sat, 06 Dec 2025 23:40:35 GMT
content-type
application/json; charset=utf-8

Redirect headers

Cache-Control
no-store
Location
https://ad2.apx.appier.net/v1/prebid/bid?acid=vMMUgGyUAJGQDwox8740aQ
Accept-Ch
Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
null
Content-Length
0
P3p
CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date
Sat, 06 Dec 2025 23:40:35 GMT
Server
nginx
prebid.aspx
prebid.scupio.com/recweb/ Frame 3615 		0
168 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.scupio.com/recweb/prebid.aspx?cb=0.01259131811919112
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
210.59.219.34 Taichung, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
210-59-219-34.hinet-ip.hinet.net
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://reurl.cc/

Response headers

Access-Control-Allow-Origin
https://reurl.cc
Date
Sat, 06 Dec 2025 23:40:33 GMT
Server
Kestrel
Access-Control-Allow-Credentials
true
bid
ad2.apx.appier.net/v1/prebid/ Frame 96D5
Redirect Chain
  • https://ad2.apx.appier.net/v1/prebid/bid
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=Y3ErQzhmABW05hrf8740aQ
2 B
159 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ad2.apx.appier.net/v1/prebid/bid?acid=Y3ErQzhmABW05hrf8740aQ
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Server
35.190.36.98 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
98.36.190.35.bc.googleusercontent.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

cache-control
no-store
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
access-control-allow-credentials
true
critical-ch
Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
via
1.1 google
access-control-allow-origin
null
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
date
Sat, 06 Dec 2025 23:40:35 GMT
content-type
application/json; charset=utf-8

Redirect headers

Cache-Control
no-store
Location
https://ad2.apx.appier.net/v1/prebid/bid?acid=Y3ErQzhmABW05hrf8740aQ
Accept-Ch
Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
null
Content-Length
0
P3p
CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date
Sat, 06 Dec 2025 23:40:35 GMT
Server
nginx
bid
ad2.apx.appier.net/v1/prebid/ Frame 96D5
Redirect Chain
  • https://ad2.apx.appier.net/v1/prebid/bid
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=QaZw5_zSD1q5FlFw8740aQ
2 B
20 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ad2.apx.appier.net/v1/prebid/bid?acid=QaZw5_zSD1q5FlFw8740aQ
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H3
Server
35.190.36.98 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
98.36.190.35.bc.googleusercontent.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

cache-control
no-store
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
access-control-allow-credentials
true
critical-ch
Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
via
1.1 google
access-control-allow-origin
null
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
date
Sat, 06 Dec 2025 23:40:35 GMT
content-type
application/json; charset=utf-8

Redirect headers

Cache-Control
no-store
Location
https://ad2.apx.appier.net/v1/prebid/bid?acid=QaZw5_zSD1q5FlFw8740aQ
Accept-Ch
Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
null
Content-Length
0
P3p
CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date
Sat, 06 Dec 2025 23:40:35 GMT
Server
nginx
bids
prebid-asia.creativecdn.com/bidder/prebid/ Frame 3615 		0
171 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS
ip-103-132-192-30.rtbhouse.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://reurl.cc/

Response headers

access-control-max-age
3600
access-control-allow-origin
https://reurl.cc
date
Sat, 06 Dec 2025 23:40:45 GMT
vary
Origin
access-control-allow-credentials
true
access-control-allow-methods
POST
did
track.91app.io/ext/v1/ Frame A7B2 		46 B
227 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://track.91app.io/ext/v1/did
Requested by
Host: tracking-client.91app.com
URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.76.198 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
198.76.201.35.bc.googleusercontent.com
Software
Google Frontend / Express
Resource Hash
7726dc22646c500819286df1d8d4bc1c2fed470571716a82e75c2d754475fbea

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

cache-control
no-cache
access-control-allow-credentials
true
via
1.1 google
access-control-allow-origin
https://cdn.holmesmind.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
46
date
Sat, 06 Dec 2025 23:40:34 GMT
x-cloud-trace-context
5a538b72e38986d8c967323bab670e61
content-type
application/json; charset=utf-8
x-powered-by
Express
server
Google Frontend
vary
Accept-Encoding
utag.js
t.ssp.hinet.net/ Frame EA0A 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/utag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

strict-transport-security
max-age=0
cache-control
max-age=600
content-encoding
gzip
etag
W/"65e6c0fa-15e4"
expires
Sat, 06 Dec 2025 23:50:35 GMT
date
Sat, 06 Dec 2025 23:40:35 GMT
content-type
application/javascript
last-modified
Tue, 05 Mar 2024 06:51:38 GMT
server
nginx
vary
Accept-Encoding
utag.js
t.ssp.hinet.net/ Frame 3615 		5 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/utag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

cache-control
max-age=600
content-encoding
gzip
etag
W/"65e6c0fa-15e4"
expires
Sat, 06 Dec 2025 23:50:35 GMT
date
Sat, 06 Dec 2025 23:40:35 GMT
content-type
application/javascript
last-modified
Tue, 05 Mar 2024 06:51:38 GMT
server
nginx
vary
Accept-Encoding
utag.js
t.ssp.hinet.net/ Frame 365E 		5 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/utag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

cache-control
max-age=600
content-encoding
gzip
etag
W/"65e6c0fa-15e4"
expires
Sat, 06 Dec 2025 23:50:35 GMT
date
Sat, 06 Dec 2025 23:40:35 GMT
content-type
application/javascript
last-modified
Tue, 05 Mar 2024 06:51:38 GMT
server
nginx
vary
Accept-Encoding
utag.js
t.ssp.hinet.net/ Frame C862 		5 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/utag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

cache-control
max-age=600
content-encoding
gzip
etag
W/"65e6c0fa-15e4"
expires
Sat, 06 Dec 2025 23:50:35 GMT
date
Sat, 06 Dec 2025 23:40:35 GMT
content-type
application/javascript
last-modified
Tue, 05 Mar 2024 06:51:38 GMT
server
nginx
vary
Accept-Encoding
utag.js
t.ssp.hinet.net/ Frame AF7B 		5 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/utag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

cache-control
max-age=600
content-encoding
gzip
etag
W/"65e6c0fa-15e4"
expires
Sat, 06 Dec 2025 23:50:35 GMT
date
Sat, 06 Dec 2025 23:40:35 GMT
content-type
application/javascript
last-modified
Tue, 05 Mar 2024 06:51:38 GMT
server
nginx
vary
Accept-Encoding
utag.js
t.ssp.hinet.net/ Frame 96D5 		5 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/utag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

cache-control
max-age=600
content-encoding
gzip
etag
W/"65e6c0fa-15e4"
expires
Sat, 06 Dec 2025 23:50:35 GMT
date
Sat, 06 Dec 2025 23:40:35 GMT
content-type
application/javascript
last-modified
Tue, 05 Mar 2024 06:51:38 GMT
server
nginx
vary
Accept-Encoding
utag.js
t.ssp.hinet.net/ Frame 3043 		5 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/utag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

cache-control
max-age=600
content-encoding
gzip
etag
W/"65e6c0fa-15e4"
expires
Sat, 06 Dec 2025 23:50:35 GMT
date
Sat, 06 Dec 2025 23:40:35 GMT
content-type
application/javascript
last-modified
Tue, 05 Mar 2024 06:51:38 GMT
server
nginx
vary
Accept-Encoding
utag.js
t.ssp.hinet.net/ Frame 358C 		5 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/utag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

cache-control
max-age=600
content-encoding
gzip
etag
W/"65e6c0fa-15e4"
expires
Sat, 06 Dec 2025 23:50:35 GMT
date
Sat, 06 Dec 2025 23:40:35 GMT
content-type
application/javascript
last-modified
Tue, 05 Mar 2024 06:51:38 GMT
server
nginx
vary
Accept-Encoding
did
track.91app.io/ext/v1/ Frame 1E85 		46 B
227 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://track.91app.io/ext/v1/did
Requested by
Host: tracking-client.91app.com
URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.76.198 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
198.76.201.35.bc.googleusercontent.com
Software
Google Frontend / Express
Resource Hash
32a930b3731854716f136e21e994a365e1c2819591e061918a4255b3b164c68f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

cache-control
no-cache
access-control-allow-credentials
true
via
1.1 google
access-control-allow-origin
https://cdn.holmesmind.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
46
date
Sat, 06 Dec 2025 23:40:34 GMT
x-cloud-trace-context
22fa62042069f45ac967323bab670d7a
content-type
application/json; charset=utf-8
x-powered-by
Express
server
Google Frontend
vary
Accept-Encoding
did
track.91app.io/ext/v1/ Frame 03F7 		46 B
66 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://track.91app.io/ext/v1/did
Requested by
Host: tracking-client.91app.com
URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.201.76.198 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
198.76.201.35.bc.googleusercontent.com
Software
Google Frontend / Express
Resource Hash
a76d7258aad3155e7415865ff11049eb7eb0e618f5cf9e9d90664759a8280d66

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

cache-control
no-cache
access-control-allow-credentials
true
via
1.1 google
access-control-allow-origin
https://cdn.holmesmind.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
46
date
Sat, 06 Dec 2025 23:40:34 GMT
x-cloud-trace-context
c3ff42e781d9ec6b0af3897b5b2fd724
content-type
application/json; charset=utf-8
x-powered-by
Express
server
Google Frontend
vary
Accept-Encoding
did
track.91app.io/ext/v1/ Frame C218 		46 B
66 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://track.91app.io/ext/v1/did
Requested by
Host: tracking-client.91app.com
URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.201.76.198 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
198.76.201.35.bc.googleusercontent.com
Software
Google Frontend / Express
Resource Hash
910692ee1d7c5913d23b55281b9741a00375351c00f8eb0daf709894df0de02b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

cache-control
no-cache
access-control-allow-credentials
true
via
1.1 google
access-control-allow-origin
https://cdn.holmesmind.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
46
date
Sat, 06 Dec 2025 23:40:35 GMT
x-cloud-trace-context
4b70230f12054dc2e8f7bb9c0f4646e8
content-type
application/json; charset=utf-8
x-powered-by
Express
server
Google Frontend
vary
Accept-Encoding
did
track.91app.io/ext/v1/ Frame EE0B 		46 B
66 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://track.91app.io/ext/v1/did
Requested by
Host: tracking-client.91app.com
URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.201.76.198 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
198.76.201.35.bc.googleusercontent.com
Software
Google Frontend / Express
Resource Hash
e8563874606ec4e234c4b3a767298b490aa03f50c4c9ab64598b03027b3a1648

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

cache-control
no-cache
access-control-allow-credentials
true
via
1.1 google
access-control-allow-origin
https://cdn.holmesmind.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
46
date
Sat, 06 Dec 2025 23:40:35 GMT
x-cloud-trace-context
7a71914caf63e50fe8f7bb9c0f464b38
content-type
application/json; charset=utf-8
x-powered-by
Express
server
Google Frontend
vary
Accept-Encoding
did
track.91app.io/ext/v1/ Frame E048 		46 B
66 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://track.91app.io/ext/v1/did
Requested by
Host: tracking-client.91app.com
URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.201.76.198 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
198.76.201.35.bc.googleusercontent.com
Software
Google Frontend / Express
Resource Hash
e9a187a3c1b2598be9947f34f4b17db8a21829de163bed7be14bd8b8f59b3525

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

cache-control
no-cache
access-control-allow-credentials
true
via
1.1 google
access-control-allow-origin
https://cdn.holmesmind.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
46
date
Sat, 06 Dec 2025 23:40:35 GMT
x-cloud-trace-context
2cea3dfca411fc32e8f7bb9c0f464ff2
content-type
application/json; charset=utf-8
x-powered-by
Express
server
Google Frontend
vary
Accept-Encoding
fbevents.js
connect.facebook.net/en_US/ Frame C218 		332 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: fcm2.holmesmind.com
URL: https://fcm2.holmesmind.com/cm.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
eff958d6a66dede8a64c252dcf84e69d34c888460d5fcf6f835e655ab487d352
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob: *;script-src 'nonce-WF6qwDSJ' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Sat, 06 Dec 2025 23:40:34 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-frame-options
DENY
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' blob: *;script-src 'nonce-WF6qwDSJ' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
GOOD; q=0.7, rtt=66, rtx=2, c=13, mss=1308, tbw=4530, tp=-1, tpl=-1, uplat=2, ullat=-1
pragma
public
x-fb-debug
Ph4xGj4+jyVoAFgC0oSEEOQsqRVF6lyeuJ+UFjWiPDsD0Aq5NLrW5syZW8A3uSwhah3MJhf8F9FSwi2so4tiDA==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top, include-js-call-stacks-in-crash-reports
content-length
88493
x-xss-protection
0
origin-agent-cluster
?1
syncframe
gumi.criteo.com/ Frame 8298 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gumi.criteo.com/syncframe?origin=publishertagids&topUrl=reurl.cc&gdpr=0&gdpr_consent=
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::d , France, ASN44788 (ASN-CRITEO-EUROPE Criteo Technology SAS, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
76ce7be11e0a300625ed70bad0e19aed220e1814944b67daa40be396732ebf3d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

cache-control
private, max-age=3600
content-encoding
gzip
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Sat, 06 Dec 2025 23:40:34 GMT
server
Kestrel
server-processing-duration-in-ticks
282171
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
x-robots-tag
noindex
UXtr_j2Fwe-.png
static.xx.fbcdn.net/rsrc.php/v4/yw/r/ Frame 0D74 		573 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v4/yw/r/UXtr_j2Fwe-.png
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v5/yg/l/0,cross/iXGJEr7Orjl.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-fra3.fbcdn.net
Software
/
Resource Hash
96e3e8dfde6b1042514824bac1b44282d4a76bac028f2d767f6534dce2cf3db0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://static.xx.fbcdn.net/rsrc.php/v5/yg/l/0,cross/iXGJEr7Orjl.css

Response headers

content-md5
07aG/2AEtDHVAZ5LUajMDQ==
report-to
{"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Fri, 04 Dec 2026 00:42:42 GMT
alt-svc
h3=":443"; ma=86400
date
Sat, 06 Dec 2025 23:40:34 GMT
content-type
image/png
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug
/sQPt8tpaCAW5r8W2I+oQKMQvVc5q6sm+yo22acjw2IebDt0BOkQQbuVqADIpFvuULb4j9Op5Y/Wo1QWRO//cQ==
priority
u=3,i
reporting-endpoints
permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
x-fb-connection-quality
UNKNOWN; q=-1, rtt=-1, rtx=0, c=20, mss=1232, tbw=2333, tp=5, tpl=0, uplat=0, ullat=-1
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-fb-optimizer
0
document-policy
force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin
*
content-length
573
origin-agent-cluster
?1
container.html
f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com/safeframe/1-0-45/html/ Frame 1AE9 		7 KB
0 		Document
General
Check archive.org
Download Go to
Full URL
https://f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/pubads_impl.js?cb=31096008
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f1a68bf826c55985468304f4284a09cb8a68e82503d764166e611a7c58a85a4b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
br
content-length
3121
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Sat, 06 Dec 2025 23:40:33 GMT
expires
Sat, 06 Dec 2025 23:40:33 GMT
last-modified
Thu, 08 May 2025 23:15:48 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ 		273 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
716041efdb4414a3094243ecd3725ea02dd514734d7183e1b746c47b50da5005

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml;charset=utf-8
yOHGSiPxtnZ.js
static.xx.fbcdn.net/rsrc.php/v4/yQ/r/ Frame 0D74 		241 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v4/yQ/r/yOHGSiPxtnZ.js
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v4/yL/r/WCTiQ6kREY8.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-fra3.fbcdn.net
Software
/
Resource Hash
d50cad871cd252aca6f998215c8f1c3d372bef86a324e45fc1f60d0b5e1e61b5
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin
https://www.facebook.com
Referer
https://www.facebook.com/

Response headers

content-md5
ckYjKnync6z+PRlu4g5ckg==
content-encoding
zstd
report-to
{"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 05 Dec 2026 16:33:19 GMT
alt-svc
h3=":443"; ma=86400
date
Sat, 06 Dec 2025 23:40:34 GMT
content-type
application/x-javascript; charset=utf-8
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug
BCxhtcZrrX/RQF4q+Grhy2AVxwOPlhXLHHiEObKIBaTE41oPqJScy2EcVV0tIsoTI04relhQyjETx+sRf7kGKg==
priority
u=1
vary
Origin
reporting-endpoints
permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
x-fb-connection-quality
GOOD; q=0.7, rtt=76, rtx=48, c=109, mss=1232, tbw=244505, tp=229, tpl=48, uplat=0, ullat=-1
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin
https://www.facebook.com
content-length
69106
origin-agent-cluster
?1
cdb
buy.criteo.com/ Frame 3615 		0
466 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://buy.criteo.com/cdb?ptv=164&profileId=184&cb=71263118339
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::27 , France, ASN44788 (ASN-CRITEO-EUROPE Criteo Technology SAS, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded
Referer
https://reurl.cc/

Response headers

cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
access-control-allow-origin
https://reurl.cc
date
Sat, 06 Dec 2025 23:40:34 GMT
vary
Origin
server
Kestrel
access-control-allow-credentials
true
drawV2.js
cdn.holmesmind.com/js/ Frame AF7B 		13 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/drawV2.js
Requested by
Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=13861&rf=https%3A%2F%2Freurl.cc%2Fk8qxzL%23Conditions&n=710&o=4&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=9686-TeftXPByfrBByQsJSO45jsQQ4pxXhJkZ&fp_uuid=9686-0565e32eebf1cf109ba77bee4b3f7377&initver=230627P
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
31b4d2ac4928b0129a5a969594be92783dbbb13112dd350f128de1b8d7215f30

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
MSt.illVoQb3pO8IADvHgNboFaeniBxV
etag
"dcf480340ca4b65dc9aa76bd9e677036"
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
13033
x-amz-cf-id
Gpz-70PY8d-4BtoZckoRH2PHOHHrQkeDqWEjClD64vBWDJgUVztESQ==
date
Sat, 06 Dec 2025 23:40:35 GMT
content-type
application/javascript
last-modified
Tue, 19 Dec 2023 06:01:02 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
cm
ad.holmesmind.com/adserver/ Frame A7B2 		0
0
fbevents.js
connect.facebook.net/en_US/ Frame EE0B 		332 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: fcm2.holmesmind.com
URL: https://fcm2.holmesmind.com/cm.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
eff958d6a66dede8a64c252dcf84e69d34c888460d5fcf6f835e655ab487d352
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob: *;script-src 'nonce-WF6qwDSJ' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Sat, 06 Dec 2025 23:40:34 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-frame-options
DENY
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' blob: *;script-src 'nonce-WF6qwDSJ' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
GOOD; q=0.7, rtt=66, rtx=2, c=13, mss=1308, tbw=4530, tp=-1, tpl=-1, uplat=2, ullat=-1
pragma
public
x-fb-debug
Ph4xGj4+jyVoAFgC0oSEEOQsqRVF6lyeuJ+UFjWiPDsD0Aq5NLrW5syZW8A3uSwhah3MJhf8F9FSwi2so4tiDA==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top, include-js-call-stacks-in-crash-reports
content-length
88493
x-xss-protection
0
origin-agent-cluster
?1
drawV2.js
cdn.holmesmind.com/js/ Frame EA0A 		13 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/drawV2.js
Requested by
Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=13858&rf=https%3A%2F%2Freurl.cc%2Fk8qxzL%23Conditions&n=661&o=4&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=9686-TeftXPByfrBByQsJSO45jsQQ4pxXhJkZ&fp_uuid=9686-0565e32eebf1cf109ba77bee4b3f7377&initver=230627P
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
31b4d2ac4928b0129a5a969594be92783dbbb13112dd350f128de1b8d7215f30

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
MSt.illVoQb3pO8IADvHgNboFaeniBxV
etag
"dcf480340ca4b65dc9aa76bd9e677036"
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
13033
x-amz-cf-id
Gpz-70PY8d-4BtoZckoRH2PHOHHrQkeDqWEjClD64vBWDJgUVztESQ==
date
Sat, 06 Dec 2025 23:40:35 GMT
content-type
application/javascript
last-modified
Tue, 19 Dec 2023 06:01:02 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
adview
securepubads.g.doubleclick.net/pagead/ Frame 1AE9 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=C_Lpl8b40ab-eLKHHt_gPvrqfiQ7577npc8D4-ezNEMCNtwEQASD1zMJwYNUFyAEJ4AIAqAMByAMCqgTvAU_Qsjg9HdTTmD11TXzHEoJcGKaZRROTtyX78u1ivX2BOH9IezlQN62-fyZV4pA8RaQx9tg4USP0jfnFyEk-GkrQRipHc-EcLinpqGmN50s0ssahGJ7fasHhtv8MMGtQiAme-ZqkxDAJbauYc_u1Ma3Qa5sVb8mpWXaLAALE1UfwJIL4UOuGnAWYL3hzYDMhy5hF4XslktuIsqf70VlozTZ6w3avNXLqsXEJaelKK5iWpJdMGlxKfUDUICoY-4KfzkIE0hnFOPkUSiqbVefzUf_JYzdReunMFOBocfbBZ3sZxkv4h625t25hH6Td9HjW4AQBgAaJ0qbI28WKuKkBoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAqgHrb6xAtgHANIILAiAYRABMgiKgoCAgICACDoNgECAwICAgICogAKoA0i9_cE6WLqJzrSRqpEDgAoD-gsCCAGADAGqDQJFU-INEwjquM60kaqRAxWh4w0JHT7dJ-HqDRMIlpzPtJGqkQMVoeMNCR0-3SfhiA7___________8B0BUBgBcBshcsChoSFHB1Yi0xMzEwODUyNjA0MzM1MjU0GK7fbxgMKgoyMTQ5MTY2NzUxUAGqGBcJSOF6FASa8EASCjIxNDkxNjY3NTEYAQ&sigh=JSnziD6Jy_I&uach_m=%5BUACH%5D&cid=CAQSsgEAwksa0RWAEdceSR59VUgT1aNznRAs0Eh5mkEjTE1D2HKAq6FdbQ4mQyr4AgMS5zNJ97JSfduVKRFAlxwiFpylQHHv4ZvxiIZnsf2ZH0fiyuI_fqSeeCJZ-K5NcRibmS9FAz9PGI1GNcoO8MXpXLVwj7aSxASVBVWX078T9wU5atRB6oUCP6JqHnmHW4-zXYQYj7vx5kfni6h8EivqLHDkfaA1O_quVSq9V5PHptqtQJZ1GAE
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com/

Response headers
win
trace-eu.mediago.io/ju/ Frame 1AE9 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://trace-eu.mediago.io/ju/win?tn=41b6e88a2b85b0e731ef8e73e5558712&trackingid=fb3825634c99afcbca0c9a887fda9b14&acid=20435&data=3hjjhYEVeOfKGsXeIBODf3OXZ95E2cAXKzXW6jeJG0_b4dQbWaIYc3nUHPYbQ8YfMKnpDm8L4gwnOd5jcgPAFuPdH-1NOdAg7q5tlZSShNruH3zTJLhsugldeyW-A85IQkUA_FBj20xI7r0hFhWJ8uZ_XRGFY7vC9v7nwrO_GHv2RpCGibkB2Q_nhMUmO_PRiJLBiTqZFrwo6RIT0QSvAtsopwp6-2mgs_hAb12yapPYuJHMg9UM8lEtcK-yX8RC0r3DdfC9L7B8TP9bnZcDCrj27X7p4rUHgxFbImGbhfK0g4fRnyo6UxXS8kqu16CZ1WnV_mJmAK1Bzz_pTrSFO7Wuy6p1wt_pIceXfGfVK-JPCPaM9LCOSTCf2wXzmi_SMVNyoGDXFV2r6LO0i0Puj8kJ5Qy9q2BZpJL5SEuMmN-cyZgT-l350RfhPVbohky_6iV7MYNU7oY51e6OsMqbRXL_Zih7UZ5_H8tnIaJYHgEz6mORlFaS1KUdi2tmOJN43fQ1rEETO272Ino5u8wTfcOijvJ7FbtkB6_vNEu1VGX-zonC6yWmGntxoeiZPbc2ETGVDPL87cSvVCtMt3hordtghK3OYICRXhrxVfAV8t4-0LusX7VvX4eFVtFf9DCx_Dst0oAfISYAkG_ojFSMw4Nrm7M7Dm6Skej5_EOAoxrCKhm3L_FHi1wqOThEHFKwNtdGHWU1Q-Iw8SVJBTty4CpYC2TdVGIdhPPkn34JNzHUPsuQq4mOnSjNB4WtFYrh&uid=000012d2436a4f6e&mguid=&ap=aTS-8QALDz8JDeOhACfdPkBGecPXTCl7ghuiQg&tid=72
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.214.168.80 Groningen, Netherlands, ASN19527 (GOOGLE-2, US),
Reverse DNS
80.168.214.35.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com/

Response headers

via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 06 Dec 2025 23:40:35 GMT
content-type
text/html; charset=utf-8
style_banner_a02e55.css
images.mediago.io/js/mediago/style/ Frame 1AE9 		1 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://images.mediago.io/js/mediago/style/style_banner_a02e55.css
Requested by
Host: f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com
URL: https://f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.60.239 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
239.60.111.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
34a98604b4b7a00a71a261980cf629591174f8e717fd078577b1fb04ed357d8b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin
https://f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com
Referer
https://f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
Access-Control-Allow-Origin, Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash
crc32c=SCd8oQ==, md5=BYFXdeMDSX7I4vSpqEZ/Bg==
etag
"05815775e303497ec8e2f4a9a8467f06"
age
151
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
1174
date
Sat, 06 Dec 2025 23:38:03 GMT
last-modified
Wed, 05 Nov 2025 07:12:43 GMT
content-type
text/css
x-guploader-uploadid
AOCedOHlAcvKCH0jCkSFPHDK4o5pDTVqJx0NZOku32tQlzRIeJISg7hOUz1XV3Vwzkg00paLxqlafWs
cache-control
public,max-age=3600
x-goog-storage-class
STANDARD
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1762326763525467
content-length
1174
content-language
en
server
UploadServer
e11ea9e679bb7ae83f4161a4fd342327__scv1__622x368.webp
images.mediago.io/ML/ Frame 1AE9 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.mediago.io/ML/e11ea9e679bb7ae83f4161a4fd342327__scv1__622x368.webp
Requested by
Host: f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com
URL: https://f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.60.239 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
239.60.111.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
186a42afc0c740f7c6cc5f5b8e9de9caae0eebde71584bf15597630084cb2adc

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
Content-Type,Access-Control-Allow-Origin
x-goog-hash
crc32c=xsHhGQ==, md5=S6xol4Mt7SyJoYRVl3tg3A==
etag
"4bac6897832ded2c89a18455977b60dc"
age
723
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
5606
date
Sat, 06 Dec 2025 23:28:31 GMT
last-modified
Fri, 07 Nov 2025 21:12:45 GMT
content-type
image/webp
x-guploader-uploadid
AOCedOFohOXnA-eZn3PU6UCbQjjTEogA-vSgK2zMWj6wILhs-QPSvWMYvP5jFuUSXIFEPR5ChxBFIDQ
cache-control
public,max-age=3600
x-goog-storage-class
STANDARD
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1762549965951860
content-length
5606
server
UploadServer
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20251204/r20110914/client/ Frame 1AE9 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20251204/r20110914/client/window_focus_fy2021.js
Requested by
Host: f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com
URL: https://f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fec5a361dec923efe92848ca27b02b158b164380a9eaf6cc1625e08e0d9c101e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com/

Response headers

content-encoding
br
etag
6020003950853699975
age
40359
x-content-type-options
nosniff
expires
Sat, 20 Dec 2025 12:27:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Sat, 06 Dec 2025 12:27:55 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=1209600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
1241
x-xss-protection
0
server
cafe
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20251204/r20110914/client/ Frame 1AE9 		21 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20251204/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com
URL: https://f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3539a82b4664c18c51201b6b35a296282250e6cfb16f3355c61d949797c56529
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com/

Response headers

content-encoding
br
etag
2622203621575094117
age
40359
x-content-type-options
nosniff
expires
Sat, 20 Dec 2025 12:27:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Sat, 06 Dec 2025 12:27:55 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=1209600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
8688
x-xss-protection
0
server
cafe
ext.js
tpc.googlesyndication.com/safeframe/1-0-45/js/ Frame 1AE9 		23 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-45/js/ext.js
Requested by
Host: f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com
URL: https://f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4c95e84767aed248594e7d485707c7ed904fd2fe4ec3ea98687fc2de59ddf231
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com/

Response headers

content-encoding
br
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
x-content-type-options
nosniff
expires
Sat, 06 Dec 2025 23:40:34 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 06 Dec 2025 23:40:34 GMT
content-type
text/javascript
vary
Accept-Encoding
last-modified
Thu, 08 May 2025 23:15:48 GMT
cache-control
private, max-age=300
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
content-length
6269
x-xss-protection
0
server
sffe
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 1AE9 		227 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com
URL: https://f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.140.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lcfraa-bt-in-f2.1e100.net
Software
cafe /
Resource Hash
51d8ff6c08bd4ac009c99b4f0f90b2a3f8f522f9ada47e383b534335bcba10ad
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com/

Response headers

content-encoding
br
etag
18225759614869584005
age
759
x-content-type-options
nosniff
expires
Sun, 07 Dec 2025 00:27:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Sat, 06 Dec 2025 23:27:55 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=ISO-8859-7
vary
Accept-Encoding
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
71553
x-xss-protection
0
server
cafe
cm
ad.holmesmind.com/adserver/ Frame 1E85 		0
0
fbevents.js
connect.facebook.net/en_US/ Frame 03F7 		332 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: fcm2.holmesmind.com
URL: https://fcm2.holmesmind.com/cm.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
eff958d6a66dede8a64c252dcf84e69d34c888460d5fcf6f835e655ab487d352
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob: *;script-src 'nonce-WF6qwDSJ' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Sat, 06 Dec 2025 23:40:34 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-frame-options
DENY
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' blob: *;script-src 'nonce-WF6qwDSJ' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
GOOD; q=0.7, rtt=66, rtx=2, c=13, mss=1308, tbw=4530, tp=-1, tpl=-1, uplat=2, ullat=-1
pragma
public
x-fb-debug
Ph4xGj4+jyVoAFgC0oSEEOQsqRVF6lyeuJ+UFjWiPDsD0Aq5NLrW5syZW8A3uSwhah3MJhf8F9FSwi2so4tiDA==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top, include-js-call-stacks-in-crash-reports
content-length
88493
x-xss-protection
0
origin-agent-cluster
?1
ping
pagead2.googlesyndication.com/pagead/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/pubads_impl.js?cb=31096008
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://reurl.cc/

Response headers
/
www.facebook.com/platform/plugin/tab/renderer/ Frame 0D74 		0
0
/
www.facebook.com/platform/plugin/page/logging/ Frame 0D74 		1021 B
721 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/platform/plugin/page/logging/
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v4iEpO4/yT/l/es_ES~es_LA-j/XlAQ_TwXTjN.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-fra3.facebook.com
Software
/
Resource Hash
4aabeca4badd5209805a261b3ebbe65d998274cc3a86d41b004f72179b6f2d10
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

X-ASBD-ID
359341
X-FB-LSD
m32rkZAwJaeIZOlcIu-bY1
Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Freurl.cc%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-expose-headers
X-FB-Debug, X-Loader-Length, X-Stack, Error-MID
content-encoding
zstd
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7580894024829115396&cpp=C3&cv=1030734632&st=1765064435063"}]}
x-content-type-options
nosniff
access-control-allow-methods
OPTIONS
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Sat, 06 Dec 2025 23:40:35 GMT
content-type
application/x-javascript; charset=utf-8
vary
Origin, Accept-Encoding
x-fb-debug
Zvawe4VKj80R+6GzLKZR1SLpVB/fiuVVH3/d1R+o2BvIbEIka1uVRnyO99xC6hWZuzHxeBbskfj3yMjPKFg2NA==
priority
u=1,i
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7580894024829115396&cpp=C3&cv=1030734632&st=1765064435063"
cache-control
private, no-cache, no-store, must-revalidate
x-fb-connection-quality
GOOD; q=0.7, rtt=68, rtx=4, c=38, mss=1232, tbw=29953, tp=41, tpl=4, uplat=333, ullat=207
cross-origin-opener-policy
same-origin-allow-popups
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self "https://www.fbsbx.com"), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin
https://www.facebook.com
origin-agent-cluster
?1
xgVgalBG80z.png
static.xx.fbcdn.net/rsrc.php/v4/yH/r/ Frame 0D74 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v4/yH/r/xgVgalBG80z.png
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v5/yg/l/0,cross/iXGJEr7Orjl.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-fra3.fbcdn.net
Software
/
Resource Hash
45444d590a67d30e8b2fde01bb6482f829383b64bf14a4b19b86e22fdc319fbb
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://static.xx.fbcdn.net/rsrc.php/v5/yg/l/0,cross/iXGJEr7Orjl.css

Response headers

content-md5
rB4cTW8WNZcBsFntToJGtA==
report-to
{"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 28 Nov 2026 04:39:33 GMT
alt-svc
h3=":443"; ma=86400
date
Sat, 06 Dec 2025 23:40:34 GMT
content-type
image/png
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug
skdG6LmGZtZoMhYn0mYXanHw5j3qxtwhLTFsoe47a5zdTIp8Es/J62I+B2EE7dO8vJjQEv+AXg9YZgWPXz6y4g==
priority
u=3,i
reporting-endpoints
permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
x-fb-connection-quality
GOOD; q=0.7, rtt=65, rtx=1, c=22, mss=1232, tbw=5124, tp=14, tpl=1, uplat=0, ullat=-1
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin
*
content-length
1315
origin-agent-cluster
?1
cookieSync.html
cdn.mediago.io/js/ Frame 1B01 		9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.mediago.io/js/cookieSync.html?tn=41b6e88a2b85b0e731ef8e73e5558712
Requested by
Host: f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com
URL: https://f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.133.51 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
51.133.111.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
2a92ee45268ed11ec62c796691b219f26003e5df558fb7fdefcdbc447a68f806

