reurl.cc Open in urlscan Pro
35.229.143.32 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://reurl.cc/8nzqdj
Submission: On December 08 via automatic, source phishtank (December 8th 2025, 1:19:40 pm UTC) — Scanned from TW

Summary HTTP 209 Redirects Links 19 Behaviour Indicators

Summary

This website contacted 49 IPs in 6 countries across 36 domains to perform 209 HTTP transactions. The main IP is 35.229.143.32, located in Taipei, Taiwan and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is reurl.cc. The Cisco Umbrella rank of the primary domain is 313900.
TLS certificate: Issued by E7 on October 30th 2025. Valid for: 3 months.

This is the only time reurl.cc was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7	35.229.143.32 35.229.143.32	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	151.101.129.229 151.101.129.229	54113 (FASTLY) (FASTLY)
2	151.101.1.55 151.101.1.55	54113 (FASTLY) (FASTLY)
3	142.250.196.136 142.250.196.136	15169 (GOOGLE) (GOOGLE)
17	3.164.121.106 3.164.121.106	16509 (AMAZON-02) (AMAZON-02)
2	203.66.35.97 203.66.35.97	3462 (HINET Dat...) (HINET Data Communication Business Group)
4	216.58.220.130 216.58.220.130	15169 (GOOGLE) (GOOGLE)
6	107.178.241.176 107.178.241.176	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	31.13.82.36 31.13.82.36	32934 (FACEBOOK) (FACEBOOK)
2	35.185.136.122 35.185.136.122	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	216.239.32.178 216.239.32.178	15169 (GOOGLE) (GOOGLE)
1	104.18.96.225 104.18.96.225	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.67.222.174 172.67.222.174	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	192.0.78.25 192.0.78.25	2635 (AUTOMATTIC) (AUTOMATTIC)
1	104.21.96.9 104.21.96.9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.21.67.166 104.21.67.166	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	3.164.143.112 3.164.143.112	16509 (AMAZON-02) (AMAZON-02)
2 3	52.77.94.58 52.77.94.58	16509 (AMAZON-02) (AMAZON-02)
2 2	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
1 2	18.182.162.20 18.182.162.20	16509 (AMAZON-02) (AMAZON-02)
1 1	151.101.65.44 151.101.65.44	54113 (FASTLY) (FASTLY)
6	3.164.121.117 3.164.121.117	16509 (AMAZON-02) (AMAZON-02)
24	31.13.82.7 31.13.82.7	32934 (FACEBOOK) (FACEBOOK)
2	163.70.158.11 163.70.158.11	32934 (FACEBOOK) (FACEBOOK)
8	18.176.230.233 18.176.230.233	16509 (AMAZON-02) (AMAZON-02)
6	3.173.197.105 3.173.197.105	16509 (AMAZON-02) (AMAZON-02)
6	116.50.36.71 116.50.36.71	18046 (DONGFONG-...) (DONGFONG-TW DongFong Technology Co. Ltd.)
12	18.180.66.169 18.180.66.169	16509 (AMAZON-02) (AMAZON-02)
6	34.95.67.231 34.95.67.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
6	18.178.75.163 18.178.75.163	16509 (AMAZON-02) (AMAZON-02)
5	203.75.214.136 203.75.214.136	3462 (HINET Dat...) (HINET Data Communication Business Group)
6 12	35.201.76.93 35.201.76.93	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
12 12	142.250.77.162 142.250.77.162	15169 (GOOGLE) (GOOGLE)
6	35.227.249.156 35.227.249.156	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
13	142.251.42.142 142.251.42.142	15169 (GOOGLE) (GOOGLE)
3	216.239.32.181 216.239.32.181	15169 (GOOGLE) (GOOGLE)
2	74.125.23.154 74.125.23.154	15169 (GOOGLE) (GOOGLE)
2	172.217.161.35 172.217.161.35	15169 (GOOGLE) (GOOGLE)
12	35.201.76.198 35.201.76.198	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	54.230.175.56 54.230.175.56	16509 (AMAZON-02) (AMAZON-02)
1	34.96.70.87 34.96.70.87	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	182.161.74.47 182.161.74.47	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
1	104.18.28.101 104.18.28.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.193.193 142.250.193.193	15169 (GOOGLE) (GOOGLE)
2	182.161.74.19 182.161.74.19	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
4	142.251.42.194 142.251.42.194	15169 (GOOGLE) (GOOGLE)
2	142.250.196.130 142.250.196.130	15169 (GOOGLE) (GOOGLE)
2	157.240.199.15 157.240.199.15	32934 (FACEBOOK) (FACEBOOK)
3	172.217.175.33 172.217.175.33	15169 (GOOGLE) (GOOGLE)
1	142.250.196.132 142.250.196.132	15169 (GOOGLE) (GOOGLE)
209	49

7 35.229.143.32 (Taipei, Taiwan)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 32.143.229.35.bc.googleusercontent.com

reurl.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.129.229 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.1.55 (United States)

ASN54113 (FASTLY, US)

anymind360.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.196.136 (United States)

ASN15169 (GOOGLE, US)
PTR: nrt12s36-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 3.164.121.106 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-164-121-106.nrt12.r.cloudfront.net

cdn.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 203.66.35.97 (Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)
PTR: 203-66-35-97.hinet-ip.hinet.net

ad-specs.guoshipartners.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 216.58.220.130 (United States)

ASN15169 (GOOGLE, US)
PTR: syd09s01-in-f130.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 107.178.241.176 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 176.241.178.107.bc.googleusercontent.com

onead.onevision.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
onead-v6.onevision.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 31.13.82.36 (Tokyo, Japan)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-nrt1.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.185.136.122 (Taipei, Taiwan)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 122.136.185.35.bc.googleusercontent.com

re-news.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.239.32.178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.96.225 (Ascension Island)

ASN13335 (CLOUDFLARENET, US)

mma.prnasia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.222.174 (Ascension Island)

ASN13335 (CLOUDFLARENET, US)

nearbymed.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.25 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

creditcards.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.96.9 (Ascension Island)

ASN13335 (CLOUDFLARENET, US)

img.gbyhn.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.67.166 (Ascension Island)

ASN13335 (CLOUDFLARENET, US)

img.racingcharger.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.164.143.112 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-164-143-112.nrt20.r.cloudfront.net

static.wixstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.77.94.58 (Singapore, Singapore) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-77-94-58.ap-southeast-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.71.131.137 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.182.162.20 (Tokyo, Japan) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-182-162-20.ap-northeast-1.compute.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.44 (United States) 1 redirects

ASN54113 (FASTLY, US)

trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 3.164.121.117 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-164-121-117.nrt12.r.cloudfront.net

cdn.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 31.13.82.7 (Tokyo, Japan)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-nrt1.fbcdn.net

static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 163.70.158.11 (Chai Wan, Hong Kong)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-hkg1.fbcdn.net

scontent-hkg1-1.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 18.176.230.233 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-176-230-233.ap-northeast-1.compute.amazonaws.com

ad.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 3.173.197.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-173-197-105.nrt12.r.cloudfront.net

tracking-client.91app.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 116.50.36.71 (Taiwan)

ASN18046 (DONGFONG-TW DongFong Technology Co. Ltd., TW)
PTR: 116-50-36-71.dft.tw

cm.lndata.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 18.180.66.169 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-180-66-169.ap-northeast-1.compute.amazonaws.com

cm-dev-poc.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.95.67.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.67.95.34.bc.googleusercontent.com

fcm.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 18.178.75.163 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-178-75-163.ap-northeast-1.compute.amazonaws.com

fcm2.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 203.75.214.136 (Taipei, Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)
PTR: 203-75-214-136.hinet-ip.hinet.net

t.ssp.hinet.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
83e9bfa3-72be-41e6-bbf5-c9cad822781b.t.ssp.hinet.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 35.201.76.93 (Kansas City, United States) 6 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 93.76.201.35.bc.googleusercontent.com

c.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.77.162 (United States) 12 redirects

ASN15169 (GOOGLE, US)
PTR: lcnrtb-ac-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.227.249.156 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 156.249.227.35.bc.googleusercontent.com

m.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 142.251.42.142 (United States)

ASN15169 (GOOGLE, US)
PTR: nrt12s45-in-f14.1e100.net

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 216.239.32.181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 74.125.23.154 (United States)

ASN15169 (GOOGLE, US)
PTR: tg-in-f154.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.161.35 (United States)

ASN15169 (GOOGLE, US)
PTR: nrt12s23-in-f3.1e100.net

www.google.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 35.201.76.198 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 198.76.201.35.bc.googleusercontent.com

track.91app.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.230.175.56 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-175-56.nrt57.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com

invstatic101.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 182.161.74.47 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.28.101 (Ascension Island)

ASN13335 (CLOUDFLARENET, US)

cdn-ima.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.193.193 (United States)

ASN15169 (GOOGLE, US)
PTR: lcnrta-bj-in-f1.1e100.net

3f7c8398439d581fb0b47b69a86277bd.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 182.161.74.19 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.251.42.194 (United States)

ASN15169 (GOOGLE, US)
PTR: nrt12s47-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.196.130 (United States)

ASN15169 (GOOGLE, US)
PTR: nrt12s36-in-f2.1e100.net

ep1.adtrafficquality.google	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.199.15 (Chai Wan, Hong Kong)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-hkg4.fbcdn.net

scontent-hkg4-1.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.217.175.33 (United States)

ASN15169 (GOOGLE, US)
PTR: nrt20s19-in-f1.1e100.net

ep2.adtrafficquality.google	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.196.132 (United States)

ASN15169 (GOOGLE, US)
PTR: nrt12s36-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
73	holmesmind.com 6 redirects cdn.holmesmind.com — Cisco Umbrella Rank: 237692 ad.holmesmind.com — Cisco Umbrella Rank: 143825 cm-dev-poc.holmesmind.com — Cisco Umbrella Rank: 230074 fcm.holmesmind.com — Cisco Umbrella Rank: 295745 fcm2.holmesmind.com — Cisco Umbrella Rank: 280119 c.holmesmind.com — Cisco Umbrella Rank: 157999 m.holmesmind.com — Cisco Umbrella Rank: 264664	78 KB
22	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 865 scontent-hkg1-1.xx.fbcdn.net — Cisco Umbrella Rank: 42054 scontent-hkg4-1.xx.fbcdn.net — Cisco Umbrella Rank: 38607	324 KB
18	doubleclick.net 12 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 255 cm.g.doubleclick.net — Cisco Umbrella Rank: 296 stats.g.doubleclick.net — Cisco Umbrella Rank: 159	253 KB
17	google.com fundingchoicesmessages.google.com — Cisco Umbrella Rank: 780 analytics.google.com — Cisco Umbrella Rank: 151 www.google.com — Cisco Umbrella Rank: 2	77 KB
12	91app.io track.91app.io — Cisco Umbrella Rank: 145118	2 KB
7	reurl.cc reurl.cc — Cisco Umbrella Rank: 313900	12 KB
6	facebook.net connect.facebook.net — Cisco Umbrella Rank: 212	87 KB
6	lndata.com cm.lndata.com — Cisco Umbrella Rank: 222357	2 KB
6	91app.com tracking-client.91app.com — Cisco Umbrella Rank: 200848	17 KB
6	onevision.com.tw onead.onevision.com.tw — Cisco Umbrella Rank: 165591 onead-v6.onevision.com.tw	2 KB
5	adtrafficquality.google ep1.adtrafficquality.google — Cisco Umbrella Rank: 334 ep2.adtrafficquality.google — Cisco Umbrella Rank: 343	26 KB
5	googlesyndication.com 3f7c8398439d581fb0b47b69a86277bd.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 126	78 KB
5	hinet.net t.ssp.hinet.net — Cisco Umbrella Rank: 89836 83e9bfa3-72be-41e6-bbf5-c9cad822781b.t.ssp.hinet.net	4 KB
4	crwdcntrl.net 2 redirects bcp.crwdcntrl.net — Cisco Umbrella Rank: 1101 tags.crwdcntrl.net — Cisco Umbrella Rank: 1077	14 KB
3	facebook.com www.facebook.com — Cisco Umbrella Rank: 121	32 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 36	466 KB
2	criteo.com gum.criteo.com — Cisco Umbrella Rank: 492	7 KB
2	google.com.tw www.google.com.tw — Cisco Umbrella Rank: 25152	515 B
2	eyeota.net 1 redirects ps.eyeota.net — Cisco Umbrella Rank: 1030	2 KB
2	adsrvr.org 2 redirects match.adsrvr.org — Cisco Umbrella Rank: 419	1 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 57	21 KB
2	re-news.tw re-news.tw	27 KB
2	guoshipartners.com ad-specs.guoshipartners.com — Cisco Umbrella Rank: 183614	25 KB
2	anymind360.com anymind360.com — Cisco Umbrella Rank: 19502	174 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 284	58 KB
1	33across.com cdn-ima.33across.com — Cisco Umbrella Rank: 1248	7 KB
1	criteo.net static.criteo.net — Cisco Umbrella Rank: 1000	13 KB
1	creativecdn.com invstatic101.creativecdn.com — Cisco Umbrella Rank: 2208	3 KB
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 2436	8 KB
1	taboola.com 1 redirects trc.taboola.com — Cisco Umbrella Rank: 749	543 B
1	wixstatic.com static.wixstatic.com — Cisco Umbrella Rank: 6375	1010 KB
1	racingcharger.tw img.racingcharger.tw	742 KB
1	gbyhn.com.tw img.gbyhn.com.tw	61 KB
1	creditcards.com.tw creditcards.com.tw	912 KB
1	nearbymed.com nearbymed.com	14 KB
1	prnasia.com mma.prnasia.com — Cisco Umbrella Rank: 491627	26 KB
209	36

	Domain	Requested by
23	cdn.holmesmind.com	reurl.cc cdn.holmesmind.com
18	static.xx.fbcdn.net	www.facebook.com static.xx.fbcdn.net
13	fundingchoicesmessages.google.com	securepubads.g.doubleclick.net
12	track.91app.io	tracking-client.91app.com
12	cm.g.doubleclick.net	12 redirects
12	c.holmesmind.com	6 redirects cdn.holmesmind.com
12	cm-dev-poc.holmesmind.com	cdn.holmesmind.com
8	ad.holmesmind.com	cdn.holmesmind.com reurl.cc
7	reurl.cc	reurl.cc
6	connect.facebook.net	fcm2.holmesmind.com
6	m.holmesmind.com	cdn.holmesmind.com
6	fcm2.holmesmind.com	cdn.holmesmind.com
6	fcm.holmesmind.com	cdn.holmesmind.com
6	cm.lndata.com	cdn.holmesmind.com
6	tracking-client.91app.com	cdn.holmesmind.com
5	onead.onevision.com.tw	ad-specs.guoshipartners.com reurl.cc
4	pagead2.googlesyndication.com	securepubads.g.doubleclick.net ep2.adtrafficquality.google
4	t.ssp.hinet.net	cdn.holmesmind.com t.ssp.hinet.net
4	securepubads.g.doubleclick.net	anymind360.com securepubads.g.doubleclick.net reurl.cc
3	ep2.adtrafficquality.google	securepubads.g.doubleclick.net ep2.adtrafficquality.google
3	analytics.google.com	www.googletagmanager.com
3	bcp.crwdcntrl.net	2 redirects tags.crwdcntrl.net
3	www.facebook.com	reurl.cc static.xx.fbcdn.net
3	www.googletagmanager.com	reurl.cc www.googletagmanager.com
2	scontent-hkg4-1.xx.fbcdn.net
2	ep1.adtrafficquality.google	securepubads.g.doubleclick.net
2	gum.criteo.com	static.criteo.net gum.criteo.com
2	www.google.com.tw	reurl.cc
2	stats.g.doubleclick.net	www.googletagmanager.com
2	scontent-hkg1-1.xx.fbcdn.net	www.facebook.com
2	ps.eyeota.net	1 redirects reurl.cc
2	match.adsrvr.org	2 redirects
2	www.google-analytics.com	reurl.cc www.google-analytics.com
2	re-news.tw	reurl.cc
2	ad-specs.guoshipartners.com	reurl.cc
2	anymind360.com	reurl.cc
2	cdn.jsdelivr.net	reurl.cc
1	www.google.com	ep2.adtrafficquality.google
1	3f7c8398439d581fb0b47b69a86277bd.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	cdn-ima.33across.com	securepubads.g.doubleclick.net
1	static.criteo.net	securepubads.g.doubleclick.net
1	invstatic101.creativecdn.com	securepubads.g.doubleclick.net
1	tags.crwdcntrl.net	securepubads.g.doubleclick.net
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	83e9bfa3-72be-41e6-bbf5-c9cad822781b.t.ssp.hinet.net	cdn.holmesmind.com
1	onead-v6.onevision.com.tw	reurl.cc
1	trc.taboola.com	1 redirects
1	static.wixstatic.com	reurl.cc
1	img.racingcharger.tw	reurl.cc
1	img.gbyhn.com.tw	reurl.cc
1	creditcards.com.tw	reurl.cc
1	nearbymed.com	reurl.cc
1	mma.prnasia.com	reurl.cc
209	53

This site contains links to these domains. Also see Links.