Request headers

Referer
https://f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
access-control-expose-headers
Content-Type,Access-Control-Allow-Origin
age
2519
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public,max-age=3600
content-encoding
br
content-language
en
content-length
3796
content-type
text/html
date
Sat, 06 Dec 2025 22:58:35 GMT
last-modified
Mon, 11 Aug 2025 09:38:33 GMT
server
UploadServer
vary
Accept-Encoding
via
1.1 google
x-goog-generation
1754905113184984
x-goog-hash
crc32c=7txsaA== md5=HBB7fQtaUboFxKi+uA0piA==
x-goog-metageneration
1
x-goog-storage-class
STANDARD
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
9308
x-guploader-uploadid
AOCedOGRizKMJjA86nlNET15wVWSa7vFDSQRUzGNpLncCeFJwK34GyWgzYAJ5rqL6wrxvyp19-Mwep8
ic
trace-eu.mediago.io/ju/ Frame 1AE9 		0
193 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trace-eu.mediago.io/ju/ic?tn=41b6e88a2b85b0e731ef8e73e5558712&trackingid=fb3825634c99afcbca0c9a887fda9b14&acid=20435&data=eRz7t4DeVG1gTi8itPQkddK2kOeMf0ftf0zywF8OAp9k3EGkUA_H1zrEYnjef9267yf6Xe3tbZWGZIPddlaF8_861gQH2bshMeaIAjsg49sS9Nfv2-m4SIktVo7mMRKROickW_v-zqSNjZNKRYr0TBAW1o2ii3Guh-hjBy1ratpx-jK4DJy4KLDTmjEKqz2C-VrVyB-Xrlr5RgQlJ3a6nqa8-WYgCLPJ2wXgeXQDW5F_s3bGsnNQnMCx7FXMwR0AYLkp_pSLCDWg4A99jvCffvwkbpgTuoqGMSHYAjXmFbuhsGkZBJsbkZLlSdgTo3v1WOv3VaoS1akk9H-sM3jtMICOr-oU-c4vyX8qGTskgxDhYMLowHTpYZk87jvsR5CjOon3F7QJxlssSn44XhuagOghmVBtApJjDv2AKutY9g4iau0HkTZVBiVsjkiUHHESxWjFYefflprDP25QN5yOAUsIq5Vyg5iIViRCWeLwxdWd0C2VqN8UyFKJW3rKVtp20TqliPIXfroESlJa7e7blbnVAo3sBzAECng4PS-qk7aLl2_goGGMld7nxSXbaJvGatxPSJko0XT_TsIeCtzq3rCvCS0lpvIHIwWIuEkgPHNYq9QQfPNpkcM1rbzETRufOX0IycQ6VRAsXxRnCBZZAXdNsWJcXCvaUyusHQbo5ZTKpXmGzLDksLnX4VKeT9Uof24ZJzOimXl5EEW03W4Egv8ljG8CwITuMoVkyU2NOcQCJM3_h3EP2r4FM3jaOV0fgPgbvaeVzeRuHDE_J0S1Pn7GpXrmPj_eRdueom0dFss9xxJXlWFRveTtpRX2FJb4RsvKk0U_DPFoUZnilw73ig8EJx7mvn8v6yWruF7MQ0nivKLpSwF7S3bXEM3G2j6KYcjbBkZVKW-CKgcFXbwlmhED29o8FCWBfo6PL2J3riBE41eVyJ8kXxc7cnlDAuW3HbHptUPUNiM8kAjCOazBCG_C6-IiP5O6yrNYut9dA3Lf9CptEqnDmrxc92jgGY596YYHfRX5I0TFDsdCbd1gF57B0Y_oQmL7_8Z_fPdCPTcie3Z708jnabGqSmpTEdHRaw-KCB2lYMkY9ejaJvN2RtVtNU_p5vdXDFuLTs3ilrlb7nEy_nlIehAWt4FflGAA2590xvvYxc90JvDc4cQTDJAXEE07fXZypahmM1xbTXcDDovAtHH4wrZvoqGIzrUvfj0yoXjmVVZRNxV8II-oikwgCa5rXrFkaT3zJUwwGA3XL04WaESMn7-CPRmmnOm4UahSPp5UjzxMEZJ30a6JWV-kS4A2DXPEXJIOldRbCB4AHCEq6hAmRSR34skOefHQ2oVuueffRWCTRNInOeSepcpVQ9DGcBwKRcVHSXjCMinR4c2D55mc9ULYTysST8Bhts5KcDy2ivYqq-dunXjvF64HFCQkZiJZXULnLqHCYcvp9m9HRPfv-ZsgLZ5p3nALtXZJgNkfBmN2Qf_lPp4eVWBqY3rUNr15OUDTNJg7DSmTIpY5Mn209oMnFU-UpKMZpW9JO45bgkHxAz94oLB7Ud21xG9PrBEHMlzo2MTj7GQkCo5tf6mdJdVAM9oRjA2SMDGMWf5qXJbpXlnRHyqkew&uid=000012d2436a4f6e&mguid=&ap=0.085385&tid=72&c_sync=1
Requested by
Host: f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com
URL: https://f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.214.168.80 Groningen, Netherlands, ASN19527 (GOOGLE-2, US),
Reverse DNS
80.168.214.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com/

Response headers

via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 06 Dec 2025 23:40:35 GMT
content-type
text/html; charset=utf-8
fbevents.js
connect.facebook.net/en_US/ Frame 1E85 		332 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: fcm2.holmesmind.com
URL: https://fcm2.holmesmind.com/cm.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
eff958d6a66dede8a64c252dcf84e69d34c888460d5fcf6f835e655ab487d352
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob: *;script-src 'nonce-WF6qwDSJ' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Sat, 06 Dec 2025 23:40:34 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-frame-options
DENY
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' blob: *;script-src 'nonce-WF6qwDSJ' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
GOOD; q=0.7, rtt=66, rtx=2, c=13, mss=1308, tbw=4530, tp=-1, tpl=-1, uplat=2, ullat=-1
pragma
public
x-fb-debug
Ph4xGj4+jyVoAFgC0oSEEOQsqRVF6lyeuJ+UFjWiPDsD0Aq5NLrW5syZW8A3uSwhah3MJhf8F9FSwi2so4tiDA==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top, include-js-call-stacks-in-crash-reports
content-length
88493
x-xss-protection
0
origin-agent-cluster
?1
cm
ad.holmesmind.com/adserver/ Frame 03F7 		0
0
fbevents.js
connect.facebook.net/en_US/ Frame A7B2 		332 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: fcm2.holmesmind.com
URL: https://fcm2.holmesmind.com/cm.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
eff958d6a66dede8a64c252dcf84e69d34c888460d5fcf6f835e655ab487d352
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob: *;script-src 'nonce-WF6qwDSJ' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Sat, 06 Dec 2025 23:40:34 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-frame-options
DENY
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' blob: *;script-src 'nonce-WF6qwDSJ' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
GOOD; q=0.7, rtt=66, rtx=2, c=13, mss=1308, tbw=4530, tp=-1, tpl=-1, uplat=2, ullat=-1
pragma
public
x-fb-debug
Ph4xGj4+jyVoAFgC0oSEEOQsqRVF6lyeuJ+UFjWiPDsD0Aq5NLrW5syZW8A3uSwhah3MJhf8F9FSwi2so4tiDA==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top, include-js-call-stacks-in-crash-reports
content-length
88493
x-xss-protection
0
origin-agent-cluster
?1
gpt.js
securepubads.g.doubleclick.net/tag/js/ Frame AECE 		105 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
090c5dbe03c9cc652f75b74bee6dfa2291037ace8ab00603ee530a747cd62279
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin
https://reurl.cc
Referer
https://reurl.cc/

Response headers

content-encoding
br
etag
555 / 20428 / 31096008 / config-hash: 5063855111797697403
x-content-type-options
nosniff
expires
Sat, 06 Dec 2025 23:40:31 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Sat, 06 Dec 2025 23:40:31 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
34189
x-xss-protection
0
server
cafe
6tpzuzEODHB.js
static.xx.fbcdn.net/rsrc.php/v4/y8/r/ Frame 0D74 		213 B
353 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v4/y8/r/6tpzuzEODHB.js
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v4/yL/r/WCTiQ6kREY8.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-fra3.fbcdn.net
Software
/
Resource Hash
f21233ebfc628748be56e544ee831e6723e5534227b3d48b06b77a7bda1f6e28
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin
https://www.facebook.com
Referer
https://www.facebook.com/

Response headers

content-md5
Cz7JW2XPt8zqYMcsXYdDQg==
report-to
{"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 05 Dec 2026 17:50:59 GMT
alt-svc
h3=":443"; ma=86400
date
Sat, 06 Dec 2025 23:40:35 GMT
content-type
application/x-javascript; charset=utf-8
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug
hPiPVHh4KhvZhy7kvtVTp2MAIyFyvqRuDQ2JLEO1efDKW3yG7Uo6XdT7+/XYbACQ4QKYqrRfkMJy/9igCGtcNg==
priority
u=1
vary
Origin
reporting-endpoints
permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
x-fb-connection-quality
GOOD; q=0.7, rtt=77, rtx=66, c=111, mss=1232, tbw=337001, tp=320, tpl=66, uplat=0, ullat=-1
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin
https://www.facebook.com
content-length
213
origin-agent-cluster
?1
gen_204
pagead2.googlesyndication.com/pagead/ Frame 1AE9 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=fle-fetch-start2
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.140.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lcfraa-bt-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Sat, 06 Dec 2025 23:40:35 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame 1AE9 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.140.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lcfraa-bt-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Sat, 06 Dec 2025 23:40:35 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
truncated
/ Frame 1AE9 		209 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e2b7bfebdeba32dabee246efdc632aee320ea6996d8d5ae26add73ea87ec9902

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
/
t.ssp.hinet.net/ Frame EA0A 		37 B
402 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
5a126f14b09d315eb00b0c14ec3c681952aa3dbbda7309094e5bb17d0d6f628a
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
content-encoding
gzip
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
date
Sat, 06 Dec 2025 23:40:35 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding, Origin
server
nginx
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/ Frame AECE 		611 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/pubads_impl.js?cb=31096008
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
9d6d7342264129047aedc4df11db9bdf238eec8fed367c7289ab11ca6ef6ccbe
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin
https://reurl.cc
Referer
https://reurl.cc/

Response headers

content-encoding
br
etag
11880664601459717268
age
29353
x-content-type-options
nosniff
expires
Sun, 06 Dec 2026 15:31:18 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Sat, 06 Dec 2025 15:31:18 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
197457
x-xss-protection
0
server
cafe
/
t.ssp.hinet.net/ Frame 3615 		37 B
402 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
0dff8b1e715f8312877f5d625115f8e962d45c3da578481f9f0f8a5e051a4fd1
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
content-encoding
gzip
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
date
Sat, 06 Dec 2025 23:40:35 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding, Origin
server
nginx
/
t.ssp.hinet.net/ Frame 365E 		37 B
402 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
d4fb786f5801f1763d232365a3218174d72eabe14d6d60356ec8db04b3674feb
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
content-encoding
gzip
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
date
Sat, 06 Dec 2025 23:40:36 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding, Origin
server
nginx
/
t.ssp.hinet.net/ Frame C862 		37 B
402 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
08c9dd7d8c7c4756623ea8cd611ae7254225f895daf6ce147b1675e6e204a075
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
content-encoding
gzip
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
date
Sat, 06 Dec 2025 23:40:37 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding, Origin
server
nginx
gen_204
pagead2.googlesyndication.com/pagead/ Frame 1AE9 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.140.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lcfraa-bt-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Sat, 06 Dec 2025 23:40:35 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
/
t.ssp.hinet.net/ Frame AF7B 		37 B
402 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
f1d3e9c9b5704e62c849119f1f71388c12691ccf76d5200a281b779878faa722
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
content-encoding
gzip
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
date
Sat, 06 Dec 2025 23:40:39 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding, Origin
server
nginx
/
t.ssp.hinet.net/ Frame 96D5 		37 B
402 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
9cef4cfccf73b953244f41e6369166240c16288c15356a02cb6f850e3b32e3ab
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
content-encoding
gzip
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
date
Sat, 06 Dec 2025 23:40:40 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding, Origin
server
nginx
/
t.ssp.hinet.net/ Frame 358C 		37 B
401 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
129da67f4b5d8cf07c284a0e05e90f3b31ad384d3e89457b55ae10f83c851fd1
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
content-encoding
gzip
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
date
Sat, 06 Dec 2025 23:40:40 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding, Origin
server
nginx
/
t.ssp.hinet.net/ Frame 3043 		37 B
401 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
09b25f50064198b8b102ee0c36e579d64ab31e2079046d2d532f621a0cb72898
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
content-encoding
gzip
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
date
Sat, 06 Dec 2025 23:40:41 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding, Origin
server
nginx
eplist
gtrace.mediago.io/ju/cs/ Frame 1B01 		44 B
243 B 		Script
General
Check archive.org
Download Go to
Full URL
https://gtrace.mediago.io/ju/cs/eplist?tn=41b6e88a2b85b0e731ef8e73e5558712&gdpr_consent=&gdpr=0&dm=https%253A%252F%252Fcdn.mediago.io&mcb=mmgg_1765064435457_587
Requested by
Host: cdn.mediago.io
URL: https://cdn.mediago.io/js/cookieSync.html?tn=41b6e88a2b85b0e731ef8e73e5558712
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.214.168.80 Groningen, Netherlands, ASN19527 (GOOGLE-2, US),
Reverse DNS
80.168.214.35.bc.googleusercontent.com
Software
/
Resource Hash
6d48dd4cdaf056bc2dc44b488eb6064e74895f395d8c3d3fc0f1bd76c91a93f7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.mediago.io/

Response headers

access-control-allow-credentials
true
access-control-allow-methods
GET, POST, OPTIONS
via
1.1 google
access-control-allow-origin
https%3A%2F%2Fcdn.mediago.io
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
44
date
Sat, 06 Dec 2025 23:40:35 GMT
content-type
application/javascript; charset=utf-8
access-control-allow-headers
Content-Type
cm
ad.holmesmind.com/adserver/ Frame C218 		0
0
/
www.facebook.com/login/ Frame 0D74 		179 KB
179 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fhref%3Dhttps%253A%252F%252Fwww.facebook.com%252Freurl.cc%252F%26tabs%3Dtimeline%26width%3D340%26height%3D500%26small_header%3Dfalse%26adapt_container_width%3Dtrue%26hide_cover%3Dfalse%26show_facepile%3Dtrue%26appId
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v4/yL/r/WCTiQ6kREY8.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-fra3.facebook.com
Software
/
Resource Hash
0aae0dc69f58f1b2c51c2236e970c669d3f6db628138135f61857cb58a23ad47
Security Headers
Name Value
Content-Security-Policy default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 127.0.0.1:* 'nonce-ZKCQPO2U' blob: 'self' 'wasm-unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Freurl.cc%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-encoding
zstd
content-length
858
content-security-policy
default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 127.0.0.1:* 'nonce-ZKCQPO2U' blob: 'self' 'wasm-unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-type
text/html; charset="utf-8"
cross-origin-opener-policy
same-origin-allow-popups
date
Sat, 06 Dec 2025 23:40:35 GMT
document-policy
include-js-call-stacks-in-crash-reports
expires
Sat, 01 Jan 2000 00:00:00 GMT
origin-agent-cluster
?1
pragma
no-cache
priority
u=0,i
proxy-status
http_request_error; e_fb_vipaddr="AcMyyz7-QLvIWCSe8d8qMLYb8aXmX1o-1EJwvjh20OZrvfTrL1lIm1AYtLLeYIYXpd7Lb_TRSklvNhjWYwXCADMfDVEdgtWO8ca4"; e_clientaddr="AcMGKbLmlBUDQJ3pc8wfs5N2LS0bTwo8NFkeps7KFiO5x0wmt1D2Q4wEZTJ8XKxvTXYdAQIce1Qb9E_nY1lMhhQs3-t9WoWrASQ6FX7dNgXRoHX3bw"; e_upip="AcP9QMETdtH_Z6CjLEX2DaT74-rl4NEJN2tdeXl0P_aV51GnnJzsEbZmEeblIhh8kAD1Uw9wCndzNZKxQX2Uv9do9Fj7QL2oZnKngMLu"; e_fb_zone="AcNg-MKZRMxkBPi4F1b3fmqSWmkTbcxSzof26NWsszDprpbCL1TTIlv3jupCzpnB"; e_fb_twtaskhandle="AcNj_25vsfnRC_PgeRPI2UKv0t_orfd-DYZuLBk32vs7_6AtxLlNzkjEK1-inWJlUG9HzZs6fHHjDCsNEwOsmunV0JPDyFiwXFSRmfn3XRuY_TY"; e_proxy="AcMAZI7OHe_ke3_bWDzghHKNcKkgy-2yCAcaGHxkUKlR4sK_gFSnMjJGmieF6axJHW1F4xeTitJz6Id1VaiQ", http_request_error; e_fb_vipaddr="AcOCdxLf0iJW5nFklo3ovM4bHgmfzFv04xDniCtrLObFXWuQQ9Iyuw8xm8zIM_uIYMFjsMFF"; e_clientaddr="AcM6o8r0uVFUep1SbykmJg72tRMq1dQk70boAhwoUw_g_es2YDiga3einsOQEL3bY5xtrZeI78eycBH5jdA"; e_upip="AcMSpdhiS9YT7gWJiFIQsu2_trt3e7C9qwcZpJ9Q6Ow6nzDITEWXvpCpZrRA8IypRnQDzIPlPFzA_GCdcqqN6TlbG7jkSlbat9iD"; e_fb_zone="AcNnuWosWdLwEPfWyqyypd4UpdSLoPKzr1g1mgXLG3NYdvZ0LqN0cR8e6pS8yw"; e_fb_twtaskhandle="AcMKy2L2vlQAgDwkHWgAQg8r4KKUybeytpbi63ZdqSc8WX4O7JDs9YAp5Eq6571AzJ66qsTpj25DaAiT4fJKOqKnKObdsFWPtgW5"; e_proxy="AcMloDUZRLHXzc1rMcCcG1s7Ea4ZwmeV2biIu7JBjrxxa7I8WnnYpNoLw6aPkNwZqAL8bg9SAgkGzGw"
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7580894024624310016&cpp=C3&cv=1030734632&st=1765064435581"}]}
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7580894024624310016&cpp=C3&cv=1030734632&st=1765064435581"
strict-transport-security
max-age=15552000; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-fb-connection-quality
GOOD; q=0.7, rtt=68, rtx=4, c=38, mss=1232, tbw=31425, tp=45, tpl=4, uplat=153, ullat=0
x-fb-debug
fvIjXcUVYKI/VhGRaaQVKZay1j6Rtiv2K8KXIdaaZMIwPO13XQoW8/oRiYAzzjl/kzil/M8xpynRbTAAJLgANw==
x-frame-options
DENY
x-xss-protection
0
drawV2.js
cdn.holmesmind.com/js/ Frame 3615 		13 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/drawV2.js
Requested by
Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=14210&rf=https%3A%2F%2Freurl.cc%2Fk8qxzL%23Conditions&n=817&o=4&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=9686-TeftXPByfrBByQsJSO45jsQQ4pxXhJkZ&fp_uuid=9686-0565e32eebf1cf109ba77bee4b3f7377&initver=230627P
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
31b4d2ac4928b0129a5a969594be92783dbbb13112dd350f128de1b8d7215f30

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
MSt.illVoQb3pO8IADvHgNboFaeniBxV
etag
"dcf480340ca4b65dc9aa76bd9e677036"
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
13033
x-amz-cf-id
Gpz-70PY8d-4BtoZckoRH2PHOHHrQkeDqWEjClD64vBWDJgUVztESQ==
date
Sat, 06 Dec 2025 23:40:35 GMT
content-type
application/javascript
last-modified
Tue, 19 Dec 2023 06:01:02 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
drawV2.js
cdn.holmesmind.com/js/ Frame 3043 		13 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/drawV2.js
Requested by
Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=18535&rf=https%3A%2F%2Freurl.cc%2Fk8qxzL%23Conditions&n=569&o=4&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=9686-TeftXPByfrBByQsJSO45jsQQ4pxXhJkZ&fp_uuid=9686-0565e32eebf1cf109ba77bee4b3f7377&initver=230627P
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
31b4d2ac4928b0129a5a969594be92783dbbb13112dd350f128de1b8d7215f30

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
MSt.illVoQb3pO8IADvHgNboFaeniBxV
etag
"dcf480340ca4b65dc9aa76bd9e677036"
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
13033
x-amz-cf-id
Gpz-70PY8d-4BtoZckoRH2PHOHHrQkeDqWEjClD64vBWDJgUVztESQ==
date
Sat, 06 Dec 2025 23:40:35 GMT
content-type
application/javascript
last-modified
Tue, 19 Dec 2023 06:01:02 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
f.js
cdn.holmesmind.com/js/ Frame 3043 		12 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/f.js
Requested by
Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=18535&rf=https%3A%2F%2Freurl.cc%2Fk8qxzL%23Conditions&n=569&o=4&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=9686-TeftXPByfrBByQsJSO45jsQQ4pxXhJkZ&fp_uuid=9686-0565e32eebf1cf109ba77bee4b3f7377&initver=230627P
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f8bcd058a4fbee6f8b68a5ff2930470c1890fc714914c226cf950b4e11ffdcdb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
I0L11em9y2rEWUbgZZxQXYLhoIMX8Pv6
etag
"1d98c42a6ebd67d5137147fbb5ad912f"
age
34
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
12254
x-amz-cf-id
jaiuKY20fEtrXOro9xEPZ9_AMwVbUe3SKrrkukjDz_7hDOsmE0hEIA==
date
Sat, 06 Dec 2025 23:40:35 GMT
content-type
application/javascript
last-modified
Fri, 14 Jun 2024 08:45:07 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
drawV2.js
cdn.holmesmind.com/js/ Frame 358C 		13 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/drawV2.js
Requested by
Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=22214&rf=https%3A%2F%2Freurl.cc%2Fk8qxzL%23Conditions&n=728&o=4&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=9686-TeftXPByfrBByQsJSO45jsQQ4pxXhJkZ&fp_uuid=9686-0565e32eebf1cf109ba77bee4b3f7377&initver=230627P
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
31b4d2ac4928b0129a5a969594be92783dbbb13112dd350f128de1b8d7215f30

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
MSt.illVoQb3pO8IADvHgNboFaeniBxV
etag
"dcf480340ca4b65dc9aa76bd9e677036"
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
13033
x-amz-cf-id
Gpz-70PY8d-4BtoZckoRH2PHOHHrQkeDqWEjClD64vBWDJgUVztESQ==
date
Sat, 06 Dec 2025 23:40:35 GMT
content-type
application/javascript
last-modified
Tue, 19 Dec 2023 06:01:02 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
sid
mug.criteo.com/ Frame 8298
Redirect Chain
  • https://gumi.criteo.com/sid/json?origin=publishertagids&domain=reurl.cc&sn=ChromeSyncframe&so=0&topUrl=reurl.cc&topicsavail=1&fledgeavail=1
  • https://mug.criteo.com/sid?cpp=bADyDHxsc3RBR0lsaldEODZmNUxJQ1NaT0s5UzRHajJpTVlHNVAwM2JtUlc4ckx6N2d5c3ZKM285amZMRXM1N2x1TDlhbHBVNnNpL212UlozcnRSTWRWeTROVWROZTVydnZkNnNCV1hNN3FsK2JVOERUbmExTTByWTVQaF...
422 B
1005 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=bADyDHxsc3RBR0lsaldEODZmNUxJQ1NaT0s5UzRHajJpTVlHNVAwM2JtUlc4ckx6N2d5c3ZKM285amZMRXM1N2x1TDlhbHBVNnNpL212UlozcnRSTWRWeTROVWROZTVydnZkNnNCV1hNN3FsK2JVOERUbmExTTByWTVQaFlvMzNmTVJHaUkxdFc5alAyeHVDN0tGY3A5Vy9tVkdERnN2bXl0L2FOK3BJS0lhYlF2UndUbUFlcGZ0M3BmK1Z0bTAvR2ErcndxTnZwRXA5VEVTWGJqUkd6ak4reFdnRUpmOGhkRTJvbmFuWjd4QXk4cFpMb09aa0xxcFpaUTBHenFKT2dlQTM1THhvcFpwTzhiT0ZLdWpWTmFwUzVWcjBFU29SYVM3dG1zMTRaeHowaE9WMFN3bEgvKzcvaHJYdjIvTEFtaHcyTHw&cppv=2
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Server
178.250.1.12 , France, ASN44788 (ASN-CRITEO-EUROPE Criteo Technology SAS, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
230ef0b6df3e18bd19fd1a42f35db23ec6e68573a52492ad2a22b6cd385553b9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://gumi.criteo.com/

Response headers

strict-transport-security
max-age=31536000; preload;
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
pragma
no-cache
access-control-allow-credentials
true
access-control-allow-methods
GET
server-processing-duration-in-ticks
1188495
expires
0
access-control-allow-origin
https://gumi.criteo.com
date
Sat, 06 Dec 2025 23:40:36 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
server
Kestrel

Redirect headers

strict-transport-security
max-age=31536000; preload;
cache-control
no-cache, no-store, must-revalidate
location
https://mug.criteo.com/sid?cpp=bADyDHxsc3RBR0lsaldEODZmNUxJQ1NaT0s5UzRHajJpTVlHNVAwM2JtUlc4ckx6N2d5c3ZKM285amZMRXM1N2x1TDlhbHBVNnNpL212UlozcnRSTWRWeTROVWROZTVydnZkNnNCV1hNN3FsK2JVOERUbmExTTByWTVQaFlvMzNmTVJHaUkxdFc5alAyeHVDN0tGY3A5Vy9tVkdERnN2bXl0L2FOK3BJS0lhYlF2UndUbUFlcGZ0M3BmK1Z0bTAvR2ErcndxTnZwRXA5VEVTWGJqUkd6ak4reFdnRUpmOGhkRTJvbmFuWjd4QXk4cFpMb09aa0xxcFpaUTBHenFKT2dlQTM1THhvcFpwTzhiT0ZLdWpWTmFwUzVWcjBFU29SYVM3dG1zMTRaeHowaE9WMFN3bEgvKzcvaHJYdjIvTEFtaHcyTHw&cppv=2
pragma
no-cache
server-processing-duration-in-ticks
399618
expires
0
content-length
0
date
Sat, 06 Dec 2025 23:40:35 GMT
server
Kestrel
sodar
ep1.adtrafficquality.google/getconfig/ Frame AECE 		18 KB
13 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gpt&tv=m202512040101&st=env&sjk=6844337683902518
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/pubads_impl.js?cb=31096008
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
687dd881bcfd28cb6d91b90177f77e77baadebdb5d41a3704b348e8df203c31b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

timing-allow-origin
*
content-encoding
br
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
13643
date
Sat, 06 Dec 2025 23:40:35 GMT
x-xss-protection
0
content-type
application/json; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
ads
securepubads.g.doubleclick.net/gampad/ Frame AECE 		28 KB
10 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=6844337683902518&correlator=1286601921756456&eid=31096008%2C83321073%2C83322603&output=ldjh&gdfp_req=1&vrg=202512040101&ptt=17&impl=fifs&gdpr=0&iu_parts=128002626%2CMFPB_202505_13861&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ifi=1&didk=1074775047&dids=div-gpt-ad-1749117348435-0&adfs=3242713776&sfv=1-0-45&sc=1&cookie=ID%3D4364cb78fde40470%3AT%3D1765064433%3ART%3D1765064433%3AS%3DALNI_Mb21YmUZIN_hrBX8NCior3tZ0ME1g&gpic=UID%3D000012d2436a4f6e%3AT%3D1765064433%3ART%3D1765064433%3AS%3DALNI_MYMMocnDSTe0maJhgYxR4lqknphLA&abxe=1&dt=1765064435554&lmt=1765064435&adxs=650&adys=721&biw=1600&bih=1200&isw=300&ish=250&scr_x=0&scr_y=0&btvi=0&ucis=pbpwl3b0z74s&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&nhd=2&url=https%3A%2F%2Freurl.cc%2Fk8qxzL&ref=https%3A%2F%2Freurl.cc%2Fk8qxzL&top=https%3A%2F%2Freurl.cc%2Fk8qxzL%23Conditions&vis=1&psz=300x250&msz=300x250&fws=256&ohw=0&psd=WzMxLFtdXQ..&dlt=1765064435141&idt=338&adks=110384004&frm=23&eo_id_str=ID%3D227c5fc0b1a47413%3AT%3D1765064433%3ART%3D1765064433%3AS%3DAA-Afja1XKMHuFdp_8LdXKZVyOvg
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/pubads_impl.js?cb=31096008
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
38f7772e472b0b35de7282b88150e576421b4c30bfc311c5da6cab6086b63d1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

content-encoding
dcb
google-lineitem-id
-1
observe-browsing-topics
?1
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Sat, 06 Dec 2025 23:40:36 GMT
content-type
text/plain; charset=UTF-8
google-creative-id
-1
cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
content-length
10512
x-xss-protection
0
server
cafe
container.html
082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/safeframe/1-0-45/html/ Frame D078 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/pubads_impl.js?cb=31096008
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.129 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f1.1e100.net
Software
sffe /
Resource Hash
f1a68bf826c55985468304f4284a09cb8a68e82503d764166e611a7c58a85a4b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
br
content-length
3121
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Sat, 06 Dec 2025 23:40:36 GMT
expires
Sat, 06 Dec 2025 23:40:36 GMT
last-modified
Thu, 08 May 2025 23:15:48 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
cm
ad.holmesmind.com/adserver/ Frame EE0B 		0
0
gpt
securepubads.g.doubleclick.net/pagead/managed/dict/m202512040101/ Frame AECE 		64 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/dict/m202512040101/gpt
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
8d23693251d0923a21dba7083e1e3a58a18123b146cebbcefb828e1caa7c3aa3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
br
etag
4740477158928784528
age
40363
x-content-type-options
nosniff
expires
Sat, 13 Dec 2025 12:27:50 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Sat, 06 Dec 2025 12:27:50 GMT
content-type
text/plain; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=604800, stale-while-revalidate=7200
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
22756
x-xss-protection
0
server
cafe
use-as-dictionary
match="/gampad/ads", id="m202512040101"
emome2
t.ssp.hinet.net/ Frame EA0A 		30 B
271 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/emome2?u=83a8eb42-6ef1-4f83-b0a8-8311ce7c1584
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
content-encoding
gzip
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
date
Sat, 06 Dec 2025 23:40:35 GMT
content-type
application/json
vary
Accept-Encoding, Origin
server
nginx
truncated
/ Frame 0D74 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/ Frame 0D74 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/ Frame 0D74 		155 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7808605ddd1f0eaa454aa444293d2f0260943e51e53838fca46506e6a69fe521

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
close_btn.png
cdn.holmesmind.com/image/creative/20200629/ 		23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.holmesmind.com/image/creative/20200629/close_btn.png
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0e83a8ffdd161a80e179732ca1f514ee08dcc3c4a128baa9c92bcffebc2a7c52

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

vary
accept-encoding
x-amz-version-id
eftIHNkZLvs_zrsThuw3iZTYVcb2Z_86
etag
"e08deb6b87983b314d88a24c09f4d13f"
age
67775
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
23254
x-amz-cf-id
xgtD5pVzKH79IVxMzMmjqAlP0ZLl0vau_eaVU9MhWqAsIWlYElDbww==
date
Sat, 06 Dec 2025 04:51:01 GMT
content-type
image/png
last-modified
Thu, 15 Jun 2023 01:01:51 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
c
gtrace.mediago.io/ju/log/ Frame 1AE9 		0
41 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://gtrace.mediago.io/ju/log/c?tn=41b6e88a2b85b0e731ef8e73e5558712&trackingid=fb3825634c99afcbca0c9a887fda9b14&mguid=&c_sync=1&app=vimpLog&ext={%22name%22:%22REAL_VIMP%22,%22vimp_elapsed_time%22:1489,%22time%22:1765064435784,%22intersectCount%22:1,%22intersectErrCount%22:0}
Requested by
Host: f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com
URL: https://f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.214.168.80 Groningen, Netherlands, ASN19527 (GOOGLE-2, US),
Reverse DNS
80.168.214.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com/

Response headers

via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Sat, 06 Dec 2025 23:40:35 GMT
content-type
text/html; charset=utf-8
ic
trace-eu.mediago.io/ju/ Frame 1AE9 		0
120 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trace-eu.mediago.io/ju/ic?tn=41b6e88a2b85b0e731ef8e73e5558712&trackingid=fb3825634c99afcbca0c9a887fda9b14&acid=20435&data=jQ5BfVVjwR2HGzF6udlgrGgvvs5NdXByZ_ImBvaHL-UyF8r6E5OPXP-ujuvNw-_7apMZ9vyieKQfx56plGDwcE7ruwAPbThG79V8P_n7I562Pi1RERg6x4VuvMsjK270auFkpiyDUfm00QgG_klp6sWRuTRuiEtXR2eLcnW4ViQUFZcBdO-9rzmN1TfAS-L_CB3dpjufnAXnTTypEGaZo9dRu3ngLnK9wf0SPp4dUgC40XDkw9_0-UM4p_JFbRur_1q7hyGbSAmp4i44ZhMqKMrJNDLwXI-VZPU7Eglow20D2oorSmUIIGNhqMLe0-6H6LeaIdGScUh4dnBdSbe7iurOOUWuvo_d5AEokFOTv27xyJ_6h6i1ErcjyLQEu677D8WgwymvK-9ROoFGfiTuSxRJr7jUFdVk9tTBFoatbFdQ8qkUAJNxCRw1PH3w-MDJv_5EBlwuoM4ZDSEAXBjTsrwDux2DmSylRitQks0wNoTpE75U6D9nUEZCz5-Ss41Lchhe7pFXkfYaL99w-OqDKN8EwvDMBlsHNxlxybZDZqUGgjpCGpVulQczJP-kArnaLAkEkIMbVzC3pwC6O2AlWesMJTJp5lRh3VsSUrKdjevwwaGEnBBDYURvXoEhEu2I6rgnoW5vyJY4IvX-JN_reHr2-2S2eN2bLeoV-FaKM3FR9khVpAwgkyAQHeN_xBR7StaouH_JBqINT6YHQAczh3f94Y3aMz1UMVyJwq9cxo3rQfZN5AXgU18l6ZpsXJsL4QsH28ksafzE6empWYKOSungAhDRTr9WdmgP9OFP1Cv8ArbXKOwN5bM7CwFFx987Bjh_BVKZxfB0evDCtUBS8v5mIgc2HO5wzg0t13I9xDu5-UNEt4oGKaRU6CDT_OvtbAmI-49v5cL0TyTPi-mfcD7XjxJAI_luCce_y-c7X46ExN-jzVj9cmMkfAAjgLfMTtUl9AieCZMRsMrWuBbLQbGZ0S3LC1RTp6Czo5lkp3AquSDRFXJ1Qc_pjExaEgH_BnihYmMFbXIps2GWl1W-rFca0ow-tqFowwKFiHEkCpi5rwF7aJIg6bJDEWs-3WgNyYocXPhi4QPi4-_s7MlG1PoYK5YTMySo_76kOFb6u_2AsR3Fn3EQFH68nbt2FvU-KXrD3nWOUd6Q37A3G5L1ezDsCkhxnJb7UZLAIaBZx9KJeir5iyoINd0OZiX3pET-0xIn_PbqyFyvUg9B7BZM0Anu7jHjzDaw87uBUsWpfVAmlNULVt8Pt_cbVhatMZGmHwnGnF3U4tlWUmZFmxxM2tza7tihxjrvQj4UD9bzEOT21mVCH7k-dBMBFSGBZEQV6e7I__b9VqoVfWV_--LTJ5TuAVt1tPOSwy_Jwyf_HA19QZchkph01XmSUU_3exngN0ypFiigopgjch1OplimH3iKHu4pfJks4266YK_LYlJjQzx0IZNF0_hNIrgNOkOQbkGSqbH9u8wc3t2_ma3o8IKoe7LO9t3azeW-GJSCTb-1douyd7o8fGcrrRdnyFauRPnSK48eE5r7lq937kKswqzsAyLQ7Hc1X5jOIyGRnN70JjB0xq_v-Zzkpkcg7KFHCFis0E-S8Fos-W-v3kAF7w&uid=000012d2436a4f6e&mguid=&ap=0.085385&tid=72&c_sync=1
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.214.168.80 Groningen, Netherlands, ASN19527 (GOOGLE-2, US),
Reverse DNS
80.168.214.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com/

Response headers

via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 06 Dec 2025 23:40:35 GMT
content-type
text/html; charset=utf-8
cm
t.ssp.hinet.net/ Frame EA0A 		0
187 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/cm?c=50ef57&cid=9686-TeftXPByfrBByQsJSO45jsQQ4pxXhJkZ&mp=83a8eb42-6ef1-4f83-b0a8-8311ce7c1584
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
date
Sat, 06 Dec 2025 23:40:35 GMT
content-type
image/png
vary
Origin
server
nginx
pixel
83a8eb42-6ef1-4f83-b0a8-8311ce7c1584.t.ssp.hinet.net/ Frame EA0A 		0
177 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://83a8eb42-6ef1-4f83-b0a8-8311ce7c1584.t.ssp.hinet.net/pixel?bd=83a8eb42-6ef1-4f83-b0a8-8311ce7c1584&t=50ef57&referrer=
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

Strict-Transport-Security
max-age=0
Content-Length
0
Date
Sat, 06 Dec 2025 23:40:38 GMT
Content-Type
image/png
Server
nginx
Connection
keep-alive
cm
ad.holmesmind.com/adserver/ Frame E048 		0
0
sodar2.js
ep2.adtrafficquality.google/sodar/ Frame AECE 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/pubads_impl.js?cb=31096008
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a7f65c0446b6cac3175458f6388304d0c23e70d11fa0db20920a619f1bc18623
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

content-encoding
gzip
etag
"1747411493688989"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options
nosniff
expires
Sat, 06 Dec 2025 23:40:36 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 06 Dec 2025 23:40:36 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
private, max-age=3000
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
7188
x-xss-protection
0
server
sffe
cm
t.ssp.hinet.net/ Frame 3615 		0
187 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/cm?c=50ef57&cid=9686-TeftXPByfrBByQsJSO45jsQQ4pxXhJkZ
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
date
Sat, 06 Dec 2025 23:40:36 GMT
content-type
image/png
vary
Origin
server
nginx
cm
t.ssp.hinet.net/ Frame 365E 		0
187 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/cm?c=50ef57&cid=9686-TeftXPByfrBByQsJSO45jsQQ4pxXhJkZ
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
date
Sat, 06 Dec 2025 23:40:37 GMT
content-type
image/png
vary
Origin
server
nginx
cm
t.ssp.hinet.net/ Frame C862 		0
187 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/cm?c=50ef57&cid=9686-TeftXPByfrBByQsJSO45jsQQ4pxXhJkZ
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
date
Sat, 06 Dec 2025 23:40:39 GMT
content-type
image/png
vary
Origin
server
nginx
cm
t.ssp.hinet.net/ Frame AF7B 		0
187 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/cm?c=50ef57&cid=9686-TeftXPByfrBByQsJSO45jsQQ4pxXhJkZ
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
date
Sat, 06 Dec 2025 23:40:40 GMT
content-type
image/png
vary
Origin
server
nginx
cm
t.ssp.hinet.net/ Frame 96D5 		0
187 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/cm?c=50ef57&cid=9686-TeftXPByfrBByQsJSO45jsQQ4pxXhJkZ
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
date
Sat, 06 Dec 2025 23:40:40 GMT
content-type
image/png
vary
Origin
server
nginx
cm
t.ssp.hinet.net/ Frame 358C 		0
187 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/cm?c=50ef57&cid=9686-TeftXPByfrBByQsJSO45jsQQ4pxXhJkZ
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
date
Sat, 06 Dec 2025 23:40:41 GMT
content-type
image/png
vary
Origin
server
nginx
cm
t.ssp.hinet.net/ Frame 3043 		0
187 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/cm?c=50ef57&cid=9686-TeftXPByfrBByQsJSO45jsQQ4pxXhJkZ
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
date
Sat, 06 Dec 2025 23:40:41 GMT
content-type
image/png
vary
Origin
server
nginx
GSMA_Logo.jpg
mma.prnasia.com/media2/1882833/5658088/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mma.prnasia.com/media2/1882833/5658088/GSMA_Logo.jpg?p=medium600
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::6812:5fe1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
16972c99cc3812c26bcbdc5c530f3f9994ec4077344b6ed3469fa5a255f11705

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

access-control-allow-headers
Content-Type
cache-control
public, max-age=1
cf-cache-status
BYPASS
access-control-allow-methods
GET, POST, OPTIONS
cf-ray
9a9fa115fab73ed8-BCN
expires
Sat, 06 Dec 2025 23:40:37 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
19281
date
Sat, 06 Dec 2025 23:40:36 GMT
content-type
image/jpeg
last-modified
Sat, 06 Dec 2025 23:40:36 GMT
vary
*, Accept-Encoding
server
cloudflare
x-powered-by
ASP.NET
result_MYSTIC_c161885f-1c89-4a24-bbd6-502045056168_0-390x220.jpeg
nearbymed.com/wp-content/uploads/2025/05/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nearbymed.com/wp-content/uploads/2025/05/result_MYSTIC_c161885f-1c89-4a24-bbd6-502045056168_0-390x220.jpeg
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.222.174 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a1e698279502754957b1a3e2258fff174eee8b1802ee54d6d15df445d627220

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

cf-cache-status
HIT
etag
"68d811ca-365f"
age
2448200
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=1mV6IFff1XtVlWv1mj6%2Bris0hUv4hXhpDkEjnFXnGyPWEw3rEUlSATnjJk2Gv3wvO8cwBryOx9hmrH9T4ZLzkOffIC4GS%2BlvOjXC"}]}
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Sat, 06 Dec 2025 23:40:36 GMT
content-type
image/jpeg
last-modified
Sat, 27 Sep 2025 16:33:14 GMT
vary
accept-encoding
priority
u=1,i
cache-control
public, max-age=31536000
nel
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray
9a9fa115ab17d050-MAD
accept-ranges
bytes
content-length
13919
server
cloudflare
1764922819-4b9941f48d591b6ed55e155b1fd1efdd-840x525.jpg
img.gbyhn.com.tw/2025/12/ 		61 KB
61 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.gbyhn.com.tw/2025/12/1764922819-4b9941f48d591b6ed55e155b1fd1efdd-840x525.jpg
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
66ff4ad29ec9611c45b2a36c657f7637f3b993dd6a1b2c011d2f63059e1a1ed4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

cf-cache-status
HIT
age
141329
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=lTbOIgg6AS%2FXhAfJk98ZBv6pVIl1uOiEjFJ62PCvhlfxXJcXmMdJRgSOAh4AOXCn9t4UKAOYQndQIclinDKroYYQiMNqsc%2BodG%2BoSTcFqjc%3D"}]}
expires
Fri, 12 Dec 2025 08:25:06 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Sat, 06 Dec 2025 23:40:36 GMT
content-type
image/jpeg
last-modified
Fri, 05 Dec 2025 08:20:19 GMT
vary
accept-encoding
priority
u=1,i
cache-control
public, max-age=604800
nel
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray
9a9fa115de102a5a-MAD
accept-ranges
bytes
content-length
61986
x-turbo-charged-by
LiteSpeed
server
cloudflare
2024-LINE-Go%E3%80%81Uber%E3%80%81%E5%8F%B0%E7%81%A3%E5%A4%A7%E8%BB%8A%E9%9A%8A%E9%AB%98%E5%9B%9E%E9%A5%8B%E4%BF%A1%E7%94%A8%E5%8D%A1%E6%8E%A8%E8%96%A6-1080x630.jpg
creditcards.com.tw/wp-content/uploads/2024/10/ 		46 KB
47 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://creditcards.com.tw/wp-content/uploads/2024/10/2024-LINE-Go%E3%80%81Uber%E3%80%81%E5%8F%B0%E7%81%A3%E5%A4%A7%E8%BB%8A%E9%9A%8A%E9%AB%98%E5%9B%9E%E9%A5%8B%E4%BF%A1%E7%94%A8%E5%8D%A1%E6%8E%A8%E8%96%A6-1080x630.jpg?crop=1
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.24 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
6167fd340131937aa85eb5de6051b6891a17b303ffca682704a89007eda6a97f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

etag
"bdc46d514a4e8b0b"
x-bytes-saved
21327
x-content-type-options
nosniff
access-control-allow-methods
GET, HEAD
expires
Mon, 06 Dec 2027 00:00:33 GMT
server-timing
a8c-cdn, dc;desc=bur, cache;desc=HIT;dur=1.0, a8c-cdn, dc;desc=mad, cache;desc=HIT;dur=3.0
alt-svc
h3=":443"; ma=86400
date
Sat, 06 Dec 2025 23:40:36 GMT
content-type
image/webp
last-modified
Fri, 05 Dec 2025 12:00:33 GMT
vary
Accept
strict-transport-security
max-age=31536000
cache-control
public, max-age=63115200
timing-allow-origin
*
x-nc
HIT bur 3
access-control-allow-origin
*
content-length
47102
x-ac
25.mad _atomic_ams HIT
server
nginx
renews-title1.png
re-news.tw/images/ 		24 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://re-news.tw/images/renews-title1.png
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.185.136.122 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
122.136.185.35.bc.googleusercontent.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e9b96bc538ceb220fc5caff0d0a67916b74cf07b2bada0b3296a17b1b99c9990

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

accept-ranges
bytes
content-length
24493
date
Sat, 06 Dec 2025 23:40:38 GMT
etag
"61a30347-5fad"
content-type
image/png
last-modified
Sun, 28 Nov 2021 04:19:19 GMT
server
nginx/1.18.0 (Ubuntu)
2025112917574367.jpg
img.racingcharger.tw/wp-content/uploads/2025/11/ 		741 KB
742 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.racingcharger.tw/wp-content/uploads/2025/11/2025112917574367.jpg
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
55d72e6c27809e3d9fcee9bfacc5e736e6c8c0f032004a22ca1f1ff2f4594af3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

nel
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control
max-age=14400
cf-cache-status
HIT
age
1354
speculation-rules
"/cdn-cgi/speculation"
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=X6krxuOlL07uhXsnANsuFYISqqAlQ3qJJpuWrwJ8ZkbLQwawNvf3FTx2ZHTvEFnuFuHM23mcl0fx1nz2oCdABtAyJIjLKuT%2B8mcJG7WX9%2Bg44%2FAraE%2F4AmSQqRu6YQ%3D%3D"}]}
cf-ray
9a9fa115ab22028a-MAD
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
content-length
758789
date
Sat, 06 Dec 2025 23:40:36 GMT
content-type
image/jpeg
last-modified
Sat, 29 Nov 2025 17:57:33 GMT
server
cloudflare
vary
accept-encoding
file.png
static.wixstatic.com/media/9a254c_bd6ab9dc57c349009b5f1eedc6fb236d~mv2.png/v1/fit/w_1000,h_1000,al_c,q_80/ 		1010 KB
1010 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.wixstatic.com/media/9a254c_bd6ab9dc57c349009b5f1eedc6fb236d~mv2.png/v1/fit/w_1000,h_1000,al_c,q_80/file.png
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
65.8.131.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-8-131-76.fra60.r.cloudfront.net
Software
openresty/1.27.1.2 /
Resource Hash
76e0fe9b59aa81409567a77b7f5cfaebcbe6d1a5586d4979c5a83a327f68d517

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-cf-id
k4MhOp2orSuK6Y1Qrj2IsbAEJjE51UAFLI2LAgq8OxmFigIcZ7A1hA==
cache-control
public, max-age=2592000, immutable
timing-allow-origin
*
age
2428438
via
1.1 google, 1.1 e82859bd3e5e584a3698e67f22415dae.cloudfront.net (CloudFront)
x-wixmp-trace
projects/wix-media-infrastructure/traces/35DDxtzFv1ht1XOKyqok8D3bN6S
access-control-allow-origin
*
x-seen-by
image-manipulator-698889fbf5-v58vj
content-length
1033732
alt-svc
h3=":443"; ma=86400
date
Sat, 08 Nov 2025 21:06:38 GMT
content-type
image/png
x-cache
Hit from cloudfront
server
openresty/1.27.1.2
x-amz-cf-pop
FRA60-P13
pixel
83a8eb42-6ef1-4f83-b0a8-8311ce7c1584.t.ssp.hinet.net/ Frame 3615 		0
177 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://83a8eb42-6ef1-4f83-b0a8-8311ce7c1584.t.ssp.hinet.net/pixel?bd=83a8eb42-6ef1-4f83-b0a8-8311ce7c1584&t=50ef57&referrer=
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

Strict-Transport-Security
max-age=0
Content-Length
0
Date
Sat, 06 Dec 2025 23:40:40 GMT
Content-Type
image/png
Server
nginx
Connection
keep-alive
main.js
cdn.holmesmind.com/module/product/inner/inner_image/ Frame 3615 		26 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/module/product/inner/inner_image/main.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
651219c93cab2078fb7f9f5f3d091d56009b1108ff95b312d5b518a8639fbf2a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
5eDfF61po8mbPAqic7Z9nmad18STHB0v
etag
"9570d1addd7f3b91ecb1c725d51a1458"
age
231
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
26746
x-amz-cf-id
if3-kUbwR14_K5gunD7TY6i3Z7IaPVnAPl2Zyn0t1-ioKYfPrHAxJQ==
date
Sat, 06 Dec 2025 23:40:36 GMT
content-type
application/javascript
last-modified
Wed, 21 Aug 2024 05:57:19 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
cf.png
cdn.holmesmind.com/ Frame 3615 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.holmesmind.com/cf.png
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bca7ee31fc622c935a1ba3d3d012111f3aab926dc898ed011513fc7a9145f90e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

vary
accept-encoding
x-amz-version-id
JXDsYp0MpCsC07xlgs6M6Edv23lP_HUM
etag
"7cb0cc414e01c6f48a9eefee02d81959"
age
78222
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
2399
x-amz-cf-id
0dazvspGcluJwTCzH7GiabiBHIGM2eKMbWFCFKbEk-5SiLR5KamDLA==
date
Sat, 06 Dec 2025 01:56:55 GMT
content-type
image/png
last-modified
Mon, 19 Jun 2023 03:09:39 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
gpt.js
securepubads.g.doubleclick.net/tag/js/ Frame 805D 		105 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
090c5dbe03c9cc652f75b74bee6dfa2291037ace8ab00603ee530a747cd62279
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin
https://reurl.cc
Referer
https://reurl.cc/

Response headers

content-encoding
br
etag
555 / 20428 / 31096008 / config-hash: 5063855111797697403
x-content-type-options
nosniff
expires
Sat, 06 Dec 2025 23:40:31 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Sat, 06 Dec 2025 23:40:31 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
34189
x-xss-protection
0
server
cafe
js
www.googletagmanager.com/gtag/ Frame 3043 		424 KB
143 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-M4J67EDHV2
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.72 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s11-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
19fc42ca69d62c46b696e00f28e46c7bc4ece28ed00310abcc6e9cca2a59f1c5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
content-encoding
zstd
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
expires
Sat, 06 Dec 2025 23:40:36 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
146670
date
Sat, 06 Dec 2025 23:40:36 GMT
x-xss-protection
0
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
Google Tag Manager
access-control-allow-headers
Cache-Control
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/ Frame 805D 		611 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/pubads_impl.js?cb=31096008
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
9d6d7342264129047aedc4df11db9bdf238eec8fed367c7289ab11ca6ef6ccbe
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin
https://reurl.cc
Referer
https://reurl.cc/

Response headers

content-encoding
br
etag
11880664601459717268
age
29353
x-content-type-options
nosniff
expires
Sun, 06 Dec 2026 15:31:18 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Sat, 06 Dec 2025 15:31:18 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
197457
x-xss-protection
0
server
cafe
sodar
ep1.adtrafficquality.google/getconfig/ Frame 805D 		18 KB
13 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gpt&tv=m202512040101&st=env&sjk=208345317851880
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/pubads_impl.js?cb=31096008
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
a12d8f40e22ad7d43ce1ce9c5c8522a3688fd36db3da2643e61851babae66f34
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

timing-allow-origin
*
content-encoding
br
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
13662
date
Sat, 06 Dec 2025 23:40:36 GMT
x-xss-protection
0
content-type
application/json; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
ads
securepubads.g.doubleclick.net/gampad/ Frame 805D 		116 KB
21 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=208345317851880&correlator=3068468113079537&eid=31095908%2C31095912%2C31095984%2C31096008%2C31088080%2C83321072%2C83322603&output=ldjh&gdfp_req=1&vrg=202512040101&ptt=17&impl=fifs&gdpr=0&iu_parts=128002626%2CMFPB_202505_18535&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x480&ifi=1&didk=3019717991&dids=div-gpt-ad-1747900979112-0&adfs=2697053186&sfv=1-0-45&sc=1&cookie=ID%3D4364cb78fde40470%3AT%3D1765064433%3ART%3D1765064433%3AS%3DALNI_Mb21YmUZIN_hrBX8NCior3tZ0ME1g&gpic=UID%3D000012d2436a4f6e%3AT%3D1765064433%3ART%3D1765064433%3AS%3DALNI_MYMMocnDSTe0maJhgYxR4lqknphLA&abxe=1&dt=1765064436218&lmt=1765064436&adxs=640&adys=360&biw=1600&bih=1200&isw=320&ish=480&scr_x=0&scr_y=0&btvi=0&ucis=uwc4f5vy1b5d&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&nhd=2&url=https%3A%2F%2Freurl.cc%2Fk8qxzL&ref=https%3A%2F%2Freurl.cc%2Fk8qxzL&top=https%3A%2F%2Freurl.cc%2Fk8qxzL%23Conditions&vis=1&psz=320x480&msz=320x480&fws=256&ohw=0&psd=WzMxLFtdXQ..&dlt=1765064436124&idt=32&adks=2045691737&frm=23&eo_id_str=ID%3D227c5fc0b1a47413%3AT%3D1765064433%3ART%3D1765064433%3AS%3DAA-Afja1XKMHuFdp_8LdXKZVyOvg
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/pubads_impl.js?cb=31096008
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
80d755c8fdf679d084f69c1043420659c3a3ce1bb7ec2a39e06c89a517f47677
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

content-encoding
dcb
google-lineitem-id
-1
observe-browsing-topics
?1
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Sat, 06 Dec 2025 23:40:36 GMT
content-type
text/plain; charset=UTF-8
google-creative-id
-1
cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
content-length
21177
x-xss-protection
0
server
cafe
container.html
f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com/safeframe/1-0-45/html/ Frame EB4B 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/pubads_impl.js?cb=31096008
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f1a68bf826c55985468304f4284a09cb8a68e82503d764166e611a7c58a85a4b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
br
content-length
3121
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Sat, 06 Dec 2025 23:40:36 GMT
expires
Sat, 06 Dec 2025 23:40:36 GMT
last-modified
Thu, 08 May 2025 23:15:48 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
runner.html
ep2.adtrafficquality.google/sodar/sodar2/237/ Frame 3EFE 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2/237/runner.html
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
14b660a511e14a9a481c6fe43c576f36c61b656cfd379728c54f1128e1855966
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
1579
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000
content-encoding
gzip
content-length
5044
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sat, 06 Dec 2025 23:14:17 GMT
expires
Sun, 07 Dec 2025 00:04:17 GMT
last-modified
Tue, 13 May 2025 23:17:50 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 0787 		829 B
568 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.228 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f4.1e100.net
Software
ESF /
Resource Hash
ce35297b7eeaea73da74d401d81ef36d85b53ba08c0ea16491d31a3b146aebfa
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-2saZjNLydknuUyMMwF_1NA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-2saZjNLydknuUyMMwF_1NA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Sat, 06 Dec 2025 23:40:36 GMT
expires
Sat, 06 Dec 2025 23:40:36 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
main.js
cdn.holmesmind.com/module/product/bottom/bottom_movingBoardImage/ Frame 358C 		30 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/module/product/bottom/bottom_movingBoardImage/main.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3c0642a0b40f3a3af331b2656807af9976a2c253f1832a1cc425b5a34b749126

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

x-amz-version-id
oPURJqW0INbA0k3Quit7sv8wfaDNa84y
etag
"7a49664bf2d2a38d88923d4339c70d25"
age
237
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
31097
x-amz-cf-id
9UylyuIVX67PT0zAJS5bC8htb4WBGgYDlJlyf_e39kchb2yHCOM1lw==
date
Sat, 06 Dec 2025 23:36:40 GMT
content-type
application/javascript
last-modified
Wed, 21 Aug 2024 05:57:29 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
cf.png
cdn.holmesmind.com/ Frame 358C 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.holmesmind.com/cf.png
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bca7ee31fc622c935a1ba3d3d012111f3aab926dc898ed011513fc7a9145f90e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

vary
accept-encoding
x-amz-version-id
JXDsYp0MpCsC07xlgs6M6Edv23lP_HUM
etag
"7cb0cc414e01c6f48a9eefee02d81959"
age
78222
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
2399
x-amz-cf-id
0dazvspGcluJwTCzH7GiabiBHIGM2eKMbWFCFKbEk-5SiLR5KamDLA==
date
Sat, 06 Dec 2025 01:56:55 GMT
content-type
image/png
last-modified
Mon, 19 Jun 2023 03:09:39 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
gpt
securepubads.g.doubleclick.net/pagead/managed/dict/m202512040101/ Frame 805D 		64 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/dict/m202512040101/gpt
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
8d23693251d0923a21dba7083e1e3a58a18123b146cebbcefb828e1caa7c3aa3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
br
etag
4740477158928784528
age
40363
x-content-type-options
nosniff
expires
Sat, 13 Dec 2025 12:27:50 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Sat, 06 Dec 2025 12:27:50 GMT
content-type
text/plain; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=604800, stale-while-revalidate=7200
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
22756
x-xss-protection
0
server
cafe
use-as-dictionary
match="/gampad/ads", id="m202512040101"
i
ad.holmesmind.com/adserver/ Frame 3615 		0
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.holmesmind.com/adserver/i?ut=1765064434&p=14210:131761:273101:f3e23a7d686b344b5faeff617bafbefd:14756
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.75.180.237 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-75-180-237.ap-northeast-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

date
Sat, 06 Dec 2025 23:40:36 GMT
content-type
image/png
server
nginx
8c7c8418efea4ba698fe5487a2e16fd1.jpg
cdn.holmesmind.com/image/14756/ Frame 3615 		82 KB
83 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.holmesmind.com/image/14756/8c7c8418efea4ba698fe5487a2e16fd1.jpg
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208a:8000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
18a1a14cfb15982e09a0c1cc734b897cee8a0257d3a81165f6676f42a0ab2985

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

vary
accept-encoding
x-amz-version-id
v5.f7GhVUa4KIapgyX5XcMHTEFw7qecT
etag
"aca9550beb6521eb4e4ce04d396c50d8"
age
58404
via
1.1 59927012a1a01484504f9d4b511a043c.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
84403
x-amz-cf-id
e269GCQwMhizo2HYPCYDrKuw6-zUeI825MQOzrcj4nWPu7JlqrLrzg==
date
Sat, 06 Dec 2025 07:27:13 GMT
content-type
image/jpeg
last-modified
Tue, 29 Apr 2025 10:21:22 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P13
x-amz-server-side-encryption
AES256
activeview
pagead2.googlesyndication.com/pcs/ Frame 1AE9 		42 B
65 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsubKWMRASRIWM_dp4j79D0jDeQ5HoLOCLDYOt0oi8QBOKsaZfo2ujBh8Y-jAS0SPf0_yvC_u_apkOO-WYu8KcfbiGuBJkPggJykvR2mNgK2_0pDsIU0RlGfbS_k0VwAg-kGhLAonWr4sYoQNrfNpSlpnLVKdYYcE86xLvLLA8sjTBvsz3I&sig=Cg0ArKJSzKCFPQ14m77fEAE&id=lidar2&mcvt=1001&p=997,10,1247,310&tm=1043.900001525879&tu=42.599998474121094&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20251203&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3936558959&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=6099723500&rst=1765064434295&rpt=1018&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.140.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lcfraa-bt-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Sat, 06 Dec 2025 23:40:36 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
container.html
082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/safeframe/1-0-45/html/ Frame 63CA 		7 KB
0 		Document
General
Check archive.org
Download Go to
Full URL
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/pubads_impl.js?cb=31096008
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.129 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f1.1e100.net
Software
sffe /
Resource Hash
f1a68bf826c55985468304f4284a09cb8a68e82503d764166e611a7c58a85a4b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
br
content-length
3121
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Sat, 06 Dec 2025 23:40:36 GMT
expires
Sat, 06 Dec 2025 23:40:36 GMT
last-modified
Thu, 08 May 2025 23:15:48 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
sodar2.js
ep2.adtrafficquality.google/sodar/ Frame 805D 		20 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/pubads_impl.js?cb=31096008
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a7f65c0446b6cac3175458f6388304d0c23e70d11fa0db20920a619f1bc18623
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

content-encoding
gzip
etag
"1747411493688989"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options
nosniff
expires
Sat, 06 Dec 2025 23:40:36 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 06 Dec 2025 23:40:36 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
private, max-age=3000
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
7188
x-xss-protection
0
server
sffe
runner.html
ep2.adtrafficquality.google/sodar/sodar2/237/ Frame 49C8 		13 KB
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2/237/runner.html
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
14b660a511e14a9a481c6fe43c576f36c61b656cfd379728c54f1128e1855966
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
1579
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000
content-encoding
gzip
content-length
5044
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sat, 06 Dec 2025 23:14:17 GMT
expires
Sun, 07 Dec 2025 00:04:17 GMT
last-modified
Tue, 13 May 2025 23:17:50 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 0C20 		829 B
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.228 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f4.1e100.net
Software
ESF /
Resource Hash
ce35297b7eeaea73da74d401d81ef36d85b53ba08c0ea16491d31a3b146aebfa
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-2saZjNLydknuUyMMwF_1NA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-2saZjNLydknuUyMMwF_1NA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Sat, 06 Dec 2025 23:40:36 GMT
expires
Sat, 06 Dec 2025 23:40:36 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
pixel
googleads.g.doubleclick.net/xbbe/ Frame 7147 		652 B
254 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQ0-KBvxkYmYz_swIwAQ&v=APEucNUKmOKoS9x3ZOG2s_IkKSGzJbSm4sirrk-On8ZqMfeBYz7hY0IGTXMjNFVg6EVrSfAT7kTJvkKDjXHUYPOYEF8ayLzhe7i7eEsDLdpLpQiDbEI1awU
Requested by
Host: 082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
URL: https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
cafe /
Resource Hash
8c04e118bdd5757192be2a1eb360786f9fa1c4b398806430b7f41f203f64d8e6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
234
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 06 Dec 2025 23:40:36 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame 63CA 		103 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: 082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
URL: https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.140.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lcfraa-bt-in-f2.1e100.net
Software
cafe /
Resource Hash
c7038e16d5f2b00508d0674719a9a981a18cc48442070b36088e1ea89a4bd697
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/

Response headers

content-encoding
br
etag
3555952323351357441
x-content-type-options
nosniff
expires
Sat, 06 Dec 2025 23:40:36 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Sat, 06 Dec 2025 23:40:36 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
cache-control
private, max-age=600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
35698
x-xss-protection
0
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame 63CA 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ALVSuZPU5vCX11RMk9Yy5-XygQkr_1ejjiABq1stC7FPjtofrGe9-L2TC-w7OZvpLV9YwlY_qXqFF6wWG189jvjSn-vC2rXqZbeDSjvmpWqDZ6Z20
Requested by
Host: 082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
URL: https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.140.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lcfraa-bt-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Sat, 06 Dec 2025 23:40:36 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20251204/r20110914/client/ Frame 63CA 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20251204/r20110914/client/window_focus_fy2021.js
Requested by
Host: 082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
URL: https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fec5a361dec923efe92848ca27b02b158b164380a9eaf6cc1625e08e0d9c101e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/

Response headers

content-encoding
br
etag
6020003950853699975
age
40359
x-content-type-options
nosniff
expires
Sat, 20 Dec 2025 12:27:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Sat, 06 Dec 2025 12:27:55 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=1209600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
1241
x-xss-protection
0
server
cafe
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20251204/r20110914/client/ Frame 63CA 		21 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20251204/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
URL: https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3539a82b4664c18c51201b6b35a296282250e6cfb16f3355c61d949797c56529
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/

Response headers

content-encoding
br
etag
2622203621575094117
age
40359
x-content-type-options
nosniff
expires
Sat, 20 Dec 2025 12:27:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Sat, 06 Dec 2025 12:27:55 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=1209600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
8688
x-xss-protection
0
server
cafe
l
www.google.com/ads/measurement/ Frame 63CA 		0
0
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 63CA 		227 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: 082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
URL: https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.140.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lcfraa-bt-in-f2.1e100.net
Software
cafe /
Resource Hash
51d8ff6c08bd4ac009c99b4f0f90b2a3f8f522f9ada47e383b534335bcba10ad
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/

Response headers

content-encoding
br
etag
18225759614869584005
age
759
x-content-type-options
nosniff
expires
Sun, 07 Dec 2025 00:27:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Sat, 06 Dec 2025 23:27:55 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=ISO-8859-7
vary
Accept-Encoding
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
71553
x-xss-protection
0
server
cafe
ping
pagead2.googlesyndication.com/pagead/ Frame AECE 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/pubads_impl.js?cb=31096008
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.140.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lcfraa-bt-in-f2.1e100.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://reurl.cc/

Response headers
i
ad.holmesmind.com/adserver/ Frame 358C 		0
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.holmesmind.com/adserver/i?ut=1765064434&p=22214:244470:299470:ec5b33fb2cd5781b5001b092f2140451:39361
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.75.180.237 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-75-180-237.ap-northeast-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

date
Sat, 06 Dec 2025 23:40:36 GMT
content-type
image/png
server
nginx
sodar
pagead2.googlesyndication.com/pagead/ Frame 0787 		0
17 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=237&li=gpt_m202512040101&jk=6844337683902518&rc=
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.140.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lcfraa-bt-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://www.google.com/

Response headers

timing-allow-origin
*
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Sat, 06 Dec 2025 23:40:36 GMT
x-xss-protection
0
content-type
image/
server
cafe
sodar
pagead2.googlesyndication.com/pagead/ Frame 0C20 		0
17 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=237&li=gpt_m202512040101&jk=208345317851880&rc=
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.140.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lcfraa-bt-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://www.google.com/

Response headers

timing-allow-origin
*
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Sat, 06 Dec 2025 23:40:36 GMT
x-xss-protection
0
content-type
image/
server
cafe
pixel
83a8eb42-6ef1-4f83-b0a8-8311ce7c1584.t.ssp.hinet.net/ Frame 365E 		0
177 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://83a8eb42-6ef1-4f83-b0a8-8311ce7c1584.t.ssp.hinet.net/pixel?bd=83a8eb42-6ef1-4f83-b0a8-8311ce7c1584&t=50ef57&referrer=
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