Domain
re-news.tw
youtils.cc
www.comptw.com
stockinfo.tw
l.facebook.com

Subject Issuer	Validity	Valid
reurl.cc E7	`2025-10-30` - `2026-01-28`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2025 Q2	`2025-06-02` - `2026-07-04`	a year	crt.sh
anymind360.com R13	`2025-10-13` - `2026-01-11`	3 months	crt.sh
*.google-analytics.com WR2	`2025-10-27` - `2026-01-19`	3 months	crt.sh
*.holmesmind.com Go Daddy Secure Certificate Authority - G2	`2025-03-06` - `2026-04-07`	a year	crt.sh
ad-specs.guoshipartners.com Go Daddy Secure Certificate Authority - G2	`2025-01-08` - `2026-01-21`	a year	crt.sh
*.g.doubleclick.net WR2	`2025-10-27` - `2026-01-19`	3 months	crt.sh
*.onevision.com.tw R13	`2025-12-01` - `2026-03-01`	3 months	crt.sh
*.facebook.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2025-09-16` - `2025-12-15`	3 months	crt.sh
re-news.tw R12	`2025-12-04` - `2026-03-04`	3 months	crt.sh
*.prnasia.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2025-10-21` - `2026-11-21`	a year	crt.sh
nearbymed.com WE1	`2025-11-14` - `2026-02-12`	3 months	crt.sh
tls.automattic.com E7	`2025-10-20` - `2026-01-18`	3 months	crt.sh
gbyhn.com.tw WE1	`2025-10-29` - `2026-01-27`	3 months	crt.sh
racingcharger.tw WE1	`2025-10-10` - `2026-01-08`	3 months	crt.sh
*.wixstatic.com R12	`2025-11-16` - `2026-02-14`	3 months	crt.sh
*.91app.com Amazon RSA 2048 M04	`2025-07-25` - `2026-08-22`	a year	crt.sh
*.lndata.com GeoTrust G5 TLS RSA4096 SHA384 2022 CA1	`2025-12-08` - `2026-12-07`	a year	crt.sh
*.t.ssp.hinet.net HiPKI OV TLS CA - G1	`2025-02-12` - `2026-02-12`	a year	crt.sh
*.google.com WR2	`2025-10-27` - `2026-01-19`	3 months	crt.sh
*.google.com.tw WR2	`2025-10-27` - `2026-01-19`	3 months	crt.sh
track.91app.io WR3	`2025-10-28` - `2026-01-26`	3 months	crt.sh
oa.openxcdn.net WR3	`2025-11-06` - `2026-02-04`	3 months	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M04	`2025-08-09` - `2026-09-07`	a year	crt.sh
invstatic101.creativecdn.com WR3	`2025-12-06` - `2026-03-06`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2025-10-16` - `2026-01-18`	3 months	crt.sh
*.33across.com Sectigo Public Server Authentication CA DV R36	`2025-09-12` - `2026-09-30`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2025-11-14` - `2026-02-11`	3 months	crt.sh
adtrafficquality.google WR2	`2025-10-27` - `2026-01-19`	3 months	crt.sh

This page contains 32 frames:

Primary Page: https://reurl.cc/8nzqdj
Frame ID: 33B1EAC68460590E99566DAE08D38B7A
Requests: 69 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Freurl.cc%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Frame ID: 73E814C0CC764065592F8F934A362324
Requests: 26 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: 21127C00CBBDE859551E89D4CA744A3E
Requests: 16 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: C3A869788ACC63EA661B2CD86B0E25ED
Requests: 3 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: E6453983310A0AAF7E6DFFDA40DC6F2D
Requests: 3 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: 9507BAB5A10829219C6DA24982B1B2B4
Requests: 3 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: E2D3326BEC7AEA9E91769AF3914C5845
Requests: 3 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: 3B9CB6E6C0103A78892CCD1F07FA18A8
Requests: 3 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: D4B6614AA229B42519D51796521D7D80
Requests: 3 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: 7A51D3BC99ECD2283B2EAFF96A19069A
Requests: 3 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: BC9E71611A466500227CC67263FF38B3
Requests: 3 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: 552825FDE268BD3186E23C382183B33B
Requests: 11 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: 0AA8CAE9AAF29BFDEFEE0303014CF250
Requests: 11 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: 1DACCA8E9459FB1D9EFDC931482BFE10
Requests: 11 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: 065FF08E1D165468603E886A869BF250
Requests: 11 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: D669743315F89FDC453F727D1F2F2852
Requests: 11 HTTP requests in this frame

Frame: https://cm-dev-poc.holmesmind.com/fp
Frame ID: 3496656D45A4FD21388701E3C2B5425A
Requests: 1 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: FE825BA5EBA0C326AC7773F8533B5C6A
Requests: 1 HTTP requests in this frame

Frame: https://cm-dev-poc.holmesmind.com/fp
Frame ID: 3D6E7CB6F91B9F18FCE92378D5035BD2
Requests: 1 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: DF78A30C46CFB9442039D738697B5E75
Requests: 1 HTTP requests in this frame

Frame: https://cm-dev-poc.holmesmind.com/fp
Frame ID: 9FD8EC8A9A4158C582EBD30E343388E1
Requests: 1 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: AD37673CE944E01C84E82FB4774852B8
Requests: 1 HTTP requests in this frame

Frame: https://cm-dev-poc.holmesmind.com/fp
Frame ID: 80438CF07148F2C672FCF76FBCF3A0B0
Requests: 1 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: 5ED4F19532BB37AB6D1D3095142A8A02
Requests: 1 HTTP requests in this frame

Frame: https://cm-dev-poc.holmesmind.com/fp
Frame ID: D0B61B55352935840A867015DFC7A54A
Requests: 1 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: 75D0CB64D04302E9E3953C063BE1934B
Requests: 1 HTTP requests in this frame

Frame: https://cm-dev-poc.holmesmind.com/fp
Frame ID: AEAB620A4770F64341F6E94001322DEA
Requests: 1 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: D0C6CAB83A16A491317E919B96EA2052
Requests: 1 HTTP requests in this frame

Frame: https://3f7c8398439d581fb0b47b69a86277bd.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Frame ID: C0DEBD0468E7E74B2377E46A32DFF548
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=reurl.cc&gdpr=0&gdpr_consent=
Frame ID: 14BD400C56D629C75BFE98072B82F964
Requests: 2 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/237/runner.html
Frame ID: E84F76A574ABF18660E5222E5799CA43
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 9AA777149CD07BAF13578537BFE7E2E6
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

縮短網址產生器 - reurl

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (UI frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Vue.js (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/vue(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

209
Requests

89 %
HTTPS

0 %
IPv6

36
Domains

53
Subdomains

49
IPs

6
Countries

4580 kB
Transfer

10406 kB
Size

42
Cookies

19 Outgoing links

These are links going to different origins than the main page.

URL: https://re-news.tw/prnasia/4841162_XG41162_2

Search URL Search Domain Scan URL

URL: https://re-news.tw/nearbymed/health-risks-of-street-chicken-cutlets-smart-eating-tips

Search URL Search Domain Scan URL

URL: https://re-news.tw/creditcard/1929

Search URL Search Domain Scan URL

URL: https://re-news.tw/gbyhn/71047

Search URL Search Domain Scan URL

URL: https://re-news.tw/rich101/7295

Search URL Search Domain Scan URL

URL: https://re-news.tw/racingcharger/61273

Search URL Search Domain Scan URL

URL: https://re-news.tw/zocha/664f06a4333c44b7de8afda5

Search URL Search Domain Scan URL

URL: https://youtils.cc/emoji
Title: 表情符號(emoji)

Search URL Search Domain Scan URL

URL: https://youtils.cc/geoip
Title: IP查詢

Search URL Search Domain Scan URL

URL: https://youtils.cc/big5gb
Title: 繁簡轉換

Search URL Search Domain Scan URL

URL: https://youtils.cc/qrcode
Title: QRCode

Search URL Search Domain Scan URL

URL: https://youtils.cc/length
Title: 身高/長度換算

Search URL Search Domain Scan URL

URL: https://www.comptw.com/
Title: 台灣公司查詢網

Search URL Search Domain Scan URL

URL: https://stockinfo.tw/
Title: 台股資訊網

Search URL Search Domain Scan URL

URL: https://youtils.cc/wordcounter/zh-Hants
Title: 字數統計

Search URL Search Domain Scan URL

URL: https://youtils.cc/dateCalculator
Title: 日期計算機

Search URL Search Domain Scan URL

URL: https://youtils.cc/lunarCalendar
Title: 農曆轉國曆

Search URL Search Domain Scan URL

URL: https://youtils.cc/utm
Title: UTM網址

Search URL Search Domain Scan URL

URL: https://l.facebook.com/l.php?u=https%3A%2F%2Freurl.cc%2F&h=AT2QZya5Uc2hJB6IwM2RQrXA-Rk2jfMeSouM8Jm7WS5EpPKjWchiWQP3TAP1mMwcpDd8h15QbN8_15tm_B4VJmQfRiIqGgtws1mjBDz7VKL63a3dhREeXkdas6b0-8myhMju_6kIyMtllak
Title: https://reurl.cc

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 28

https://bcp.crwdcntrl.net/map/c=15135/tp=ONEA/lac=y?https://onead.onevision.com.tw/v2/pixel/ltm?id=${profile_id} HTTP 302
https://bcp.crwdcntrl.net/map/ct=y/c=15135/tp=ONEA/lac=y?https://onead.onevision.com.tw/v2/pixel/ltm?id=${profile_id} HTTP 302
https://onead.onevision.com.tw/v2/pixel/ltm?id=36f050ef332240069899733d3473bfff

Request Chain 29

https://match.adsrvr.org/track/cmf/generic?ttd_pid=r1jlltl&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=r1jlltl&ttd_tpi=1 HTTP 302
https://onead.onevision.com.tw/v2/pixel/ttd?id=2375f82b-b137-444e-a412-657e42a3102e

Request Chain 30

https://ps.eyeota.net/pixel?pid=3m51m51&uid=8e6ca8d6-d438-11f0-9dfc-42010a00004a&t=ajs HTTP 302
https://ps.eyeota.net/pixel/bounce/?pid=3m51m51&uid=8e6ca8d6-d438-11f0-9dfc-42010a00004a&t=ajs

Request Chain 31

https://trc.taboola.com/sg/onedata/1/cm HTTP 302
https://onead.onevision.com.tw/v2/pixel/taboola?id=7a3c5e35-d71e-40f2-aa70-b6a3f8999175-tuct103055ee

Request Chain 83

https://c.holmesmind.com/cm HTTP 302
https://c.holmesmind.com/cm?tc=getIn&

Request Chain 84

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=undefined&uu_m=undefined&google_tc= HTTP 302
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEPfgjmPIZ-NUrg4tlqOotsE&google_cver=1

Request Chain 89

https://c.holmesmind.com/cm HTTP 302
https://c.holmesmind.com/cm?tc=getIn&

Request Chain 93

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=undefined&uu_m=undefined&google_tc= HTTP 302
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESELxgerU5l370S_NQjVB_gwM&google_cver=1

Request Chain 96

https://c.holmesmind.com/cm HTTP 302
https://c.holmesmind.com/cm?tc=getIn&

Request Chain 100

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=undefined&uu_m=undefined&google_tc= HTTP 302
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESELxgerU5l370S_NQjVB_gwM&google_cver=1

Request Chain 103

https://c.holmesmind.com/cm HTTP 302
https://c.holmesmind.com/cm?tc=getIn&

Request Chain 107

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=undefined&uu_m=undefined&google_tc= HTTP 302
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESELxgerU5l370S_NQjVB_gwM&google_cver=1

Request Chain 110

https://c.holmesmind.com/cm HTTP 302
https://c.holmesmind.com/cm?tc=getIn&

Request Chain 114

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=undefined&uu_m=undefined&google_tc= HTTP 302
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESELxgerU5l370S_NQjVB_gwM&google_cver=1

Request Chain 117

https://c.holmesmind.com/cm HTTP 302
https://c.holmesmind.com/cm?tc=getIn&

Request Chain 121

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=undefined&uu_m=undefined&google_tc= HTTP 302
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESELxgerU5l370S_NQjVB_gwM&google_cver=1

209 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request 8nzqdj Show response
reurl.cc/ 15 KB
5 KB 248ms
84ms Document
text/html 35.229.143.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://reurl.cc/8nzqdj
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 35.229.143.32 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.143.229.35.bc.googleusercontent.com
Software: nginx/1.22.1 /
Resource Hash: 514224fbc0d9e2ca6cb34615eb8d01ce2be9c3666b08a145102c5ef363280a00

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Mon, 08 Dec 2025 13:19:41 GMT
Server: nginx/1.22.1
Transfer-Encoding: chunked

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/ 152 KB
26 KB 429ms
136ms Stylesheet
text/css 151.101.129.229
FASTLY

General

Check archive.org

Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/bootstrap.min.css

Requested by

Host: reurl.cc
URL: https://reurl.cc/8nzqdj

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.229 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"2606e-bhA1SChFSJj9qA9V897LNH/Z7SE"
age: 2944967
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Mon, 08 Dec 2025 13:19:41 GMT
content-type: text/css; charset=utf-8
x-served-by: cache-fra-etou8220110-FRA, cache-sin-wsss1830056-SIN
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 25648
x-jsd-version: 4.3.1

GET
H/1.1 200
OK style.css
reurl.cc/asset/stylesheets/ 6 KB
2 KB 84ms
82ms Stylesheet
text/css 35.229.143.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://reurl.cc/asset/stylesheets/style.css?v=1
Requested by: Host: reurl.cc
URL: https://reurl.cc/8nzqdj
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 35.229.143.32 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.143.229.35.bc.googleusercontent.com
Software: nginx/1.22.1 /
Resource Hash: 351966dece7214af3b43d9a94f07c1c936176ad5dd81f0bbe1f6b319b4cd96d1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/8nzqdj

Response headers

Transfer-Encoding: chunked
Cache-Control: max-age=604800
Content-Encoding: gzip
ETag: W/"69159a16-16bb"
Connection: keep-alive
Expires: Mon, 15 Dec 2025 13:19:41 GMT
Date: Mon, 08 Dec 2025 13:19:41 GMT
Content-Type: text/css
Last-Modified: Thu, 13 Nov 2025 08:43:02 GMT
Server: nginx/1.22.1
Vary: Accept-Encoding

GET
H2 200 ats.js Show response
anymind360.com/js/9479/ 380 KB
114 KB 398ms
127ms Script
application/javascript 151.101.1.55
FASTLY

General

Check archive.org

Download Go to

Full URL

https://anymind360.com/js/9479/ats.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/8nzqdj

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.55 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

a7c26694861bbd926c7d903f707b406aa8eaa6a5065a3acb6c8e0028e8eaee6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-goog-metageneration: 1
access-control-expose-headers: Content-Type
content-encoding: gzip
x-goog-hash: crc32c=+l4scw==, md5=RPhira7MebZTO3yL8IH51w==
etag: "44f862adaecc79b6533b7c8bf081f9d7"
age: 52177
x-goog-stored-content-encoding: gzip
expires: Sun, 07 Dec 2025 22:50:03 GMT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-goog-stored-content-length: 115683
x-cache: HIT, HIT
date: Mon, 08 Dec 2025 13:19:41 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 23 Sep 2025 04:37:48 GMT
x-served-by: cache-tyo11968-TYO, cache-sin-wsss1830094-SIN
x-cache-hits: 76, 1
x-guploader-uploadid: AHVrFxNq7M_uxjcmoPkm4xKduIuxug1TMeSofUF9HKHXsv10aZi3Wo-EtGzxDK1yMe3tqY_N
strict-transport-security: max-age=31557600
vary: Accept-Encoding
cache-control: max-age=1200
x-goog-storage-class: STANDARD
x-timer: S1765199982.505908,VS0,VE1
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1758602268219650
content-length: 115683
server: UploadServer

GET
H/1.1 200
OK clickforce_anchor.js Show response
reurl.cc/asset/javascripts/common/ 1 KB
907 B 82ms
82ms Script
application/javascript 35.229.143.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://reurl.cc/asset/javascripts/common/clickforce_anchor.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/8nzqdj
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 35.229.143.32 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.143.229.35.bc.googleusercontent.com
Software: nginx/1.22.1 /
Resource Hash: 873b90cdbff7dcb26e9ea34c647a5d15e83daecca768a816619dd38a503c09b5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/8nzqdj

Response headers

Transfer-Encoding: chunked
Cache-Control: max-age=604800
Content-Encoding: gzip
ETag: W/"687f3443-4bf"
Connection: keep-alive
Expires: Mon, 15 Dec 2025 13:19:41 GMT
Date: Mon, 08 Dec 2025 13:19:41 GMT
Content-Type: application/javascript
Last-Modified: Tue, 22 Jul 2025 06:48:35 GMT
Server: nginx/1.22.1
Vary: Accept-Encoding

GET
H/1.1 200
OK ga.js Show response
reurl.cc/asset/javascripts/common/ 566 B
888 B 81ms
81ms Script
application/javascript 35.229.143.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://reurl.cc/asset/javascripts/common/ga.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/8nzqdj
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 35.229.143.32 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.143.229.35.bc.googleusercontent.com
Software: nginx/1.22.1 /
Resource Hash: 3774a7ce325859b32b6b0b01bde2879c75b81131fafe4a584b18b744711bd75d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/8nzqdj

Response headers

Cache-Control: max-age=604800
ETag: "680babe3-236"
Connection: keep-alive
Expires: Mon, 15 Dec 2025 13:19:41 GMT
Accept-Ranges: bytes
Content-Length: 566
Date: Mon, 08 Dec 2025 13:19:41 GMT
Content-Type: application/javascript
Last-Modified: Fri, 25 Apr 2025 15:36:03 GMT
Server: nginx/1.22.1