Strict-Transport-Security
max-age=0
Content-Length
0
Date
Sat, 06 Dec 2025 23:40:41 GMT
Content-Type
image/png
Server
nginx
Connection
keep-alive
collect
region1.analytics.google.com/g/ Frame 3043 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-M4J67EDHV2&gtm=45je5c31v9235662620za200zd9235662620&_p=1765064436131&_gaz=1&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tcfd=10001&cid=1498954258.1765064433&ul=es-es&sr=1600x1200&_ng=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=1&pscdl=noapi&_s=1&tag_exp=103116026~103200004~104527906~104528501~104684208~104684211~105391253~115583767~115616986~115938466~115938468~116184927~116184929~116217636~116217638&sid=1765064436&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2Fk8qxzL&dt=&en=page_view&_fv=1&_ss=1&_ee=1&tfd=4727
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-M4J67EDHV2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:169:0
report-to
{"group":"ascnsrsggc:169:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:169:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://reurl.cc
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:169:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 06 Dec 2025 23:40:36 GMT
content-type
text/plain
server
Golfe2
collect
stats.g.doubleclick.net/g/ Frame 3043 		0
48 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&_ng=1&tid=G-M4J67EDHV2&cid=1498954258.1765064433&gtm=45je5c31v9235662620za200zd9235662620&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=1&tag_exp=103116026~103200004~104527906~104528501~104684208~104684211~105391253~115583767~115616986~115938466~115938468~116184927~116184929~116217636~116217638
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-M4J67EDHV2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c06::9d , Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:138:0
report-to
{"group":"ascnsrsggc:138:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:138:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://reurl.cc
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:138:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 06 Dec 2025 23:40:36 GMT
content-type
text/plain
server
Golfe2
ga-audiences
www.google.es/ads/ Frame 3043 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.es/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ng=1&tid=G-M4J67EDHV2&cid=1498954258.1765064433&gtm=45je5c31v9235662620za200zd9235662620&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=1&tag_exp=103116026~103200004~104527906~104528501~104684208~104684211~105391253~115583767~115616986~115938466~115938468~116184927~116184929~116217636~116217638&z=1291176840
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Sat, 06 Dec 2025 23:40:36 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
/
t.ssp.hinet.net/ Frame E048 		36 B
408 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
3c255bf51649ef300a439c5d882e1f1f0c76c5ff8eb0b2f9ebc358afcc2e57b7
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
content-encoding
gzip
access-control-allow-credentials
true
access-control-allow-origin
https://cdn.holmesmind.com
date
Sat, 06 Dec 2025 23:40:36 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding, Origin
server
nginx
collect
region1.analytics.google.com/g/ Frame 3043 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-M4J67EDHV2&gtm=45je5c31v9235662620za200zd9235662620&_p=1765064436131&_gaz=1&gcs=G1--&gcd=13l3l3l2l5l1&npa=1&dma_cps=syphamo&dma=1&tcfd=10001&cid=1498954258.1765064433&ul=es-es&sr=1600x1200&_ng=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=1&pscdl=noapi&_eu=AEAAAAQ&_s=2&tag_exp=103116026~103200004~104527906~104528501~104684208~104684211~105391253~115583767~115616986~115938466~115938468~116184927~116184929~116217636~116217638&sid=1765064436&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2Fk8qxzL&dt=&en=scroll&epn.percent_scrolled=90&tfd=4748
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-M4J67EDHV2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:169:0
report-to
{"group":"ascnsrsggc:169:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:169:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://reurl.cc
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:169:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 06 Dec 2025 23:40:36 GMT
content-type
text/plain
server
Golfe2
ga-audiences
www.google.es/ads/ Frame 3043 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.es/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ng=1&tid=G-M4J67EDHV2&cid=1498954258.1765064433&gtm=45je5c31v9235662620za200zd9235662620&aip=1&dma=1&dma_cps=syphamo&gcs=G1--&gcd=13l3l3l2l5l1&npa=1&frm=1&tag_exp=103116026~103200004~104527906~104528501~104684208~104684211~105391253~115583767~115616986~115938466~115938468~116184927~116184929~116217636~116217638&z=284656748
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Sat, 06 Dec 2025 23:40:36 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame 63CA 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6792653138931&version=m202510220101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.140.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lcfraa-bt-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Sat, 06 Dec 2025 23:40:36 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame 63CA 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6792653138931&version=m202510220101&ct=77&x=1&cor=4253765571300058624
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.140.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lcfraa-bt-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Sat, 06 Dec 2025 23:40:36 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
ad
googleads.g.doubleclick.net/dbm/ Frame 63CA 		37 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DciQezr8O42g1-uuQUhhAIY00qIgp3FvxOhsA4OL8_EapkoDqcPv5TaL7VYEI-9nELMdzvV8abjnktAbeVAb7eMmOiA42QkJ3o4Wxwwl8WBwXLcmBDGTSrPmOUJOMo6NkhTJb2juaFvl_wiU2rWYukmR6ysyNJaw1-HNQ2gNujgZDbQ4qpZfghOXmGm5y-Fvsoid9BACncyIG7v3ap8klTpV39EF-jMU6LWYTlt7EGFiNmsF2h9vTGcfgh3Wn4Zw4Js3BE_PWfNkOK8QqV8uQnz3IFQhmJJxJlX87zOnyPZwQ9ZrM&cry=1&dbm_d=AKAmf-BfgbqgTPVleAbjKbS_goP7II-kof0yWWi3KvWOulLSgdjnxmNzjvd--T0CEXm0Xq7vpyJ2g5oPXo0PMXcjlv0VYn-zxlKECvgzLqesHFq_DFkSBeDWPeCuF63ad20KDWZvW-y8RRXHn0qy_zE3jUf0LJ2ky_LRXji6jmGWU-8d8HKpAzzac9lt_ZkDVBg-lhuAAy5R6eOTeKJahvIybucdVhh5KiF8Xz5mQtL0hJQcJBT9MYP5pxCl_qCwzmJwq0NcmBR5w74HqwTxWei02i1YSSm8qJMar4s-S4zGMRFpn54wWB3cdKXh5j7cT_i8-O1IKx6ukPdu5UH4s615l5gVmH13lxTWMlrU7v1Q6sZMlZX66JVfV7tAh9VpZuYOhbXsZXelIqqcLHVY-f_EChXCUJ5zJmjV8nzBXW9O6h06ht-6fDdRVBGe13J0AJ4gTASlagnxOadWh6H67tOn9WhqlTe75PHKcJ_-XD5lQ-HVAVaiYSbla_ki2nciH6aWZuMqOc-y8KU7F04le5-XXheMTz1LKe4f7V0r8epWU3ZTi6-4o6ap6A9cz-yXUaJZiAZhn_XHFXksoXYMgaYUbMpxQycTfmIP8LWLlE-0TsKzZVfk1YnbWXURtuqAaC0TE8QFoNwnZtOrqSeh8Cfoc-RFqw2prAH-pJbZxJrz_LuD5uE_dPrZ9scuQ49KmdyUavXazmyfpvXVumUHhGPFxFr8J9KfM2tYNtrtYUB0d-sBAopH1ypHRGdwJIUsOJNeegYax46D0PzLvjGRFpbjC4QsWknccrPgfPGwLRTaR9f5DJhbGgPrACPNetvNZsfGDCVkbIxZAHoBOmz39PMth5Jf6T-Kv9Lm-oy-jhqk7EOFmD7DuO_yiV7bFlkM_PLRyWftrO_wGil0rmjrUFkL4CEKqwSQOE6mi9LstN0_C7yjjY88PAX5uKMEIXWkLs_rklHuPRa3YfDYPpmg30LAr8Iok7xVDwCXcRFe2pNnS8J0GFvZ6sLntwsEs42Y4YNfdx9dnDIIbWGi1YvNaZQlva8bbDfmsFwLlazewgLfoP7jmMYbtCdlpyBOibPb3Fsa5IamGfvICLuf82iVIDRYmjz5EM4QpdBgyZeDZifbP_-yJ_fyvswUqGEOrvODxhFUJMyZIMLJBdWsUlzywYZnTArjaA2HMFBrnSHRXoA2N0CW3b8g3tsuH4bdIznZOnES8oYID7p8hp0dIim9y6toV4MlFh1_-wANtWrukuU6tBkdg2G3GJoAhrumJRUHco9waMhQoqsh4hQwPn4ObUmqWRJSMZa89PRLqAsffla3Ze4YvyHx2FYAAaY2FDcx2LOKimACh2ZJ07fAqS8jM0SQBzL5rsIqmk91tUjQRqo6avs3KZSkU3t_ugjl4eqh1ApzraSMhLBPiJ3ns7bNbmvGcbCm8AYxMpd4OHFaqThL3WtSlP9-t-94MIl8TjEAkMsuYtkxsRWU033YDI45gSOYzjgOaLEp7JTtq20SlJb4MsESHkRcuPZmDizqWmResJCOQBSFZImZPE3jIZz-YNAH2ife31E7FS11j8dR3i4r5t1Y4R5IXlm2v0689Ic2c_UshMWaAUfmD_71bl0gaWyUl8vUS9N1AfaNBkLqQf0q9GxQ_phPgNdAaGfKTA8wetztZsfa2IKnghzPpwA78lfJY--zUs3h-wfRHf3vosNRWylh7oAVt4g2nKy5IMe3VIyiRUh3JD_jAqF4wBjdKDVGQo6FPE5C2j5JArMAmfuf1dIRXCiaiS7X8tuUuxNDPQTlk8mEUPTFFnDBiRh80cy9StEngz8KPVJQCFimQdeSWJSDKm06_5IhG2KpkmokWeICXEyo0AEsOZ-yoqItrAZm7oEguSsZry5MNDsGe7GwuTR3hRbrFrMib5Sgir2NbFH0p38LMcnaDuGMK728Wkpztn3LZkc1BYaa0bDvQD2reHZh4J2Gxsl3ydFDS9EhpIvqVRdN5oBaB9Bw6NXhOTgLt2Io9yv5iS_CE6UUMbHNPBthgYINgHqzCj1WG6F3wyReW-kWjqlVglU6gykbuAJbPdVDyLgCrYMR80YTCaUmv138aJrqg8NERtAZLfGQddz7v6qjO7M0vAFDUGO897CDZ95pC3-1Dj1DE6dcLWWg91A_wV6tmF0Qfzk2Cf7YTw1GRavSoE4mZR2cC9olrB-6PSITlMK4QaFh_woQx3IeEZxXummHYmlRyhd8pSH0nF7eyhKsweKmQWyvYZBgK9DawxX-MbTUsZTXQGX6sI4vlxT4b0MzlJHXGn50I44Hkfm6JG78TqmVYbCyjgMrj7K5M1zGeGT8shTe11fGde-DkoFDkc5HELlhJ_wpKlB0p61Cy0JRCXi8iUfheri9NipfL_mnpeZTXTlLChrG8xR5aZZ1M7vOPYZHtAiDhBt4r7V5FPYdmvT2Z0uL4_M8flHtW_Ph_0PMmLCE6uC0tRxISMfWVjuoUtjhO7FXzp-_O19I2OoNQ5gL8A1_ZO2KppKmGu70WkkgeopEs7kuCGqdYxByHHe8-LvnxYxdqEFoUxy3jyQghCpeenGa_mMh3FMz0yIUePTop6TxysTOWRDNmVDpx8ERSd5TdyKKdSVj-J1CycWIiLzFZuYgGng-LiBdSV4wt1uoeT9hOl9ibQC0vJwaplZlGHNel_ldQaVEfDPfLDkgmB4hvFAQkWgJZvZXq6MOJwJ5V_5bg-_bXc_Afo4ibY1W5el8ix3Dj-2ZbV5hl7eNXlMC7Yn5BJ81qcFWNAaPi7hMHNILIbC-bgXxp0ANpLvlXGWmmx3xo41eDlVjftYL4oGUFI_tmILnYq1PgW3GMWGPDnwF3Nplo78uQmyezTtOF7g7BC2gVQUv754jFg82GSVqslJvlH4eovG1IxEBUSWwowNP8aVTq_N5gmN_JZUkLeTG2Nr30HUHV8KirbWLH6My2dQZcVHc0zcKAhoum6ziS72XVVUA6rhszWpGiOYzF4893CR2-v5PKtM8So3jcF7TaF9hS2kv5bcluLMCU4eMGqsJLdn2kQbIs4bYhtBMzA9um2D7UuzwxUvF1jtYj7H-OPQN3Dobl4230fambF6UAiYa-k8guQDcJQ44SblqMq-BArzbsBaQJCqsXNKwyymm5mHYcGtWLxzp8uThJG1ggqSOv6Q5Mlq0iCF31kB3xoDw6VNUXQYqf7S_-qnvb7ZJTqPY6RTexwNugkneL_i1oAsjKfBEuaZCVgCDS9sG4zbUOo-1XyzU37Qd2CppWytXLH2oIrsgPggtc94WhcMVac-soZpDE44dIvA-xWsOn2HwJJ_CKDFN_b_Lenj3V_R0yA3Ic9dGxsLYTkbRTcxqx-nXvIO_8HaYit3YsXwClIRbpOiI7-b633y2WscSJoIqj62HP6RIVl_AKLeBUsIO8Z2TCZ1dnaFN6z4vS4fXIHpZQLXY2bgNyt-zCTZkmmhkxHIiTTnKVekwpfYpJsWtlPqmFhdtuLelZ-unbdn0CeHb9alllxAhqkC0fqzf8tXQNUzKWkVonq046mhyy-J43pXxYuolgtyCnT88q-tJi8VgkmvPOF8nSDrFM1aFZD64taKwbzX2PPHbdaTrqmBx1cGE5uM6DEnZhnIo7Y3tWjUyKWYiMWdZE1BmCA6wN2JOzc6hpMk8Nj0wrykO5A0aRgVNADHF3sSklAuiBS8uo9_unk5ruSG2SUl_a1ERFMV2IXpN-1fc0m1FbTJ7zBVjK2H0SRn4nWCO79EsNYBG9wmXkqOEyFSlzGMsw6CZ0KqQw9pQeFK3oC1sUe5ucFfKgyEdxj0e1MuMpnD_7K_RF5HX2mlFWmXbOUYfWfs4mN9nHf9xq4nHb6thCapi5wT_VPKWGvxVLtpifln073cPLKbAJfJUX5hK8Vf2xYfUQV3AVyBtI9ff6YJZb8vXgbxkur6Wt7taNVaXSeAifqeeRDAslbcSsBLNf5ErRb7OlCBj9sYIVuWsng2N7l0-fy2OAhMJkhLdpO1qUqwPkM3so3t4okxSGIFwO-R59uq9hmsmCIZJkHRAmyO8AYW6WoC4PvauVC1iEEbACvwctT5iwLRha6wEAslEkWjz8s52roEFg2F5_PhGzlCQwEeyFjPcAB6TbvitafBTytTHHy0b4X24bCf7LqBo5qufGPpzAcq9vQYRvt2ViMdW6hncS-gS4rloJNMYY18A97y4g-gQ7NU5p-A6ObHBpV2cSGmMk4JFgyPxDGBRrSWTZ3l7pP0T-oddbL5j4BttIrATwBNLl_7z1wg1DLlFev3wMFk325ykTduzVV87cBFzUcz3xDBhA0tVMbyRZUN9qcSnAP4Wy1lVcqJ6C-vcYLOREOsGq10mB5rZ5V0fLqCbO0rBSbHlj5eoj5ggBW1MRtgKvzIqo2xcuVB8a1fI4g16YGvzQBc1RcYxx-mShKtxDiG0yMf6qx5ulc5a9MX5dFdjVoRYnVdpzMdI2rvm8FWAbI5CLt9kAqz8qwZnOVoOH1SXQ-KH-iu1B3_37s7gUNkOedgQaRAFDEJDlMLm-mKtZcebQo-VsM8Ocu7lqgPLDAp8y66ysQ&cid=CAQSnwEAwksa0do2I889mI1aKXCkVnmZJ5HuDxuCvI_d0Ik7Wk8HGIH40zoUFWjjeu3Db4o4G4pN362PIQG3feU1Dkywfg7hxmrPbTVnyux9JdHzjGeDmUoSBkkvX15KX7mQgecg0O5u50Bj3hemIbG3WYDBSYDP8ILaeP_IGMyQQlZUlVRdE21VJ4w__y7VLIFRoO7WZSHJ0wAHQ8co6RavfH4YAQ&dv3_ver=m202510220101&nel=1&rfl=https%3A%2F%2Freurl.cc&ds=l&xdt=1&ct=77&iif=1&cor=4253765571300058624&adk=690083820&idt=291&cac=0&dtd=81
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
cafe /
Resource Hash
36f2d17b2ef2e576dc767a15e0f7ca5efa4208a0e2248e88b6acb87ecf4efc7b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
content-encoding
br
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
21486
date
Sat, 06 Dec 2025 23:40:36 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
truncated
/ Frame 3615 		351 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f31502bd8b58a334acc32b695f096fde6dd136fa1106f2d2d9fb4825d41b1abb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
srEyw1CGy7QA-z8K5gw-KNJL_Xru-x_lhYshApT7PMA.js
pagead2.googlesyndication.com/bg/ Frame 3EFE 		54 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/srEyw1CGy7QA-z8K5gw-KNJL_Xru-x_lhYshApT7PMA.js
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2/237/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.140.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lcfraa-bt-in-f2.1e100.net
Software
sffe /
Resource Hash
b2b132c35086cbb400fb3f0ae60c3e28d24bfd7aeefb1fe5858b210294fb3cc0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://ep2.adtrafficquality.google/

Response headers

content-encoding
br
age
229834
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
x-content-type-options
nosniff
expires
Fri, 04 Dec 2026 07:50:02 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 04 Dec 2025 07:50:02 GMT
last-modified
Mon, 01 Dec 2025 15:28:00 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
public, max-age=31536000
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
accept-ranges
bytes
content-length
21105
x-xss-protection
0
server
sffe
srEyw1CGy7QA-z8K5gw-KNJL_Xru-x_lhYshApT7PMA.js
pagead2.googlesyndication.com/bg/ Frame 49C8 		54 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/srEyw1CGy7QA-z8K5gw-KNJL_Xru-x_lhYshApT7PMA.js
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2/237/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.140.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lcfraa-bt-in-f2.1e100.net
Software
sffe /
Resource Hash
b2b132c35086cbb400fb3f0ae60c3e28d24bfd7aeefb1fe5858b210294fb3cc0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://ep2.adtrafficquality.google/

Response headers

content-encoding
br
age
229834
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
x-content-type-options
nosniff
expires
Fri, 04 Dec 2026 07:50:02 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 04 Dec 2025 07:50:02 GMT
last-modified
Mon, 01 Dec 2025 15:28:00 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
public, max-age=31536000
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
accept-ranges
bytes
content-length
21105
x-xss-protection
0
server
sffe
rum
dsum-sec.casalemedia.com/ Frame 7147
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=0
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECP6kBWcRtj9s9HjtLX5FxI&google_cver=1&gdpr=0
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECP6kBWcRtj9s9HjtLX5FxI&google_cver=1&gdpr=0&C=1
43 B
305 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECP6kBWcRtj9s9HjtLX5FxI&google_cver=1&gdpr=0&C=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQ0-KBvxkYmYz_swIwAQ&v=APEucNUKmOKoS9x3ZOG2s_IkKSGzJbSm4sirrk-On8ZqMfeBYz7hY0IGTXMjNFVg6EVrSfAT7kTJvkKDjXHUYPOYEF8ayLzhe7i7eEsDLdpLpQiDbEI1awU
Protocol
H2
Server
104.18.26.193 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://googleads.g.doubleclick.net/

Response headers

cache-control
no-cache
nel
{"report_to":"cf-nel","success_fraction":0.01,"max_age":604800}
cf-cache-status
DYNAMIC
pragma
no-cache
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=jfYWvgjzTQINzWsGm8QZFiqfVlBScXW4lMHDDrjvaZocm84zR1oHsGhlC%2FygDyhuheVZQ9TqL5bzFF%2FP1tLDyb81SFPFh3YfXLoeFfc6xtqmc%2F0Zlw%3D%3D"}]}
cf-ray
9a9fa11debc577f5-BCN
expires
0
alt-svc
h3=":443"; ma=86400
content-length
43
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
date
Sat, 06 Dec 2025 23:40:37 GMT
content-type
image/gif
vary
accept-encoding
server
cloudflare

Redirect headers

cache-control
no-cache
location
/rum?cm_dsp_id=45&external_user_id=CAESECP6kBWcRtj9s9HjtLX5FxI&google_cver=1&gdpr=0&C=1
cf-cache-status
DYNAMIC
pragma
no-cache
nel
{"report_to":"cf-nel","success_fraction":0.01,"max_age":604800}
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=WehguEgGzUaBJiuRjPzfogmAMvWWBQ%2FOF%2BpdruNL%2B%2Bk9kZ2uAQc5CAtE0dZWWop%2FQ7JN9dVjqZKdiC8noR%2FkeOq5HcyayCf6mljdAtuMvtiYiXgmVQ%3D%3D"}]}
cf-ray
9a9fa11cc8c577f5-BCN
expires
0
alt-svc
h3=":443"; ma=86400
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
date
Sat, 06 Dec 2025 23:40:37 GMT
vary
accept-encoding
server
cloudflare
rum
dsum-sec.casalemedia.com/ Frame 7147
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=0&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgdpr%3D0%26google_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&gdpr=0&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=casale_media2_dsp_secure&google_cm&google_hm=aTS.9bmqPysAJI.OAkxdfwAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECP6kBWcRtj9s9HjtLX5FxI&google_cver=1&gdpr=0&google_hm=2
43 B
292 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECP6kBWcRtj9s9HjtLX5FxI&google_cver=1&gdpr=0&google_hm=2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQ0-KBvxkYmYz_swIwAQ&v=APEucNUKmOKoS9x3ZOG2s_IkKSGzJbSm4sirrk-On8ZqMfeBYz7hY0IGTXMjNFVg6EVrSfAT7kTJvkKDjXHUYPOYEF8ayLzhe7i7eEsDLdpLpQiDbEI1awU
Protocol
H2
Server
104.18.26.193 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://googleads.g.doubleclick.net/

Response headers

cache-control
no-cache
nel
{"report_to":"cf-nel","success_fraction":0.01,"max_age":604800}
cf-cache-status
DYNAMIC
pragma
no-cache
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=oCY%2FeOw0MTlhgn2H8iIs2eRQ%2BoV02nWDkVUYCZUJNoTqczoUFyQ4wUFQR2ho3XxxaLWpFhj3hx89UYz3gA53Mpl8bIntknO2ouTT4La13%2FP9epXzig%3D%3D"}]}
cf-ray
9a9fa11f9f3077f5-BCN
expires
0
alt-svc
h3=":443"; ma=86400
content-length
43
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
date
Sat, 06 Dec 2025 23:40:37 GMT
content-type
image/gif
vary
accept-encoding
server
cloudflare

Redirect headers

cache-control
no-cache, must-revalidate
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECP6kBWcRtj9s9HjtLX5FxI&google_cver=1&gdpr=0&google_hm=2
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
340
date
Sat, 06 Dec 2025 23:40:37 GMT
x-xss-protection
0
content-type
text/html; charset=UTF-8
server
HTTP server (unknown)
setuid
ib.adnxs.com/ Frame 7147
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm&gdpr=0
  • https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEGEQq40hAOKjsJz0zFZZEaE&google_cver=1
0
0
getuid
ib.adnxs.com/ Frame 7147 		0
0
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20251204/r20110914/ Frame 63CA 		28 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20251204/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DciQezr8O42g1-uuQUhhAIY00qIgp3FvxOhsA4OL8_EapkoDqcPv5TaL7VYEI-9nELMdzvV8abjnktAbeVAb7eMmOiA42QkJ3o4Wxwwl8WBwXLcmBDGTSrPmOUJOMo6NkhTJb2juaFvl_wiU2rWYukmR6ysyNJaw1-HNQ2gNujgZDbQ4qpZfghOXmGm5y-Fvsoid9BACncyIG7v3ap8klTpV39EF-jMU6LWYTlt7EGFiNmsF2h9vTGcfgh3Wn4Zw4Js3BE_PWfNkOK8QqV8uQnz3IFQhmJJxJlX87zOnyPZwQ9ZrM&cry=1&dbm_d=AKAmf-BfgbqgTPVleAbjKbS_goP7II-kof0yWWi3KvWOulLSgdjnxmNzjvd--T0CEXm0Xq7vpyJ2g5oPXo0PMXcjlv0VYn-zxlKECvgzLqesHFq_DFkSBeDWPeCuF63ad20KDWZvW-y8RRXHn0qy_zE3jUf0LJ2ky_LRXji6jmGWU-8d8HKpAzzac9lt_ZkDVBg-lhuAAy5R6eOTeKJahvIybucdVhh5KiF8Xz5mQtL0hJQcJBT9MYP5pxCl_qCwzmJwq0NcmBR5w74HqwTxWei02i1YSSm8qJMar4s-S4zGMRFpn54wWB3cdKXh5j7cT_i8-O1IKx6ukPdu5UH4s615l5gVmH13lxTWMlrU7v1Q6sZMlZX66JVfV7tAh9VpZuYOhbXsZXelIqqcLHVY-f_EChXCUJ5zJmjV8nzBXW9O6h06ht-6fDdRVBGe13J0AJ4gTASlagnxOadWh6H67tOn9WhqlTe75PHKcJ_-XD5lQ-HVAVaiYSbla_ki2nciH6aWZuMqOc-y8KU7F04le5-XXheMTz1LKe4f7V0r8epWU3ZTi6-4o6ap6A9cz-yXUaJZiAZhn_XHFXksoXYMgaYUbMpxQycTfmIP8LWLlE-0TsKzZVfk1YnbWXURtuqAaC0TE8QFoNwnZtOrqSeh8Cfoc-RFqw2prAH-pJbZxJrz_LuD5uE_dPrZ9scuQ49KmdyUavXazmyfpvXVumUHhGPFxFr8J9KfM2tYNtrtYUB0d-sBAopH1ypHRGdwJIUsOJNeegYax46D0PzLvjGRFpbjC4QsWknccrPgfPGwLRTaR9f5DJhbGgPrACPNetvNZsfGDCVkbIxZAHoBOmz39PMth5Jf6T-Kv9Lm-oy-jhqk7EOFmD7DuO_yiV7bFlkM_PLRyWftrO_wGil0rmjrUFkL4CEKqwSQOE6mi9LstN0_C7yjjY88PAX5uKMEIXWkLs_rklHuPRa3YfDYPpmg30LAr8Iok7xVDwCXcRFe2pNnS8J0GFvZ6sLntwsEs42Y4YNfdx9dnDIIbWGi1YvNaZQlva8bbDfmsFwLlazewgLfoP7jmMYbtCdlpyBOibPb3Fsa5IamGfvICLuf82iVIDRYmjz5EM4QpdBgyZeDZifbP_-yJ_fyvswUqGEOrvODxhFUJMyZIMLJBdWsUlzywYZnTArjaA2HMFBrnSHRXoA2N0CW3b8g3tsuH4bdIznZOnES8oYID7p8hp0dIim9y6toV4MlFh1_-wANtWrukuU6tBkdg2G3GJoAhrumJRUHco9waMhQoqsh4hQwPn4ObUmqWRJSMZa89PRLqAsffla3Ze4YvyHx2FYAAaY2FDcx2LOKimACh2ZJ07fAqS8jM0SQBzL5rsIqmk91tUjQRqo6avs3KZSkU3t_ugjl4eqh1ApzraSMhLBPiJ3ns7bNbmvGcbCm8AYxMpd4OHFaqThL3WtSlP9-t-94MIl8TjEAkMsuYtkxsRWU033YDI45gSOYzjgOaLEp7JTtq20SlJb4MsESHkRcuPZmDizqWmResJCOQBSFZImZPE3jIZz-YNAH2ife31E7FS11j8dR3i4r5t1Y4R5IXlm2v0689Ic2c_UshMWaAUfmD_71bl0gaWyUl8vUS9N1AfaNBkLqQf0q9GxQ_phPgNdAaGfKTA8wetztZsfa2IKnghzPpwA78lfJY--zUs3h-wfRHf3vosNRWylh7oAVt4g2nKy5IMe3VIyiRUh3JD_jAqF4wBjdKDVGQo6FPE5C2j5JArMAmfuf1dIRXCiaiS7X8tuUuxNDPQTlk8mEUPTFFnDBiRh80cy9StEngz8KPVJQCFimQdeSWJSDKm06_5IhG2KpkmokWeICXEyo0AEsOZ-yoqItrAZm7oEguSsZry5MNDsGe7GwuTR3hRbrFrMib5Sgir2NbFH0p38LMcnaDuGMK728Wkpztn3LZkc1BYaa0bDvQD2reHZh4J2Gxsl3ydFDS9EhpIvqVRdN5oBaB9Bw6NXhOTgLt2Io9yv5iS_CE6UUMbHNPBthgYINgHqzCj1WG6F3wyReW-kWjqlVglU6gykbuAJbPdVDyLgCrYMR80YTCaUmv138aJrqg8NERtAZLfGQddz7v6qjO7M0vAFDUGO897CDZ95pC3-1Dj1DE6dcLWWg91A_wV6tmF0Qfzk2Cf7YTw1GRavSoE4mZR2cC9olrB-6PSITlMK4QaFh_woQx3IeEZxXummHYmlRyhd8pSH0nF7eyhKsweKmQWyvYZBgK9DawxX-MbTUsZTXQGX6sI4vlxT4b0MzlJHXGn50I44Hkfm6JG78TqmVYbCyjgMrj7K5M1zGeGT8shTe11fGde-DkoFDkc5HELlhJ_wpKlB0p61Cy0JRCXi8iUfheri9NipfL_mnpeZTXTlLChrG8xR5aZZ1M7vOPYZHtAiDhBt4r7V5FPYdmvT2Z0uL4_M8flHtW_Ph_0PMmLCE6uC0tRxISMfWVjuoUtjhO7FXzp-_O19I2OoNQ5gL8A1_ZO2KppKmGu70WkkgeopEs7kuCGqdYxByHHe8-LvnxYxdqEFoUxy3jyQghCpeenGa_mMh3FMz0yIUePTop6TxysTOWRDNmVDpx8ERSd5TdyKKdSVj-J1CycWIiLzFZuYgGng-LiBdSV4wt1uoeT9hOl9ibQC0vJwaplZlGHNel_ldQaVEfDPfLDkgmB4hvFAQkWgJZvZXq6MOJwJ5V_5bg-_bXc_Afo4ibY1W5el8ix3Dj-2ZbV5hl7eNXlMC7Yn5BJ81qcFWNAaPi7hMHNILIbC-bgXxp0ANpLvlXGWmmx3xo41eDlVjftYL4oGUFI_tmILnYq1PgW3GMWGPDnwF3Nplo78uQmyezTtOF7g7BC2gVQUv754jFg82GSVqslJvlH4eovG1IxEBUSWwowNP8aVTq_N5gmN_JZUkLeTG2Nr30HUHV8KirbWLH6My2dQZcVHc0zcKAhoum6ziS72XVVUA6rhszWpGiOYzF4893CR2-v5PKtM8So3jcF7TaF9hS2kv5bcluLMCU4eMGqsJLdn2kQbIs4bYhtBMzA9um2D7UuzwxUvF1jtYj7H-OPQN3Dobl4230fambF6UAiYa-k8guQDcJQ44SblqMq-BArzbsBaQJCqsXNKwyymm5mHYcGtWLxzp8uThJG1ggqSOv6Q5Mlq0iCF31kB3xoDw6VNUXQYqf7S_-qnvb7ZJTqPY6RTexwNugkneL_i1oAsjKfBEuaZCVgCDS9sG4zbUOo-1XyzU37Qd2CppWytXLH2oIrsgPggtc94WhcMVac-soZpDE44dIvA-xWsOn2HwJJ_CKDFN_b_Lenj3V_R0yA3Ic9dGxsLYTkbRTcxqx-nXvIO_8HaYit3YsXwClIRbpOiI7-b633y2WscSJoIqj62HP6RIVl_AKLeBUsIO8Z2TCZ1dnaFN6z4vS4fXIHpZQLXY2bgNyt-zCTZkmmhkxHIiTTnKVekwpfYpJsWtlPqmFhdtuLelZ-unbdn0CeHb9alllxAhqkC0fqzf8tXQNUzKWkVonq046mhyy-J43pXxYuolgtyCnT88q-tJi8VgkmvPOF8nSDrFM1aFZD64taKwbzX2PPHbdaTrqmBx1cGE5uM6DEnZhnIo7Y3tWjUyKWYiMWdZE1BmCA6wN2JOzc6hpMk8Nj0wrykO5A0aRgVNADHF3sSklAuiBS8uo9_unk5ruSG2SUl_a1ERFMV2IXpN-1fc0m1FbTJ7zBVjK2H0SRn4nWCO79EsNYBG9wmXkqOEyFSlzGMsw6CZ0KqQw9pQeFK3oC1sUe5ucFfKgyEdxj0e1MuMpnD_7K_RF5HX2mlFWmXbOUYfWfs4mN9nHf9xq4nHb6thCapi5wT_VPKWGvxVLtpifln073cPLKbAJfJUX5hK8Vf2xYfUQV3AVyBtI9ff6YJZb8vXgbxkur6Wt7taNVaXSeAifqeeRDAslbcSsBLNf5ErRb7OlCBj9sYIVuWsng2N7l0-fy2OAhMJkhLdpO1qUqwPkM3so3t4okxSGIFwO-R59uq9hmsmCIZJkHRAmyO8AYW6WoC4PvauVC1iEEbACvwctT5iwLRha6wEAslEkWjz8s52roEFg2F5_PhGzlCQwEeyFjPcAB6TbvitafBTytTHHy0b4X24bCf7LqBo5qufGPpzAcq9vQYRvt2ViMdW6hncS-gS4rloJNMYY18A97y4g-gQ7NU5p-A6ObHBpV2cSGmMk4JFgyPxDGBRrSWTZ3l7pP0T-oddbL5j4BttIrATwBNLl_7z1wg1DLlFev3wMFk325ykTduzVV87cBFzUcz3xDBhA0tVMbyRZUN9qcSnAP4Wy1lVcqJ6C-vcYLOREOsGq10mB5rZ5V0fLqCbO0rBSbHlj5eoj5ggBW1MRtgKvzIqo2xcuVB8a1fI4g16YGvzQBc1RcYxx-mShKtxDiG0yMf6qx5ulc5a9MX5dFdjVoRYnVdpzMdI2rvm8FWAbI5CLt9kAqz8qwZnOVoOH1SXQ-KH-iu1B3_37s7gUNkOedgQaRAFDEJDlMLm-mKtZcebQo-VsM8Ocu7lqgPLDAp8y66ysQ&cid=CAQSnwEAwksa0do2I889mI1aKXCkVnmZJ5HuDxuCvI_d0Ik7Wk8HGIH40zoUFWjjeu3Db4o4G4pN362PIQG3feU1Dkywfg7hxmrPbTVnyux9JdHzjGeDmUoSBkkvX15KX7mQgecg0O5u50Bj3hemIbG3WYDBSYDP8ILaeP_IGMyQQlZUlVRdE21VJ4w__y7VLIFRoO7WZSHJ0wAHQ8co6RavfH4YAQ&dv3_ver=m202510220101&nel=1&rfl=https%3A%2F%2Freurl.cc&ds=l&xdt=1&ct=77&iif=1&cor=4253765571300058624&adk=690083820&idt=291&cac=0&dtd=81
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.140.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lcfraa-bt-in-f2.1e100.net
Software
cafe /
Resource Hash
088791e91745f7dcc007a27e99406c69e335499320815bede2212c4dccbfe9a2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/