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 493 KB
161 KB 428ms
156ms Script
application/javascript 142.250.196.136
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0

Requested by

Host: reurl.cc
URL: https://reurl.cc/8nzqdj

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.196.136 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s36-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

2f21ca1bad31359ce2041c86891097057888c6d0884206f6dbfdcc4a16203278

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
content-encoding: zstd
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Mon, 08 Dec 2025 13:19:42 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 164869
date: Mon, 08 Dec 2025 13:19:42 GMT
x-xss-protection: 0
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Google Tag Manager
access-control-allow-headers: Cache-Control

GET
H2 200 init.js Show response
cdn.holmesmind.com/js/ 9 KB
10 KB 456ms
158ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/init.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/8nzqdj
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ab187b70940d331c60646d5731fa8e86d6958ba69dfa241361e39d30d81c2d31

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: PKBfBRh_ckEc5dxIcFkl8Hvvqrcpi_Dy
etag: "daceea64521f6f981e4b58edc119028a"
age: 25
via: 1.1 7bb66c5fc1e732675b1f05b324f80096.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 9646
x-amz-cf-id: 5WvPhAvOQH2enhAKxSISxSdkb94AD6y-E3W9T_iZ_fOlh3gOHZ3Y-g==
date: Mon, 08 Dec 2025 13:19:18 GMT
content-type: application/javascript
last-modified: Fri, 09 May 2025 03:01:34 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 ad-serv.min.js Show response
ad-specs.guoshipartners.com/static/js/ 53 KB
17 KB 352ms
181ms Script
application/javascript 203.66.35.97
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://ad-specs.guoshipartners.com/static/js/ad-serv.min.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/8nzqdj

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

203.66.35.97 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-66-35-97.hinet-ip.hinet.net

Software

HiNetCDN / OneAD

Resource Hash

45d40ded3dba5097cd90b076aa3f97f9349a00228aaafe79ec5bb380eaf49457

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: br
etag: W/"69364326-d262"
age: 0
access-control-allow-methods: GET,POST,OPTIONS,PUT
x-varnish: 3043144
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date: Mon, 08 Dec 2025 13:19:41 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding
last-modified: Mon, 08 Dec 2025 03:16:54 GMT
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=360
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: *
x-powered-by: OneAD
server: HiNetCDN

GET
H2 200 onead-lib.min.js Show response
ad-specs.guoshipartners.com/static/js/ 25 KB
8 KB 265ms
94ms Script
application/javascript 203.66.35.97
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://ad-specs.guoshipartners.com/static/js/onead-lib.min.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/8nzqdj

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

203.66.35.97 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-66-35-97.hinet-ip.hinet.net

Software

HiNetCDN / OneAD

Resource Hash

620a382665ff035abb643a19e12f088aef2bc27b55398d4ae3f131b773be6355

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: br
etag: W/"68c0e8bd-65e4"
age: 0
access-control-allow-methods: GET,POST,OPTIONS,PUT
x-varnish: 130662986
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date: Mon, 08 Dec 2025 13:19:41 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding
last-modified: Wed, 10 Sep 2025 02:55:57 GMT
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=360
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: *
x-powered-by: OneAD
server: HiNetCDN

GET
H2 200 vue.min.js Show response
cdn.jsdelivr.net/npm/vue@2.5.16/dist/ 84 KB
33 KB 465ms
173ms Script
application/javascript 151.101.129.229
FASTLY

General

Check archive.org

Download Go to

Full URL

https://cdn.jsdelivr.net/npm/vue@2.5.16/dist/vue.min.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/8nzqdj

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.229 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4da2dc78cc23591a9ee3285ba8f3891fa57b506b7902fbdd35fa5a2172566c55

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"151b4-KLsckeN7U/TrtIzkgtzLJAAD4Hg"
age: 2182115
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Mon, 08 Dec 2025 13:19:41 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-fra-eddf8230088-FRA, cache-sin-wsss1830056-SIN
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 33184
x-jsd-version: 2.5.16

GET
H/1.1 200
OK renews.js Show response
reurl.cc/asset/javascripts/common/ 690 B
1012 B 166ms
82ms Script
application/javascript 35.229.143.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://reurl.cc/asset/javascripts/common/renews.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/8nzqdj
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 35.229.143.32 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.143.229.35.bc.googleusercontent.com
Software: nginx/1.22.1 /
Resource Hash: 100d72a28123bcee974e8642b8bf1c0865bf1034c9b59f59597d53809e192fdc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/8nzqdj

Response headers

Cache-Control: max-age=604800
ETag: "680babe3-2b2"
Connection: keep-alive
Expires: Mon, 15 Dec 2025 13:19:41 GMT
Accept-Ranges: bytes
Content-Length: 690
Date: Mon, 08 Dec 2025 13:19:41 GMT
Content-Type: application/javascript
Last-Modified: Fri, 25 Apr 2025 15:36:03 GMT
Server: nginx/1.22.1

GET
H/1.1 200
OK notFound.js Show response
reurl.cc/asset/javascripts/redirect/ 522 B
844 B 244ms
82ms Script
application/javascript 35.229.143.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://reurl.cc/asset/javascripts/redirect/notFound.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/8nzqdj
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 35.229.143.32 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.143.229.35.bc.googleusercontent.com
Software: nginx/1.22.1 /
Resource Hash: e0b4dc5eb620130087d8834ddc5aa8792b984309f7ffac2f5bd889328cc4b5d2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/8nzqdj

Response headers

Cache-Control: max-age=604800
ETag: "6879a216-20a"
Connection: keep-alive
Expires: Mon, 15 Dec 2025 13:19:41 GMT
Accept-Ranges: bytes
Content-Length: 522
Date: Mon, 08 Dec 2025 13:19:41 GMT
Content-Type: application/javascript
Last-Modified: Fri, 18 Jul 2025 01:23:34 GMT
Server: nginx/1.22.1

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 105 KB
33 KB 402ms
164ms Script
text/javascript 216.58.220.130
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: anymind360.com
URL: https://anymind360.com/js/9479/ats.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.220.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s01-in-f130.1e100.net

Software

cafe /

Resource Hash

5e09f2cadc4174f4ffdb8b1dd238e5f3f6dc3c323e2a1f625d952fefc04ffb89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: br
etag: 397 / 20430 / 31095969 / config-hash: 10027003949830589867
x-content-type-options: nosniff
expires: Mon, 08 Dec 2025 13:19:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Mon, 08 Dec 2025 13:19:42 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 34187
x-xss-protection: 0
server: cafe

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 424 KB
143 KB 452ms
182ms Script
application/javascript 142.250.196.136
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-S9B9ZLEX4D

Requested by

Host: reurl.cc
URL: https://reurl.cc/8nzqdj

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.196.136 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s36-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

6d39177e2ba7ddb3a4905648e289d718d766b62b47315f5aa6d2f42520b67f3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
content-encoding: zstd
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Mon, 08 Dec 2025 13:19:42 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 146650
date: Mon, 08 Dec 2025 13:19:42 GMT
x-xss-protection: 0
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Google Tag Manager
access-control-allow-headers: Cache-Control

GET
H2 200 oid Show response
onead.onevision.com.tw/v2/et/ 372 B
1 KB 250ms
85ms Script
application/javascript 107.178.241.176
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL

https://onead.onevision.com.tw/v2/et/oid?cb=window.text_etag_callback_4kl4g

Requested by

Host: ad-specs.guoshipartners.com
URL: https://ad-specs.guoshipartners.com/static/js/ad-serv.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

107.178.241.176 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

176.241.178.107.bc.googleusercontent.com

Software

gws / OneAD

Resource Hash

a6ddb6d50380239f4f7ce83d4fd61fc7319596d20328d407ca513a1870b4ad32

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-onead-version: 29cc6b37
etag: 8e6ca8cc-d438-11f0-9dfc-42010a00004a
age: 0
access-control-allow-methods: GET,POST,OPTIONS,PUT
expires: Mon, 01 Jan 1990 00:00:00 GMT
x-varnish: 1028890433
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date: Mon, 08 Dec 2025 13:19:42 GMT
content-type: application/javascript
last-modified: Mon, 08 Dec 2025 13:19:42 GMT
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=600
pragma: no-cache
access-control-allow-credentials: true
via: 1.1 google
accept-ranges: bytes
access-control-allow-origin: *
content-length: 372
x-onead-backend: onead-http-event-qvrb-gohttp
server: gws
x-powered-by: OneAD

GET
H3 200 page.php Show response
www.facebook.com/plugins/ Frame 73E8 47 KB
14 KB 556ms
408ms Document
text/html 31.13.82.36
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Freurl.cc%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId

Requested by

Host: reurl.cc
URL: https://reurl.cc/8nzqdj

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.36 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-nrt1.facebook.com

Software

Resource Hash

8e6e6a26bb32791b1aeaa7d1eda01fb3a69d5a8ce872ee893e0226b2be3f895e

Security Headers

Name	Value
Content-Security-Policy	default-src blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'nonce-lBuqa9dF' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;child-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net accounts.meta.com .accounts.meta.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;manifest-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;object-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: zstd
content-security-policy: default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-lBuqa9dF' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Mon, 08 Dec 2025 13:19:42 GMT
document-policy: force-load-at-top include-js-call-stacks-in-crash-reports
expires: Sat, 01 Jan 2000 00:00:00 GMT
origin-agent-cluster: ?1
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self "https://www.fbsbx.com"), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
pragma: no-cache
priority: u=0,i
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7581476195043067364&cpp=C3&cv=1030754368&st=1765199982287"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7581476195043067364&cpp=C3&cv=1030754368&st=1765199982287", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-connection-quality: GOOD; q=0.7, rtt=143, rtx=0, c=27, mss=1232, tbw=8866, tp=16, tpl=0, uplat=263, ullat=0
x-fb-debug: V3gkwmEzGMEEnZQcyrSSNtCEEPOYMfjlxXoTb/WnJdQeyJmrRUB4Z9Y2Ixlp+p08hgqDEMby7XyyByE03uV9pg==
x-xss-protection: 0

GET
H2 200 feeds Show response
re-news.tw/ 5 KB
3 KB 249ms
84ms XHR
text/html 35.185.136.122
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://re-news.tw/feeds
Requested by: Host: reurl.cc
URL: https://reurl.cc/asset/javascripts/common/renews.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.136.122 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 122.136.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: c14f197a36e4ee001d1116a17867f979f20b1e4d3d49fcd30734d6bab4d7e491

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: gzip
etag: W/"153a-gXh1wNsFC+F1LG1M/pSb01xWWHo"
access-control-allow-origin: https://reurl.cc
date: Mon, 08 Dec 2025 13:19:42 GMT
content-type: text/html; charset=utf-8
x-powered-by: Express
server: nginx/1.18.0 (Ubuntu)
vary: Origin

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 51 KB
21 KB 243ms
80ms Script
text/javascript 216.239.32.178
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/asset/javascripts/common/ga.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.239.32.178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

f1a61277e3f902f50ab42015d8b07218db9b7601bb0967e54a52bfdcb4fa7e81

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: gzip
age: 5950
report-to: {"group":"ascnsrsgac:225:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Mon, 08 Dec 2025 13:40:32 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 08 Dec 2025 11:40:32 GMT
last-modified: Tue, 15 Jul 2025 00:44:26 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsgac:225:0
content-length: 20737
server: Golfe2

GET
H3 200 keywordCategories.json Show response
anymind360.com/ 148 KB
60 KB 287ms
144ms Fetch
application/json 151.101.1.55
FASTLY

General

Check archive.org

Download Go to

Full URL

https://anymind360.com/keywordCategories.json

Requested by

Host: reurl.cc
URL: https://reurl.cc/8nzqdj

Protocol

Security

QUIC, , AES_256_GCM

Server

151.101.1.55 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

9aa92a9a076fd2e55f339cd82c8b540e96ea0a4e4c7c12da6602edfadf2a0819

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-goog-metageneration: 2
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash: crc32c=hYq3+w==, md5=ZJdPIhH4R+FB2zz6x81gJg==
content-encoding: gzip
etag: "64974f2211f847e141db3cfac7cd6026"
age: 25673
x-goog-stored-content-encoding: identity
expires: Wed, 27 Aug 2025 11:36:24 GMT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-goog-stored-content-length: 151503
x-cache: HIT, HIT
date: Mon, 08 Dec 2025 13:19:42 GMT
content-type: application/json
last-modified: Wed, 27 Aug 2025 06:51:59 GMT
x-served-by: cache-tyo11981-TYO, cache-sin-wsss1830031-SIN
x-cache-hits: 548509, 840
x-guploader-uploadid: ABgVH8_WbYCDB2LaOxaydMbIBmzZEeTdmD__y3SdRPYQiipklanNaJ-DP_0DBH49PGWyFZEEI1nzUSM
strict-transport-security: max-age=31557600
vary: Accept-Encoding
cache-control: max-age=1200
x-goog-storage-class: STANDARD
x-timer: S1765199982.204388,VS0,VE0
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1756277519403323
content-length: 61163
server: UploadServer

GET
H2 200 adsrv Show response
onead.onevision.com.tw/v2/ 176 B
477 B 104ms
101ms Script
application/javascript 107.178.241.176
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL

https://onead.onevision.com.tw/v2/adsrv?version=20250516&uid=1000480&category=-1&cookie=true&ip=&guid=8e6ca8d6-d438-11f0-9dfc-42010a00004a&channel=0&volume=0.5&r=&adid=&response_freq_multiple=native-drive.0&web_location=https%3A%2F%2Freurl.cc%2F8nzqdj&title=%E7%B8%AE%E7%9F%AD%E7%B6%B2%E5%9D%80%E7%94%A2%E7%94%9F%E5%99%A8%20-%20reurl&fp=df2b9eee402b941a38a546b11a134364&_t=1765199982169&cb=ONEAD_text_response_4kl4g&pb=0&spid=&player_type=NATIVE_LIST&bgid=0

Requested by

Host: ad-specs.guoshipartners.com
URL: https://ad-specs.guoshipartners.com/static/js/ad-serv.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

107.178.241.176 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

176.241.178.107.bc.googleusercontent.com

Software

gws / OneAD

Resource Hash

62129cf0b1632161f23f207cc4edd90a3d10b1f400680596f1225c8fe0cb82b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-onead-version: 29cc6b37
age: 0
access-control-allow-methods: GET,POST,OPTIONS,PUT
expires: Mon, 01 Jan 1990 00:00:00 GMT
x-varnish: 286196583
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date: Mon, 08 Dec 2025 13:19:42 GMT
content-type: application/javascript
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-onead-guid: 8e6ca8d6-d438-11f0-9dfc-42010a00004a
x-onead-force-backend: false
access-control-allow-credentials: true
via: 1.1 google
accept-ranges: bytes
access-control-allow-origin: *
content-length: 176
x-onead-hit-counter: 1
x-onead-backend: onead-http-query-s7hc-gohttp
server: gws
x-powered-by: OneAD

GET
H2 200 Source_MetaOptics_Ltd_s_design_rendering_5G_Mobile_Smartphone_demonstration.jpg
mma.prnasia.com/media2/2840291/ 25 KB
26 KB 284ms
102ms Image
image/jpeg 104.18.96.225
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL: https://mma.prnasia.com/media2/2840291/Source_MetaOptics_Ltd_s_design_rendering_5G_Mobile_Smartphone_demonstration.jpg?p=medium600
Requested by: Host: reurl.cc
URL: https://reurl.cc/8nzqdj
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.18.96.225 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 9b20e6d4595c3d44cdd0b81124ab294e2fbfe0922045986bf9504d65588e7652

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cf-bgj: h2pri
cf-cache-status: HIT
age: 9984
access-control-allow-methods: GET, POST, OPTIONS
expires: Mon, 08 Dec 2025 10:33:18 GMT
server-timing: intid;desc=3e5ace35d184d890
date: Mon, 08 Dec 2025 13:19:42 GMT
content-type: image/jpeg
last-modified: Mon, 08 Dec 2025 10:33:17 GMT
vary: *, Accept-Encoding
access-control-allow-headers: Content-Type
cache-control: public, max-age=1
cf-ray: 9aac8e5218bea36d-TPE
accept-ranges: bytes
access-control-allow-origin: *
content-length: 25520
x-powered-by: ASP.NET
server: cloudflare

GET
H3 200 result_MYSTIC_b1f0573d-2338-4f03-84eb-bcdaea2da582_0-390x220.jpeg
nearbymed.com/wp-content/uploads/2025/06/ 13 KB
14 KB 179ms
90ms Image
image/jpeg 172.67.222.174
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL: https://nearbymed.com/wp-content/uploads/2025/06/result_MYSTIC_b1f0573d-2338-4f03-84eb-bcdaea2da582_0-390x220.jpeg
Requested by: Host: reurl.cc
URL: https://reurl.cc/8nzqdj
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.222.174 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9eb74814e2da2d4034e5a77acf0b3deab7feef170f6d9067d263041563bea368

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cf-cache-status: HIT
etag: "68d811db-3531"
age: 704957
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=o%2FTSd2ny%2BM4uYqDhlOcxrdfrncIPIUjufyJVXBTo0bBTd0b%2FhAkalyYRD3Sun2cZYj2b0ZQDWPZYKpzLpOul42iphF5u3%2B9QmA53"}]}
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 08 Dec 2025 13:19:42 GMT
content-type: image/jpeg
last-modified: Sat, 27 Sep 2025 16:33:31 GMT
vary: accept-encoding
priority: u=1,i
cache-control: public, max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 9aac8e518f0aa3ab-TPE
accept-ranges: bytes
content-length: 13617
server: cloudflare