Response headers

content-encoding
br
etag
1862339420658634898
age
15611
x-content-type-options
nosniff
expires
Sat, 20 Dec 2025 19:20:26 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Sat, 06 Dec 2025 19:20:26 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=1209600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
10639
x-xss-protection
0
server
cafe
VFc2VJAc.js
ep2.adtrafficquality.google/sodar/ Frame 63CA 		43 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/VFc2VJAc.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DciQezr8O42g1-uuQUhhAIY00qIgp3FvxOhsA4OL8_EapkoDqcPv5TaL7VYEI-9nELMdzvV8abjnktAbeVAb7eMmOiA42QkJ3o4Wxwwl8WBwXLcmBDGTSrPmOUJOMo6NkhTJb2juaFvl_wiU2rWYukmR6ysyNJaw1-HNQ2gNujgZDbQ4qpZfghOXmGm5y-Fvsoid9BACncyIG7v3ap8klTpV39EF-jMU6LWYTlt7EGFiNmsF2h9vTGcfgh3Wn4Zw4Js3BE_PWfNkOK8QqV8uQnz3IFQhmJJxJlX87zOnyPZwQ9ZrM&cry=1&dbm_d=AKAmf-BfgbqgTPVleAbjKbS_goP7II-kof0yWWi3KvWOulLSgdjnxmNzjvd--T0CEXm0Xq7vpyJ2g5oPXo0PMXcjlv0VYn-zxlKECvgzLqesHFq_DFkSBeDWPeCuF63ad20KDWZvW-y8RRXHn0qy_zE3jUf0LJ2ky_LRXji6jmGWU-8d8HKpAzzac9lt_ZkDVBg-lhuAAy5R6eOTeKJahvIybucdVhh5KiF8Xz5mQtL0hJQcJBT9MYP5pxCl_qCwzmJwq0NcmBR5w74HqwTxWei02i1YSSm8qJMar4s-S4zGMRFpn54wWB3cdKXh5j7cT_i8-O1IKx6ukPdu5UH4s615l5gVmH13lxTWMlrU7v1Q6sZMlZX66JVfV7tAh9VpZuYOhbXsZXelIqqcLHVY-f_EChXCUJ5zJmjV8nzBXW9O6h06ht-6fDdRVBGe13J0AJ4gTASlagnxOadWh6H67tOn9WhqlTe75PHKcJ_-XD5lQ-HVAVaiYSbla_ki2nciH6aWZuMqOc-y8KU7F04le5-XXheMTz1LKe4f7V0r8epWU3ZTi6-4o6ap6A9cz-yXUaJZiAZhn_XHFXksoXYMgaYUbMpxQycTfmIP8LWLlE-0TsKzZVfk1YnbWXURtuqAaC0TE8QFoNwnZtOrqSeh8Cfoc-RFqw2prAH-pJbZxJrz_LuD5uE_dPrZ9scuQ49KmdyUavXazmyfpvXVumUHhGPFxFr8J9KfM2tYNtrtYUB0d-sBAopH1ypHRGdwJIUsOJNeegYax46D0PzLvjGRFpbjC4QsWknccrPgfPGwLRTaR9f5DJhbGgPrACPNetvNZsfGDCVkbIxZAHoBOmz39PMth5Jf6T-Kv9Lm-oy-jhqk7EOFmD7DuO_yiV7bFlkM_PLRyWftrO_wGil0rmjrUFkL4CEKqwSQOE6mi9LstN0_C7yjjY88PAX5uKMEIXWkLs_rklHuPRa3YfDYPpmg30LAr8Iok7xVDwCXcRFe2pNnS8J0GFvZ6sLntwsEs42Y4YNfdx9dnDIIbWGi1YvNaZQlva8bbDfmsFwLlazewgLfoP7jmMYbtCdlpyBOibPb3Fsa5IamGfvICLuf82iVIDRYmjz5EM4QpdBgyZeDZifbP_-yJ_fyvswUqGEOrvODxhFUJMyZIMLJBdWsUlzywYZnTArjaA2HMFBrnSHRXoA2N0CW3b8g3tsuH4bdIznZOnES8oYID7p8hp0dIim9y6toV4MlFh1_-wANtWrukuU6tBkdg2G3GJoAhrumJRUHco9waMhQoqsh4hQwPn4ObUmqWRJSMZa89PRLqAsffla3Ze4YvyHx2FYAAaY2FDcx2LOKimACh2ZJ07fAqS8jM0SQBzL5rsIqmk91tUjQRqo6avs3KZSkU3t_ugjl4eqh1ApzraSMhLBPiJ3ns7bNbmvGcbCm8AYxMpd4OHFaqThL3WtSlP9-t-94MIl8TjEAkMsuYtkxsRWU033YDI45gSOYzjgOaLEp7JTtq20SlJb4MsESHkRcuPZmDizqWmResJCOQBSFZImZPE3jIZz-YNAH2ife31E7FS11j8dR3i4r5t1Y4R5IXlm2v0689Ic2c_UshMWaAUfmD_71bl0gaWyUl8vUS9N1AfaNBkLqQf0q9GxQ_phPgNdAaGfKTA8wetztZsfa2IKnghzPpwA78lfJY--zUs3h-wfRHf3vosNRWylh7oAVt4g2nKy5IMe3VIyiRUh3JD_jAqF4wBjdKDVGQo6FPE5C2j5JArMAmfuf1dIRXCiaiS7X8tuUuxNDPQTlk8mEUPTFFnDBiRh80cy9StEngz8KPVJQCFimQdeSWJSDKm06_5IhG2KpkmokWeICXEyo0AEsOZ-yoqItrAZm7oEguSsZry5MNDsGe7GwuTR3hRbrFrMib5Sgir2NbFH0p38LMcnaDuGMK728Wkpztn3LZkc1BYaa0bDvQD2reHZh4J2Gxsl3ydFDS9EhpIvqVRdN5oBaB9Bw6NXhOTgLt2Io9yv5iS_CE6UUMbHNPBthgYINgHqzCj1WG6F3wyReW-kWjqlVglU6gykbuAJbPdVDyLgCrYMR80YTCaUmv138aJrqg8NERtAZLfGQddz7v6qjO7M0vAFDUGO897CDZ95pC3-1Dj1DE6dcLWWg91A_wV6tmF0Qfzk2Cf7YTw1GRavSoE4mZR2cC9olrB-6PSITlMK4QaFh_woQx3IeEZxXummHYmlRyhd8pSH0nF7eyhKsweKmQWyvYZBgK9DawxX-MbTUsZTXQGX6sI4vlxT4b0MzlJHXGn50I44Hkfm6JG78TqmVYbCyjgMrj7K5M1zGeGT8shTe11fGde-DkoFDkc5HELlhJ_wpKlB0p61Cy0JRCXi8iUfheri9NipfL_mnpeZTXTlLChrG8xR5aZZ1M7vOPYZHtAiDhBt4r7V5FPYdmvT2Z0uL4_M8flHtW_Ph_0PMmLCE6uC0tRxISMfWVjuoUtjhO7FXzp-_O19I2OoNQ5gL8A1_ZO2KppKmGu70WkkgeopEs7kuCGqdYxByHHe8-LvnxYxdqEFoUxy3jyQghCpeenGa_mMh3FMz0yIUePTop6TxysTOWRDNmVDpx8ERSd5TdyKKdSVj-J1CycWIiLzFZuYgGng-LiBdSV4wt1uoeT9hOl9ibQC0vJwaplZlGHNel_ldQaVEfDPfLDkgmB4hvFAQkWgJZvZXq6MOJwJ5V_5bg-_bXc_Afo4ibY1W5el8ix3Dj-2ZbV5hl7eNXlMC7Yn5BJ81qcFWNAaPi7hMHNILIbC-bgXxp0ANpLvlXGWmmx3xo41eDlVjftYL4oGUFI_tmILnYq1PgW3GMWGPDnwF3Nplo78uQmyezTtOF7g7BC2gVQUv754jFg82GSVqslJvlH4eovG1IxEBUSWwowNP8aVTq_N5gmN_JZUkLeTG2Nr30HUHV8KirbWLH6My2dQZcVHc0zcKAhoum6ziS72XVVUA6rhszWpGiOYzF4893CR2-v5PKtM8So3jcF7TaF9hS2kv5bcluLMCU4eMGqsJLdn2kQbIs4bYhtBMzA9um2D7UuzwxUvF1jtYj7H-OPQN3Dobl4230fambF6UAiYa-k8guQDcJQ44SblqMq-BArzbsBaQJCqsXNKwyymm5mHYcGtWLxzp8uThJG1ggqSOv6Q5Mlq0iCF31kB3xoDw6VNUXQYqf7S_-qnvb7ZJTqPY6RTexwNugkneL_i1oAsjKfBEuaZCVgCDS9sG4zbUOo-1XyzU37Qd2CppWytXLH2oIrsgPggtc94WhcMVac-soZpDE44dIvA-xWsOn2HwJJ_CKDFN_b_Lenj3V_R0yA3Ic9dGxsLYTkbRTcxqx-nXvIO_8HaYit3YsXwClIRbpOiI7-b633y2WscSJoIqj62HP6RIVl_AKLeBUsIO8Z2TCZ1dnaFN6z4vS4fXIHpZQLXY2bgNyt-zCTZkmmhkxHIiTTnKVekwpfYpJsWtlPqmFhdtuLelZ-unbdn0CeHb9alllxAhqkC0fqzf8tXQNUzKWkVonq046mhyy-J43pXxYuolgtyCnT88q-tJi8VgkmvPOF8nSDrFM1aFZD64taKwbzX2PPHbdaTrqmBx1cGE5uM6DEnZhnIo7Y3tWjUyKWYiMWdZE1BmCA6wN2JOzc6hpMk8Nj0wrykO5A0aRgVNADHF3sSklAuiBS8uo9_unk5ruSG2SUl_a1ERFMV2IXpN-1fc0m1FbTJ7zBVjK2H0SRn4nWCO79EsNYBG9wmXkqOEyFSlzGMsw6CZ0KqQw9pQeFK3oC1sUe5ucFfKgyEdxj0e1MuMpnD_7K_RF5HX2mlFWmXbOUYfWfs4mN9nHf9xq4nHb6thCapi5wT_VPKWGvxVLtpifln073cPLKbAJfJUX5hK8Vf2xYfUQV3AVyBtI9ff6YJZb8vXgbxkur6Wt7taNVaXSeAifqeeRDAslbcSsBLNf5ErRb7OlCBj9sYIVuWsng2N7l0-fy2OAhMJkhLdpO1qUqwPkM3so3t4okxSGIFwO-R59uq9hmsmCIZJkHRAmyO8AYW6WoC4PvauVC1iEEbACvwctT5iwLRha6wEAslEkWjz8s52roEFg2F5_PhGzlCQwEeyFjPcAB6TbvitafBTytTHHy0b4X24bCf7LqBo5qufGPpzAcq9vQYRvt2ViMdW6hncS-gS4rloJNMYY18A97y4g-gQ7NU5p-A6ObHBpV2cSGmMk4JFgyPxDGBRrSWTZ3l7pP0T-oddbL5j4BttIrATwBNLl_7z1wg1DLlFev3wMFk325ykTduzVV87cBFzUcz3xDBhA0tVMbyRZUN9qcSnAP4Wy1lVcqJ6C-vcYLOREOsGq10mB5rZ5V0fLqCbO0rBSbHlj5eoj5ggBW1MRtgKvzIqo2xcuVB8a1fI4g16YGvzQBc1RcYxx-mShKtxDiG0yMf6qx5ulc5a9MX5dFdjVoRYnVdpzMdI2rvm8FWAbI5CLt9kAqz8qwZnOVoOH1SXQ-KH-iu1B3_37s7gUNkOedgQaRAFDEJDlMLm-mKtZcebQo-VsM8Ocu7lqgPLDAp8y66ysQ&cid=CAQSnwEAwksa0do2I889mI1aKXCkVnmZJ5HuDxuCvI_d0Ik7Wk8HGIH40zoUFWjjeu3Db4o4G4pN362PIQG3feU1Dkywfg7hxmrPbTVnyux9JdHzjGeDmUoSBkkvX15KX7mQgecg0O5u50Bj3hemIbG3WYDBSYDP8ILaeP_IGMyQQlZUlVRdE21VJ4w__y7VLIFRoO7WZSHJ0wAHQ8co6RavfH4YAQ&dv3_ver=m202510220101&nel=1&rfl=https%3A%2F%2Freurl.cc&ds=l&xdt=1&ct=77&iif=1&cor=4253765571300058624&adk=690083820&idt=291&cac=0&dtd=81
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
54573654901c495ecf67cc8ffd30108dd6f3a3c7332fd4dba41ab13877b75b8d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/

Response headers

content-encoding
br
age
1194
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options
nosniff
expires
Sun, 07 Dec 2025 00:10:43 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 06 Dec 2025 23:20:43 GMT
last-modified
Thu, 13 Mar 2025 04:28:00 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
public, max-age=3000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
14328
x-xss-protection
0
server
sffe
attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTc2NTA2NDQzNjkwNjg3MwogIHNlcnZlcl9pcDogNjY3ODI1MTQKICBwcm9jZXNzX2lkOiAzMTIyNTI3NTk2Cn0KZmxvb2RsaWdodF9jb25maWdfaWQ6IDkyMTIyNTIK...
ad.doubleclick.net/ddm/activity/ Frame 63CA 		0
22 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTc2NTA2NDQzNjkwNjg3MwogIHNlcnZlcl9pcDogNjY3ODI1MTQKICBwcm9jZXNzX2lkOiAzMTIyNTI3NTk2Cn0KZmxvb2RsaWdodF9jb25maWdfaWQ6IDkyMTIyNTIKYWR2ZXJ0aXNlcl9kb21haW46ICJodHRwczovL2Fkb2JlLmNvbSIKeGZhX2F0dHJpYnV0aW9uX2ludGVyYWN0aW9uX3R5cGU6IFZJRVcKaW1wcmVzc2lvbl9wcmlvcml0eTogMAppbXByZXNzaW9uX2V4cGlyeV9pbl9kYXlzOiAzMApldmVudF9pbXByZXNzaW9uX2lkOiA3MTQ3ODc0ODg2MjE4NjYxOTExCmRlYnVnX2tleTogMTc2ODc2MDM5MTMyNjYwMDU4MjYKaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUFJPRFVDVF9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAyCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fREFURQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICIyMDI1LTEyLTA2IgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9GTE9PRExJR0hUX0NPTkZJR19JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogOTIxMjI1MgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9DT1JFX1BMQVRGT1JNX1NFUlZJQ0UKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fTU9CSUxFX0JST1dTRVJfQ0xBU1MKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUVVFUllfQ09VTlRSWQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICJFUyIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUExBQ0VNRU5UX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA0MTY2Mzk5ODAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fQ09PS0lFX0NPTlNFTlQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0FEVkVSVElTRVJfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDY4NDMwMzU5ODcKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0xJTkVfSVRFTV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMjIzMDQxOTYyMTEKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0NSRUFUSVZFX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA2NDU5MDc5OTMKICB9Cn0KYXJjaGV0eXBlX2lkOiAxMgphcmNoZXR5cGVfaWQ6IDEzCmFyY2hldHlwZV9pZDogMTQKYXJjaGV0eXBlX2lkOiAxNQpmbG9vZGxpZ2h0X2FjdGl2aXRpZXNfZm9yX2JpZGRpbmc6IDEyMzY1Nzg1CmZsb29kbGlnaHRfYWN0aXZpdGllc19mb3JfYmlkZGluZzogMTIzNDEyMTMKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2Fkb2JlLmNvbSIKaW1wcmVzc2lvbl9ldmVudF9yZXBvcnRpbmdfd2luZG93X2RheXM6IDQKYnJvd3Nlcl9hdHRyaWJ1dGlvbl9hcGlfcmVxdWVzdF9wcm9jZXNzaW5nX2JpdHM6IDc4MDQ3NjA4ODMyCmRtYV9wcm9kdWN0X2lkOiAxMjI3MTU4MzcKeGZhX2F0dHJpYnV0aW9uX2FwaV90eXBlOiBYRkFfQVRUUklCVVRJT05fQVBJX1RZUEVfV0VCCmVjaG9fc2VydmVyX2FjdGlvbjogRUNIT19TRVJWRVJfQUNUSU9OX1VTRV9CRVNUX0FWQUlMQUJMRV9BUkEKZXZlbnRfcmVwb3J0aW5nX3dpbmRvd3MgewogIGVuZF90aW1lc19zZWNvbmRzOiA4NjQwMAogIGVuZF90aW1lc19zZWNvbmRzOiAzNDU2MDAKfQptYXhfZXZlbnRfbGV2ZWxfcmVwb3J0czogMgo
Requested by
Host: 082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
URL: https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.38 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil07s07-in-f6.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Sat, 06 Dec 2025 23:40:37 GMT
x-xss-protection
0
attribution-reporting-register-source
{"aggregation_keys":{"12":"0xb05c69bca339dde90000000000000000","13":"0x50c027427076a0190000000000000000","14":"0xa955e91e00b3b8630000000000000000","15":"0xc3c00a9638dc286e0000000000000000"},"debug_key":"17687603913266005826","debug_reporting":true,"destination":["https://adobe.com"],"event_report_windows":{"end_times":[86400,345600]},"expiry":"2592000","filter_data":{"14":["12365785","12341213"],"21":[],"23":[],"24":[],"25":[],"26":[],"27":[],"28":[],"29":[],"8":["9212252"]},"max_event_level_reports":2,"priority":"0","source_event_id":"7147874886218661911"}
content-type
image/png
server
cafe
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame AD40 		1 KB
837 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: 082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
URL: https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.140.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lcfraa-bt-in-f2.1e100.net
Software
cafe /
Resource Hash
bea1c5ab168f662fc9eb5bda3474e5b1bbd0d3ecc1d9c68e2a753f613c2ae0c2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

age
40362
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=86400
content-encoding
br
content-length
812
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 06 Dec 2025 12:27:55 GMT
etag
9725182468138058862
expires
Sun, 07 Dec 2025 12:27:55 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame 63CA 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=fle-fetch-start2
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.140.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lcfraa-bt-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Sat, 06 Dec 2025 23:40:37 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame 63CA 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.140.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lcfraa-bt-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Sat, 06 Dec 2025 23:40:37 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
truncated
/ Frame 63CA 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
56e75ea9a0b348dca879e69a07d402a67735f971ec0d71484785481b1b6fd00e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
gen_204
pagead2.googlesyndication.com/pagead/ Frame 63CA 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.140.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lcfraa-bt-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Sat, 06 Dec 2025 23:40:37 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
emome2
t.ssp.hinet.net/ Frame E048 		30 B
278 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/emome2?u=9f56552c-16c7-4550-86c4-b2f06a3a3997
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
content-encoding
gzip
access-control-allow-credentials
true
access-control-allow-origin
https://cdn.holmesmind.com
date
Sat, 06 Dec 2025 23:40:37 GMT
content-type
application/json
vary
Accept-Encoding, Origin
server
nginx
/
servedby.flashtalking.com/imp/1/271278;9332478;201;jsappend;DV360;DV360FY25CCBEHAffinityESDSKBAN300x250NANAROINA/ Frame 63CA 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://servedby.flashtalking.com/imp/1/271278;9332478;201;jsappend;DV360;DV360FY25CCBEHAffinityESDSKBAN300x250NANAROINA/?ftOBA=1&ft_domain=reurl.cc&ft_ifb=1&ft_agentEnv=0&ft_referrer=https%3A%2F%2Freurl.cc%2F&gdpr=0&us_privacy=${US_PRIVACY}&ft_partnerimpid=ABAjH0jFeSHUJ4Fqo6SIsfqwTOK6&cachebuster=711938.3161498553
Requested by
Host: 082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
URL: https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
prod-xre-app23.frk11 /
Resource Hash
9a7c628d4ce4c16e4267031b59c5e3e512796a57e5372946d39ba4cb1a74e5a8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/

Response headers

Strict-Transport-Security
max-age=86400
Cache-Control
max-age=0, no-cache, no-store
Content-Encoding
gzip
Pragma
no-cache
Connection
keep-alive
Expires
Sat, 06 Dec 2025 23:40:37 GMT
Content-Length
957
Allow-Fenced-Frame-Automatic-Beacons
true
Date
Sat, 06 Dec 2025 23:40:37 GMT
Content-Type
text/javascript;charset=iso-8859-1
Vary
Accept-Encoding
Server
prod-xre-app23.frk11
container.html
f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com/safeframe/1-0-45/html/ Frame 870D 		7 KB
0 		Document
General
Check archive.org
Download Go to
Full URL
https://f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/pubads_impl.js?cb=31096008
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f1a68bf826c55985468304f4284a09cb8a68e82503d764166e611a7c58a85a4b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
br
content-length
3121
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Sat, 06 Dec 2025 23:40:36 GMT
expires
Sat, 06 Dec 2025 23:40:36 GMT
last-modified
Thu, 08 May 2025 23:15:48 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
ping
pagead2.googlesyndication.com/pagead/ Frame 805D 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/pubads_impl.js?cb=31096008
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.140.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lcfraa-bt-in-f2.1e100.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://reurl.cc/

Response headers
cm
t.ssp.hinet.net/ Frame E048 		0
194 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/cm?c=cf&cid=undefined&mp=9f56552c-16c7-4550-86c4-b2f06a3a3997
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
access-control-allow-credentials
true
access-control-allow-origin
https://cdn.holmesmind.com
date
Sat, 06 Dec 2025 23:40:37 GMT
content-type
image/png
vary
Origin
server
nginx
pixel
9f56552c-16c7-4550-86c4-b2f06a3a3997.t.ssp.hinet.net/ Frame E048 		0
177 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://9f56552c-16c7-4550-86c4-b2f06a3a3997.t.ssp.hinet.net/pixel?bd=9f56552c-16c7-4550-86c4-b2f06a3a3997&t=cf&referrer=https%3A%2F%2Freurl.cc
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://cdn.holmesmind.com/

Response headers

Strict-Transport-Security
max-age=0
Content-Length
0
Date
Sat, 06 Dec 2025 23:40:41 GMT
Content-Type
image/png
Server
nginx
Connection
keep-alive
pixel
83a8eb42-6ef1-4f83-b0a8-8311ce7c1584.t.ssp.hinet.net/ Frame C862 		0
177 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://83a8eb42-6ef1-4f83-b0a8-8311ce7c1584.t.ssp.hinet.net/pixel?bd=83a8eb42-6ef1-4f83-b0a8-8311ce7c1584&t=50ef57&referrer=
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

Strict-Transport-Security
max-age=0
Content-Length
0
Date
Sat, 06 Dec 2025 23:40:42 GMT
Content-Type
image/png
Server
nginx
Connection
keep-alive
css
fonts.googleapis.com/ Frame 870D 		11 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open%20Sans%3A400%2C700
Requested by
Host: f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com
URL: https://f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f1251b5aa44c40639d940adcbebe2d7d88573dfac9a2ba63d71ca06ea67bbad9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 06 Dec 2025 23:40:37 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 06 Dec 2025 23:40:37 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Sat, 06 Dec 2025 23:12:27 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
amp-analytics-0.1.js
cdn.ampproject.org/v0/ Frame 870D 		110 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/v0/amp-analytics-0.1.js
Requested by
Host: f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com
URL: https://f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c642b7be944e3deb4b5468f817028404d0f4ef0a47726a3b859e66f4bd790dc4
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com/

Response headers

content-encoding
br
etag
"7fd9ce768da1142c"
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
x-content-type-options
nosniff
expires
Sat, 06 Dec 2025 23:40:37 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 06 Dec 2025 23:40:37 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cache-control
private, max-age=604800, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
content-length
32206
x-xss-protection
0
server
sffe
load_preloaded_resource_fy2021.js
tpc.googlesyndication.com/pagead/js/r20251204/r20110914/client/ Frame 870D 		2 KB
904 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20251204/r20110914/client/load_preloaded_resource_fy2021.js
Requested by
Host: f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com
URL: https://f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e108480a9894485059f2b1676b6e05a34af2ecc20fbcdd034d37e768e5356223
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com/

Response headers

content-encoding
br
etag
17680144762512659466
age
40362
x-content-type-options
nosniff
expires
Sat, 20 Dec 2025 12:27:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Sat, 06 Dec 2025 12:27:55 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=1209600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
818
x-xss-protection
0
server
cafe
adview
securepubads.g.doubleclick.net/pagead/ Frame 870D 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CVQXp9L40ad_lGMu4kdUP_peVuQOh2bXzgwH944fDlhWO5-eWgioQASDSzIEaYNUFoAGtk9PaA8gBAakCOzg1w0CIsz7gAgCoAwHIAwiqBPMBT9BADyJTzAT0qTx9-OjH39GhRSRJPBNbNnzfDd_LcaQnqkkXR4s1bq5G27F9_PoXe-yYAYVAGz9dDv8EYNZn_6iwLxpvJA0Gksjq-UnMZ6L6svwAz4hujxRgoOmbEtw8l0RRhKipGitdTfohCnE6VCUH3wkuxiC-l73m06yQXx3syKxBgzxnYQpYfOb8eGwWPNnHBzl0AkEN894YXFkhHEoiHWGax0ncROHjdBhpzlqDaQtxJfj5urRLIImoHB-Ji64b9frtSxCy_3BXyPljiB48oqCSdYTc3hrB_klvJVV9F6MwVTjd4IYq2Ecys_eoTrDKwASK5b2IxgXgBAGIBb-B4_hTkgUECAQYAZIFBAgFGASgBi6AB4y4gBmoB6fMsQKoB-LYsQKoB6a-G6gHzM6xAqgH89EbqAeW2BuoB6qbsQKoB47OG6gHk9gbqAfw4BuoB-6WsQKoB_6esQKoB6--sQKoB9XJG6gH2baxAqgH98KxAtgHAfIHBBD4nkfSCC8IgGEQARidATIIioKAgICAgAg6DYBAgMCAgICAqIACqANIvf3BOljvpPK1kaqRA5oJmQFodHRwczovL3VuaWNlZi5lcy9oYXp0ZS1zb2Npby1pbmZhbmNpYT9hYz1BQy05OTA4JmNoPUNILTEwNCZ1dG1fc291cmNlPWdvb2dsZSZ1dG1fbWVkaXVtPWNwYyZ1dG1faWQ9MTc0MjUzMjI1NzJfXyZnYWRfc291cmNlPTUmZ2FkX2NhbXBhaWduaWQ9MjI1MzM0MjMyOTWACgPICwGiDAOQAQGqDQJFU-INEwjYz_K1kaqRAxVLXKQEHf5LJTfqDRMI2Y_ztZGqkQMVS1ykBB3-SyU3iA7___________8B2BMM0BUBmBYByhYCCgD4FgGAFwGyFywKHAgAEhRwdWItNDEyNjU1NDc3OTM5Mzk4NhjizBkYASoKNDI4NDI1OTk1OboXAjgBqhgXCQAAAAB4zzFBEgo0Mjg0MjU5OTU5GAGyGAkSAoNPGC4iAQDQGAHCGQIIAQ&sigh=NFHlN6IHCsQ&uach_m=%5BUACH%5D&ase=2&cid=CAQSnwEAwksa0RfypZslasWTUXfhYBVfCVEoxIb7yFGvPQeSiEknmYetx7HdX-2kOC5_MQdsLAgjELabHpkvtnBu4ELlZgLiUmn_TDcig33RWJlzVdyS8HUgrXb-fTwQfIlaWpLiq9D5jBDZ_qWCn1-mCOomLaSq-TuAgMiwE-VHZL1aQuuUQK_TRe3eBDJBxT5JVO24d5zjwbHxZ8vvwQc5eYQYAQ&template_id=5047&ebtr=1&vis=1&nis=6
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com/

Response headers

content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
x-content-type-options
nosniff
access-control-allow-origin
https://f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Sat, 06 Dec 2025 23:40:37 GMT
x-xss-protection
0
content-type
text/html; charset=UTF-8
server
cafe
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20251204/r20110914/ Frame 870D 		21 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20251204/r20110914/abg_lite_fy2021.js
Requested by
Host: f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com
URL: https://f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bd04667d5d5feb14319f345a1a8e7486d8ab5aea560fb8be53cae5f6bc9d0e20
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com/

Response headers

content-encoding
br
etag
11386605814003084292
age
40362
x-content-type-options
nosniff
expires
Sat, 20 Dec 2025 12:27:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Sat, 06 Dec 2025 12:27:55 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=1209600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
8505
x-xss-protection
0
server
cafe
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20251204/r20110914/client/ Frame 870D 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20251204/r20110914/client/window_focus_fy2021.js
Requested by
Host: f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com
URL: https://f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fec5a361dec923efe92848ca27b02b158b164380a9eaf6cc1625e08e0d9c101e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com/

Response headers

content-encoding
br
etag
6020003950853699975
age
40359
x-content-type-options
nosniff
expires
Sat, 20 Dec 2025 12:27:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Sat, 06 Dec 2025 12:27:55 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=1209600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
1241
x-xss-protection
0
server
cafe
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 297F 		1 KB
0 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com
URL: https://f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.140.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lcfraa-bt-in-f2.1e100.net
Software
cafe /
Resource Hash
bea1c5ab168f662fc9eb5bda3474e5b1bbd0d3ecc1d9c68e2a753f613c2ae0c2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

age
40362
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=86400
content-encoding
br
content-length
812
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 06 Dec 2025 12:27:55 GMT
etag
9725182468138058862
expires
Sun, 07 Dec 2025 12:27:55 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20251204/r20110914/client/ Frame 870D 		21 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20251204/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com
URL: https://f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3539a82b4664c18c51201b6b35a296282250e6cfb16f3355c61d949797c56529
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com/

Response headers

content-encoding
br
etag
2622203621575094117
age
40359
x-content-type-options
nosniff
expires
Sat, 20 Dec 2025 12:27:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Sat, 06 Dec 2025 12:27:55 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=1209600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
8688
x-xss-protection
0
server
cafe
l
www.google.com/ads/measurement/ Frame 870D 		0
0
33b8765f23674a0bdae7dad7865bcb75.js
www.gstatic.com/mysidia/ Frame 870D 		42 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/33b8765f23674a0bdae7dad7865bcb75.js?tag=addon/mysidia_one_click_handler_one_afma
Requested by
Host: f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com
URL: https://f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0d95a521e435509b125e0b098faf987e28e154ebd6468e16c449ebc0a3b8c1e3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com/

Response headers

content-encoding
gzip
age
40362
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
x-content-type-options
nosniff
expires
Sun, 07 Dec 2025 12:27:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 06 Dec 2025 12:27:55 GMT
last-modified
Thu, 04 Dec 2025 21:38:50 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
public, max-age=86400
cross-origin-opener-policy
same-origin; report-to="mysidia"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
accept-ranges
bytes
content-length
17435
x-xss-protection
0
server
sffe
14763004658117789537
tpc.googlesyndication.com/simgad/2285666155256819566/ Frame 870D 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/2285666155256819566/14763004658117789537?w=100&h=100&tw=1&q=75
Requested by
Host: f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com
URL: https://f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0e5a0934780ce45563c730759b53941481895a06701e8e45287d4bbdbd464cdb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com/

Response headers

age
97742
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
x-content-type-options
nosniff
expires
Sat, 05 Dec 2026 20:31:35 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
allow-fenced-frame-automatic-beacons
true
date
Fri, 05 Dec 2025 20:31:35 GMT
last-modified
Fri, 08 Aug 2025 12:13:11 GMT
content-type
image/jpeg
cache-control
public, max-age=31536000
timing-allow-origin
*
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
content-length
2874
x-xss-protection
0
server
sffe
14763004658117789537
tpc.googlesyndication.com/simgad/11997624618407669911/ Frame 870D 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/11997624618407669911/14763004658117789537?w=300&h=300&tw=1&q=75
Requested by
Host: f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com
URL: https://f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ba391e1a61563548058a9d5fe8394e2514f65b11721e7a74ca2b8577743c73ac
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com/

Response headers

report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
x-content-type-options
nosniff
expires
Sun, 06 Dec 2026 23:40:37 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
allow-fenced-frame-automatic-beacons
true
date
Sat, 06 Dec 2025 23:40:37 GMT
content-type
image/jpeg
last-modified
Mon, 13 Oct 2025 09:42:10 GMT
cache-control
public, max-age=31536000
timing-allow-origin
*
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
content-length
16946
x-xss-protection
0
server
sffe
av
ad.holmesmind.com/adserver/ Frame 3615 		0
139 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/av?p=14210:131761:273101:f3e23a7d686b344b5faeff617bafbefd:14756&type=1
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/drawV2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.75.180.237 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-75-180-237.ap-northeast-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

content-encoding
gzip
date
Sat, 06 Dec 2025 23:40:37 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx
truncated
/ Frame 870D 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9981bd9bfa17f0c34ef78cee51b089e50594b3e17df1cfbadc371ef872ab05a6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
pixel
cm.g.doubleclick.net/ Frame 297F
Redirect Chain
  • https://dsp-cookie.adfarm1.adition.com/?ssp=2&google_gid=CAESEHM8v1s7sf6fPDuD5I87El0&google_cver=1&google_push=AXcoOmRM9wNTgCYF3on9QqNx3N9heMjYtOnBtCVpvkKFKdFxEGxaivJgJKZbjMq2lqWDp3QoIcL0dXIEOS1MMT...
  • https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzU4MDg5NDAzNjU3NzgxMDc5Ng%3D%3D&google_push=AXcoOmRM9wNTgCYF3on9QqNx3N9heMjYtOnBtCVpvkKFKdFxEGxaivJgJKZbjMq2lqWDp3QoIcL0dXIEOS1MMT6HGo...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzU4MDg5NDAzNjU3NzgxMDc5Ng%3D%3D&google_push=AXcoOmRM9wNTgCYF3on9QqNx3N9heMjYtOnBtCVpvkKFKdFxEGxaivJgJKZbjMq2lqWDp3QoIcL0dXIEOS1MMT6HGokkjdMn8oEh
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://pagead2.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
date
Sat, 06 Dec 2025 23:40:38 GMT
x-xss-protection
0
content-type
image/png
server
HTTP server (unknown)

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzU4MDg5NDAzNjU3NzgxMDc5Ng%3D%3D&google_push=AXcoOmRM9wNTgCYF3on9QqNx3N9heMjYtOnBtCVpvkKFKdFxEGxaivJgJKZbjMq2lqWDp3QoIcL0dXIEOS1MMT6HGokkjdMn8oEh
content-length
0
p3p
policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
date
Sat, 06 Dec 2025 23:40:38 GMT
x-envoy-upstream-service-time
0
server
envoy
sync
dsp.adkernel.com/ Frame 297F 		42 B
233 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsp.adkernel.com/sync?exchange=11&google_gid=CAESELVMXmoATxO9TvemXajlz6U&google_cver=1&google_push=AXcoOmTTm_YftjAK9FJ_aWpvAXTIeEbP1560iUb22MHmODD5u1RvQy_a1twJ2wnOnc1ts8CPMrJdHDwyYkfnKLvjqimVviIvlqDKLg
Requested by
Host: f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com
URL: https://f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.137.133.49 Garden City, United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://pagead2.googlesyndication.com/