GET
H2 200 %E6%82%A0%E9%81%8A%E5%8D%A1-%E4%B8%80%E5%8D%A1%E9%80%9A-iCash%E8%87%AA%E5%8B%95%E5%8A%A0%E5%80%BC%E7%8F%BE%E9%87%91%E5%9B%9E%E9%A5%8B%E5%8D%A1%E6%8E%A8%E8%96%A6-1080x630.png
creditcards.com.tw/wp-content/uploads/2019/10/ 911 KB
912 KB 304ms
99ms Image
image/png 192.0.78.25
AUTOMATTIC

General

Check archive.org

Download Go to Show image

Full URL

https://creditcards.com.tw/wp-content/uploads/2019/10/%E6%82%A0%E9%81%8A%E5%8D%A1-%E4%B8%80%E5%8D%A1%E9%80%9A-iCash%E8%87%AA%E5%8B%95%E5%8A%A0%E5%80%BC%E7%8F%BE%E9%87%91%E5%9B%9E%E9%A5%8B%E5%8D%A1%E6%8E%A8%E8%96%A6-1080x630.png

Requested by

Host: reurl.cc
URL: https://reurl.cc/8nzqdj

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.25 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a9a9fbd21c6499c21b78c4b4e7bdb6bd52c96fd9674686ca6399c98afa5da931

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=31536000
etag: "5ef05cb5-e3afc"
access-control-allow-methods: GET, HEAD
expires: Fri, 19 Jun 2026 20:36:09 GMT
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 932604
server-timing: a8c-cdn, dc;desc=hkg, cache;desc=HIT;dur=1.0
date: Mon, 08 Dec 2025 13:19:42 GMT
x-ac: 16.hkg _atomic_bur HIT
content-type: image/png
last-modified: Mon, 22 Jun 2020 07:24:37 GMT
server: nginx

GET
H3 200 1764922819-4b9941f48d591b6ed55e155b1fd1efdd-840x525.jpg
img.gbyhn.com.tw/2025/12/ 61 KB
61 KB 177ms
86ms Image
image/jpeg 104.21.96.9
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL: https://img.gbyhn.com.tw/2025/12/1764922819-4b9941f48d591b6ed55e155b1fd1efdd-840x525.jpg
Requested by: Host: reurl.cc
URL: https://reurl.cc/8nzqdj
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.96.9 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 66ff4ad29ec9611c45b2a36c657f7637f3b993dd6a1b2c011d2f63059e1a1ed4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cf-cache-status: HIT
age: 276875
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=xZTJNBk5GwA%2FGwXmPYBW6btQtDweOTyYeTNX%2FQ4uTgUrPjkc%2FqkIa7hAyCUY08TU3aCtP4b%2BR5kR5yzmdTz1kOaZZuS%2BVHzNQ6t4%2Brid"}]}
expires: Fri, 12 Dec 2025 08:25:06 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 08 Dec 2025 13:19:42 GMT
content-type: image/jpeg
last-modified: Fri, 05 Dec 2025 08:20:19 GMT
vary: accept-encoding
priority: u=1,i
cache-control: public, max-age=604800
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 9aac8e518f8e6a84-TPE
accept-ranges: bytes
content-length: 61986
x-turbo-charged-by: LiteSpeed
server: cloudflare

GET
H2 200 renews-title1.png
re-news.tw/images/ 24 KB
24 KB 328ms
163ms Image
image/png 35.185.136.122
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL: https://re-news.tw/images/renews-title1.png
Requested by: Host: reurl.cc
URL: https://reurl.cc/8nzqdj
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.136.122 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 122.136.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e9b96bc538ceb220fc5caff0d0a67916b74cf07b2bada0b3296a17b1b99c9990

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

accept-ranges: bytes
content-length: 24493
date: Mon, 08 Dec 2025 13:19:42 GMT
etag: "61a30347-5fad"
content-type: image/png
last-modified: Sun, 28 Nov 2021 04:19:19 GMT
server: nginx/1.18.0 (Ubuntu)

GET
H3 200 2025112917574367.jpg
img.racingcharger.tw/wp-content/uploads/2025/11/ 741 KB
742 KB 178ms
88ms Image
image/jpeg 104.21.67.166
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL: https://img.racingcharger.tw/wp-content/uploads/2025/11/2025112917574367.jpg
Requested by: Host: reurl.cc
URL: https://reurl.cc/8nzqdj
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.67.166 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 55d72e6c27809e3d9fcee9bfacc5e736e6c8c0f032004a22ca1f1ff2f4594af3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cf-cache-status: HIT
age: 58
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=k%2FwHu3ABsAkKlSEhZZmgYCSX%2FWiP3QHgygiFNBJ3hdomLfjoqyniued94kpX3jNc71EXN08BwtumxFC3XJIh9Fz0zgqQJmTEtfn%2FVDQ1UQPI6A%3D%3D"}]}
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 08 Dec 2025 13:19:42 GMT
last-modified: Sat, 29 Nov 2025 17:57:33 GMT
content-type: image/jpeg
vary: accept-encoding
priority: u=1,i
cache-control: max-age=14400
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
cf-ray: 9aac8e518c800f9a-TPE
accept-ranges: bytes
content-length: 758789
server: cloudflare

GET
H3 200 file.png
static.wixstatic.com/media/9a254c_bd6ab9dc57c349009b5f1eedc6fb236d~mv2.png/v1/fit/w_1000,h_1000,al_c,q_80/ 1010 KB
1010 KB 309ms
152ms Image
image/png 3.164.143.112
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://static.wixstatic.com/media/9a254c_bd6ab9dc57c349009b5f1eedc6fb236d~mv2.png/v1/fit/w_1000,h_1000,al_c,q_80/file.png
Requested by: Host: reurl.cc
URL: https://reurl.cc/8nzqdj
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 3.164.143.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-143-112.nrt20.r.cloudfront.net
Software: openresty/1.27.1.2 /
Resource Hash: 76e0fe9b59aa81409567a77b7f5cfaebcbe6d1a5586d4979c5a83a327f68d517

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-cf-id: ND6tmbCw7_fH34wTmtucqurWoZH2tTXAlCr267aL4ni32QfG6Y1G0A==
cache-control: public, max-age=2592000, immutable
timing-allow-origin: *
age: 540055
via: 1.1 google, 1.1 e9b2729b7c54ce9fa3704f65bb5e3476.cloudfront.net (CloudFront)
x-wixmp-trace: projects/wix-media-infrastructure/traces/36HOFh7YX6M2ADdDwVU4QEu4QJd
access-control-allow-origin: *
x-seen-by: image-manipulator-894575c6f-hdhb4
content-length: 1033732
alt-svc: h3=":443"; ma=86400
date: Tue, 02 Dec 2025 07:18:47 GMT
content-type: image/png
x-cache: Hit from cloudfront
server: openresty/1.27.1.2
x-amz-cf-pop: NRT20-P3

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
446 B 84ms
83ms XHR
text/plain 216.239.32.178
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j102&a=204461691&t=pageview&_s=1&dl=https%3A%2F%2Freurl.cc%2F8nzqdj&ul=zh-tw&dt=%E7%B8%AE%E7%9F%AD%E7%B6%B2%E5%9D%80%E7%94%A2%E7%94%9F%E5%99%A8%20-%20reurl&sr=1600x1200&vp=1600x1200&_u=IEBAAEABAAAAACAAI~&jid=333767686&gjid=1686316278&cid=543771640.1765199982&tid=UA-102456694-1&_gid=288456421.1765199982&_r=1&_slc=1&z=863241940

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.239.32.178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://reurl.cc/

Response headers

report-to: {"group":"ascnsrsgac:211:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:211:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 08 Dec 2025 13:19:42 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:211:0
access-control-allow-origin: https://reurl.cc
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsgac:211:0
content-length: 3
server: Golfe2

GET
H3

200

ltm
onead.onevision.com.tw/v2/pixel/
Redirect Chain

https://bcp.crwdcntrl.net/map/c=15135/tp=ONEA/lac=y?https://onead.onevision.com.tw/v2/pixel/ltm?id=${profile_id}
https://bcp.crwdcntrl.net/map/ct=y/c=15135/tp=ONEA/lac=y?https://onead.onevision.com.tw/v2/pixel/ltm?id=${profile_id}
https://onead.onevision.com.tw/v2/pixel/ltm?id=36f050ef332240069899733d3473bfff

170 B
203 B

86ms
85ms

Image
image/png

107.178.241.176
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL

https://onead.onevision.com.tw/v2/pixel/ltm?id=36f050ef332240069899733d3473bfff

Requested by

Host: reurl.cc
URL: https://reurl.cc/8nzqdj

Protocol

Server

107.178.241.176 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

176.241.178.107.bc.googleusercontent.com

Software

gws / OneAD

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-onead-version: 29cc6b37
x-vendor: ltm
age: 0
access-control-allow-methods: GET,POST,OPTIONS,PUT
expires: Mon, 01 Jan 1990 00:00:00 GMT
x-varnish: 799315575
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: image/png
last-modified: Tue, 27 Oct 2020 13:57:49 GMT
x-vendor-client-id: 36f050ef332240069899733d3473bfff
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-status: okay
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-credentials: true
via: 1.1 google
accept-ranges: bytes
access-control-allow-origin: *
content-length: 170
x-onead-backend: onead-http-event-7l5v-gohttp
server: gws
x-powered-by: OneAD

Redirect headers

strict-transport-security: max-age=31536000 ; includeSubDomains
cache-control: no-cache
location: https://onead.onevision.com.tw/v2/pixel/ltm?id=36f050ef332240069899733d3473bfff
pragma: no-cache
expires: 0
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
content-length: 0
date: Mon, 08 Dec 2025 13:19:43 GMT

GET
H3

200

ttd
onead.onevision.com.tw/v2/pixel/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=r1jlltl&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=r1jlltl&ttd_tpi=1
https://onead.onevision.com.tw/v2/pixel/ttd?id=2375f82b-b137-444e-a412-657e42a3102e

170 B
203 B

92ms
91ms

Image
image/png

107.178.241.176
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL

https://onead.onevision.com.tw/v2/pixel/ttd?id=2375f82b-b137-444e-a412-657e42a3102e

Requested by

Host: reurl.cc
URL: https://reurl.cc/8nzqdj

Protocol

Server

107.178.241.176 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

176.241.178.107.bc.googleusercontent.com

Software

gws / OneAD

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-onead-version: 29cc6b37
x-vendor: ttd
age: 0
access-control-allow-methods: GET,POST,OPTIONS,PUT
expires: Mon, 01 Jan 1990 00:00:00 GMT
x-varnish: 766660292
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: image/png
last-modified: Tue, 27 Oct 2020 13:57:49 GMT
x-vendor-client-id: 2375f82b-b137-444e-a412-657e42a3102e
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-status: okay
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-credentials: true
via: 1.1 google
accept-ranges: bytes
access-control-allow-origin: *
content-length: 170
x-onead-backend: onead-http-event-7l5v-gohttp
server: gws
x-powered-by: OneAD

Redirect headers

location: https://onead.onevision.com.tw/v2/pixel/ttd?id=2375f82b-b137-444e-a412-657e42a3102e
content-length: 197
date: Mon, 08 Dec 2025 13:19:43 GMT
server: Kestrel

GET
H/1.1

200
OK

/
ps.eyeota.net/pixel/bounce/
Redirect Chain

https://ps.eyeota.net/pixel?pid=3m51m51&uid=8e6ca8d6-d438-11f0-9dfc-42010a00004a&t=ajs
https://ps.eyeota.net/pixel/bounce/?pid=3m51m51&uid=8e6ca8d6-d438-11f0-9dfc-42010a00004a&t=ajs

1 KB
1 KB

162ms
160ms

Image
application/javascript

18.182.162.20
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://ps.eyeota.net/pixel/bounce/?pid=3m51m51&uid=8e6ca8d6-d438-11f0-9dfc-42010a00004a&t=ajs
Requested by: Host: reurl.cc
URL: https://reurl.cc/8nzqdj
Protocol: HTTP/1.1
Server: 18.182.162.20 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-182-162-20.ap-northeast-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

Content-Length: 1304
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
Date: Mon, 08 Dec 2025 13:19:43 GMT
Content-Type: application/javascript

Redirect headers

Location: /pixel/bounce/?pid=3m51m51&uid=8e6ca8d6-d438-11f0-9dfc-42010a00004a&t=ajs
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
Date: Mon, 08 Dec 2025 13:19:42 GMT

GET
H3

200

taboola
onead.onevision.com.tw/v2/pixel/
Redirect Chain

https://trc.taboola.com/sg/onedata/1/cm
https://onead.onevision.com.tw/v2/pixel/taboola?id=7a3c5e35-d71e-40f2-aa70-b6a3f8999175-tuct103055ee

170 B
203 B

86ms
86ms

Image
image/png

107.178.241.176
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL

https://onead.onevision.com.tw/v2/pixel/taboola?id=7a3c5e35-d71e-40f2-aa70-b6a3f8999175-tuct103055ee

Requested by

Host: reurl.cc
URL: https://reurl.cc/8nzqdj

Protocol

Server

107.178.241.176 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

176.241.178.107.bc.googleusercontent.com

Software

gws / OneAD

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-onead-version: 29cc6b37
x-vendor: taboola
age: 0
access-control-allow-methods: GET,POST,OPTIONS,PUT
expires: Mon, 01 Jan 1990 00:00:00 GMT
x-varnish: 1029676171
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: image/png
last-modified: Tue, 27 Oct 2020 13:57:49 GMT
x-vendor-client-id: 7a3c5e35-d71e-40f2-aa70-b6a3f8999175-tuct103055ee
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-status: okay
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-credentials: true
via: 1.1 google
accept-ranges: bytes
access-control-allow-origin: *
content-length: 170
x-onead-backend: onead-http-event-qvrb-gohttp
server: gws
x-powered-by: OneAD

Redirect headers

x-fastly-to-nlb-rtt: 448
location: https://onead.onevision.com.tw/v2/pixel/taboola?id=7a3c5e35-d71e-40f2-aa70-b6a3f8999175-tuct103055ee
x-timer: S1765199983.640664,VS0,VE2
x-vcl-time-ms: 2
via: 1.1 varnish
accept-ranges: bytes
x-cache: MISS
content-length: 0
date: Mon, 08 Dec 2025 13:19:42 GMT
x-service-version: v1
server: nginx
x-cache-hits: 0
x-served-by: cache-sin-wsss1830040-SIN

GET
H2 204 poke
onead-v6.onevision.com.tw/v2/ 0
60 B 90ms
83ms Image
text/plain 107.178.241.176
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL

https://onead-v6.onevision.com.tw/v2/poke?uuid=8e6ca8d6-d438-11f0-9dfc-42010a00004a

Requested by

Host: reurl.cc
URL: https://reurl.cc/8nzqdj

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

107.178.241.176 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

176.241.178.107.bc.googleusercontent.com

Software

gws / OneAD

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-onead-version: 29cc6b37
age: 0
access-control-allow-methods: GET,POST,OPTIONS,PUT
expires: Mon, 01 Jan 1990 00:00:00 GMT
x-varnish: 263543163
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date: Mon, 08 Dec 2025 13:19:42 GMT
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: *
x-onead-backend: onead-http-query-s7hc-gohttp
server: gws
x-powered-by: OneAD

GET
H2 200 capmapping.htm Show response
cdn.holmesmind.com/js/ Frame 2112 12 KB
12 KB 594ms
300ms Document
text/html 3.164.121.117
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/capmapping.htm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-117.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 37cd16af9680e2eac2b065fe88fbc0ca6d80583c67a9d8c69969e5dcbe27b14d

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 2
content-length: 12184
content-type: text/html
date: Mon, 08 Dec 2025 13:19:42 GMT
etag: "313c12f57383ae26248323c3b33af799"
last-modified: Mon, 17 Mar 2025 05:33:47 GMT
server: AmazonS3
via: 1.1 6b0393a28d7377179821f9583d982df4.cloudfront.net (CloudFront)
x-amz-cf-id: Hot5YamL46DEjB5FrKSYudBK5yZ2bnzDIEQ6AbxDdFShNdEN5TH8UQ==
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256
x-amz-version-id: rSOjRFL3ruqyCRzzCV6Gk2MSJ9yPXZwf
x-cache: Hit from cloudfront

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame C3A8 11 KB
11 KB 172ms
171ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag: "1ff97ce94c5a1127f915e6bf2a02c6a9"
age: 47
via: 1.1 7bb66c5fc1e732675b1f05b324f80096.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 10957
x-amz-cf-id: OdymqcSdD1xU_dwhiVR9RqyEmRuslSmPn496jG-c0BEgQn0oqe19kg==
date: Mon, 08 Dec 2025 13:18:56 GMT
content-type: application/javascript
last-modified: Thu, 16 Jan 2025 06:05:08 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame E645 11 KB
0 169ms
169ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag: "1ff97ce94c5a1127f915e6bf2a02c6a9"
age: 47
via: 1.1 7bb66c5fc1e732675b1f05b324f80096.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 10957
x-amz-cf-id: OdymqcSdD1xU_dwhiVR9RqyEmRuslSmPn496jG-c0BEgQn0oqe19kg==
date: Mon, 08 Dec 2025 13:18:56 GMT
content-type: application/javascript
last-modified: Thu, 16 Jan 2025 06:05:08 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame 9507 11 KB
0 164ms
164ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag: "1ff97ce94c5a1127f915e6bf2a02c6a9"
age: 47
via: 1.1 7bb66c5fc1e732675b1f05b324f80096.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 10957
x-amz-cf-id: OdymqcSdD1xU_dwhiVR9RqyEmRuslSmPn496jG-c0BEgQn0oqe19kg==
date: Mon, 08 Dec 2025 13:18:56 GMT
content-type: application/javascript
last-modified: Thu, 16 Jan 2025 06:05:08 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame E2D3 11 KB
0 159ms
159ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag: "1ff97ce94c5a1127f915e6bf2a02c6a9"
age: 47
via: 1.1 7bb66c5fc1e732675b1f05b324f80096.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 10957
x-amz-cf-id: OdymqcSdD1xU_dwhiVR9RqyEmRuslSmPn496jG-c0BEgQn0oqe19kg==
date: Mon, 08 Dec 2025 13:18:56 GMT
content-type: application/javascript
last-modified: Thu, 16 Jan 2025 06:05:08 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame 3B9C 11 KB
0 153ms
153ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag: "1ff97ce94c5a1127f915e6bf2a02c6a9"
age: 47
via: 1.1 7bb66c5fc1e732675b1f05b324f80096.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 10957
x-amz-cf-id: OdymqcSdD1xU_dwhiVR9RqyEmRuslSmPn496jG-c0BEgQn0oqe19kg==
date: Mon, 08 Dec 2025 13:18:56 GMT
content-type: application/javascript
last-modified: Thu, 16 Jan 2025 06:05:08 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame D4B6 11 KB
0 150ms
150ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag: "1ff97ce94c5a1127f915e6bf2a02c6a9"
age: 47
via: 1.1 7bb66c5fc1e732675b1f05b324f80096.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 10957
x-amz-cf-id: OdymqcSdD1xU_dwhiVR9RqyEmRuslSmPn496jG-c0BEgQn0oqe19kg==
date: Mon, 08 Dec 2025 13:18:56 GMT
content-type: application/javascript
last-modified: Thu, 16 Jan 2025 06:05:08 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame 7A51 11 KB
0 148ms
148ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag: "1ff97ce94c5a1127f915e6bf2a02c6a9"
age: 47
via: 1.1 7bb66c5fc1e732675b1f05b324f80096.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 10957
x-amz-cf-id: OdymqcSdD1xU_dwhiVR9RqyEmRuslSmPn496jG-c0BEgQn0oqe19kg==
date: Mon, 08 Dec 2025 13:18:56 GMT
content-type: application/javascript
last-modified: Thu, 16 Jan 2025 06:05:08 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame BC9E 11 KB
0 149ms
149ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag: "1ff97ce94c5a1127f915e6bf2a02c6a9"
age: 47
via: 1.1 7bb66c5fc1e732675b1f05b324f80096.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 10957
x-amz-cf-id: OdymqcSdD1xU_dwhiVR9RqyEmRuslSmPn496jG-c0BEgQn0oqe19kg==
date: Mon, 08 Dec 2025 13:18:56 GMT
content-type: application/javascript
last-modified: Thu, 16 Jan 2025 06:05:08 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 capmapping.htm Show response
cdn.holmesmind.com/js/ Frame 5528 12 KB
0 486ms
486ms Document
text/html 3.164.121.117
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/capmapping.htm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-117.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 37cd16af9680e2eac2b065fe88fbc0ca6d80583c67a9d8c69969e5dcbe27b14d

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 2
content-length: 12184
content-type: text/html
date: Mon, 08 Dec 2025 13:19:42 GMT
etag: "313c12f57383ae26248323c3b33af799"
last-modified: Mon, 17 Mar 2025 05:33:47 GMT
server: AmazonS3
via: 1.1 6b0393a28d7377179821f9583d982df4.cloudfront.net (CloudFront)
x-amz-cf-id: Hot5YamL46DEjB5FrKSYudBK5yZ2bnzDIEQ6AbxDdFShNdEN5TH8UQ==
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256
x-amz-version-id: rSOjRFL3ruqyCRzzCV6Gk2MSJ9yPXZwf
x-cache: Hit from cloudfront

GET
H2 200 capmapping.htm Show response
cdn.holmesmind.com/js/ Frame 0AA8 12 KB
0 483ms
483ms Document
text/html 3.164.121.117
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/capmapping.htm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-117.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 37cd16af9680e2eac2b065fe88fbc0ca6d80583c67a9d8c69969e5dcbe27b14d

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 2
content-length: 12184
content-type: text/html
date: Mon, 08 Dec 2025 13:19:42 GMT
etag: "313c12f57383ae26248323c3b33af799"
last-modified: Mon, 17 Mar 2025 05:33:47 GMT
server: AmazonS3
via: 1.1 6b0393a28d7377179821f9583d982df4.cloudfront.net (CloudFront)
x-amz-cf-id: Hot5YamL46DEjB5FrKSYudBK5yZ2bnzDIEQ6AbxDdFShNdEN5TH8UQ==
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256
x-amz-version-id: rSOjRFL3ruqyCRzzCV6Gk2MSJ9yPXZwf
x-cache: Hit from cloudfront

GET
H2 200 capmapping.htm Show response
cdn.holmesmind.com/js/ Frame 1DAC 12 KB
0 482ms
482ms Document
text/html 3.164.121.117
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/capmapping.htm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-117.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 37cd16af9680e2eac2b065fe88fbc0ca6d80583c67a9d8c69969e5dcbe27b14d

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 2
content-length: 12184
content-type: text/html
date: Mon, 08 Dec 2025 13:19:42 GMT
etag: "313c12f57383ae26248323c3b33af799"
last-modified: Mon, 17 Mar 2025 05:33:47 GMT
server: AmazonS3
via: 1.1 6b0393a28d7377179821f9583d982df4.cloudfront.net (CloudFront)
x-amz-cf-id: Hot5YamL46DEjB5FrKSYudBK5yZ2bnzDIEQ6AbxDdFShNdEN5TH8UQ==
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256
x-amz-version-id: rSOjRFL3ruqyCRzzCV6Gk2MSJ9yPXZwf
x-cache: Hit from cloudfront

GET
H2 200 capmapping.htm Show response
cdn.holmesmind.com/js/ Frame 065F 12 KB
0 480ms
480ms Document
text/html 3.164.121.117
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/capmapping.htm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-117.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 37cd16af9680e2eac2b065fe88fbc0ca6d80583c67a9d8c69969e5dcbe27b14d

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 2
content-length: 12184
content-type: text/html
date: Mon, 08 Dec 2025 13:19:42 GMT
etag: "313c12f57383ae26248323c3b33af799"
last-modified: Mon, 17 Mar 2025 05:33:47 GMT
server: AmazonS3
via: 1.1 6b0393a28d7377179821f9583d982df4.cloudfront.net (CloudFront)
x-amz-cf-id: Hot5YamL46DEjB5FrKSYudBK5yZ2bnzDIEQ6AbxDdFShNdEN5TH8UQ==
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256
x-amz-version-id: rSOjRFL3ruqyCRzzCV6Gk2MSJ9yPXZwf
x-cache: Hit from cloudfront

GET
H2 200 capmapping.htm Show response
cdn.holmesmind.com/js/ Frame D669 12 KB
0 479ms
479ms Document
text/html 3.164.121.117
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/capmapping.htm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-117.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 37cd16af9680e2eac2b065fe88fbc0ca6d80583c67a9d8c69969e5dcbe27b14d

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 2
content-length: 12184
content-type: text/html
date: Mon, 08 Dec 2025 13:19:42 GMT
etag: "313c12f57383ae26248323c3b33af799"
last-modified: Mon, 17 Mar 2025 05:33:47 GMT
server: AmazonS3
via: 1.1 6b0393a28d7377179821f9583d982df4.cloudfront.net (CloudFront)
x-amz-cf-id: Hot5YamL46DEjB5FrKSYudBK5yZ2bnzDIEQ6AbxDdFShNdEN5TH8UQ==
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256
x-amz-version-id: rSOjRFL3ruqyCRzzCV6Gk2MSJ9yPXZwf
x-cache: Hit from cloudfront

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512020101/ 609 KB
193 KB 142ms
141ms Script
text/javascript 216.58.220.130
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512020101/pubads_impl.js?cb=31095969

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.220.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s01-in-f130.1e100.net

Software

cafe /

Resource Hash

cdf207042b9030c6e625d7042dac68355209cda211f30a59d25b2b4baafd8c1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: br
etag: 10021983320797522262
age: 58657
x-content-type-options: nosniff
expires: Mon, 07 Dec 2026 21:02:05 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Sun, 07 Dec 2025 21:02:05 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 197115
x-xss-protection: 0
server: cafe

GET
H3 200 gpt
securepubads.g.doubleclick.net/pagead/managed/dict/m202512040101/ 64 KB
22 KB 585ms
584ms Other
text/plain 216.58.220.130
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/dict/m202512040101/gpt

Requested by

Host: reurl.cc
URL: https://reurl.cc/8nzqdj

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.220.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s01-in-f130.1e100.net

Software

cafe /

Resource Hash

8d23693251d0923a21dba7083e1e3a58a18123b146cebbcefb828e1caa7c3aa3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: br
etag: 4740477158928784528
age: 76695
x-content-type-options: nosniff
expires: Sun, 14 Dec 2025 16:01:27 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Sun, 07 Dec 2025 16:01:27 GMT
content-type: text/plain; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=604800, stale-while-revalidate=7200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 22756
x-xss-protection: 0
server: cafe
use-as-dictionary: match="/gampad/ads", id="m202512040101"

GET
H2 200 iXGJEr7Orjl.css
static.xx.fbcdn.net/rsrc.php/v5/yE/l/1,cross/ Frame 73E8 20 KB
6 KB 737ms
147ms Stylesheet
text/css 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v5/yE/l/1,cross/iXGJEr7Orjl.css

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Freurl.cc%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

2a4c7b96514bcf9e8548de41d1fd7b0fa727ae09136bcb61273bf298c7ed67e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin: https://www.facebook.com
Referer: https://www.facebook.com/

Response headers

content-md5: BDmd8A+PMKI6MSceqiBEXQ==
content-encoding: zstd
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Wed, 25 Nov 2026 02:26:06 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: siY1TCVBzKVkiBca4LDKTYZ4s9UrIf1nCWRzAw2G2Col8Cim1uWHUIeL6mS/5TlWqgKXw0++m3+oZCAEMXD/3A==
vary: Origin
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=140, rtx=0, c=14, mss=1380, tbw=6150, tp=-1, tpl=-1, uplat=1, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: https://www.facebook.com
content-length: 5635
origin-agent-cluster: ?1

GET
H2 200 MH-P-6l6TZy.js Show response
static.xx.fbcdn.net/rsrc.php/v4/ym/r/ Frame 73E8 339 KB
90 KB 874ms
285ms Script
application/x-javascript 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v4/ym/r/MH-P-6l6TZy.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

fb282435c2aa56b0a8871ede47eb8737463d36a243e53cb23669d9bd6fb187df

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin: https://www.facebook.com
Referer: https://www.facebook.com/

Response headers

content-md5: qBz1YGhhqBWzmvcuZl7KyQ==
content-encoding: zstd
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Tue, 08 Dec 2026 02:24:28 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: D8xe2umoCD4elnqNu+OchOeekZYmFlR3Whc6WLvK1xajL+QztKetwx42FzmZONx+bCD/LdvlYtXQNpn1P3lQdw==
vary: Origin
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=140, rtx=0, c=14, mss=1380, tbw=14854, tp=-1, tpl=-1, uplat=1, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: https://www.facebook.com
content-length: 92106
origin-agent-cluster: ?1

GET
H2 200 XZtOE_fK9iK.js Show response
static.xx.fbcdn.net/rsrc.php/v4/yK/r/ Frame 73E8 8 KB
4 KB 732ms
143ms Script
application/x-javascript 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v4/yK/r/XZtOE_fK9iK.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

8f7636a0b0dd99d49730dd0dd8f91db5bc76ead8b17b834c2071fdeac92ce0f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin: https://www.facebook.com
Referer: https://www.facebook.com/

Response headers

content-md5: PSFvzQDInesB10SfR39pWA==
content-encoding: zstd
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Thu, 03 Dec 2026 17:58:18 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: jG0GxV6a9dFGCAncZuQ4CxrlhUjJExnpYihmQS6q/dt9uqiw+BHKK9uwpqbFBE8Ut7VqiZ83TCuxtTMUyVvLqQ==
vary: Origin
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=140, rtx=0, c=14, mss=1380, tbw=4679, tp=-1, tpl=-1, uplat=1, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: https://www.facebook.com
content-length: 2665
origin-agent-cluster: ?1

GET
H2 200 XlAQ_TwXTjN.js Show response
static.xx.fbcdn.net/rsrc.php/v4iEpO4/yD/l/zh_TW-j/ Frame 73E8 185 KB
50 KB 1162ms
573ms Script
application/x-javascript 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v4iEpO4/yD/l/zh_TW-j/XlAQ_TwXTjN.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

e8bd42176ae17481a04d85bfbb28b3b4e99a6924a45bae94ad56e1678cf11914

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin: https://www.facebook.com
Referer: https://www.facebook.com/

Response headers

content-md5: 5B5VwJfIqnw6ueBcCa1wnQ==
content-encoding: zstd
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 05 Dec 2026 20:33:38 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: ey/KGjOgEhjtUg0vb37fpv2GVMKHusfesLFicrBhKczVTnTl9Dzy2Zt2yKUDO8kxBWgVYUbBeVDyCK4Kw3dhDg==
vary: Origin
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=140, rtx=0, c=14, mss=1380, tbw=76535, tp=-1, tpl=-1, uplat=2, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: https://www.facebook.com
content-length: 50940
origin-agent-cluster: ?1

GET
H2 200 YvNVhqsZ8kM.js Show response
static.xx.fbcdn.net/rsrc.php/v4/y-/r/ Frame 73E8 36 KB
12 KB 874ms
285ms Script
application/x-javascript 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v4/y-/r/YvNVhqsZ8kM.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

120a67e10b39b6b70dc52c65c77d016cba6e33b0ecc86d3fd49dda8f9efc2657

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin: https://www.facebook.com
Referer: https://www.facebook.com/

Response headers

content-md5: tXa15XQP+ilpiX2Yn0SYsQ==
content-encoding: zstd
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sun, 06 Dec 2026 17:16:55 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: rsVNP7Nmi+gHnMA4+c8eT4T4uGI5ya6wUz8F/bXh5LuTVDBGREbSeC8eDv/6EqSm0FCIYMLzWnPAfyax9weFXA==
vary: Origin
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=140, rtx=0, c=14, mss=1380, tbw=14854, tp=-1, tpl=-1, uplat=1, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: https://www.facebook.com
content-length: 12336
origin-agent-cluster: ?1

GET
H2 200 8wypiAW_bfk.js Show response
static.xx.fbcdn.net/rsrc.php/v4/yb/r/ Frame 73E8 557 B
589 B 874ms
285ms Script
application/x-javascript 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v4/yb/r/8wypiAW_bfk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

c2bfe20d9d58935828e75bc753e2655f240621077408ae64f9b40a20f5125487

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin: https://www.facebook.com
Referer: https://www.facebook.com/

Response headers

content-md5: WrWgdG79ReerxOLSJDvtvA==
content-encoding: zstd
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Thu, 03 Dec 2026 21:15:43 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: qZ8OtW3BVJtLHJ2Vj2fBJfglSd5dtpPkO2voxu1Wshy+ucSJ/0KXhDWt/7vVDzq03w0c7hEiUZVoVRaOcZjlOQ==
vary: Origin
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=140, rtx=0, c=14, mss=1380, tbw=15394, tp=-1, tpl=-1, uplat=1, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: https://www.facebook.com
content-length: 323
origin-agent-cluster: ?1

GET
H2 200 2v2nU1TtjgO.js Show response
static.xx.fbcdn.net/rsrc.php/v4iLl54/yL/l/zh_TW-j/ Frame 73E8 30 KB
9 KB 1163ms
574ms Script
application/x-javascript 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v4iLl54/yL/l/zh_TW-j/2v2nU1TtjgO.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

54f187c15ad0d435cf9d00b0d12fd99f4a1fd21838c991d6de23909463228666

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin: https://www.facebook.com
Referer: https://www.facebook.com/

Response headers

content-md5: uikTDv4/fTXpCHpim+fN8A==
content-encoding: zstd
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Thu, 03 Dec 2026 20:16:08 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: LCqlmCE6QSNrfoTQ0dOnzFou9pFCMP3QSuI0IJC5wg8OYBvJbEQl53/FOjd9AWH/LvJFclhUZVtVs0eKpuiZgQ==
vary: Origin
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=140, rtx=0, c=14, mss=1380, tbw=76535, tp=-1, tpl=-1, uplat=2, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: https://www.facebook.com
content-length: 8805
origin-agent-cluster: ?1

GET
H3 200 302181889_449668210518240_1343224774275673253_n.png
scontent-hkg1-1.xx.fbcdn.net/v/t39.30808-1/ Frame 73E8 2 KB
2 KB 209ms
103ms Image
image/png 163.70.158.11
FACEBOOK