Response headers

Cache-Control
no-store
Pragma
no-cache
Age
0
Connection
keep-alive
Content-Length
42
Date
Sat, 06 Dec 2025 23:40:37 GMT
Content-Type
image/gif
Server
nginx
ebda
match.360yield.com/match/ Frame 297F 		43 B
199 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.360yield.com/match/ebda?google_gid=CAESEMRTwUFrR0s1kXGYqpsDm5o&google_cver=1&google_push=AXcoOmQj1fMKT2DfNLo3dVvaYkwfxOGA6TeoHF_iaQmDyzTSPpbOG8WQJsbReJ8I7geUQ2D-5LVxXHntKxg5j47sXkXMgeWNUhbO1g
Requested by
Host: f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com
URL: https://f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.128.35.4 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-108-128-35-4.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://pagead2.googlesyndication.com/

Response headers

access-control-allow-origin
*
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
date
Sat, 06 Dec 2025 23:40:37 GMT
content-type
image/gif
rmpssp
sync.1rx.io/usersync2/ Frame 297F 		0
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEBp_H52qjigZkcs2ey4gx0I&google_cver=1&google_push=AXcoOmSQ4cMAz2CdPY2MMqlOfp6SeATaoJzcFdGXwhFx0fmtAfMP9tQ6QAIG6BQMWMit9QM4xre6i8a2I3E17ors4ngHQTwx8UTssw
Requested by
Host: f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com
URL: https://f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
100.24.190.87 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-100-24-190-87.compute-1.amazonaws.com
Software
awselb/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://pagead2.googlesyndication.com/

Response headers

date
Sat, 06 Dec 2025 23:40:37 GMT
server
awselb/2.0
pixel
cm.g.doubleclick.net/ Frame 297F
Redirect Chain
  • https://eb2.3lift.com/ebda?sync=1&google_gid=CAESED7iRGnc7HnDyhZ8FQTQ9JQ&google_cver=1&google_push=AXcoOmRlJZO_V5giOZwKCTk91-ULug_Fmgh7rIT1b8TBRUY-CBjzdio3MTsAvG0d3KcOhQUEFs5g_qxlED3GnH__PldtB4p5grJy
  • https://eb2.3lift.com/ebda?sync=1&google_gid=CAESED7iRGnc7HnDyhZ8FQTQ9JQ&google_cver=1&google_push=AXcoOmRlJZO_V5giOZwKCTk91-ULug_Fmgh7rIT1b8TBRUY-CBjzdio3MTsAvG0d3KcOhQUEFs5g_qxlED3GnH__PldtB4p5gr...
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_push=AXcoOmRlJZO_V5giOZwKCTk91-ULug_Fmgh7rIT1b8TBRUY-CBjzdio3MTsAvG0d3KcOhQUEFs5g_qxlED3GnH__PldtB4p5grJy&go...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_push=AXcoOmRlJZO_V5giOZwKCTk91-ULug_Fmgh7rIT1b8TBRUY-CBjzdio3MTsAvG0d3KcOhQUEFs5g_qxlED3GnH__PldtB4p5grJy&google_hm=MTY2OTQ2ODQ1MzMwMzEzMDAzMzg0OQ%3D%3D
Requested by
Host: f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com
URL: https://f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://pagead2.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
date
Sat, 06 Dec 2025 23:40:38 GMT
x-xss-protection
0
content-type
image/png
server
HTTP server (unknown)

Redirect headers

date
Sat, 06 Dec 2025 23:40:38 GMT
location
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_push=AXcoOmRlJZO_V5giOZwKCTk91-ULug_Fmgh7rIT1b8TBRUY-CBjzdio3MTsAvG0d3KcOhQUEFs5g_qxlED3GnH__PldtB4p5grJy&google_hm=MTY2OTQ2ODQ1MzMwMzEzMDAzMzg0OQ%3D%3D
content-length
0
pixel
cm.g.doubleclick.net/ Frame 297F
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=559960&gp=1&google_gid=CAESEISWxZCiH3JVZqS0vuqKzn4&google_cver=1&google_push=AXcoOmSigWQrt9UaiDeTSbli5xDpZDJPp1qEeZF7Z-B3q2wVH64bks3B0EltfRtUdBDElJlY_z3X_w65B...
  • https://cm.g.doubleclick.net/pixel?google_nid=pulsepoint_inc_&google_push=AXcoOmSigWQrt9UaiDeTSbli5xDpZDJPp1qEeZF7Z-B3q2wVH64bks3B0EltfRtUdBDElJlY_z3X_w65BJsHGrDcLl9KbGlRp5XAYQ&google_hm=dlp4YjJGNW...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=pulsepoint_inc_&google_push=AXcoOmSigWQrt9UaiDeTSbli5xDpZDJPp1qEeZF7Z-B3q2wVH64bks3B0EltfRtUdBDElJlY_z3X_w65BJsHGrDcLl9KbGlRp5XAYQ&google_hm=dlp4YjJGNWRudG5u
Requested by
Host: f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com
URL: https://f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://pagead2.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
date
Sat, 06 Dec 2025 23:40:38 GMT
x-xss-protection
0
content-type
image/png
server
HTTP server (unknown)

Redirect headers

cache-control
private, max-age=0, no-cache, no-store
location
https://cm.g.doubleclick.net/pixel?google_nid=pulsepoint_inc_&google_push=AXcoOmSigWQrt9UaiDeTSbli5xDpZDJPp1qEeZF7Z-B3q2wVH64bks3B0EltfRtUdBDElJlY_z3X_w65BJsHGrDcLl9KbGlRp5XAYQ&google_hm=dlp4YjJGNWRudG5u
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
cw-server
bh-deployment-5569d665f8-82s92
expires
-1
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language
es-ES
server
Jetty(12.0.22)
pixel
cm.g.doubleclick.net/ Frame 297F
Redirect Chain
  • https://gtrace.mediago.io/ju/cs/google?google_gid=CAESEAsyew6Hru920MAfbk6Jb_E&google_cver=1&google_push=AXcoOmTaBbsT8wsQSDiu_i7l-3RRs3jKCpNqoR1dTIqkqerZYwHmD9Lca2OLMx8Bg3HiF0RA70AsrQuQHU9WXwHqJ9Ixu...
  • https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=AXcoOmTaBbsT8wsQSDiu_i7l-3RRs3jKCpNqoR1dTIqkqerZYwHmD9Lca2OLMx8Bg3HiF0RA70AsrQuQHU9WXwHqJ9IxuokoNOaM5Zc&google_hm=8df1d1e1917...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=AXcoOmTaBbsT8wsQSDiu_i7l-3RRs3jKCpNqoR1dTIqkqerZYwHmD9Lca2OLMx8Bg3HiF0RA70AsrQuQHU9WXwHqJ9IxuokoNOaM5Zc&google_hm=8df1d1e1917c925f2th64n00miuxsifq
Requested by
Host: f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com
URL: https://f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://pagead2.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
date
Sat, 06 Dec 2025 23:40:37 GMT
x-xss-protection
0
content-type
image/png
server
HTTP server (unknown)

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=AXcoOmTaBbsT8wsQSDiu_i7l-3RRs3jKCpNqoR1dTIqkqerZYwHmD9Lca2OLMx8Bg3HiF0RA70AsrQuQHU9WXwHqJ9IxuokoNOaM5Zc&google_hm=8df1d1e1917c925f2th64n00miuxsifq
access-control-allow-credentials
true
access-control-allow-methods
GET, POST, OPTIONS
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8
date
Sat, 06 Dec 2025 23:40:37 GMT
content-type
text/plain; charset=utf-8
access-control-allow-headers
Content-Type
attr
cm.g.doubleclick.net/pixel/ Frame 297F 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13L5gvq4VWFxtHgoNTuAg9VHLFTo8qy3YdNIVN4ujo4NF83SssHE8okh2ifSF5R6lkQw0xZfFjM
Requested by
Host: f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com
URL: https://f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://pagead2.googlesyndication.com/

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Sat, 06 Dec 2025 23:40:37 GMT
x-xss-protection
0
content-type
text/html
server
HTTP server (unknown)
pixel
cm.g.doubleclick.net/ Frame AD40
Redirect Chain
  • https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESEJJanQJ9OSij_Au9vWNfM6c&google_cver=1&google_push=AXcoOmShGm-j2rr0vwu33fqqEAh-ppGS6-sGIgEEmon7_1mCdbBiclwOwnOZ7iVBQrCHU6ow5-tGH...
  • https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmShGm-j2rr0vwu33fqqEAh-ppGS6-sGIgEEmon7_1mCdbBiclwOwnOZ7iVBQrCHU6ow5-tGHaeB-4bXbV6yNBIcDraemoR0
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmShGm-j2rr0vwu33fqqEAh-ppGS6-sGIgEEmon7_1mCdbBiclwOwnOZ7iVBQrCHU6ow5-tGHaeB-4bXbV6yNBIcDraemoR0
Requested by
Host: 082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
URL: https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://pagead2.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
date
Sat, 06 Dec 2025 23:40:38 GMT
x-xss-protection
0
content-type
image/png
server
HTTP server (unknown)

Redirect headers

linkedin-action
1
x-li-pop
afd-prod-ltx1-x
location
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmShGm-j2rr0vwu33fqqEAh-ppGS6-sGIgEEmon7_1mCdbBiclwOwnOZ7iVBQrCHU6ow5-tGHaeB-4bXbV6yNBIcDraemoR0
x-msedge-ref
Ref A: 7AFB6EB0B839450A81F2F701CC3BD8A2 Ref B: PAR611050104025 Ref C: 2025-12-06T23:40:38Z
x-li-fabric
prod-ltx1
x-li-uuid
AAZFURbXZLKAfIPuf51sFw==
x-li-proto
http/2
alt-svc
h3=":443"; ma=86400
x-cache
CONFIG_NOCACHE
content-length
0
date
Sat, 06 Dec 2025 23:40:37 GMT
pixel
cm.g.doubleclick.net/ Frame AD40
Redirect Chain
  • https://match.adsby.bidtheatre.com/adxcookie?id=&google_gid=CAESEBM5_5JN1XlUxrsHktrjA-s&google_cver=1&google_push=AXcoOmS7QhhW2qUcuhKp7Cv3qRdlfbXif8oHkyEzqvNpfh3XYZrqjLEMZPHHHTjQKE362R-FQCnFlRmtRvd...
  • https://match.adsby.bidtheatre.com/adxcookie?redirected=true&id=&google_gid=CAESEBM5_5JN1XlUxrsHktrjA-s&google_cver=1&google_push=AXcoOmS7QhhW2qUcuhKp7Cv3qRdlfbXif8oHkyEzqvNpfh3XYZrqjLEMZPHHHTjQKE3...
  • https://cm.g.doubleclick.net/pixel?google_push=AXcoOmS7QhhW2qUcuhKp7Cv3qRdlfbXif8oHkyEzqvNpfh3XYZrqjLEMZPHHHTjQKE362R-FQCnFlRmtRvdpjqVcJQYFdHbM7X7Fkg&google_hm=NGUzZTQ3MTQtZjVjNy00OTFjLTgzZGUtMWIzN...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_push=AXcoOmS7QhhW2qUcuhKp7Cv3qRdlfbXif8oHkyEzqvNpfh3XYZrqjLEMZPHHHTjQKE362R-FQCnFlRmtRvdpjqVcJQYFdHbM7X7Fkg&google_hm=NGUzZTQ3MTQtZjVjNy00OTFjLTgzZGUtMWIzN2Q1MmIzZWIz&google_nid=bt
Requested by
Host: 082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
URL: https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://pagead2.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
date
Sat, 06 Dec 2025 23:40:38 GMT
x-xss-protection
0
content-type
image/png
server
HTTP server (unknown)

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_push=AXcoOmS7QhhW2qUcuhKp7Cv3qRdlfbXif8oHkyEzqvNpfh3XYZrqjLEMZPHHHTjQKE362R-FQCnFlRmtRvdpjqVcJQYFdHbM7X7Fkg&google_hm=NGUzZTQ3MTQtZjVjNy00OTFjLTgzZGUtMWIzN2Q1MmIzZWIz&google_nid=bt
P3P
policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"
Content-Length
0
Date
Sat, 06 Dec 2025 23:40:38 GMT
Keep-Alive
timeout=1, max=499
Server
Apache
Connection
Keep-Alive
pixel
cm.g.doubleclick.net/ Frame AD40
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESELqiVo9Z9bL6Y-V3yhsrl8c&google_cver=1&google_push=AXcoOmSpzsMJvlYjEBqUd8xNkilrQ3ZbP_s9dvW4PNrjTrypsFE_JESl-pXot_YSMHyzRYfBzlKCfMb_pHpsfUz...
  • https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=8KdvP_-eW7ZmeaS9SmwNHLm8PfQ&google_push=AXcoOmSpzsMJvlYjEBqUd8xNkilrQ3ZbP_s9dvW4PNrjTrypsFE_JESl-pXot_YSMHyzRYfBzlKCfMb_pHpsfU...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=8KdvP_-eW7ZmeaS9SmwNHLm8PfQ&google_push=AXcoOmSpzsMJvlYjEBqUd8xNkilrQ3ZbP_s9dvW4PNrjTrypsFE_JESl-pXot_YSMHyzRYfBzlKCfMb_pHpsfUz-rHXLb2E5pYiW
Requested by
Host: 082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
URL: https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://pagead2.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
date
Sat, 06 Dec 2025 23:40:38 GMT
x-xss-protection
0
content-type
image/png
server
HTTP server (unknown)

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=8KdvP_-eW7ZmeaS9SmwNHLm8PfQ&google_push=AXcoOmSpzsMJvlYjEBqUd8xNkilrQ3ZbP_s9dvW4PNrjTrypsFE_JESl-pXot_YSMHyzRYfBzlKCfMb_pHpsfUz-rHXLb2E5pYiW
Content-Length
242
Date
Sat, 06 Dec 2025 23:40:37 GMT
Content-Type
text/html; charset=utf-8
Connection
keep-alive
pixel
cm.g.doubleclick.net/ Frame AD40
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_push=AXcoOmQdl7BkpFhVtRDeMULBmQ6JGxIv3WqJ7e_44dr2ulqzZoInrDNlDflOX_6GlbgiTjnZrC-IaXgalqal70owcmFC1QMBjaauYw&google_gid=CAESEFOu9E9c3L...
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TUlVWFNLSFQtMUotRktIOQ==&google_push=AXcoOmQdl7BkpFhVtRDeMULBmQ6JGxIv3WqJ7e_44dr2ulqzZoInrDNlDflOX_6GlbgiTjnZrC-IaXgalqal70owcmFC1QMBjaauYw
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TUlVWFNLSFQtMUotRktIOQ==&google_push=AXcoOmQdl7BkpFhVtRDeMULBmQ6JGxIv3WqJ7e_44dr2ulqzZoInrDNlDflOX_6GlbgiTjnZrC-IaXgalqal70owcmFC1QMBjaauYw
Requested by
Host: 082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
URL: https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://pagead2.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
date
Sat, 06 Dec 2025 23:40:37 GMT
x-xss-protection
0
content-type
image/png
server
HTTP server (unknown)

Redirect headers

Cache-Control
no-cache,no-store,must-revalidate
Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TUlVWFNLSFQtMUotRktIOQ==&google_push=AXcoOmQdl7BkpFhVtRDeMULBmQ6JGxIv3WqJ7e_44dr2ulqzZoInrDNlDflOX_6GlbgiTjnZrC-IaXgalqal70owcmFC1QMBjaauYw
Pragma
no-cache
Expires
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
68fdc1d12782ccf989788e7517f929bd
content-length
0
Content-Type
text/html
pixel
cm.g.doubleclick.net/ Frame AD40
Redirect Chain
  • https://ads.yieldmo.com/exptsync?google_gid=CAESECWyUsp7_HsJ8iH9il9sfcE&google_cver=1&google_push=AXcoOmSDeB8rRoW1O828htidrm4-XfgyV8-fA4pA5aYj3M81rKUHmVz9SEaUIHJJ0Y3u5b0cYTdhbx4GsE6ZFVGdP6z4axZRCx5Mng
  • https://cm.g.doubleclick.net/pixel?process_consent=T&google_nid=yieldmo&google_push=AXcoOmSDeB8rRoW1O828htidrm4-XfgyV8-fA4pA5aYj3M81rKUHmVz9SEaUIHJJ0Y3u5b0cYTdhbx4GsE6ZFVGdP6z4axZRCx5Mng&google_hm=...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?process_consent=T&google_nid=yieldmo&google_push=AXcoOmSDeB8rRoW1O828htidrm4-XfgyV8-fA4pA5aYj3M81rKUHmVz9SEaUIHJJ0Y3u5b0cYTdhbx4GsE6ZFVGdP6z4axZRCx5Mng&google_hm=eHpobVZlZWtpeGVQVldubEY3RWY=
Requested by
Host: 082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
URL: https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://pagead2.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
date
Sat, 06 Dec 2025 23:40:37 GMT
x-xss-protection
0
content-type
image/png
server
HTTP server (unknown)

Redirect headers

location
https://cm.g.doubleclick.net/pixel?process_consent=T&google_nid=yieldmo&google_push=AXcoOmSDeB8rRoW1O828htidrm4-XfgyV8-fA4pA5aYj3M81rKUHmVz9SEaUIHJJ0Y3u5b0cYTdhbx4GsE6ZFVGdP6z4axZRCx5Mng&google_hm=eHpobVZlZWtpeGVQVldubEY3RWY=
pragma
no-cache
accept-ch
Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
*
content-length
0
date
Sat, 06 Dec 2025 23:40:37 GMT
content-type
application/json;charset=utf-8
access-control-allow-headers
Cache-Control, Pragma, *
sync
ssbsync.smartadserver.com/api/ Frame AD40 		0
45 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEFDY3H-GigkDZkRk6KUCMZQ&google_cver=1&google_push=AXcoOmTw7n5MjFsTKoNnVJxxIhty0yqYpvE0UDwEmRopcE9WdjH1ZU7XCapu-kACeVHfPy5EynURFHHgwX0VLNWBEJx0O7Qgl0z7RA
Requested by
Host: 082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
URL: https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
89.149.193.84 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 LeaseWeb Netherlands B.V., NL),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://pagead2.googlesyndication.com/

Response headers

date
Sat, 06 Dec 2025 23:40:37 GMT
content-length
0
dot.gif
s0.2mdn.net/ Frame AD40
Redirect Chain
  • https://csync.loopme.me/?pubid=11537&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_109}&redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dloopme_eb_%26google_hm%3D{viewer_token}&google_...
  • https://cm.g.doubleclick.net/pixel?google_nid=loopme_eb_&google_hm=14e7f6ac-8498-4f38-8fd4-d3637d662a37&google_cver=1&google_gid=CAESEI0F8EjvpvzoZJJcwIcEtk4&gdpr_consent=${GDPR_CONSENT_109}&google_...
  • https://s0.2mdn.net/dot.gif?gdpr_consent=${GDPR_CONSENT_109}&gdpr=${GDPR}&google_error=1
43 B
490 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/dot.gif?gdpr_consent=${GDPR_CONSENT_109}&gdpr=${GDPR}&google_error=1
Requested by
Host: 082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
URL: https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Protocol
H2
Server
2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://pagead2.googlesyndication.com/

Response headers

age
51809
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
x-content-type-options
nosniff
expires
Sun, 07 Dec 2025 09:17:08 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 06 Dec 2025 09:17:08 GMT
last-modified
Sun, 01 Feb 2009 08:00:00 GMT
content-type
image/gif
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
content-length
43
x-xss-protection
0
server
sffe

Redirect headers

cache-control
no-cache, must-revalidate
location
https://s0.2mdn.net/dot.gif?gdpr_consent=${GDPR_CONSENT_109}&gdpr=${GDPR}&google_error=1
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
293
date
Sat, 06 Dec 2025 23:40:37 GMT
x-xss-protection
0
content-type
text/html; charset=UTF-8
server
HTTP server (unknown)
attr
cm.g.doubleclick.net/pixel/ Frame AD40 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KYji60s1byOHJpA7GpdNhFyXH7DbcH7OWmZIcXb-JbfjgwSeE8bXr792RoMPsZc9JFKG5lNg
Requested by
Host: 082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
URL: https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://pagead2.googlesyndication.com/

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Sat, 06 Dec 2025 23:40:37 GMT
x-xss-protection
0
content-type
text/html
server
HTTP server (unknown)
Klz6NWr5.html
ep2.adtrafficquality.google/sodar/ Frame 72BA 		35 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/Klz6NWr5.html
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/VFc2VJAc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2a5cfa356af90e4dc14d89477463deb2c098c826ebc6d74c1577eb3d5973cac9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
1524
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000
content-encoding
br
content-length
12007
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sat, 06 Dec 2025 23:15:13 GMT
expires
Sun, 07 Dec 2025 00:05:13 GMT
last-modified
Thu, 13 Mar 2025 04:28:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
view
securepubads.g.doubleclick.net/btr/ Frame 870D 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/btr/view?ai=CVQXp9L40ad_lGMu4kdUP_peVuQOh2bXzgwH944fDlhWO5-eWgioQASDSzIEaYNUFoAGtk9PaA8gBAakCOzg1w0CIsz7gAgCoAwHIAwiqBPMBT9BADyJTzAT0qTx9-OjH39GhRSRJPBNbNnzfDd_LcaQnqkkXR4s1bq5G27F9_PoXe-yYAYVAGz9dDv8EYNZn_6iwLxpvJA0Gksjq-UnMZ6L6svwAz4hujxRgoOmbEtw8l0RRhKipGitdTfohCnE6VCUH3wkuxiC-l73m06yQXx3syKxBgzxnYQpYfOb8eGwWPNnHBzl0AkEN894YXFkhHEoiHWGax0ncROHjdBhpzlqDaQtxJfj5urRLIImoHB-Ji64b9frtSxCy_3BXyPljiB48oqCSdYTc3hrB_klvJVV9F6MwVTjd4IYq2Ecys_eoTrDKwASK5b2IxgXgBAGIBb-B4_hTkgUECAQYAZIFBAgFGASgBi6AB4y4gBmoB6fMsQKoB-LYsQKoB6a-G6gHzM6xAqgH89EbqAeW2BuoB6qbsQKoB47OG6gHk9gbqAfw4BuoB-6WsQKoB_6esQKoB6--sQKoB9XJG6gH2baxAqgH98KxAtgHAfIHBBD4nkfSCC8IgGEQARidATIIioKAgICAgAg6DYBAgMCAgICAqIACqANIvf3BOljvpPK1kaqRA5oJmQFodHRwczovL3VuaWNlZi5lcy9oYXp0ZS1zb2Npby1pbmZhbmNpYT9hYz1BQy05OTA4JmNoPUNILTEwNCZ1dG1fc291cmNlPWdvb2dsZSZ1dG1fbWVkaXVtPWNwYyZ1dG1faWQ9MTc0MjUzMjI1NzJfXyZnYWRfc291cmNlPTUmZ2FkX2NhbXBhaWduaWQ9MjI1MzM0MjMyOTWACgPICwGiDAOQAQGqDQJFU-INEwjYz_K1kaqRAxVLXKQEHf5LJTfqDRMI2Y_ztZGqkQMVS1ykBB3-SyU3iA7___________8B2BMM0BUBmBYByhYCCgD4FgGAFwGyFywKHAgAEhRwdWItNDEyNjU1NDc3OTM5Mzk4NhjizBkYASoKNDI4NDI1OTk1OboXAjgBqhgXCQAAAAB4zzFBEgo0Mjg0MjU5OTU5GAGyGAkSAoNPGC4iAQDQGAHCGQIIAQ&sigh=NFHlN6IHCsQ&uach_m=%5BUACH%5D&ase=2&cid=CAQSnwEAwksa0RfypZslasWTUXfhYBVfCVEoxIb7yFGvPQeSiEknmYetx7HdX-2kOC5_MQdsLAgjELabHpkvtnBu4ELlZgLiUmn_TDcig33RWJlzVdyS8HUgrXb-fTwQfIlaWpLiq9D5jBDZ_qWCn1-mCOomLaSq-TuAgMiwE-VHZL1aQuuUQK_TRe3eBDJBxT5JVO24d5zjwbHxZ8vvwQc5eYQYAQ&template_id=5047&ibtr=1&nis=6
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com/

Response headers

timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
x-content-type-options
nosniff
access-control-allow-origin
https://f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Sat, 06 Dec 2025 23:40:37 GMT
x-xss-protection
0
content-type
text/html; charset=UTF-8
server
cafe
generate_204
ep2.adtrafficquality.google/ Frame 49C8 		0
40 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ep2.adtrafficquality.google/generate_204?l1WB2w
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://ep2.adtrafficquality.google/sodar/sodar2/237/runner.html

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Sat, 06 Dec 2025 23:40:37 GMT
cross-origin-resource-policy
cross-origin
generate_204
ep2.adtrafficquality.google/ Frame 3EFE 		0
38 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ep2.adtrafficquality.google/generate_204?7BXfTQ
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://ep2.adtrafficquality.google/sodar/sodar2/237/runner.html

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Sat, 06 Dec 2025 23:40:37 GMT
cross-origin-resource-policy
cross-origin
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v44/ Frame 870D 		47 KB
48 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open%20Sans%3A400%2C700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d8e4fe0452aa2076429a9bb5d8757d00a994dd95986cf950e9a1a371b9a072a0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin
https://f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com
Referer
https://fonts.googleapis.com/

Response headers

age
241038
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Fri, 04 Dec 2026 04:43:20 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 04 Dec 2025 04:43:20 GMT
last-modified
Mon, 15 Sep 2025 16:30:41 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
48320
x-xss-protection
0
server
sffe
ftUtils.js
ajs-assets.ftstatic.com/ Frame 63CA 		101 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajs-assets.ftstatic.com/ftUtils.js
Requested by
Host: servedby.flashtalking.com
URL: https://servedby.flashtalking.com/imp/1/271278;9332478;201;jsappend;DV360;DV360FY25CCBEHAffinityESDSKBAN300x250NANAROINA/?ftOBA=1&ft_domain=reurl.cc&ft_ifb=1&ft_agentEnv=0&ft_referrer=https%3A%2F%2Freurl.cc%2F&gdpr=0&us_privacy=${US_PRIVACY}&ft_partnerimpid=ABAjH0jFeSHUJ4Fqo6SIsfqwTOK6&cachebuster=711938.3161498553
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.136.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-136-120.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3e6e5dd7032848861a58c447e4b7042fbe6dfebd3a1da5a8f2b5432b25c45787

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/

Response headers

access-control-max-age
3000
access-control-expose-headers
Accept-Ranges, Content-Encoding, Content-Length, Content-Range
content-encoding
gzip
etag
W/"831987a957f5ab2f5025ff94ec3d1d00"
age
14566
access-control-allow-methods
GET
x-varnish
356810424 355423025
x-cache
Hit from cloudfront
x-amz-cf-id
SPa2qy5CQBexXQjkmG-9mdZOVYHHHHZZ4uheEILWl_g2m0OGwoPO5w==
date
Sat, 06 Dec 2025 19:37:53 GMT
content-type
application/javascript
last-modified
Mon, 03 Nov 2025 19:34:32 GMT
vary
Accept-Encoding,Accept-Encoding
cache-control
max-age=86400
via
1.1 prod-web-edge2.frk11.ftdns.net (Varnish/trunk), 1.1 2d859daa66fde82c2a8685f4b0ee0dbe.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
30858
x-amz-cf-pop
FRA50-P2
server
AmazonS3
x-amz-server-side-encryption
AES256
srEyw1CGy7QA-z8K5gw-KNJL_Xru-x_lhYshApT7PMA.js
ep1.adtrafficquality.google/bg/ Frame 72BA 		54 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ep1.adtrafficquality.google/bg/srEyw1CGy7QA-z8K5gw-KNJL_Xru-x_lhYshApT7PMA.js
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/Klz6NWr5.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
sffe /
Resource Hash
b2b132c35086cbb400fb3f0ae60c3e28d24bfd7aeefb1fe5858b210294fb3cc0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://ep2.adtrafficquality.google/

Response headers

content-encoding
br
age
372037
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
x-content-type-options
nosniff
expires
Wed, 02 Dec 2026 16:20:01 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 02 Dec 2025 16:20:01 GMT
last-modified
Mon, 01 Dec 2025 15:28:00 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
public, max-age=31536000
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
accept-ranges
bytes
content-length
21105
x-xss-protection
0
server
sffe
collect
analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-ZDFZCDVDK1&gtm=45je5c31v9181474282za200zd9181474282&_p=1765064431180&gcd=13l3l3l3l1l1&npa=0&dma=0&cid=1498954258.1765064433&ecid=1722941976&ul=es-es&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AEAAAAQ&_s=2&tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391253~115583767~115616985~115938466~115938469~116184927~116184929~116217636~116217638~116251938~116251940~116518834&sid=1765064432&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2Fk8qxzL&dt=Meilleur%20IPTV%20Abonnement%20en%20France&en=scroll&epn.percent_scrolled=90&_et=63&tfd=11165
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZDFZCDVDK1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:169:0
report-to
{"group":"ascnsrsggc:169:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:169:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://reurl.cc
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:169:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 06 Dec 2025 23:40:37 GMT
content-type
text/plain
server
Golfe2
sodar
ep1.adtrafficquality.google/pagead/ Frame 805D 		0
17 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=237&t=2&li=gpt_m202512040101&jk=208345317851880&bg=!ICOlI2zNAAZCJko1YiY7ADQBe5WfOCC2ryJS_FMxoSsW9nzUGQwgBg4pnd57XvTFUZTgg1ohEdTZyykXVSw6ZbE-YqZbAgAAAV5SAAAAB2gBB34AN5KnAQWRCmVbH-1XDkEsPjC0SEhsXvb7FIvDEhALfCYRHNw1zvgtlz4aNXT1g0fMbiEx3faeTFKZAom-CGj1yN-zZ6_FV30x-AQD3B3iQVZUVLzE2U0mTVMSdpToiFeZE4A1sPGMmJAiIbez6J3Sv0rZ9WWDuQRML5ghpHt4ZoBOHAr26-Vrtgl2Z4wbEgeuog9JhYOnrFsLZ77YhmYx2ev8ARcfqHLVxUhe471vhVvVv4oKLV9v1YOCGQ--7nw-dNwEXCC4TmcNWc0dOfFWppDZwNnRZN-W6P1htDuJsdE3xeLxIEQQf8Lf55AoeNkyo1tKsZavvTthmoWdktaKEbwx9e245h6Ju4iygTvInbejXKOnYJeoMO8Y6qxBLFXfPiLsZaiJ4kLjYytVN9E1Z7y1V3zbHFhNTOIh4YOPPDf1CEWicciFlTb8om9GHXVgw_XVicjPC4KuBqJt2AzTe1ZrgTdsgL0oyDX_iYIq3fBi88gzdE906q4vLArUtA_J2RSCplFH85h-JZi8QMeLKX4oJlLu4Q9mYGZ81RX1twi027PFTqNeNsAvWYjnLxZ8-jEvCc6JBuaNHypha4vUZxkhHSySicaweQ34zViGvYia5zHkxJ6cuEK641YZc2QZfQrU0l6a2yRPIO-Mb2wCCBdtDjkKWOWujvyVMC9tSi8Tmlu1jJ5mZvIxC_lV2-OBHdspJA2e2cOyfX62sS07nYkiayramVXTkgaIT0OnO3Z_8yuh_stwz0R5hCn4699SFCwaDBbAsfwJHFGYCcwOo9WtyoCsxY5tYFoXA2tt5ZSCFV7Run7PYTuY-F5rJQK1DTAggnWXRjdPjgpDq4dyo9OL6bESfYe7GWCHRKUwg0IM2FUshjfmbUGm5WyTZdg4upHJ13qP9oHf1Wz7qjo4aoeL2OWgn-x49IHfDVj1pULSud5m
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

timing-allow-origin
*
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Sat, 06 Dec 2025 23:40:38 GMT
x-xss-protection
0
content-type
image/
server
cafe
sodar
ep1.adtrafficquality.google/pagead/ Frame AECE 		0
17 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=237&t=2&li=gpt_m202512040101&jk=6844337683902518&bg=!9fal9rnNAAZCJko1YiY7ADQBe5WfOL6JbwL1bhcpuAntjkCnnXgdNeqkKL0SQOcY9PX40C2SUmsOQv81O1DBQ7eLgmJ-AgAAARBSAAAABmgBB34AN4TPlfkCsQ3E-BizgbWeGNAOpntR1qeqxTVrZLtHDn3wQKwRx0aiGMg2u_f6b12vXJAtgp3GvbkKAG9GSd7OD_fdPZMHQSf609cL8y2LvFj4Cy-M4LSB7-0M1FynphiO86c6VWZgnHgQA0xX4X7111QINfYewylEBgrZLCxcf8IH8CylMy17K-j5Zb6KZ9s_yXgErnbbYIbOcuJ78XjQgkwLKrfAmigguFiZAoRznx75Kk4B4snPR5kRmHGKmsxgckA0Sd8CQOiQ5lYpQ8q_BKGKmw9ByqLToslkVi7gJoemL6Bp2lwEVTmE-Nk8VWi0Ks71UQVC3y2HjyLZ1ibX_rjHVBieQjmoMuJ72Bv38ikFpFF3ZxPWsTS0D1gq9CtPGSKkFPARJSGkyJ17vBpJ9e0sl92JmZcmO9bTftAet1egUKuVhCBa-djsRcwugKvJlGM-a0eNOYpQzWpUF4sc-jgkSiAba5QLgTHF4yN7ef1nV-ts2Gmku8apTbpz3dKTUh0LE1nTr8v74PamTt3uWEc3mIku2GnnqWhbO2qc3CZIJj0pNgy4KEJvGYBjfVmlzR9Zqc14hW50HFLIjhtfRPZSQFCKMX7soKliiZHIrNoPIk-Grtf56n9-xj0pH7Dm8c8tdCYFLG3pmfbYOCNA-LT7gHNYorjczN-_eT3a_HnGGFaeLRrbKcNHRQSKVWp-u-xNtQQT8bldbR27XPV-mWhqTXsbFEEp9UesgYCLVhFzJNjKCTzfQr6BOzvfz4KBQE6VsalJPdOVMUKilI91A0_jDLFH7TdVKFVQuGmdWh-lRYzn64u_Uw8Bg6DR2QIsHbAkA6z8kMqqNWQA1U-nTVT72_TVNDkHP3Jo8tZCig0sAr90A_2hqhg5kKO6svBG4gh2ThynqUDcbA1uJ1r7r0e_E9IsMoMdxMhVx5Tujm_IllWh5WPUDGZvcrH7HvkG8vf1E-A9mQe8zUAEr71eNwu32YzIT2NHwPij-F7II7gM_X5va7EkiIQvs1VI6VAqLJS-E2kvqR7SbqJaYQtuT_PDr6CH2gHdYpN6oqNaceFmif-VxhP6hVcih_yEHrPmug
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