General

Check archive.org

Download Go to Show image

Full URL: https://scontent-hkg1-1.xx.fbcdn.net/v/t39.30808-1/302181889_449668210518240_1343224774275673253_n.png?stp=cp0_dst-png_s50x50&_nc_cat=105&ccb=1-7&_nc_sid=f907e8&_nc_ohc=wjho_hblH3IQ7kNvwFadKJY&_nc_oc=AdlW2dkxWk0cIx1uzyCDozwRkmfLTPERrltfESLk0ApSImJUochXnSaX1LNrGMdRgPw&_nc_zt=24&_nc_ht=scontent-hkg1-1.xx&edm=ADwHzz8EAAAA&_nc_gid=pg1RAlb28z-JM1O2FZzPBg&oh=00_AfmB_Yp7icpMWmTV8yJs9IILOviI9zvfd7LmHDHKur7S_Q&oe=693C9015
Requested by: Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Freurl.cc%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 163.70.158.11 Chai Wan, Hong Kong, ASN32934 (FACEBOOK, US),
Reverse DNS: xx-fbcdn-shv-01-hkg1.fbcdn.net
Software: /
Resource Hash: 352d0915216b13b935f1abedea04d4a039802faaf69153ae71c377410990e322

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://www.facebook.com/

Response headers

x-robots-tag: noarchive, noindex
alt-svc: h3=":443"; ma=86400
date: Mon, 08 Dec 2025 13:19:43 GMT
no-vary-search: key-order, params=("_nc_gid" "oh" "oe" "_nc_oc" "_nc_ohc" "_nc_cat" "_nc_ht" "_nc_cb")
last-modified: Tue, 06 Sep 2022 22:20:57 GMT
x-fb-ptm-uuid: 26445461835D192897E11A65AE78B6B2
content-type: image/png
priority: u=3,i
cache-control: max-age=1209600, no-transform
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=100, rtx=0, c=23, mss=1232, tbw=4973, tp=9, tpl=0, uplat=0, ullat=-1
x-crypto-project: 0
cross-origin-resource-policy: cross-origin
content-digest: adler32=747767112
access-control-allow-origin: *
accept-ranges: bytes
content-length: 2066
x-additional-error-detail

GET
H2 200 Preset.js Show response
ad.holmesmind.com/adserver/ Frame C3A8 500 B
454 B 399ms
131ms Script
text/html 18.176.230.233
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ad.holmesmind.com/adserver/Preset.js?z=13847
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.176.230.233 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-176-230-233.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1a66fd60fa46f1db167fedf82c137b1cc4439b28f9db3e6760e54f436a37e83e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

access-control-allow-origin: https://reurl.cc
content-encoding: gzip
date: Mon, 08 Dec 2025 13:19:42 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx
access-control-allow-credentials: true

GET
H2 200 js-md5.js Show response
cdn.holmesmind.com/js/ Frame C3A8 30 KB
30 KB 777ms
769ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/js-md5.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag: "ab3f6a2aedec7585237d5fb727bebcbb"
age: 52
via: 1.1 7bb66c5fc1e732675b1f05b324f80096.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 30621
x-amz-cf-id: 9jUcdDFKaTQcY7D9KUhuX4qwMktWy3SrgJO6toA0E93nWxWWhEzTmQ==
date: Mon, 08 Dec 2025 13:18:51 GMT
content-type: application/javascript
last-modified: Tue, 14 Nov 2023 14:04:56 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 Preset.js Show response
ad.holmesmind.com/adserver/ Frame E2D3 2 KB
636 B 395ms
133ms Script
text/html 18.176.230.233
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ad.holmesmind.com/adserver/Preset.js?z=13848
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.176.230.233 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-176-230-233.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: d2986d922842fcae8dd193d6d389060cc5ccd1f0d3ea67652c35a83ee9db4d24

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

access-control-allow-origin: https://reurl.cc
content-encoding: gzip
date: Mon, 08 Dec 2025 13:19:42 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx
access-control-allow-credentials: true

GET
H2 200 js-md5.js Show response
cdn.holmesmind.com/js/ Frame E2D3 30 KB
0 770ms
770ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/js-md5.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag: "ab3f6a2aedec7585237d5fb727bebcbb"
age: 52
via: 1.1 7bb66c5fc1e732675b1f05b324f80096.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 30621
x-amz-cf-id: 9jUcdDFKaTQcY7D9KUhuX4qwMktWy3SrgJO6toA0E93nWxWWhEzTmQ==
date: Mon, 08 Dec 2025 13:18:51 GMT
content-type: application/javascript
last-modified: Tue, 14 Nov 2023 14:04:56 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 Preset.js Show response
ad.holmesmind.com/adserver/ Frame E645 2 KB
636 B 392ms
133ms Script
text/html 18.176.230.233
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ad.holmesmind.com/adserver/Preset.js?z=13856
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.176.230.233 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-176-230-233.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: d2986d922842fcae8dd193d6d389060cc5ccd1f0d3ea67652c35a83ee9db4d24

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

access-control-allow-origin: https://reurl.cc
content-encoding: gzip
date: Mon, 08 Dec 2025 13:19:42 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx
access-control-allow-credentials: true

GET
H2 200 js-md5.js Show response
cdn.holmesmind.com/js/ Frame E645 30 KB
0 768ms
767ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/js-md5.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag: "ab3f6a2aedec7585237d5fb727bebcbb"
age: 52
via: 1.1 7bb66c5fc1e732675b1f05b324f80096.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 30621
x-amz-cf-id: 9jUcdDFKaTQcY7D9KUhuX4qwMktWy3SrgJO6toA0E93nWxWWhEzTmQ==
date: Mon, 08 Dec 2025 13:18:51 GMT
content-type: application/javascript
last-modified: Tue, 14 Nov 2023 14:04:56 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 Preset.js Show response
ad.holmesmind.com/adserver/ Frame 9507 2 KB
853 B 390ms
134ms Script
text/html 18.176.230.233
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ad.holmesmind.com/adserver/Preset.js?z=14210
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.176.230.233 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-176-230-233.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 97526e5a5802eee45d0f67427c48dddd0eb0c90a24b22d33f509203c56c1a156

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

access-control-allow-origin: https://reurl.cc
content-encoding: gzip
date: Mon, 08 Dec 2025 13:19:42 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx
access-control-allow-credentials: true

GET
H2 200 js-md5.js Show response
cdn.holmesmind.com/js/ Frame 9507 30 KB
0 766ms
766ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/js-md5.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag: "ab3f6a2aedec7585237d5fb727bebcbb"
age: 52
via: 1.1 7bb66c5fc1e732675b1f05b324f80096.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 30621
x-amz-cf-id: 9jUcdDFKaTQcY7D9KUhuX4qwMktWy3SrgJO6toA0E93nWxWWhEzTmQ==
date: Mon, 08 Dec 2025 13:18:51 GMT
content-type: application/javascript
last-modified: Tue, 14 Nov 2023 14:04:56 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 Preset.js Show response
ad.holmesmind.com/adserver/ Frame D4B6 820 B
506 B 132ms
130ms Script
text/html 18.176.230.233
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ad.holmesmind.com/adserver/Preset.js?z=22213
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.176.230.233 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-176-230-233.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1005edce901738f3e7db638eb15c2aab780b0eb6980371a743f826e9edf02aa1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

access-control-allow-origin: https://reurl.cc
content-encoding: gzip
date: Mon, 08 Dec 2025 13:19:42 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx
access-control-allow-credentials: true

GET
H2 200 js-md5.js Show response
cdn.holmesmind.com/js/ Frame D4B6 30 KB
0 761ms
761ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/js-md5.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag: "ab3f6a2aedec7585237d5fb727bebcbb"
age: 52
via: 1.1 7bb66c5fc1e732675b1f05b324f80096.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 30621
x-amz-cf-id: 9jUcdDFKaTQcY7D9KUhuX4qwMktWy3SrgJO6toA0E93nWxWWhEzTmQ==
date: Mon, 08 Dec 2025 13:18:51 GMT
content-type: application/javascript
last-modified: Tue, 14 Nov 2023 14:04:56 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 Preset.js Show response
ad.holmesmind.com/adserver/ Frame 3B9C 820 B
506 B 133ms
131ms Script
text/html 18.176.230.233
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ad.holmesmind.com/adserver/Preset.js?z=18535
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.176.230.233 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-176-230-233.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1005edce901738f3e7db638eb15c2aab780b0eb6980371a743f826e9edf02aa1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

access-control-allow-origin: https://reurl.cc
content-encoding: gzip
date: Mon, 08 Dec 2025 13:19:42 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx
access-control-allow-credentials: true

GET
H2 200 js-md5.js Show response
cdn.holmesmind.com/js/ Frame 3B9C 30 KB
0 758ms
758ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/js-md5.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag: "ab3f6a2aedec7585237d5fb727bebcbb"
age: 52
via: 1.1 7bb66c5fc1e732675b1f05b324f80096.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 30621
x-amz-cf-id: 9jUcdDFKaTQcY7D9KUhuX4qwMktWy3SrgJO6toA0E93nWxWWhEzTmQ==
date: Mon, 08 Dec 2025 13:18:51 GMT
content-type: application/javascript
last-modified: Tue, 14 Nov 2023 14:04:56 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 Preset.js Show response
ad.holmesmind.com/adserver/ Frame 7A51 7 KB
1 KB 139ms
137ms Script
text/html 18.176.230.233
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ad.holmesmind.com/adserver/Preset.js?z=22214
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.176.230.233 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-176-230-233.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 9722a06b170a87794da6a4cf27efd1997b9616d64f1ab14cfbfb7d4738480cc4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

access-control-allow-origin: https://reurl.cc
content-encoding: gzip
date: Mon, 08 Dec 2025 13:19:42 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx
access-control-allow-credentials: true

GET
H2 200 js-md5.js Show response
cdn.holmesmind.com/js/ Frame 7A51 30 KB
0 757ms
756ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/js-md5.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag: "ab3f6a2aedec7585237d5fb727bebcbb"
age: 52
via: 1.1 7bb66c5fc1e732675b1f05b324f80096.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 30621
x-amz-cf-id: 9jUcdDFKaTQcY7D9KUhuX4qwMktWy3SrgJO6toA0E93nWxWWhEzTmQ==
date: Mon, 08 Dec 2025 13:18:51 GMT
content-type: application/javascript
last-modified: Tue, 14 Nov 2023 14:04:56 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 Preset.js Show response
ad.holmesmind.com/adserver/ Frame BC9E 7 KB
1 KB 139ms
137ms Script
text/html 18.176.230.233
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ad.holmesmind.com/adserver/Preset.js?z=14209
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.176.230.233 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-176-230-233.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 7ab261e572155915a8e6ef0476abedf3620a0a65af8fa91c057921344ceef112

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

access-control-allow-origin: https://reurl.cc
content-encoding: gzip
date: Mon, 08 Dec 2025 13:19:42 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx
access-control-allow-credentials: true

GET
H2 200 js-md5.js Show response
cdn.holmesmind.com/js/ Frame BC9E 30 KB
0 754ms
754ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/js-md5.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag: "ab3f6a2aedec7585237d5fb727bebcbb"
age: 52
via: 1.1 7bb66c5fc1e732675b1f05b324f80096.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 30621
x-amz-cf-id: 9jUcdDFKaTQcY7D9KUhuX4qwMktWy3SrgJO6toA0E93nWxWWhEzTmQ==
date: Mon, 08 Dec 2025 13:18:51 GMT
content-type: application/javascript
last-modified: Tue, 14 Nov 2023 14:04:56 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 nineyi.tracking.client.iife.js Show response
tracking-client.91app.com/1.2.0/ Frame 2112 42 KB
17 KB 642ms
164ms Script
application/javascript 3.173.197.105
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.173.197.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-173-197-105.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6fb04bf962208df81def881d4eb39e5f263c8f79e4c9425bbe79042eb36938c5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

vary: accept-encoding
cache-control: max-age=no-cache
content-encoding: br
etag: W/"3087e8bcd78cce0b2b4e3454c1fcd923"
age: 103
via: 1.1 b6a7097997e2c9a80454aa70047f9342.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: p98MttKmhlmFXLi6_Ez7cLGUZyhlJVb4P7FDsdehNCaPlPCx2370iA==
date: Mon, 08 Dec 2025 13:18:01 GMT
content-type: application/javascript
last-modified: Mon, 20 Jan 2025 10:42:14 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P8
x-amz-server-side-encryption: AES256

GET
H2 200 nineyi.tracking.client.iife.js Show response
tracking-client.91app.com/1.2.0/ Frame 5528 42 KB
0 642ms
642ms Script
application/javascript 3.173.197.105
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.173.197.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-173-197-105.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6fb04bf962208df81def881d4eb39e5f263c8f79e4c9425bbe79042eb36938c5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

vary: accept-encoding
cache-control: max-age=no-cache
content-encoding: br
etag: W/"3087e8bcd78cce0b2b4e3454c1fcd923"
age: 103
via: 1.1 b6a7097997e2c9a80454aa70047f9342.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: p98MttKmhlmFXLi6_Ez7cLGUZyhlJVb4P7FDsdehNCaPlPCx2370iA==
date: Mon, 08 Dec 2025 13:18:01 GMT
content-type: application/javascript
last-modified: Mon, 20 Jan 2025 10:42:14 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P8
x-amz-server-side-encryption: AES256

GET
H2 200 nineyi.tracking.client.iife.js Show response
tracking-client.91app.com/1.2.0/ Frame 0AA8 42 KB
0 636ms
636ms Script
application/javascript 3.173.197.105
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.173.197.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-173-197-105.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6fb04bf962208df81def881d4eb39e5f263c8f79e4c9425bbe79042eb36938c5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

vary: accept-encoding
cache-control: max-age=no-cache
content-encoding: br
etag: W/"3087e8bcd78cce0b2b4e3454c1fcd923"
age: 103
via: 1.1 b6a7097997e2c9a80454aa70047f9342.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: p98MttKmhlmFXLi6_Ez7cLGUZyhlJVb4P7FDsdehNCaPlPCx2370iA==
date: Mon, 08 Dec 2025 13:18:01 GMT
content-type: application/javascript
last-modified: Mon, 20 Jan 2025 10:42:14 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P8
x-amz-server-side-encryption: AES256

GET
H2 200 nineyi.tracking.client.iife.js Show response
tracking-client.91app.com/1.2.0/ Frame 1DAC 42 KB
0 631ms
631ms Script
application/javascript 3.173.197.105
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.173.197.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-173-197-105.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6fb04bf962208df81def881d4eb39e5f263c8f79e4c9425bbe79042eb36938c5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

vary: accept-encoding
cache-control: max-age=no-cache
content-encoding: br
etag: W/"3087e8bcd78cce0b2b4e3454c1fcd923"
age: 103
via: 1.1 b6a7097997e2c9a80454aa70047f9342.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: p98MttKmhlmFXLi6_Ez7cLGUZyhlJVb4P7FDsdehNCaPlPCx2370iA==
date: Mon, 08 Dec 2025 13:18:01 GMT
content-type: application/javascript
last-modified: Mon, 20 Jan 2025 10:42:14 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P8
x-amz-server-side-encryption: AES256

GET
H/1.1 200
OK /
cm.lndata.com/ Frame 2112 35 B
470 B 350ms
92ms Image
image/gif 116.50.36.71
DONGFONG-TW DongF...