timing-allow-origin
*
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Sat, 06 Dec 2025 23:40:38 GMT
x-xss-protection
0
content-type
image/
server
cafe
activeview
pagead2.googlesyndication.com/pcs/ Frame 63CA 		42 B
65 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssb0WLTkT4PVjEfxpqU82I5JYgbl9XuOkxkvsNnW5z49ib2RF3SjEV8qfBds6OeTNXBdCIdk8y7BU-Epzlsk--8QNWNsrr4hBAnYDsu3a8bvWsxvbyibwB4JjVgBuVezzruvRajwMujqaui2JW7TYN0iaqj_-KJnYZKT6pfgP40hyzXL0-qkvaC7WjBNdsQQS_w7j_1T2m7ebhg8uu1&sai=AMfl-YTH0gA6zBvwrUHw2-LA-t0Pgg1AYeeLVtLQhV1ngzliH_rHFYD1WASTyFWljmGF278VGJ2UN3yHyl6MCc8Zf-Tx19652ledb6m0QbPmmK3EfhGFYwQdWqEh4-hVFnQL-Rx1s0_ZZ1qWpBAeZAKMNKKzHHLcl7GPqcIOMtQzG8mxhciig8YfTQL8axJt62KjXKdOmhLb4Vfb_uL2jJBB6_UBUMr6bTcibhDaP3GQ4hJXM55NGBCa_dtDJVQhEAgPl004iQ&sig=Cg0ArKJSzNn3fl1aXWTrEAE&cid=CAQSnwEAwksa0do2I889mI1aKXCkVnmZJ5HuDxuCvI_d0Ik7Wk8HGIH40zoUFWjjeu3Db4o4G4pN362PIQG3feU1Dkywfg7hxmrPbTVnyux9JdHzjGeDmUoSBkkvX15KX7mQgecg0O5u50Bj3hemIbG3WYDBSYDP8ILaeP_IGMyQQlZUlVRdE21VJ4w__y7VLIFRoO7WZSHJ0wAHQ8co6RavfH4YAQ&id=lidar2&mcvt=1023&p=721,650,971,950&tm=1044.099998474121&tu=21.599998474121094&mtos=1023,1023,1023,1023,1023&tos=1023,0,0,0,0&v=20251203&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=110384004&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=6099723700&rst=1765064436400&rpt=754&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.140.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lcfraa-bt-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Sat, 06 Dec 2025 23:40:38 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
ep1.adtrafficquality.google/pagead/ Frame 72BA 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ep1.adtrafficquality.google/pagead/gen_204?id=sodar&v=46&t=2&bgai=BIkya9L40afmsN7KK7M8P7Pr30AsAAAAAOAHgBAI&bg=!1tWl1ZrNAAZCJko1YiY7ADQBe5WfOJqw0Bxp21jFosdKhJqWfZNggERhIbYGGVmzH5HBxW6FHlkJlKpHfT8O_fxjbSy5AgAAAFJSAAAABmgBB34ANaxMZo_eQZWOXsg6ejcxX_Z_0Hj9_AjuNFAO_awCDOS22hvvExLaaQLXiNOrSaEazWGT-UaZCgBlyt8gGiVnC9iQneqh9otZsMeHOt92n87IZCIOzgK3Qqbg8uxf7uEgGzkObIwKCCFgdPT3PRu5H_A8cXncMhBfY1HmV7ujArN6xYdcVEE09Se0CIIlwJ6CMXXJPsUPw3szoAsThmSZAsT1KXsylET4Brs9i586Fk34PmJqlAae6hv5vRn2A3JCxK01c82kyKE6YhCRXuUVJUshOOpagFFEsKZdJkBVMcsSXQE58BRt6mor-N9v-mqriU_9POCQepu_tJBrojt5auRLTb25jE3u6j-nQoUr9FXTL2LRnJFbUVnS5GXKWv0T0TmW7qP9lSmW1LfQqHctXV2behaf6PuZL1YNws3RahYr5zzQF_zZwpptdB6XN81BwGEnlT7azoMckMfrjA22doOKTDVJ6x0SV6h-lN2Bzrb90jV04_s6yuktUCCZXUTox0NP7rAYSI6q8GSZGsrpyRnLtJMvcCn5wsTC_QDtmBbLq5KJ9FOkvs_vDuyTswnXTF0m930zTvgtUVHuENVn-TfXWopSqLMdLrRpjHejp0ncJrDmqLN3wvEFyw2Gm9g2rAQ-7Q3QS1_QIMwRX-ngVs_-ZFphx-pnxEYOEWOHKdp2-VzmtdZy8f6zvF9T5SE6XJm28UD5HEAaTsB1iI9S21UB3NKE6f3optKargV-Qw5yIg-k7xmqQFHQk1QGkHeD90mlzgfaZZ0EHNiP9ZVyaduVSYDesxP__J-Tj8bL_ayWpT2J8Y0f-eeouowS51M4I7JIxyTQMO_0jl-XLcTyxdZgpUR9vYa9ZwfqJGWJHMk40SruAS9iMbHgMBxDIRDFOzG6Tw0g9AsB5se6MS8ibyjVAb3S_eUSZ0NomDiXkxQG5VJVh6wqfS9KzUCQc1b_-lbT2KuBttS1KVfFQ4dkHcsHPSx7FQMMF5w2cB72ghnQMVkmLqZCqQgF-6DcqQgFAPqTri4WBHxtdLYRljf_ZuQ3h7OMQvjCRnnbsnUXAYSadpGC9CkphcQFTzTvxrWyedOckSLswGqQN-vuYldzmv1qfPrBP_Js7ei55m9xQAYJB2SxMlr7zTGviOV_XwAdhk4ZdJ0
Requested by
Host: 082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
URL: https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html?n=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://ep2.adtrafficquality.google/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Sat, 06 Dec 2025 23:40:38 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
collect
analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-N394QBRGC0&gtm=45je5c31v897965293za200zb9181474282zd9181474282&_p=1765064431180&gcd=13l3l3l3l1l1&npa=0&dma=0&cid=1498954258.1765064433&ul=es-es&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AEAAAAQ&_s=3&tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391252~115583767~115938466~115938468~116184927~116184929~116217636~116217638~116518834&sid=1765064433&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2Fk8qxzL&dt=Meilleur%20IPTV%20Abonnement%20en%20France&en=scroll&epn.percent_scrolled=90&_et=1&tfd=11539
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.239.36.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:169:0
report-to
{"group":"ascnsrsggc:169:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:169:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://reurl.cc
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:169:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 06 Dec 2025 23:40:38 GMT
content-type
text/plain
server
Golfe2
collect
region1.analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-S9B9ZLEX4D&gtm=45je5c31v9235665865za200zb9181474282zd9181474282&_p=1765064431180&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&cid=1498954258.1765064433&ul=es-es&sr=1600x1200&_ng=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AEAAAAQ&_s=2&tag_exp=103116026~103200004~104527907~104528500~104684208~104684211~105391252~115583767~115616986~115938466~115938469~116184927~116184929~116217636~116217638~116251938~116251940~116518834&sid=1765064433&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2Fk8qxzL&dt=Meilleur%20IPTV%20Abonnement%20en%20France&en=scroll&epn.percent_scrolled=90&_et=87&tfd=11762
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S9B9ZLEX4D&cx=c&gtm=4e5c31
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.239.32.36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:169:0
report-to
{"group":"ascnsrsggc:169:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:169:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://reurl.cc
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:169:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 06 Dec 2025 23:40:38 GMT
content-type
text/plain
server
Golfe2
5737381.json
agen-assets.ftstatic.com/display/9332478/ Frame 63CA 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://agen-assets.ftstatic.com/display/9332478/5737381.json
Requested by
Host: ajs-assets.ftstatic.com
URL: https://ajs-assets.ftstatic.com/ftUtils.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.244.18.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-244-18-94.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9024d05e9ae7e5f94b34389a54cf559d0f28c4c3f6aa8492f1a50c658ed1730f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/

Response headers

access-control-max-age
3000
access-control-expose-headers
Accept-Ranges, Content-Encoding, Content-Length, Content-Range
content-encoding
gzip
etag
W/"a25504ea9a5f027f7fe4f064c3b9bbfd"
age
16
access-control-allow-methods
GET
x-varnish
165585699
x-cache
Hit from cloudfront
x-amz-cf-id
TjvBgpJlYSom6krftSyPGwXbCrWuPPORFggD4-WXOVnNOlX0jL-C5Q==
date
Sat, 06 Dec 2025 23:40:39 GMT
content-type
application/json
vary
Accept-Encoding,Accept-Encoding
last-modified
Fri, 07 Nov 2025 09:05:46 GMT
cache-control
max-age=30
via
1.1 prod-web-edge6.frk11.ftdns.net (Varnish/trunk), 1.1 6571e9f709b2287f8a30275c17d07140.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
x-amz-cf-pop
FRA56-P11
server
AmazonS3
x-amz-server-side-encryption
AES256
d9core
d9.flashtalking.com/ Frame 63CA 		11 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d9.flashtalking.com/d9core
Requested by
Host: ajs-assets.ftstatic.com
URL: https://ajs-assets.ftstatic.com/ftUtils.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.202.153.236 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-202-153-236.eu-west-1.compute.amazonaws.com
Software
Apache/2.4.59 (Amazon Linux) OpenSSL/3.0.8 /
Resource Hash
256cd3f478cfbf8dae57752b3d9b3ac6018fe19cf7ae3aaa2cf629d05a5e41d0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/

Response headers

cache-control
private, must-revalidate, proxy-revalidate, max-age=172800
etag
5bc31bf7d4a298e1bef9d35fce222bfc
access-control-allow-credentials
true
access-control-allow-methods
GET,POST,SERVER
access-control-allow-origin
d9.flashtalking.com
p3p
policyref="localhost/w3c/D9_p3p_.xml", CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
date
Sat, 06 Dec 2025 23:40:40 GMT
content-type
application/javascript;charset=utf-8
server
Apache/2.4.59 (Amazon Linux) OpenSSL/3.0.8
score.min.js
js.ad-score.com/ Frame 63CA 		1 MB
195 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.ad-score.com/score.min.js?pid=1000941&tt=g
Requested by
Host: ajs-assets.ftstatic.com
URL: https://ajs-assets.ftstatic.com/ftUtils.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2646:1e00:a:deb0:3380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
287a3783bfa7846684d2c67833f0c32a9c31d9536b204ca56085009ec871f580

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/

Response headers

Content-Encoding
br
Age
6170
Access-Control-Allow-Methods
GET
Expires
Sun, 07 Dec 2025 21:57:50 GMT
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
OxxzkqUrt1WvpdsE9QWoSz44CRV4GLiEXW3YRjPLCd2GabcPMuUiOA==
Date
Sat, 06 Dec 2025 21:57:50 GMT
Content-Type
application/javascript
Last-Modified
Sat, 06 Dec 2025 21:57:50 GMT
Vary
accept-encoding
Access-Control-Allow-Headers
Cache-Control
Transfer-Encoding
chunked
Cache-Control
public, max-age=86400
Connection
keep-alive
Access-Control-Allow-Credentials
true
Via
1.1 eb99f1f32a184a8c9c9c920381a7576a.cloudfront.net (CloudFront)
Access-Control-Allow-Origin
*
X-Amz-Cf-Pop
FRA60-P5
FY25Q4_CC_Individual_CCPro_ES_ES_IntroPricingNovember-PercentageOff-V1_ST_300x250_NA_Promo-CCPro-BFCM.jpg
cdn.flashtalking.com/228954/5737381/ Frame 63CA 		63 KB
63 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.flashtalking.com/228954/5737381/FY25Q4_CC_Individual_CCPro_ES_ES_IntroPricingNovember-PercentageOff-V1_ST_300x250_NA_Promo-CCPro-BFCM.jpg?cb=102382302
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.175.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-175-36.fra60.r.cloudfront.net
Software
Flashtalking (AKA) /
Resource Hash
444f06cfc7c53f6deb79b3167dcf592d2093f5cbde45f580ff2a96c4c7506d31

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/

Response headers

cache-control
max-age=1200
etag
W/"5ad2ed91fe26f6650fad1b11d542626b"
via
1.1 prod-web-edge3.irl11.ftdns.net (Varnish/trunk), 1.1 23e907ff6b79ce55a7f547e682506202.cloudfront.net (CloudFront)
accept-ranges
bytes
x-varnish
135916798
x-cache
Hit from cloudfront
x-amz-cf-id
IUzTTD1o5FgSn1gJpxf_oYOj9Hdx979tACtkfE3mP2AixQcSGNmRNQ==
date
Sat, 06 Dec 2025 23:31:22 GMT
content-type
image/jpeg
last-modified
Tue, 04 Nov 2025 12:35:58 GMT
server
Flashtalking (AKA)
x-amz-cf-pop
FRA60-P14
vary
Origin
/
servedby.flashtalking.com/state/9332478;5737381;0;271;F266DBCE-222D-F2AF-9DA4-C3B7FF1E26F0/ Frame 63CA 		42 B
387 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://servedby.flashtalking.com/state/9332478;5737381;0;271;F266DBCE-222D-F2AF-9DA4-C3B7FF1E26F0/?cachebuster=242581693
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
prod-xre-app16.frk11 /
Resource Hash
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/

Response headers

Strict-Transport-Security
max-age=86400
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Connection
keep-alive
Expires
Sat, 06 Dec 2025 23:40:39 GMT
Content-Length
42
Allow-Fenced-Frame-Automatic-Beacons
true
Date
Sat, 06 Dec 2025 23:40:39 GMT
Content-Type
image/gif
Server
prod-xre-app16.frk11
pixel
83a8eb42-6ef1-4f83-b0a8-8311ce7c1584.t.ssp.hinet.net/ Frame AF7B 		0
177 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://83a8eb42-6ef1-4f83-b0a8-8311ce7c1584.t.ssp.hinet.net/pixel?bd=83a8eb42-6ef1-4f83-b0a8-8311ce7c1584&t=50ef57&referrer=
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

Strict-Transport-Security
max-age=0
Content-Length
0
Date
Sat, 06 Dec 2025 23:40:42 GMT
Content-Type
image/png
Server
nginx
Connection
keep-alive
lgc
d9.flashtalking.com/ Frame 63CA 		103 B
572 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://d9.flashtalking.com/lgc
Requested by
Host: d9.flashtalking.com
URL: https://d9.flashtalking.com/d9core
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.202.153.236 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-202-153-236.eu-west-1.compute.amazonaws.com
Software
Apache/2.4.59 (Amazon Linux) OpenSSL/3.0.8 /
Resource Hash
7439766d6038ec88a136b0c341ecad3828dead2df321e735b7d75ceb714ea766

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/

Response headers

access-control-allow-credentials
true
access-control-allow-methods
GET,POST,SERVER
access-control-allow-origin
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
content-length
103
p3p
policyref="localhost/w3c/D9_p3p_.xml", CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
date
Sat, 06 Dec 2025 23:40:40 GMT
content-type
application/json;charset=UTF-8
server
Apache/2.4.59 (Amazon Linux) OpenSSL/3.0.8
pixel
83a8eb42-6ef1-4f83-b0a8-8311ce7c1584.t.ssp.hinet.net/ Frame 96D5 		0
177 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://83a8eb42-6ef1-4f83-b0a8-8311ce7c1584.t.ssp.hinet.net/pixel?bd=83a8eb42-6ef1-4f83-b0a8-8311ce7c1584&t=50ef57&referrer=
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

Strict-Transport-Security
max-age=0
Content-Length
0
Date
Sat, 06 Dec 2025 23:40:43 GMT
Content-Type
image/png
Server
nginx
Connection
keep-alive
gen_204
pagead2.googlesyndication.com/pagead/ Frame 63CA 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=6792653138931&version=m202510220101&ct=77&x=1&cor=4253765571300058624
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.140.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lcfraa-bt-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Sat, 06 Dec 2025 23:40:40 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
/
servedby.flashtalking.com/state/9332478;5737381;0;401;F266DBCE-222D-F2AF-9DA4-C3B7FF1E26F0/ Frame 63CA 		42 B
387 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://servedby.flashtalking.com/state/9332478;5737381;0;401;F266DBCE-222D-F2AF-9DA4-C3B7FF1E26F0/?ft_data=d9:3e93ede273b645eca158fc53db1e11c8;d9s:3e93ede273b645eca158fc53db1e11c8&cachebuster=54699673
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
prod-xre-app12.frk11 /
Resource Hash
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/

Response headers

Strict-Transport-Security
max-age=86400
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Connection
keep-alive
Expires
Sat, 06 Dec 2025 23:40:40 GMT
Content-Length
42
Allow-Fenced-Frame-Automatic-Beacons
true
Date
Sat, 06 Dec 2025 23:40:40 GMT
Content-Type
image/gif
Server
prod-xre-app12.frk11
nlp-bp.min.js
js.ad-score.com/ Frame 63CA 		300 KB
94 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.ad-score.com/nlp-bp.min.js?pid=1000941&tt=g
Requested by
Host: js.ad-score.com
URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2646:1e00:a:deb0:3380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
260753fa7e3f19eb264eb8ed5ccc7fd1b02a172035652f9877506eba9a50279d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/

Response headers

Transfer-Encoding
chunked
Cache-Control
public, max-age=86400
Content-Encoding
gzip
Age
55841
Connection
keep-alive
Via
1.1 eb99f1f32a184a8c9c9c920381a7576a.cloudfront.net (CloudFront)
Accept-Ranges
bytes
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
NKNggHUW2jf7rsZ6m2rimmbtQubLg0QY5vOhVvpt_OfBR3BlVgruvw==
Date
Sat, 06 Dec 2025 08:10:00 GMT
Content-Type
text/javascript; charset=utf-8
Last-Modified
Sat, 06 Dec 2025 06:37:23 GMT
X-Amz-Cf-Pop
FRA60-P5
cors
data.ad-score.com/data/ Frame 63CA 		206 B
802 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://data.ad-score.com/data/cors?pm_st=qQWCSReuiOhTNqEgFnmKXOWvcylbQYxz-FE7fPshldVrrKD8Y23LJEEvGOg==-E03HOc1iY1DlNg==&pm_ct=6ab3b11b236c5e4b392b5232&pm_pl=1765064440992&pm_td=75&pid=1000941&en=1.1&callback=__pm_glbl_F4Br5ou6qHEAmF1Pp3jOV83s._gc1&tt=g&v=d70abfc
Requested by
Host: js.ad-score.com
URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
130.211.115.4 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
4.115.211.130.bc.googleusercontent.com
Software
/
Resource Hash
fb1225a126a46d56388c6434e48a7fe384af68546ef7e3a047050de738f4f05e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/

Response headers

Cache-Control
post-check=0, pre-check=0, false, proxy-revalidate, no-cache, no-cache=Set-Cookie, no-store, must-revalidate, max-age=0, s-maxage=0
Pragma
no-cache
Age
0
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Methods
POST
Access-Control-Allow-Origin
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
P3p
CP="CURa ADMa DEVa TAIi PSAi PSDi IVAi IVDi CONi HISa TELi OUR IND DSP CAO COR"
Content-Length
206
Date
Sat, 06 Dec 2025 23:40:42 GMT
Content-Type
text/plain; charset=utf-8
pixel
83a8eb42-6ef1-4f83-b0a8-8311ce7c1584.t.ssp.hinet.net/ Frame 358C 		0
177 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://83a8eb42-6ef1-4f83-b0a8-8311ce7c1584.t.ssp.hinet.net/pixel?bd=83a8eb42-6ef1-4f83-b0a8-8311ce7c1584&t=50ef57&referrer=
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

Strict-Transport-Security
max-age=0
Content-Length
0
Date
Sat, 06 Dec 2025 23:40:44 GMT
Content-Type
image/png
Server
nginx
Connection
keep-alive
ab85774f-aca8-43ac-aac3-56c9055c1da1
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/ Frame 63CA 		0
0
truncated
/ Frame 4342 		266 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
662294921ca6240beb0f2aecb7f7ac23dd085b782bbe52a369b20226d26afe33

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
ed2ee5d2-87de-44ef-a7e3-11ffaaa616b3
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/ Frame 63CA 		0
0
truncated
/ Frame 63CA 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5e89733d8a8e055100cda68bf7a712ab0e1b24fefee7e39792b47cb5ff7c3cb1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
pixel
83a8eb42-6ef1-4f83-b0a8-8311ce7c1584.t.ssp.hinet.net/ Frame 3043 		0
177 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://83a8eb42-6ef1-4f83-b0a8-8311ce7c1584.t.ssp.hinet.net/pixel?bd=83a8eb42-6ef1-4f83-b0a8-8311ce7c1584&t=50ef57&referrer=
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://reurl.cc/

Response headers

Strict-Transport-Security
max-age=0
Content-Length
0
Date
Sat, 06 Dec 2025 23:40:45 GMT
Content-Type
image/png
Server
nginx
Connection
keep-alive
68d4f47c-250f-4ef3-9baf-0bf5ac8b0e67
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/ Frame 63CA 		0
0
truncated
/ Frame 63CA 		35 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/gif
cors
data.ad-score.com/data/ Frame 63CA 		0
0
/
servedby.flashtalking.com/state/9332478;5737381;0;202;F266DBCE-222D-F2AF-9DA4-C3B7FF1E26F0/ Frame 63CA 		42 B
386 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://servedby.flashtalking.com/state/9332478;5737381;0;202;F266DBCE-222D-F2AF-9DA4-C3B7FF1E26F0/?cachebuster=604090674
Requested by
Host: reurl.cc
URL: https://reurl.cc/k8qxzL
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
prod-xre-app4.frk11 /
Resource Hash
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/

Response headers

Strict-Transport-Security
max-age=86400
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Connection
keep-alive
Expires
Sat, 06 Dec 2025 23:40:42 GMT
Content-Length
42
Allow-Fenced-Frame-Automatic-Beacons
true
Date
Sat, 06 Dec 2025 23:40:42 GMT
Content-Type
image/gif
Server
prod-xre-app4.frk11
cors
data.ad-score.com/data/ Frame 63CA 		1 B
320 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://data.ad-score.com/data/cors?pm_st=qQWCSReuiOhTNqEgFnmKXOWvcylbQYxz-FE7fPshldVrrKD8Y23LJEEvGOg==-E03HOc1iY1DlNg==&pm_ct=6ab3b11b236c5e4b392b5232&pm_pl=1765064440992&pm_td=1648&pid=1000941&en=1.1&callback=__pm_glbl_F4Br5ou6qHEAmF1Pp3jOV83s._gc3&tt=g&v=d70abfc
Requested by
Host: js.ad-score.com
URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
130.211.115.4 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
4.115.211.130.bc.googleusercontent.com
Software
/
Resource Hash
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/

Response headers

Access-Control-Allow-Origin
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
Content-Length
1
Date
Sat, 06 Dec 2025 23:40:43 GMT
Content-Type
text/plain; charset=utf-8
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Methods
POST
cors
data.ad-score.com/data/ Frame 63CA 		1 B
320 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://data.ad-score.com/data/cors?pm_st=qQWCSReuiOhTNqEgFnmKXOWvcylbQYxz-FE7fPshldVrrKD8Y23LJEEvGOg==-E03HOc1iY1DlNg==&pm_ct=6ab3b11b236c5e4b392b5232&pm_pl=1765064440992&pm_td=5796&pid=1000941&en=1.1&callback=__pm_glbl_F4Br5ou6qHEAmF1Pp3jOV83s._gc2&tt=g&v=d70abfc
Requested by
Host: js.ad-score.com
URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
130.211.115.4 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
4.115.211.130.bc.googleusercontent.com
Software
/
Resource Hash
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/

Response headers

Access-Control-Allow-Origin
https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
Content-Length
1
Date
Sat, 06 Dec 2025 23:40:47 GMT
Content-Type
text/plain; charset=utf-8
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Methods
POST

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cdn-ima.33across.com
URL
https://cdn-ima.33across.com/ob.js
Domain
ad.holmesmind.com
URL
https://ad.holmesmind.com/adserver/cm?app=91app&P=505937-kb4hQg6EJ8otltsWOFcPUr9XVwrTTqrD&uid=f2ae4c0a-1d59-46e7-bb6b-a6de600d2ffe
Domain
ad.holmesmind.com
URL
https://ad.holmesmind.com/adserver/cm?app=91app&P=505937-kb4hQg6EJ8otltsWOFcPUr9XVwrTTqrD&uid=63d04ae6-7814-407e-9c2d-a72b2e014ddc
Domain
www.facebook.com
URL
https://www.facebook.com/platform/plugin/tab/renderer/?key=timeline&config_json=%7B%22app_id%22%3A%22776730922422337%22%2C%22href%22%3A%22https%3A%2F%2Fwww.facebook.com%2Freurl.cc%2F%22%2C%22width%22%3A340%2C%22height%22%3A500%2C%22has_cta%22%3Atrue%2C%22has_small_header%22%3Afalse%2C%22has_adapt_container_width%22%3Atrue%2C%22has_cover%22%3Atrue%2C%22has_posts%22%3Afalse%2C%22tabs%22%3A%22timeline%22%2C%22can_personalize%22%3Afalse%2C%22is_xfbml%22%3Afalse%2C%22referer_uri%22%3A%22https%3A%2F%2Freurl.cc%2F%22%7D&fb_dtsg_ag&__user=0&__a=1&__req=1&__hs=20428.BP%3Aplugin_default_pkg.2.0...0&dpr=1&__ccg=GOOD&__rev=1030734632&__s=%3A%3Atdebcr&__hsi=7580894011873605803&__dyn=7wKxa13wt8K2Wmh0Sw8W5U4e1Fx-ewpU3WwvE3vx609vCwjE0AC1xwEw7Bx61vw5zw78w5Uw64w8W1uw2oE17U2ZwrU1Xo1UU3jwea&__sp=1
Domain
ad.holmesmind.com
URL
https://ad.holmesmind.com/adserver/cm?app=91app&P=505937-kb4hQg6EJ8otltsWOFcPUr9XVwrTTqrD&uid=94db3b0e-24d8-4685-8905-35d5dc18c081
Domain
ad.holmesmind.com
URL
https://ad.holmesmind.com/adserver/cm?app=91app&P=505937-kb4hQg6EJ8otltsWOFcPUr9XVwrTTqrD&uid=81610b9c-5370-46cb-b52a-4b4b0b8648c5
Domain
ad.holmesmind.com
URL
https://ad.holmesmind.com/adserver/cm?app=91app&P=505937-kb4hQg6EJ8otltsWOFcPUr9XVwrTTqrD&uid=a6248760-b7e5-4907-8dbf-e6aa8dba35b8
Domain
ad.holmesmind.com
URL
https://ad.holmesmind.com/adserver/cm?app=91app&P=505937-kb4hQg6EJ8otltsWOFcPUr9XVwrTTqrD&uid=423aefc1-78e3-4b5f-aff4-767c16922257
Domain
www.google.com
URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaRC3tbK0D1eQo4aAYOKlUt_m603eAjLDXl-2X3ZfWtn24MelfYzMgwlHUDUcJgJtF8Zto63UomP970lLibPPKAYXQ6iEw
Domain
ib.adnxs.com
URL
https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEGEQq40hAOKjsJz0zFZZEaE&google_cver=1
Domain
ib.adnxs.com
URL
https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}&gdpr=0
Domain
www.google.com
URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaTGLfjZIomiJOAmB6B_Q1Gpe5x3_DR355cd5uZ2Y8xMtnhy1B4u_v4oDgar4hup9KvaRmAr4YddiszCACabt6X_4RNNpg
Domain
082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
URL
blob:https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/ab85774f-aca8-43ac-aac3-56c9055c1da1
Domain
082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
URL
blob:https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/ed2ee5d2-87de-44ef-a7e3-11ffaaa616b3
Domain
082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
URL
blob:https://082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com/68d4f47c-250f-4ef3-9baf-0bf5ac8b0e67
Domain
data.ad-score.com
URL
https://data.ad-score.com/data/cors?pm_st=qQWCSReuiOhTNqEgFnmKXOWvcylbQYxz-FE7fPshldVrrKD8Y23LJEEvGOg==-E03HOc1iY1DlNg==&pm_ct=6ab3b11b236c5e4b392b5232&pm_pl=1765064440992&pm_td=1006&pid=1000941&en=1.1&callback=__pm_glbl_F4Br5ou6qHEAmF1Pp3jOV83s._gc2&tt=g&v=d70abfc

Verdicts & Comments Add Verdict or Comment

212 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| 20 object| sas object| adloox_pubint object| googletag object| anymindTS function| startAnyMindTS function| startAnymindTS function| gtag object| dataLayer string| CFOutofPageGAM object| gtagScript function| custom_call_ND object| ONEAD_TEXT object| ONEAD_text_pubs function| loadBottomAd function| onScroll object| ggeac object| google_tag_data object| google_js_reporting_queue function| fbq function| _fbq function| c_tag_mk function| getCookie function| getVideoCardInfo function| ONEAD_text_response object| ONEAD_TEXT_INFO function| ONEAD_text_response_52ood function| text_etag_callback_52ood function| custom_call_MIR object| _ONEAD object| ONEAD_pubs object| google_reactive_ads_global_state function| Vue object| renews function| getRenewsFeeds object| app object| google_tag_manager function| onYouTubeIframeAPIReady object| gaGlobal string| labelToken string| category string| GoogleAnalyticsObject function| ga object| __TW_KEYWORD_CATEGORIES__ object| default_ContributorServingResponseClientJs object| _F_toggles_default_ContributorServingResponseClientJs object| __googlefc string| __fcInvoked string| __fcexpdef string| YTk3NmUzMjkyZTQyZjBlNWxvYWRlcl9qcw== string| YTk3NmUzMjkyZTQyZjBlNWNhY2hlZF9qcw== object| googlefc object| __fcInternalApiManager boolean| __fcInternalApiPostMessageReady object| __tcfapiEventListeners function| __tcfapi object| __tcfapiManager boolean| __tcfapiPostMessageReady number| google_unique_id object| gaplugins object| gaData function| lotameIsCompatible function| sync16589_aa function| sync16589_c function| sync16589_f object| sync16589_h function| sync16589_ca function| sync16589_j function| sync16589_da object| sync16589_ object| sync16589_ka object| sync16589_la object| sync16589_q object| sync16589_z object| sync16589_ya function| sync16589_a function| sync16589_b function| sync16589_g function| sync16589_i function| sync16589_k function| sync16589_l function| sync16589_ea function| sync16589_m function| sync16589_fa function| sync16589_n function| sync16589_o function| sync16589_p function| sync16589_ha function| sync16589_ga function| sync16589_ia function| sync16589_ja function| sync16589_r function| sync16589_t function| sync16589_u function| sync16589_v function| sync16589_ma function| sync16589_na function| sync16589_w function| sync16589_oa function| sync16589_x function| sync16589_y function| sync16589_s function| sync16589_A function| sync16589_pa function| sync16589_qa function| sync16589_ra function| sync16589_B function| sync16589_C function| sync16589_D function| sync16589_sa function| sync16589_E function| sync16589_F function| sync16589_G function| sync16589_I function| sync16589_K function| sync16589_J function| sync16589_L function| sync16589_M function| sync16589_H function| sync16589_ta function| sync16589_ua function| sync16589_va function| sync16589_wa function| sync16589_xa function| sync16589_N function| sync16589_O function| sync16589_za function| sync16589_P function| sync16589_Aa function| sync16589_Ba function| sync16589_Ca function| sync16589_Q function| sync16589_Da function| sync16589_Ea function| sync16589_Fa function| sync16589_Ga function| sync16589_R function| sync16589_Ha function| sync16589_S function| sync16589_T function| sync16589_U function| sync16589_V function| sync16589_Ia function| sync16589_W function| sync16589_X function| sync16589_Y function| sync16589_Z function| sync16589__ function| sync16589_0 function| sync16589_1 function| sync16589_Ja function| sync16589_2 function| sync16589_La function| sync16589_Ka function| sync16589_3 function| sync16589_Na function| sync16589_Oa function| sync16589_Ma function| sync16589_Pa function| sync16589_Sa function| sync16589_Ra function| sync16589_Qa function| sync16589_Ua function| sync16589_Wa function| sync16589_Ta function| sync16589_5 function| sync16589_Va function| sync16589_Za function| sync16589_Ya function| sync16589_Xa function| sync16589_6 function| sync16589_4 function| sync16589_7 function| sync16589_8 function| sync16589__a function| sync16589_0a function| sync16589_1a function| sync16589_2a function| sync16589_9 function| sync16589_3a function| sync16589_$ function| sync16589_4a function| sync16589_5a function| sync16589_6a object| lotame_sync_16589 object| criteo_syncframe_state object| criteo_pubtag object| criteo_identitytag_163 object| Criteo object| Criteo_identitytag_163 object| regeneratorRuntime object| ox_esp