General

Check archive.org

Download Go to Show image

Full URL: https://cm.lndata.com/?tid=4084&uid=media_cookie_id
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 116.50.36.71 , Taiwan, ASN18046 (DONGFONG-TW DongFong Technology Co. Ltd., TW),
Reverse DNS: 116-50-36-71.dft.tw
Software: TornadoServer/1.2.1 /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

Content-Length: 35
P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR
Date: Mon, 08 Dec 2025 13:19:43 GMT
Etag: "0f4e929dd5bb2564f7ab9c76338e04e292a42ace"
Content-Type: image/gif
Connection: keep-alive
Server: TornadoServer/1.2.1

GET
H2 200 fp Show response
cm-dev-poc.holmesmind.com/ Frame 3496 0
217 B 672ms
143ms Document
text/html 18.180.66.169
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cm-dev-poc.holmesmind.com/fp
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.180.66.169 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-180-66-169.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 08 Dec 2025 13:19:43 GMT
server: nginx/1.18.0 (Ubuntu)

GET
H2 200 cm.php Show response
fcm.holmesmind.com/ Frame FE82 39 B
182 B 440ms
269ms Document
text/html 34.95.67.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://fcm.holmesmind.com/cm.php
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.67.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.67.95.34.bc.googleusercontent.com
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: d51ae4a1096fac36fe9055d5c3f4daa85de0120b567636c89327b544a2a6a795

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39
content-type: text/html; charset=UTF-8
date: Mon, 08 Dec 2025 13:19:43 GMT
server: Apache/2.4.29 (Ubuntu)
via: 1.1 google

GET
H2 200 cm.js Show response
fcm2.holmesmind.com/ Frame 2112 409 B
632 B 403ms
130ms Script
application/javascript 18.178.75.163
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://fcm2.holmesmind.com/cm.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.178.75.163 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-178-75-163.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c205c874491530a4288b8f643e5da8fbcf7c54bee71bb787f4444e77de90e821

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

access-control-allow-origin: *
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0 (Ubuntu)

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame 2112 5 KB
3 KB 427ms
260ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

strict-transport-security: max-age=0
cache-control: max-age=600
content-encoding: gzip
etag: W/"65e6c0fa-15e4"
expires: Mon, 08 Dec 2025 13:29:43 GMT
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: application/javascript
last-modified: Tue, 05 Mar 2024 06:51:38 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 fp
cm-dev-poc.holmesmind.com/ Frame 2112 0
218 B 664ms
138ms Image
text/html 18.180.66.169
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://cm-dev-poc.holmesmind.com/fp
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.180.66.169 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-180-66-169.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

content-encoding: gzip
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.18.0 (Ubuntu)

GET
H2

200

cm
c.holmesmind.com/ Frame 2112
Redirect Chain

https://c.holmesmind.com/cm
https://c.holmesmind.com/cm?tc=getIn&

0
500 B

245ms
244ms

Image
text/html

35.201.76.93
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL: https://c.holmesmind.com/cm?tc=getIn&
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Server: 35.201.76.93 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 93.76.201.35.bc.googleusercontent.com
Software: nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
server: nginx/1.10.3 (Ubuntu)

Redirect headers

location: https://c.holmesmind.com/cm?tc=getIn&
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
server: nginx/1.10.3 (Ubuntu)

GET
H2

200

google
m.holmesmind.com/ml/ Frame 2112
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined
https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=undefined&uu_m=undefined&google_tc=
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEPfgjmPIZ-NUrg4tlqOotsE&google_cver=1

0
454 B

310ms
136ms

Image
image/png

35.227.249.156
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL: https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEPfgjmPIZ-NUrg4tlqOotsE&google_cver=1
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Server: 35.227.249.156 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 156.249.227.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

x-goog-metageneration: 1
x-goog-hash: crc32c=AAAAAA==, md5=1B2M2Y8AsgTpgAmY7PhCfg==
etag: "d41d8cd98f00b204e9800998ecf8427e"
x-goog-stored-content-encoding: identity
expires: Mon, 08 Dec 2025 14:19:43 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 0
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: image/png
last-modified: Wed, 21 Feb 2018 07:36:41 GMT
x-guploader-uploadid: AHVrFxP5hAMWh6p8qmlmVlNahchLvpg1JsSsNMzHFxWeHhtEITmpdqhEfeHnV1ZPnKhDGZfGaLcDFw4
cache-control: public, max-age=3600
x-goog-storage-class: REGIONAL
accept-ranges: bytes
x-goog-generation: 1519198601160228
content-length: 0
server: UploadServer

Redirect headers

cache-control: no-cache, must-revalidate
location: https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEPfgjmPIZ-NUrg4tlqOotsE&google_cver=1
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 328
date: Mon, 08 Dec 2025 13:19:43 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)

GET
H2 200 nineyi.tracking.client.iife.js Show response
tracking-client.91app.com/1.2.0/ Frame 065F 42 KB
0 616ms
616ms Script
application/javascript 3.173.197.105
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.173.197.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-173-197-105.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6fb04bf962208df81def881d4eb39e5f263c8f79e4c9425bbe79042eb36938c5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

vary: accept-encoding
cache-control: max-age=no-cache
content-encoding: br
etag: W/"3087e8bcd78cce0b2b4e3454c1fcd923"
age: 103
via: 1.1 b6a7097997e2c9a80454aa70047f9342.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: p98MttKmhlmFXLi6_Ez7cLGUZyhlJVb4P7FDsdehNCaPlPCx2370iA==
date: Mon, 08 Dec 2025 13:18:01 GMT
content-type: application/javascript
last-modified: Mon, 20 Jan 2025 10:42:14 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P8
x-amz-server-side-encryption: AES256

GET
H2 200 nineyi.tracking.client.iife.js Show response
tracking-client.91app.com/1.2.0/ Frame D669 42 KB
0 610ms
610ms Script
application/javascript 3.173.197.105
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.173.197.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-173-197-105.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6fb04bf962208df81def881d4eb39e5f263c8f79e4c9425bbe79042eb36938c5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

vary: accept-encoding
cache-control: max-age=no-cache
content-encoding: br
etag: W/"3087e8bcd78cce0b2b4e3454c1fcd923"
age: 103
via: 1.1 b6a7097997e2c9a80454aa70047f9342.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: p98MttKmhlmFXLi6_Ez7cLGUZyhlJVb4P7FDsdehNCaPlPCx2370iA==
date: Mon, 08 Dec 2025 13:18:01 GMT
content-type: application/javascript
last-modified: Mon, 20 Jan 2025 10:42:14 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P8
x-amz-server-side-encryption: AES256

GET
H/1.1 200
OK /
cm.lndata.com/ Frame 5528 35 B
394 B 431ms
101ms Image
image/gif 116.50.36.71
DONGFONG-TW DongF...

General

Check archive.org

Download Go to Show image

Full URL: https://cm.lndata.com/?tid=4084&uid=media_cookie_id
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 116.50.36.71 , Taiwan, ASN18046 (DONGFONG-TW DongFong Technology Co. Ltd., TW),
Reverse DNS: 116-50-36-71.dft.tw
Software: TornadoServer/1.2.1 /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR
Content-Length: 35
Date: Mon, 08 Dec 2025 13:19:43 GMT
Etag: "0f4e929dd5bb2564f7ab9c76338e04e292a42ace"
Content-Type: image/gif
Server: TornadoServer/1.2.1

GET
H2 200 fp
cm-dev-poc.holmesmind.com/ Frame 5528 0
217 B 790ms
136ms Image
text/html 18.180.66.169
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://cm-dev-poc.holmesmind.com/fp
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.180.66.169 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-180-66-169.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

content-encoding: gzip
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.18.0 (Ubuntu)

GET
H3

200

cm
c.holmesmind.com/ Frame 5528
Redirect Chain

https://c.holmesmind.com/cm
https://c.holmesmind.com/cm?tc=getIn&

0
12 B

246ms
244ms

Image
text/html

35.201.76.93
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL: https://c.holmesmind.com/cm?tc=getIn&
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H3
Server: 35.201.76.93 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 93.76.201.35.bc.googleusercontent.com
Software: nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
server: nginx/1.10.3 (Ubuntu)

Redirect headers

location: https://c.holmesmind.com/cm?tc=getIn&
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
server: nginx/1.10.3 (Ubuntu)

GET
H2 200 fp Show response
cm-dev-poc.holmesmind.com/ Frame 3D6E 0
217 B 882ms
227ms Document
text/html 18.180.66.169
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cm-dev-poc.holmesmind.com/fp
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.180.66.169 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-180-66-169.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 08 Dec 2025 13:19:43 GMT
server: nginx/1.18.0 (Ubuntu)

GET
H2 200 cm.php Show response
fcm.holmesmind.com/ Frame DF78 39 B
88 B 691ms
267ms Document
text/html 34.95.67.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://fcm.holmesmind.com/cm.php
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.67.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.67.95.34.bc.googleusercontent.com
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: d51ae4a1096fac36fe9055d5c3f4daa85de0120b567636c89327b544a2a6a795

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39
content-type: text/html; charset=UTF-8
date: Mon, 08 Dec 2025 13:19:43 GMT
server: Apache/2.4.29 (Ubuntu)
via: 1.1 google

GET
H2 200 cm.js Show response
fcm2.holmesmind.com/ Frame 5528 409 B
631 B 516ms
130ms Script
application/javascript 18.178.75.163
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://fcm2.holmesmind.com/cm.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.178.75.163 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-178-75-163.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c205c874491530a4288b8f643e5da8fbcf7c54bee71bb787f4444e77de90e821

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

access-control-allow-origin: *
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0 (Ubuntu)

GET
H2

200

google
m.holmesmind.com/ml/ Frame 5528
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined
https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=undefined&uu_m=undefined&google_tc=
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESELxgerU5l370S_NQjVB_gwM&google_cver=1

0
127 B

137ms
137ms

Image
image/png

35.227.249.156
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL: https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESELxgerU5l370S_NQjVB_gwM&google_cver=1
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Server: 35.227.249.156 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 156.249.227.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

x-goog-metageneration: 1
x-goog-hash: crc32c=AAAAAA==, md5=1B2M2Y8AsgTpgAmY7PhCfg==
etag: "d41d8cd98f00b204e9800998ecf8427e"
x-goog-stored-content-encoding: identity
expires: Mon, 08 Dec 2025 14:19:43 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 0
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: image/png
last-modified: Wed, 21 Feb 2018 07:36:41 GMT
x-guploader-uploadid: AHVrFxPmTxSe-avM9e5d7L6sVOxFkIxbWsJIZ_v1-lJEiR5OqJrdzwQCJVP14tE6IT7COhwJImSYsU8
cache-control: public, max-age=3600
x-goog-storage-class: REGIONAL
accept-ranges: bytes
x-goog-generation: 1519198601160228
content-length: 0
server: UploadServer

Redirect headers

cache-control: no-cache, must-revalidate
location: https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESELxgerU5l370S_NQjVB_gwM&google_cver=1
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 328
date: Mon, 08 Dec 2025 13:19:43 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)

GET
H/1.1 200
OK /
cm.lndata.com/ Frame 0AA8 35 B
394 B 534ms
107ms Image
image/gif 116.50.36.71
DONGFONG-TW DongF...

General

Check archive.org

Download Go to Show image

Full URL: https://cm.lndata.com/?tid=4084&uid=media_cookie_id
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 116.50.36.71 , Taiwan, ASN18046 (DONGFONG-TW DongFong Technology Co. Ltd., TW),
Reverse DNS: 116-50-36-71.dft.tw
Software: TornadoServer/1.2.1 /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR
Content-Length: 35
Date: Mon, 08 Dec 2025 13:19:43 GMT
Etag: "0f4e929dd5bb2564f7ab9c76338e04e292a42ace"
Content-Type: image/gif
Server: TornadoServer/1.2.1

GET
H2 200 fp
cm-dev-poc.holmesmind.com/ Frame 0AA8 0
217 B 925ms
138ms Image
text/html 18.180.66.169
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://cm-dev-poc.holmesmind.com/fp
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.180.66.169 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-180-66-169.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

content-encoding: gzip
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.18.0 (Ubuntu)

GET
H3

200

cm
c.holmesmind.com/ Frame 0AA8
Redirect Chain

https://c.holmesmind.com/cm
https://c.holmesmind.com/cm?tc=getIn&

0
12 B

242ms
238ms

Image
text/html

35.201.76.93
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL: https://c.holmesmind.com/cm?tc=getIn&
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H3
Server: 35.201.76.93 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 93.76.201.35.bc.googleusercontent.com
Software: nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
server: nginx/1.10.3 (Ubuntu)

Redirect headers

location: https://c.holmesmind.com/cm?tc=getIn&
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
server: nginx/1.10.3 (Ubuntu)

GET
H2 200 fp Show response
cm-dev-poc.holmesmind.com/ Frame 9FD8 0
217 B 1049ms
167ms Document
text/html 18.180.66.169
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cm-dev-poc.holmesmind.com/fp
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.180.66.169 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-180-66-169.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 08 Dec 2025 13:19:43 GMT
server: nginx/1.18.0 (Ubuntu)

GET
H3 200 cm.php Show response
fcm.holmesmind.com/ Frame AD37 39 B
52 B 957ms
271ms Document
text/html 34.95.67.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://fcm.holmesmind.com/cm.php
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.95.67.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.67.95.34.bc.googleusercontent.com
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: d51ae4a1096fac36fe9055d5c3f4daa85de0120b567636c89327b544a2a6a795

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39
content-type: text/html; charset=UTF-8
date: Mon, 08 Dec 2025 13:19:43 GMT
server: Apache/2.4.29 (Ubuntu)
via: 1.1 google

GET
H2 200 cm.js Show response
fcm2.holmesmind.com/ Frame 0AA8 409 B
631 B 641ms
131ms Script
application/javascript 18.178.75.163
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://fcm2.holmesmind.com/cm.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.178.75.163 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-178-75-163.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c205c874491530a4288b8f643e5da8fbcf7c54bee71bb787f4444e77de90e821

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

access-control-allow-origin: *
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0 (Ubuntu)

GET
H2

200

google
m.holmesmind.com/ml/ Frame 0AA8
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined
https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=undefined&uu_m=undefined&google_tc=
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESELxgerU5l370S_NQjVB_gwM&google_cver=1

0
0

1ms
1ms

Image
image/png

35.227.249.156
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL: https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESELxgerU5l370S_NQjVB_gwM&google_cver=1
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Server: 35.227.249.156 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 156.249.227.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

x-goog-metageneration: 1
x-goog-hash: crc32c=AAAAAA==, md5=1B2M2Y8AsgTpgAmY7PhCfg==
etag: "d41d8cd98f00b204e9800998ecf8427e"
x-goog-stored-content-encoding: identity
expires: Mon, 08 Dec 2025 14:19:43 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 0
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: image/png
last-modified: Wed, 21 Feb 2018 07:36:41 GMT
x-guploader-uploadid: AHVrFxPmTxSe-avM9e5d7L6sVOxFkIxbWsJIZ_v1-lJEiR5OqJrdzwQCJVP14tE6IT7COhwJImSYsU8
cache-control: public, max-age=3600
x-goog-storage-class: REGIONAL
accept-ranges: bytes
x-goog-generation: 1519198601160228
content-length: 0
server: UploadServer

Redirect headers

cache-control: no-cache, must-revalidate
location: https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESELxgerU5l370S_NQjVB_gwM&google_cver=1
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 328
date: Mon, 08 Dec 2025 13:19:43 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)

GET
H/1.1 200
OK /
cm.lndata.com/ Frame 1DAC 35 B
394 B 615ms
85ms Image
image/gif 116.50.36.71
DONGFONG-TW DongF...

General

Check archive.org

Download Go to Show image

Full URL: https://cm.lndata.com/?tid=4084&uid=media_cookie_id
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 116.50.36.71 , Taiwan, ASN18046 (DONGFONG-TW DongFong Technology Co. Ltd., TW),
Reverse DNS: 116-50-36-71.dft.tw
Software: TornadoServer/1.2.1 /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR
Content-Length: 35
Date: Mon, 08 Dec 2025 13:19:43 GMT
Etag: "0f4e929dd5bb2564f7ab9c76338e04e292a42ace"
Content-Type: image/gif
Server: TornadoServer/1.2.1

GET
H2 200 fp
cm-dev-poc.holmesmind.com/ Frame 1DAC 0
217 B 1059ms
137ms Image
text/html 18.180.66.169
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://cm-dev-poc.holmesmind.com/fp
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.180.66.169 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-180-66-169.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

content-encoding: gzip
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.18.0 (Ubuntu)

GET
H3

200

cm
c.holmesmind.com/ Frame 1DAC
Redirect Chain

https://c.holmesmind.com/cm
https://c.holmesmind.com/cm?tc=getIn&

0
12 B

246ms
237ms

Image
text/html

35.201.76.93
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL: https://c.holmesmind.com/cm?tc=getIn&
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H3
Server: 35.201.76.93 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 93.76.201.35.bc.googleusercontent.com
Software: nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Mon, 08 Dec 2025 13:19:44 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
server: nginx/1.10.3 (Ubuntu)

Redirect headers

location: https://c.holmesmind.com/cm?tc=getIn&
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
server: nginx/1.10.3 (Ubuntu)

GET
H2 200 fp Show response
cm-dev-poc.holmesmind.com/ Frame 8043 0
217 B 1184ms
135ms Document
text/html 18.180.66.169
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cm-dev-poc.holmesmind.com/fp
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.180.66.169 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-180-66-169.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 08 Dec 2025 13:19:44 GMT
server: nginx/1.18.0 (Ubuntu)

GET
H3 200 cm.php Show response
fcm.holmesmind.com/ Frame 5ED4 39 B
52 B 1223ms
269ms Document
text/html 34.95.67.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://fcm.holmesmind.com/cm.php
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.95.67.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.67.95.34.bc.googleusercontent.com
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: d51ae4a1096fac36fe9055d5c3f4daa85de0120b567636c89327b544a2a6a795

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39
content-type: text/html; charset=UTF-8
date: Mon, 08 Dec 2025 13:19:44 GMT
server: Apache/2.4.29 (Ubuntu)
via: 1.1 google

GET
H2 200 cm.js Show response
fcm2.holmesmind.com/ Frame 1DAC 409 B
631 B 771ms
130ms Script
application/javascript 18.178.75.163
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://fcm2.holmesmind.com/cm.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.178.75.163 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-178-75-163.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c205c874491530a4288b8f643e5da8fbcf7c54bee71bb787f4444e77de90e821

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

access-control-allow-origin: *
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0 (Ubuntu)

GET
H2

200

google
m.holmesmind.com/ml/ Frame 1DAC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined
https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=undefined&uu_m=undefined&google_tc=
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESELxgerU5l370S_NQjVB_gwM&google_cver=1

0
0

1ms
1ms

Image
image/png

35.227.249.156
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL: https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESELxgerU5l370S_NQjVB_gwM&google_cver=1
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Server: 35.227.249.156 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 156.249.227.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

x-goog-metageneration: 1
x-goog-hash: crc32c=AAAAAA==, md5=1B2M2Y8AsgTpgAmY7PhCfg==
etag: "d41d8cd98f00b204e9800998ecf8427e"
x-goog-stored-content-encoding: identity
expires: Mon, 08 Dec 2025 14:19:43 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 0
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: image/png
last-modified: Wed, 21 Feb 2018 07:36:41 GMT
x-guploader-uploadid: AHVrFxPmTxSe-avM9e5d7L6sVOxFkIxbWsJIZ_v1-lJEiR5OqJrdzwQCJVP14tE6IT7COhwJImSYsU8
cache-control: public, max-age=3600
x-goog-storage-class: REGIONAL
accept-ranges: bytes
x-goog-generation: 1519198601160228
content-length: 0
server: UploadServer

Redirect headers

cache-control: no-cache, must-revalidate
location: https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESELxgerU5l370S_NQjVB_gwM&google_cver=1
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 328
date: Mon, 08 Dec 2025 13:19:44 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)

GET
H/1.1 200
OK /
cm.lndata.com/ Frame 065F 35 B
394 B 700ms
89ms Image
image/gif 116.50.36.71
DONGFONG-TW DongF...