69 Cookies

Domain/Path Name / Value
web.alipearlhair.com/ Name: XSRF-TOKEN
Value: eyJpdiI6ImJOOFVLZTZ4bXZYSVdxMWlRR2p2RWc9PSIsInZhbHVlIjoiS3VYXC9mMVhOREJmR25tT0FLSUZ0YnVIaitDUVwvY3NDZDdRSUZZK21KNzdDRWtkK0NuU3FKMnU3cWhwdWpcL0srQVBRdGR0YlJpQVwvOE5GOGRTSkJLZlFBPT0iLCJtYWMiOiJkNTgzMWU3Y2E1NWI1MzM2MDJlMGIwZDFmOTZlNWJmNTZiZTc2MGQ4OGJiNTY2NDIxNjNjZTUwMmJiNjgwZjhmIn0%3D
web.alipearlhair.com/ Name: laravel_session
Value: eyJpdiI6Ik40cG5nenhiXC82VHFHUnlRMGFoYkRBPT0iLCJ2YWx1ZSI6IkxvUzRUSjl4bldFRW4xRW1iS1wvZGRQeTJGWmczdXhHMlhkOGJlZGJUSFBhSFB3cE5EbmlnaFk4bVBpQUp6XC83WHRPQXlocnVJY0VERWc1WE1TTjJud0E9PSIsIm1hYyI6IjQwMGM0MjJmYjkxMDI0ZWE2YjY3YjA0ZTcwOTU3NmI5NzIxYTI2NDkyMmJkOTBhNzc3MTkyMWMzMDgzZjk3ODgifQ%3D%3D
.reurl.cc/ Name: _ga_ZDFZCDVDK1
Value: GS2.1.s1765064432$o1$g0$t1765064432$j60$l0$h1722941976
.reurl.cc/ Name: _fbp
Value: fb.1.1765064432955.970278867548499958
.reurl.cc/ Name: ISMD5VERSION
Value: 1
onead.onevision.com.tw/ Name: onevision_guid
Value: f4de05b8-d2fc-11f0-8060-42010a000023
onead.onevision.com.tw/ Name: oid
Value: f4de05a2-d2fc-11f0-8060-42010a000023
reurl.cc/ Name: oid
Value: %257B%2522oid%2522%253A%2522f4de05b8-d2fc-11f0-8060-42010a000023%2522%252C%2522ts%2522%253A-62135596800%252C%2522v%2522%253A%252220201117%2522%257D
.reurl.cc/ Name: _ga_N394QBRGC0
Value: GS2.1.s1765064433$o1$g0$t1765064433$j60$l0$h0
.holmesmind.com/ Name: P
Value: 505937-kb4hQg6EJ8otltsWOFcPUr9XVwrTTqrD
.holmesmind.com/ Name: Vision
Value: 20251207-23:59,20251207-10,20251207-10,20251207-23:59
.holmesmind.com/ Name: C
Value: null
.holmesmind.com/ Name: RK
Value: null
.holmesmind.com/ Name: test_cookie
Value: CheckForPermission
.reurl.cc/ Name: _ga_S9B9ZLEX4D
Value: GS2.1.s1765064433$o1$g0$t1765064433$j60$l0$h0
.reurl.cc/ Name: CFFPCKUUID
Value: 9743-ZRg45PTHSRglrew9iQzVkrjWb9XwmS2w
.reurl.cc/ Name: CFFPCKUUIDMAIN
Value: 9686-TeftXPByfrBByQsJSO45jsQQ4pxXhJkZ
.reurl.cc/ Name: FPUUID
Value: 9686-0565e32eebf1cf109ba77bee4b3f7377
.holmesmind.com/ Name: fcm
Value: 1
.reurl.cc/ Name: _gid
Value: GA1.2.1829154156.1765064434
.reurl.cc/ Name: _gat
Value: 1
.reurl.cc/ Name: FCCDCF
Value: %5Bnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2C%5B%5B32%2C%22%5B%5C%22692b6cb5-2f47-4da9-9dcc-82cdea5fd78c%5C%22%2C%5B1765064433%2C559000000%5D%5D%22%5D%5D%5D
.reurl.cc/ Name: __gads
Value: ID=4364cb78fde40470:T=1765064433:RT=1765064433:S=ALNI_Mb21YmUZIN_hrBX8NCior3tZ0ME1g
.reurl.cc/ Name: __gpi
Value: UID=000012d2436a4f6e:T=1765064433:RT=1765064433:S=ALNI_MYMMocnDSTe0maJhgYxR4lqknphLA
.reurl.cc/ Name: __eoi
Value: ID=227c5fc0b1a47413:T=1765064433:RT=1765064433:S=AA-Afja1XKMHuFdp_8LdXKZVyOvg
.eyeota.net/ Name: SERVERID
Value: 19527~DM
.doubleclick.net/ Name: IDE
Value: AHWqTUkcVDGF7vRFWNg_NV-8cM20ChD-C_vuHjTQlwzqEazEZnqj-3axt9pI_xHw2DM
.taboola.com/ Name: t_gid
Value: ebd72884-67f8-4aad-b34f-2097f35f6c76-tuct102e4472
.taboola.com/ Name: t_pt_gid
Value: ebd72884-67f8-4aad-b34f-2097f35f6c76-tuct102e4472
.mediago.io/ Name: __mguid_
Value: 8df1d1e1917c925f2th64n00miuxsifq
.criteo.com/ Name: uid
Value: 75aefd92-8ed9-4813-a1f1-f0abf05fca58
.reurl.cc/ Name: __htid
Value: 83a8eb42-6ef1-4f83-b0a8-8311ce7c1584
.reurl.cc/ Name: _ht_em
Value: 1
.c.appier.net/ Name: _auid
Value: QaZw5_zSD1q5FlFw8740aQ
.reurl.cc/ Name: _ht_50ef57
Value: 1
track.91app.io/ Name: deviceid
Value: 423aefc1-78e3-4b5f-aff4-767c16922257
.reurl.cc/ Name: _ga
Value: GA1.1.1498954258.1765064433
.reurl.cc/ Name: _ga_M4J67EDHV2
Value: GS2.1.s1765064436$o1$g0$t1765064436$j60$l0$h0
.prnasia.com/ Name: __cf_bm
Value: qdKApJu5Y4dO79yaYJaHrnhfN5sfc8ZmOiiDT4Qu0Mk-1765064436-1.0.1.1-B0ZMTETFpy.4UVQCSCjC41ZK7SNu937kQlTzVAJcWc32ssdLhMw6ABOOtPYEffjVk95c00ebotxdta3D5Bj8zMQKV.uwWXu.Yi1NL59Ztvo
.criteo.com/ Name: cto_bundle
Value: Ehv9ll8wOFl0dWFBYTR0SW82bk5ibXolMkI4a0ViVTJjaWlGOVlvdzdFa1JNMWo1NHR5QlpXYVY1ajlzSWlGc1g1RVBsZmVJdXBxSlZaWm10Z29mRmFiY2NEQVVqZEpoaU5lOXhVY0Y2WDFIMGdwWGJRN3NTdkRia09LM3FFM3JrVnh2dW9IOWRub0NTMEFxYTFKUFZPb1NxbmIyUSUzRCUzRA
.reurl.cc/ Name: cto_bundle
Value: ytnZWV9hdmNXRWs5a2oxY01YMW5MS0RWNG5nQmloYXRLT2JIT3dRdkFPTWZ2VENBJTJCN1VwTFptb2dveG85S3ZSNGdTVTFMVzVIRUF5eEJwWFJ3TUhpdVROTHJTUm91ZVV1ZVl5eUt3WXlBaHdnQXA3a3MlMkYxbXdXSlJVRTF0blhaWXhQd3ZzOTdkVktWdGtxWGVoTllmMEM1T0lnJTNEJTNE
.doubleclick.net/ Name: APC
Value: AfxxVi6mIoxtS134ujXb0afaK6N_cDaeAFBQ9MXosENuM6oBGuSqpQ
.casalemedia.com/ Name: CMID
Value: aTS.9bmqPysAJI.OAkxdfwAA
.casalemedia.com/ Name: CMPS
Value: 4331
.casalemedia.com/ Name: CMPRO
Value: 4331
.doubleclick.net/ Name: ar_debug
Value: 1
.csync.loopme.me/ Name: viewer_token
Value: 14e7f6ac-8498-4f38-8fd4-d3637d662a37
.yieldmo.com/ Name: yieldmo_id
Value: xzhmVeekixePVWnlF7Ef%7C1764979200000%7C0
.rubiconproject.com/ Name: receive-cookie-deprecation
Value: 1
.flashtalking.com/ Name: flashtalkingad1
Value: "GUID=6549AAE83655B4"
.adsby.bidtheatre.com/ Name: __ktpct
Value: 1
.adsby.bidtheatre.com/ Name: __kuid
Value: 4e3e4714-f5c7-491c-83de-1b37d52b3eb3.534278438
.contextweb.com/ Name: VP
Value: part_vZxb2F5dntnn
.contextweb.com/ Name: pb_rtb_ev_part
Value: 3-21xu|7Bj.0.CAESEISWxZCiH3JVZqS0vuqKzn4
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: 13b3f50ec1aed9e6
.linkedin.com/ Name: bcookie
Value: "v=2&222b70de-d854-4b7c-8de4-f84315393c6b"
.linkedin.com/ Name: lidc
Value: "b=TGST09:s=T:r=T:a=T:p=T:g=3167:u=1:x=1:i=1765064438:t=1765150838:v=2:sig=AQFvYFqV_DOB3xbGnZR92mO3Min3X63U"
.3lift.com/ Name: tluid
Value: 1669468453303130033849
.3lift.com/ Name: tluidp
Value: 1669468453303130033849
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-f0a76f3f-ff9e-5bb6-6679-a4bd4a6c0d1c.k5s4By6V18cjLyMefW5zPdmzpt6GYyUTm7jYtT08sw0
.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-f0a76f3f-ff9e-5bb6-6679-a4bd4a6c0d1c.k5s4By6V18cjLyMefW5zPdmzpt6GYyUTm7jYtT08sw0
sync.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3A8KdvP_-eW7ZmeaS9SmwNHLm8PfQ.KKjI9l93nG%2BYdqVlIiE2Oy7wPcG18Sbb1IAXgQsEggU
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3A8KdvP_-eW7ZmeaS9SmwNHLm8PfQ.KKjI9l93nG%2BYdqVlIiE2Oy7wPcG18Sbb1IAXgQsEggU
sync.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKIJbg3lF-H4tT50Xs5DyGJTL9wOvhtQLx4OJRqA285gy2ENYBGAQg9f3SyQYwAToEquWgoEIE9zRpVw.oJvnVVJLK%2FHN0%2FnobW3wx%2BgPxqwdSqN%2FK6Dtz7GDpJg
.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKIJbg3lF-H4tT50Xs5DyGJTL9wOvhtQLx4OJRqA285gy2ENYBGAQg9f3SyQYwAToEquWgoEIE9zRpVw.oJvnVVJLK%2FHN0%2FnobW3wx%2BgPxqwdSqN%2FK6Dtz7GDpJg
.lndata.com/ Name: admckid
Value: 2512070740371119381
.adfarm1.adition.com/ Name: UserID1
Value: 7580894036577810796
.flashtalking.com/ Name: _D9J
Value: 3334955e643c48388e283119c563d478
.hinet.net/ Name: uuid
Value: 1a49050a-9b99-45bf-9429-f42c8310aa0b

20 Console Messages

Source Level URL
Text
rendering warning URL: https://reurl.cc/k8qxzL#Conditions(Line 206)
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0D0E502540F0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'bluetooth'.
rendering warning URL: https://cdn.holmesmind.com/js/capmapping.htm
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0B0B204540F0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.
rendering warning URL: https://cdn.holmesmind.com/js/capmapping.htm
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0E0B204540F0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.
rendering warning URL: https://cdn.holmesmind.com/js/capmapping.htm
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A010B304540F0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.
rendering warning URL: https://cdn.holmesmind.com/js/capmapping.htm
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0B0B204540F0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.
rendering warning URL: https://cdn.holmesmind.com/js/capmapping.htm
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0A0E502540F0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.
rendering warning URL: https://cdn.holmesmind.com/js/capmapping.htm
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0D0E502540F0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.
network error URL: chrome-error://chromewebdata/
Message:
Failed to load resource: the server responded with a status of 400 ()
other error URL: chrome-error://chromewebdata/
Message:
Refused to display 'https://www.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'.
rendering warning URL: https://ep2.adtrafficquality.google/sodar/sodar2/237/runner.html
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0601800540F0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.
rendering warning URL: https://ep2.adtrafficquality.google/sodar/sodar2/237/runner.html
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A040E502540F0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.
other error URL: https://reurl.cc/k8qxzL#Conditions
Message:
Attestation check for Attribution Reporting on https://ad.doubleclick.net failed.
rendering warning URL: https://ep2.adtrafficquality.google/sodar/Klz6NWr5.html
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0E0B204540F0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.
javascript info URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g(Line 1)
Message:
WebGPU is experimental on this platform. See https://github.com/gpuweb/gpuweb/wiki/Implementation-Status#implementation-status
rendering warning URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g(Line 1)
Message:
Failed to create WebGPU Context Provider
javascript info URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g(Line 1)
Message:
WebGPU is experimental on this platform. See https://github.com/gpuweb/gpuweb/wiki/Implementation-Status#implementation-status
rendering warning URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g(Line 1)
Message:
Failed to create WebGPU Context Provider
javascript info URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g(Line 1)
Message:
WebGPU is experimental on this platform. See https://github.com/gpuweb/gpuweb/wiki/Implementation-Status#implementation-status
rendering warning URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g(Line 1)
Message:
Failed to create WebGPU Context Provider

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
83a8eb42-6ef1-4f83-b0a8-8311ce7c1584.t.ssp.hinet.net
9f56552c-16c7-4550-86c4-b2f06a3a3997.t.ssp.hinet.net
ad-specs.guoshipartners.com
ad.doubleclick.net
ad.holmesmind.com
ad2.apx.appier.net
ads.yieldmo.com
agen-assets.ftstatic.com
ajs-assets.ftstatic.com
analytics.google.com
anymind360.com
bcp.crwdcntrl.net
bh.contextweb.com
buy.criteo.com
c.holmesmind.com
cdn-ima.33across.com
cdn.ampproject.org
cdn.flashtalking.com
cdn.holmesmind.com
cdn.jsdelivr.net
cdn.mediago.io
cm-dev-poc.holmesmind.com
cm.g.doubleclick.net
cm.lndata.com
connect.facebook.net
creditcards.com.tw
csync.loopme.me
d9.flashtalking.com
data.ad-score.com
dsp-cookie.adfarm1.adition.com
dsp.adkernel.com
dsum-sec.casalemedia.com
eb2.3lift.com
ep1.adtrafficquality.google
ep2.adtrafficquality.google
f5468d195f184d9a2161b39cb1e22a89.safeframe.googlesyndication.com
f9f7e13bde29a7f0348d8281560da983.safeframe.googlesyndication.com
fcm.holmesmind.com
fcm2.holmesmind.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
gocm.c.appier.net
googleads.g.doubleclick.net
gtrace.mediago.io
gumi.criteo.com
ib.adnxs.com
images.mediago.io
img.gbyhn.com.tw
img.racingcharger.tw
invstatic101.creativecdn.com
js.ad-score.com
m.holmesmind.com
match.360yield.com
match.adsby.bidtheatre.com
match.adsrvr.org
mma.prnasia.com
mug.criteo.com
nearbymed.com
oa.openxcdn.net
onead.onevision.com.tw
pagead2.googlesyndication.com
pixel.rubiconproject.com
prebid-asia.creativecdn.com
prebid.scupio.com
ps.eyeota.net
px.ads.linkedin.com
re-news.tw
region1.analytics.google.com
reurl.cc
s0.2mdn.net
scontent.xx.fbcdn.net
securepubads.g.doubleclick.net
servedby.flashtalking.com
ssbsync.smartadserver.com
static.criteo.net
static.wixstatic.com
static.xx.fbcdn.net
stats.g.doubleclick.net
sync.1rx.io
sync.srv.stackadapt.com
t.ssp.hinet.net
tags.crwdcntrl.net
tpc.googlesyndication.com
trace-eu.mediago.io
track.91app.io
tracking-client.91app.com
trc.taboola.com
web.alipearlhair.com
www.facebook.com
www.google-analytics.com
www.google.co.in
www.google.com
www.google.es
www.googletagmanager.com
www.gstatic.com
082fc394a62d374456508868d37e314c.safeframe.googlesyndication.com
ad.holmesmind.com
cdn-ima.33across.com
data.ad-score.com
ib.adnxs.com
www.facebook.com
www.google.com
100.24.190.87
103.132.192.30
104.18.26.193
107.178.241.176
108.128.35.4
116.50.36.71
13.159.234.135
13.226.244.20
130.211.115.4
134.122.57.34
142.250.184.226
142.250.185.129
142.250.185.130
142.250.185.228
142.250.185.67
142.250.185.98
142.250.186.130
142.250.186.162
142.250.186.174
142.251.140.162
151.101.1.55
157.240.0.35
157.240.0.6
170.106.34.222
172.104.64.149
172.67.222.174
174.137.133.49
178.250.1.12
18.202.153.236
18.244.18.94
18.66.122.129
188.114.97.3
192.0.78.24
2.17.100.193
2001:4860:4802:32::36
203.74.221.1
203.75.214.136
208.93.169.131
210.59.219.34
216.239.32.36
216.239.36.181
216.58.206.38
216.58.206.72
2600:9000:208a:8000:0:e06c:e940:93a1
2600:9000:208a:b400:0:e06c:e940:93a1
2600:9000:2646:1e00:a:deb0:3380:93a1
2606:4700::6812:5fe1
2620:1ec:50::12
2a00:1450:4001:80e::2001
2a00:1450:4001:80f::200e
2a00:1450:4001:812::200a
2a00:1450:4001:813::2002
2a00:1450:4001:81d::2003
2a00:1450:4001:81d::200e
2a00:1450:4001:829::2001
2a00:1450:4001:829::2008
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::2003
2a00:1450:4001:830::2001
2a00:1450:4001:830::2003
2a00:1450:4001:831::2006
2a00:1450:400c:c06::9d
2a02:2638:3::27
2a02:2638:3::28
2a02:2638:3::d
2a03:2880:f084:105:face:b00c:0:3
2a03:2880:f177:185:face:b00c:0:25de
2a04:4e42::300
2a04:4e42::485
2a06:98c1:3120::3
3.122.214.165
34.102.146.192
34.111.133.51
34.111.60.239
34.206.232.238
34.95.67.231
34.96.70.87
35.185.136.122
35.190.36.98
35.201.76.198
35.201.76.93
35.214.168.80
35.214.236.30
35.227.249.156
35.229.143.32
35.71.131.137
35.75.180.237
52.222.136.120
54.171.119.250
54.238.82.241
54.246.85.69
65.8.131.76
65.9.175.36
69.173.144.165
76.223.111.18
80.82.210.217
89.149.193.84
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747
051e80a1c57abf8110179c702d7422232d6f838dc7e8c3a25f17e83d8f930298
0578ddd28edb6f0644cac5bff26af2ff57860496269f2f5b16254c67c236e139
0609da224daf4b439c3f1bfe1aa1e2f1f19a45f2eba1687a9cb17aec5150c529
088791e91745f7dcc007a27e99406c69e335499320815bede2212c4dccbfe9a2
08c9dd7d8c7c4756623ea8cd611ae7254225f895daf6ce147b1675e6e204a075
090c5dbe03c9cc652f75b74bee6dfa2291037ace8ab00603ee530a747cd62279
09b25f50064198b8b102ee0c36e579d64ab31e2079046d2d532f621a0cb72898
0aae0dc69f58f1b2c51c2236e970c669d3f6db628138135f61857cb58a23ad47
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ce21b5609c1c5130807ad9a438c4081b25a3cdf8f27381e9753b9c6bed94e25
0d95a521e435509b125e0b098faf987e28e154ebd6468e16c449ebc0a3b8c1e3
0dff8b1e715f8312877f5d625115f8e962d45c3da578481f9f0f8a5e051a4fd1
0e5a0934780ce45563c730759b53941481895a06701e8e45287d4bbdbd464cdb
0e83a8ffdd161a80e179732ca1f514ee08dcc3c4a128baa9c92bcffebc2a7c52
0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2
0f99735761fe2d501496fb7fc41052ec3be141043d88c2eca3b2344628c6dc32
100d72a28123bcee974e8642b8bf1c0865bf1034c9b59f59597d53809e192fdc
120a67e10b39b6b70dc52c65c77d016cba6e33b0ecc86d3fd49dda8f9efc2657
129da67f4b5d8cf07c284a0e05e90f3b31ad384d3e89457b55ae10f83c851fd1
14b660a511e14a9a481c6fe43c576f36c61b656cfd379728c54f1128e1855966
16972c99cc3812c26bcbdc5c530f3f9994ec4077344b6ed3469fa5a255f11705
186a42afc0c740f7c6cc5f5b8e9de9caae0eebde71584bf15597630084cb2adc
18a1a14cfb15982e09a0c1cc734b897cee8a0257d3a81165f6676f42a0ab2985
19fc42ca69d62c46b696e00f28e46c7bc4ece28ed00310abcc6e9cca2a59f1c5
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1e8f74dd0484e5a2c83b0a373201f8f911241bba94a2d3ecb2db6014bb392c29
1eee35895c34e1be650b2a93e0ee862b25a29777136bcb1908e852bc32b66940
230ef0b6df3e18bd19fd1a42f35db23ec6e68573a52492ad2a22b6cd385553b9
25355805f44af99037c6b951f9afd762f5fd74eb126aba4b2f82cafa563c0f90
256cd3f478cfbf8dae57752b3d9b3ac6018fe19cf7ae3aaa2cf629d05a5e41d0
260753fa7e3f19eb264eb8ed5ccc7fd1b02a172035652f9877506eba9a50279d
2650f0bf9347561322354447171981c0a052401f826695fec1281e29fa16c840
281d1da1383d84e2a41d76911a6aa68a7c094232366f08eb1263aadf30b9d96b
287a3783bfa7846684d2c67833f0c32a9c31d9536b204ca56085009ec871f580
2a5cfa356af90e4dc14d89477463deb2c098c826ebc6d74c1577eb3d5973cac9
2a92ee45268ed11ec62c796691b219f26003e5df558fb7fdefcdbc447a68f806
2e5f5cb912c0619933ea6c3ad8ac1466a005f792e3338d96a8432d144c63520f
2f8ac6527cdffe85b3748a1fd3c26b38aae2ae1e1d8e1a2743c7bec82c2100be
31b4d2ac4928b0129a5a969594be92783dbbb13112dd350f128de1b8d7215f30
327f7d71b98a7d85095eb5d8fd4a3c451e1373df4a95e06aee097399dc939356
32a930b3731854716f136e21e994a365e1c2819591e061918a4255b3b164c68f
330e8275601d733c96e356c4fda9f1f94c6665e03379eb9cbace4416b4da05d3
34a98604b4b7a00a71a261980cf629591174f8e717fd078577b1fb04ed357d8b
351966dece7214af3b43d9a94f07c1c936176ad5dd81f0bbe1f6b319b4cd96d1
352d0915216b13b935f1abedea04d4a039802faaf69153ae71c377410990e322
3539a82b4664c18c51201b6b35a296282250e6cfb16f3355c61d949797c56529
365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60
36f2d17b2ef2e576dc767a15e0f7ca5efa4208a0e2248e88b6acb87ecf4efc7b
37404452844e37efda6359bb72a1e18f344b0308330229d25dcdd9a2183a32cf
3774a7ce325859b32b6b0b01bde2879c75b81131fafe4a584b18b744711bd75d
37cd16af9680e2eac2b065fe88fbc0ca6d80583c67a9d8c69969e5dcbe27b14d
38f7772e472b0b35de7282b88150e576421b4c30bfc311c5da6cab6086b63d1f
3a9443f2e25afa543914b6e2d9c901d888a7ade71e34557bcc92bb83fdd8c0c6
3c0642a0b40f3a3af331b2656807af9976a2c253f1832a1cc425b5a34b749126
3c255bf51649ef300a439c5d882e1f1f0c76c5ff8eb0b2f9ebc358afcc2e57b7
3c52736cd90e13a1953ad6f794222da0ccaf7024416b519231efbb5924925c95
3e6e5dd7032848861a58c447e4b7042fbe6dfebd3a1da5a8f2b5432b25c45787
421ccf7311753040565423d2d4e10d2f7ba8275745a0c84186a666bd0274e23f
444f06cfc7c53f6deb79b3167dcf592d2093f5cbde45f580ff2a96c4c7506d31
45444d590a67d30e8b2fde01bb6482f829383b64bf14a4b19b86e22fdc319fbb
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
49daae6a1ded3247cfedf52edf1bc7bacb579117b10adf237dd6b173ade15c71
4aabeca4badd5209805a261b3ebbe65d998274cc3a86d41b004f72179b6f2d10
4c95e84767aed248594e7d485707c7ed904fd2fe4ec3ea98687fc2de59ddf231
4da2dc78cc23591a9ee3285ba8f3891fa57b506b7902fbdd35fa5a2172566c55
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
51d8ff6c08bd4ac009c99b4f0f90b2a3f8f522f9ada47e383b534335bcba10ad
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
54573654901c495ecf67cc8ffd30108dd6f3a3c7332fd4dba41ab13877b75b8d
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
552bcecf5134233103a959c9454df5670f589815e987e0ac38673ec1598a0f1e
55d72e6c27809e3d9fcee9bfacc5e736e6c8c0f032004a22ca1f1ff2f4594af3
56e75ea9a0b348dca879e69a07d402a67735f971ec0d71484785481b1b6fd00e
57e3fef09cab4680c25c4a06c9c1ce195325f5d502d4d75b5d53a7c2f14e2916
5a126f14b09d315eb00b0c14ec3c681952aa3dbbda7309094e5bb17d0d6f628a
5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd
5cf5651c64c58c1d6ebdc4f2a85fb77389a0f4d17c6e17eb89765666123888e4
5e89733d8a8e055100cda68bf7a712ab0e1b24fefee7e39792b47cb5ff7c3cb1
5fc8514d50f52140ddcbff791b0d52d7e88237a6c46634990d7046e4e9f7d13f
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
60280ebcf60053f7d378a772ecfabb60b0b69b9634e19105cb2307b126918447
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
6167fd340131937aa85eb5de6051b6891a17b303ffca682704a89007eda6a97f
620a382665ff035abb643a19e12f088aef2bc27b55398d4ae3f131b773be6355
6215cea030001547475bd19ec624e50c85af367309e115d7813ae4eaff664d32
651219c93cab2078fb7f9f5f3d091d56009b1108ff95b312d5b518a8639fbf2a
662294921ca6240beb0f2aecb7f7ac23dd085b782bbe52a369b20226d26afe33
66ff4ad29ec9611c45b2a36c657f7637f3b993dd6a1b2c011d2f63059e1a1ed4
687dd881bcfd28cb6d91b90177f77e77baadebdb5d41a3704b348e8df203c31b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6d48dd4cdaf056bc2dc44b488eb6064e74895f395d8c3d3fc0f1bd76c91a93f7
6d4c444108925dc2ec8fe761f55a6760241c123740591e1348f0f94a653a3985
6e9ab8ab1d57a0695a66577e348ae4343e1a92f70cb4835a52c4863f11114037
716041efdb4414a3094243ecd3725ea02dd514734d7183e1b746c47b50da5005
73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c
7439766d6038ec88a136b0c341ecad3828dead2df321e735b7d75ceb714ea766
76ce7be11e0a300625ed70bad0e19aed220e1814944b67daa40be396732ebf3d
76e0fe9b59aa81409567a77b7f5cfaebcbe6d1a5586d4979c5a83a327f68d517
7726dc22646c500819286df1d8d4bc1c2fed470571716a82e75c2d754475fbea
7796bc98ebfc9a7ad34235e113ce32471fdf6e41447fb9165b1abfeb748bff42
7808605ddd1f0eaa454aa444293d2f0260943e51e53838fca46506e6a69fe521
80d755c8fdf679d084f69c1043420659c3a3ce1bb7ec2a39e06c89a517f47677
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
873b90cdbff7dcb26e9ea34c647a5d15e83daecca768a816619dd38a503c09b5
88eec3b46d536658d7c59b2dd03b35dffdda8d03a2eaff9674a4d53b4b1ee8aa
8a1e698279502754957b1a3e2258fff174eee8b1802ee54d6d15df445d627220
8c04e118bdd5757192be2a1eb360786f9fa1c4b398806430b7f41f203f64d8e6
8d23693251d0923a21dba7083e1e3a58a18123b146cebbcefb828e1caa7c3aa3
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d845b7d524ee76d5a4279de4d698ca8b130c69024d5907e3305e5592f8ec8ac
8f73a10773dae7dadd7ca1e735ae7da6028aca748f9d01cff8aeebb462767c6e
8f7636a0b0dd99d49730dd0dd8f91db5bc76ead8b17b834c2071fdeac92ce0f4
9024d05e9ae7e5f94b34389a54cf559d0f28c4c3f6aa8492f1a50c658ed1730f
910692ee1d7c5913d23b55281b9741a00375351c00f8eb0daf709894df0de02b
96e3e8dfde6b1042514824bac1b44282d4a76bac028f2d767f6534dce2cf3db0
979da208bbb4e7e775544f9ea351afe3cae32b74ca9b980e05762c5b0533fe17
98bb90ae4668a40747db1271ecdde49ce976e0312194b8e708243806ece09fc4
9981bd9bfa17f0c34ef78cee51b089e50594b3e17df1cfbadc371ef872ab05a6
9a7c628d4ce4c16e4267031b59c5e3e512796a57e5372946d39ba4cb1a74e5a8
9aa92a9a076fd2e55f339cd82c8b540e96ea0a4e4c7c12da6602edfadf2a0819
9cef4cfccf73b953244f41e6369166240c16288c15356a02cb6f850e3b32e3ab
9d6d7342264129047aedc4df11db9bdf238eec8fed367c7289ab11ca6ef6ccbe
a12d8f40e22ad7d43ce1ce9c5c8522a3688fd36db3da2643e61851babae66f34
a76d7258aad3155e7415865ff11049eb7eb0e618f5cf9e9d90664759a8280d66
a7c26694861bbd926c7d903f707b406aa8eaa6a5065a3acb6c8e0028e8eaee6e
a7f65c0446b6cac3175458f6388304d0c23e70d11fa0db20920a619f1bc18623
aa71c7883856a878e8eeced239b93f964a0a24378debb30f86c3c84f9e2b3aa4
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ab187b70940d331c60646d5731fa8e86d6958ba69dfa241361e39d30d81c2d31
ac421c08584fd8d7372de9a74755f20bb6f6922c3823ff66273c84c6fcd624a2
b08fe2a6deb6fa610692639720cbb4a1a2d82cbe93d16b7a092bccbdf5d98943
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2b132c35086cbb400fb3f0ae60c3e28d24bfd7aeefb1fe5858b210294fb3cc0
b638cc2de9f4bf30cd980830ebfba0b586d5ce5da10903f126d0dd4350e5aea3
b97b6a79b734e9323aa8c3847d0b2a1bb5db32fc6a7df92ac69653d1c8ba13c5
ba391e1a61563548058a9d5fe8394e2514f65b11721e7a74ca2b8577743c73ac
bca7ee31fc622c935a1ba3d3d012111f3aab926dc898ed011513fc7a9145f90e
bd04667d5d5feb14319f345a1a8e7486d8ab5aea560fb8be53cae5f6bc9d0e20
bea1c5ab168f662fc9eb5bda3474e5b1bbd0d3ecc1d9c68e2a753f613c2ae0c2
c205c874491530a4288b8f643e5da8fbcf7c54bee71bb787f4444e77de90e821
c2bfe20d9d58935828e75bc753e2655f240621077408ae64f9b40a20f5125487
c642b7be944e3deb4b5468f817028404d0f4ef0a47726a3b859e66f4bd790dc4
c7038e16d5f2b00508d0674719a9a981a18cc48442070b36088e1ea89a4bd697
cb0b7e59ac2eef11006bebdcfd28fc93484e960290e7c2b59751a11d51535f10
cda14c5d442d3a25a325ba897930f31245b21c1639ff0f7abaef684cdce5a951
ce35297b7eeaea73da74d401d81ef36d85b53ba08c0ea16491d31a3b146aebfa
cef005a7925817203365e696b47631a1bb7741d6b22f19399f5b958069a09eda
cf3fb0b2562c4fbd38a7e6d30f826c985fd6b5cbab568c306f766fbcd639a597
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d4131870032e7d42fa278dbb33233d9d712fbb0552adceb3ea3e3decf6047fa2
d4fb786f5801f1763d232365a3218174d72eabe14d6d60356ec8db04b3674feb
d50cad871cd252aca6f998215c8f1c3d372bef86a324e45fc1f60d0b5e1e61b5
d51ae4a1096fac36fe9055d5c3f4daa85de0120b567636c89327b544a2a6a795
d89a7a0a9265bdace4e74cf1d770347e274868849d6f50c4176520023ef15407
d8e4fe0452aa2076429a9bb5d8757d00a994dd95986cf950e9a1a371b9a072a0
de9a01c7615e32fbb245e24d694c5a6491f96ac2545345c668183fb186c56679
e108480a9894485059f2b1676b6e05a34af2ecc20fbcdd034d37e768e5356223
e2200f2b73fa36292ab8f7a174fb828a3a6dd25ef77e720223c0cbe6f85fdcd4
e2b7bfebdeba32dabee246efdc632aee320ea6996d8d5ae26add73ea87ec9902
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2
e8563874606ec4e234c4b3a767298b490aa03f50c4c9ab64598b03027b3a1648
e9a187a3c1b2598be9947f34f4b17db8a21829de163bed7be14bd8b8f59b3525
e9b96bc538ceb220fc5caff0d0a67916b74cf07b2bada0b3296a17b1b99c9990
eba78fe8e3e278785cd48235cf567273bba7d587a166784062a797d45304226c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
eff958d6a66dede8a64c252dcf84e69d34c888460d5fcf6f835e655ab487d352
f07483995ced4582275d913949d0cad65c977e65393068dc864005e0d5d7a5c8
f1251b5aa44c40639d940adcbebe2d7d88573dfac9a2ba63d71ca06ea67bbad9
f1a61277e3f902f50ab42015d8b07218db9b7601bb0967e54a52bfdcb4fa7e81
f1a68bf826c55985468304f4284a09cb8a68e82503d764166e611a7c58a85a4b
f1d3e9c9b5704e62c849119f1f71388c12691ccf76d5200a281b779878faa722
f21233ebfc628748be56e544ee831e6723e5534227b3d48b06b77a7bda1f6e28
f31502bd8b58a334acc32b695f096fde6dd136fa1106f2d2d9fb4825d41b1abb
f3c5e5a0064eec4419f514718f35b3eb4ff163a77ebf16445041f5498a84638b
f8063f5d2cccee6b95940117c0075891185d908e26aff971d6115c92ec667502
f8bcd058a4fbee6f8b68a5ff2930470c1890fc714914c226cf950b4e11ffdcdb
f9f7ef12c3df44b4d7fe83a2a0b1e5b84870c52eea52932eeeab44d082cf4416
fa73b65b37ac9d1b642cf38e370e1717e790452a9fc7afc0ceac66bae0a2ad12
fb1225a126a46d56388c6434e48a7fe384af68546ef7e3a047050de738f4f05e
fec5a361dec923efe92848ca27b02b158b164380a9eaf6cc1625e08e0d9c101e