General

Check archive.org

Download Go to Show image

Full URL: https://cm.lndata.com/?tid=4084&uid=media_cookie_id
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 116.50.36.71 , Taiwan, ASN18046 (DONGFONG-TW DongFong Technology Co. Ltd., TW),
Reverse DNS: 116-50-36-71.dft.tw
Software: TornadoServer/1.2.1 /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR
Content-Length: 35
Date: Mon, 08 Dec 2025 13:19:43 GMT
Etag: "0f4e929dd5bb2564f7ab9c76338e04e292a42ace"
Content-Type: image/gif
Server: TornadoServer/1.2.1

GET
H2 200 fp
cm-dev-poc.holmesmind.com/ Frame 065F 0
217 B 1193ms
137ms Image
text/html 18.180.66.169
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://cm-dev-poc.holmesmind.com/fp
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.180.66.169 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-180-66-169.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

content-encoding: gzip
date: Mon, 08 Dec 2025 13:19:44 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.18.0 (Ubuntu)

GET
H3

200

cm
c.holmesmind.com/ Frame 065F
Redirect Chain

https://c.holmesmind.com/cm
https://c.holmesmind.com/cm?tc=getIn&

0
12 B

239ms
238ms

Image
text/html

35.201.76.93
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL: https://c.holmesmind.com/cm?tc=getIn&
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H3
Server: 35.201.76.93 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 93.76.201.35.bc.googleusercontent.com
Software: nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Mon, 08 Dec 2025 13:19:44 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
server: nginx/1.10.3 (Ubuntu)

Redirect headers

location: https://c.holmesmind.com/cm?tc=getIn&
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Mon, 08 Dec 2025 13:19:44 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
server: nginx/1.10.3 (Ubuntu)

GET
H2 200 fp Show response
cm-dev-poc.holmesmind.com/ Frame D0B6 0
217 B 1317ms
136ms Document
text/html 18.180.66.169
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cm-dev-poc.holmesmind.com/fp
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.180.66.169 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-180-66-169.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 08 Dec 2025 13:19:44 GMT
server: nginx/1.18.0 (Ubuntu)

GET
H3 200 cm.php Show response
fcm.holmesmind.com/ Frame 75D0 39 B
54 B 1487ms
268ms Document
text/html 34.95.67.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://fcm.holmesmind.com/cm.php
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.95.67.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.67.95.34.bc.googleusercontent.com
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: d51ae4a1096fac36fe9055d5c3f4daa85de0120b567636c89327b544a2a6a795

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39
content-type: text/html; charset=UTF-8
date: Mon, 08 Dec 2025 13:19:44 GMT
server: Apache/2.4.29 (Ubuntu)
via: 1.1 google

GET
H2 200 cm.js Show response
fcm2.holmesmind.com/ Frame 065F 409 B
631 B 900ms
132ms Script
application/javascript 18.178.75.163
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://fcm2.holmesmind.com/cm.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.178.75.163 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-178-75-163.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c205c874491530a4288b8f643e5da8fbcf7c54bee71bb787f4444e77de90e821

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

access-control-allow-origin: *
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0 (Ubuntu)

GET
H2

200

google
m.holmesmind.com/ml/ Frame 065F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined
https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=undefined&uu_m=undefined&google_tc=
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESELxgerU5l370S_NQjVB_gwM&google_cver=1

0
0

0ms
0ms

Image
image/png

35.227.249.156
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL: https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESELxgerU5l370S_NQjVB_gwM&google_cver=1
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Server: 35.227.249.156 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 156.249.227.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

x-goog-metageneration: 1
x-goog-hash: crc32c=AAAAAA==, md5=1B2M2Y8AsgTpgAmY7PhCfg==
etag: "d41d8cd98f00b204e9800998ecf8427e"
x-goog-stored-content-encoding: identity
expires: Mon, 08 Dec 2025 14:19:43 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 0
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: image/png
last-modified: Wed, 21 Feb 2018 07:36:41 GMT
x-guploader-uploadid: AHVrFxPmTxSe-avM9e5d7L6sVOxFkIxbWsJIZ_v1-lJEiR5OqJrdzwQCJVP14tE6IT7COhwJImSYsU8
cache-control: public, max-age=3600
x-goog-storage-class: REGIONAL
accept-ranges: bytes
x-goog-generation: 1519198601160228
content-length: 0
server: UploadServer

Redirect headers

cache-control: no-cache, must-revalidate
location: https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESELxgerU5l370S_NQjVB_gwM&google_cver=1
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 328
date: Mon, 08 Dec 2025 13:19:44 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)

GET
H/1.1 200
OK /
cm.lndata.com/ Frame D669 35 B
394 B 785ms
87ms Image
image/gif 116.50.36.71
DONGFONG-TW DongF...

General

Check archive.org

Download Go to Show image

Full URL: https://cm.lndata.com/?tid=4084&uid=media_cookie_id
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 116.50.36.71 , Taiwan, ASN18046 (DONGFONG-TW DongFong Technology Co. Ltd., TW),
Reverse DNS: 116-50-36-71.dft.tw
Software: TornadoServer/1.2.1 /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR
Content-Length: 35
Date: Mon, 08 Dec 2025 13:19:43 GMT
Etag: "0f4e929dd5bb2564f7ab9c76338e04e292a42ace"
Content-Type: image/gif
Server: TornadoServer/1.2.1

GET
H2 200 fp
cm-dev-poc.holmesmind.com/ Frame D669 0
217 B 1840ms
651ms Image
text/html 18.180.66.169
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://cm-dev-poc.holmesmind.com/fp
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.180.66.169 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-180-66-169.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

content-encoding: gzip
date: Mon, 08 Dec 2025 13:19:44 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.18.0 (Ubuntu)

GET
H3

200

cm
c.holmesmind.com/ Frame D669
Redirect Chain

https://c.holmesmind.com/cm
https://c.holmesmind.com/cm?tc=getIn&

0
12 B

271ms
247ms

Image
text/html

35.201.76.93
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL: https://c.holmesmind.com/cm?tc=getIn&
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H3
Server: 35.201.76.93 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 93.76.201.35.bc.googleusercontent.com
Software: nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Mon, 08 Dec 2025 13:19:44 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
server: nginx/1.10.3 (Ubuntu)

Redirect headers

location: https://c.holmesmind.com/cm?tc=getIn&
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Mon, 08 Dec 2025 13:19:44 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
server: nginx/1.10.3 (Ubuntu)

GET
H2 200 fp Show response
cm-dev-poc.holmesmind.com/ Frame AEAB 0
217 B 1454ms
140ms Document
text/html 18.180.66.169
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cm-dev-poc.holmesmind.com/fp
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.180.66.169 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-180-66-169.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 08 Dec 2025 13:19:44 GMT
server: nginx/1.18.0 (Ubuntu)

GET
H3 200 cm.php Show response
fcm.holmesmind.com/ Frame D0C6 39 B
54 B 1751ms
267ms Document
text/html 34.95.67.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://fcm.holmesmind.com/cm.php
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.95.67.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.67.95.34.bc.googleusercontent.com
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: d51ae4a1096fac36fe9055d5c3f4daa85de0120b567636c89327b544a2a6a795

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39
content-type: text/html; charset=UTF-8
date: Mon, 08 Dec 2025 13:19:44 GMT
server: Apache/2.4.29 (Ubuntu)
via: 1.1 google

GET
H2 200 cm.js Show response
fcm2.holmesmind.com/ Frame D669 409 B
631 B 1028ms
130ms Script
application/javascript 18.178.75.163
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://fcm2.holmesmind.com/cm.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.178.75.163 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-178-75-163.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c205c874491530a4288b8f643e5da8fbcf7c54bee71bb787f4444e77de90e821

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

access-control-allow-origin: *
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0 (Ubuntu)

GET
H2

200

google
m.holmesmind.com/ml/ Frame D669
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined
https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=undefined&uu_m=undefined&google_tc=
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESELxgerU5l370S_NQjVB_gwM&google_cver=1

0
0

0ms
0ms

Image
image/png

35.227.249.156
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL: https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESELxgerU5l370S_NQjVB_gwM&google_cver=1
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Server: 35.227.249.156 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 156.249.227.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

x-goog-metageneration: 1
x-goog-hash: crc32c=AAAAAA==, md5=1B2M2Y8AsgTpgAmY7PhCfg==
etag: "d41d8cd98f00b204e9800998ecf8427e"
x-goog-stored-content-encoding: identity
expires: Mon, 08 Dec 2025 14:19:43 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 0
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: image/png
last-modified: Wed, 21 Feb 2018 07:36:41 GMT
x-guploader-uploadid: AHVrFxPmTxSe-avM9e5d7L6sVOxFkIxbWsJIZ_v1-lJEiR5OqJrdzwQCJVP14tE6IT7COhwJImSYsU8
cache-control: public, max-age=3600
x-goog-storage-class: REGIONAL
accept-ranges: bytes
x-goog-generation: 1519198601160228
content-length: 0
server: UploadServer

Redirect headers

cache-control: no-cache, must-revalidate
location: https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESELxgerU5l370S_NQjVB_gwM&google_cver=1
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 328
date: Mon, 08 Dec 2025 13:19:44 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)

GET
H2 200 128002626 Show response
fundingchoicesmessages.google.com/i/ 214 KB
69 KB 481ms
189ms Script
application/javascript 142.251.42.142
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/128002626?ers=3

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512020101/pubads_impl.js?cb=31095969

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.42.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s45-in-f14.1e100.net

Software

ESF /

Resource Hash

b5e3c942a7a29f2edcf943490da066f5f3492336c103a9d4ca0a75e32eacbfaf

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-_5ZWNFj2PexeHirabkOpDQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjmsCoxSXF4KAhxdB68xzrZCDuWnSedQYQGypcYrUH4g_1l1l_AHGRxBXWBiD-VHWDVaD6BmsS-03WAiA287vNagfE1e5ebM1AbOvvw-YKxN-KfdlYSnzZ9v33ZTsGxHtz_NiOAnFmpx9bIRCf3-vHdh2IV9_0Y9sMxCu8_Nk2ALEQD8f7BbdPsgmsWD3jK6OSRlJ-YXxyfl5JUWZSaUl-UVpyWmpxalFZalG8kYGRqaGRgYmegXl8gQEAYuZLvg"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-_5ZWNFj2PexeHirabkOpDQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 2112 332 KB
87 KB 322ms
164ms Script
application/x-javascript 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: fcm2.holmesmind.com
URL: https://fcm2.holmesmind.com/cm.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

eff958d6a66dede8a64c252dcf84e69d34c888460d5fcf6f835e655ab487d352

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' blob: ;script-src 'nonce-NC7gFT8c' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: 'self' https://.google-analytics.com .google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: .cdninstagram.com https://.google-analytics.com;font-src 'self' data: blob: ;img-src 'self' data: blob: https://.google-analytics.com;media-src 'self' data: blob: ;child-src 'self' data: blob: ;frame-src 'self' data: blob: ;manifest-src 'self' data: blob: ;object-src 'self' data: blob: ;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' blob: *;script-src 'nonce-NC7gFT8c' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: MODERATE; q=0.3, rtt=151, rtx=0, c=24, mss=1232, tbw=8738, tp=13, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: G4f144uT3tvk7NKRpKMieH58W3lZTAKn5aa5dwoRncVJwBeU85c5N+v09x7wyFlHnN7lV9GD3vxQwUZeqmF9Mg==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
content-length: 88493
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame 2112 37 B
409 B 82ms
81ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

cc6cdc88d0b8d6e81f19c2bca9e328697cf165120ae7161b7aa34d96a85596d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

strict-transport-security: max-age=0
cache-control: no-cache, private
content-encoding: gzip
access-control-allow-credentials: true
access-control-allow-origin: https://cdn.holmesmind.com
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Origin
server: nginx

GET
H2 200 emome2 Show response
t.ssp.hinet.net/ Frame 2112 30 B
278 B 93ms
92ms XHR
application/json 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/emome2?u=83e9bfa3-72be-41e6-bbf5-c9cad822781b

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

strict-transport-security: max-age=0
cache-control: no-cache, private
content-encoding: gzip
access-control-allow-credentials: true
access-control-allow-origin: https://cdn.holmesmind.com
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: application/json
vary: Accept-Encoding, Origin
server: nginx

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 5528 332 KB
0 191ms
191ms Script
application/x-javascript 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: fcm2.holmesmind.com
URL: https://fcm2.holmesmind.com/cm.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

eff958d6a66dede8a64c252dcf84e69d34c888460d5fcf6f835e655ab487d352

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' blob: ;script-src 'nonce-NC7gFT8c' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: 'self' https://.google-analytics.com .google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: .cdninstagram.com https://.google-analytics.com;font-src 'self' data: blob: ;img-src 'self' data: blob: https://.google-analytics.com;media-src 'self' data: blob: ;child-src 'self' data: blob: ;frame-src 'self' data: blob: ;manifest-src 'self' data: blob: ;object-src 'self' data: blob: ;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' blob: *;script-src 'nonce-NC7gFT8c' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: MODERATE; q=0.3, rtt=151, rtx=0, c=24, mss=1232, tbw=8738, tp=13, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: G4f144uT3tvk7NKRpKMieH58W3lZTAKn5aa5dwoRncVJwBeU85c5N+v09x7wyFlHnN7lV9GD3vxQwUZeqmF9Mg==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
content-length: 88493
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 0AA8 332 KB
0 30ms
30ms Script
application/x-javascript 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: fcm2.holmesmind.com
URL: https://fcm2.holmesmind.com/cm.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

eff958d6a66dede8a64c252dcf84e69d34c888460d5fcf6f835e655ab487d352

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' blob: ;script-src 'nonce-NC7gFT8c' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: 'self' https://.google-analytics.com .google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: .cdninstagram.com https://.google-analytics.com;font-src 'self' data: blob: ;img-src 'self' data: blob: https://.google-analytics.com;media-src 'self' data: blob: ;child-src 'self' data: blob: ;frame-src 'self' data: blob: ;manifest-src 'self' data: blob: ;object-src 'self' data: blob: ;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' blob: *;script-src 'nonce-NC7gFT8c' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: MODERATE; q=0.3, rtt=151, rtx=0, c=24, mss=1232, tbw=8738, tp=13, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: G4f144uT3tvk7NKRpKMieH58W3lZTAKn5aa5dwoRncVJwBeU85c5N+v09x7wyFlHnN7lV9GD3vxQwUZeqmF9Mg==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
content-length: 88493
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 493 KB
161 KB 166ms
164ms Script
application/javascript 142.250.196.136
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0&cx=c&gtm=4e5c31

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S9B9ZLEX4D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.196.136 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s36-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

e1f4fc988bece86a44450f51b6475a6c5e6b464452ad72b3291b0aa3299fb524

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
content-encoding: zstd
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Mon, 08 Dec 2025 13:19:43 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 164909
date: Mon, 08 Dec 2025 13:19:43 GMT
x-xss-protection: 0
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Google Tag Manager
access-control-allow-headers: Cache-Control

POST
H2 204 collect
analytics.google.com/g/ 0
0 252ms
85ms Fetch
text/plain 216.239.32.181
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-S9B9ZLEX4D&gtm=45je5c31v9235665865za200zd9235665865&_p=1765199981857&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&cid=543771640.1765199982&ul=zh-tw&sr=1600x1200&_ng=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391252~115583767~115938465~115938468~116184927~116184929~116217636~116217638~116427946&sid=1765199983&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2F8nzqdj&dt=%E7%B8%AE%E7%9F%AD%E7%B6%B2%E5%9D%80%E7%94%A2%E7%94%9F%E5%99%A8%20-%20reurl&en=page_view&_fv=1&_ss=1&_ee=1&tfd=2858
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S9B9ZLEX4D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.32.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:169:0
report-to: {"group":"ascnsrsggc:169:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:169:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://reurl.cc
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:169:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
553 B 259ms
81ms Ping
text/plain 74.125.23.154
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&_ng=1&tid=G-S9B9ZLEX4D&cid=543771640.1765199982&gtm=45je5c31v9235665865za200zd9235665865&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391252~115583767~115938465~115938468~116184927~116184929~116217636~116217638~116427946
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S9B9ZLEX4D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 74.125.23.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: tg-in-f154.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:138:0
report-to: {"group":"ascnsrsggc:138:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:138:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://reurl.cc
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:138:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 ga-audiences
www.google.com.tw/ads/ 42 B
408 B 437ms
160ms Image
image/gif 172.217.161.35
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://www.google.com.tw/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ng=1&tid=G-S9B9ZLEX4D&cid=543771640.1765199982&gtm=45je5c31v9235665865za200zd9235665865&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391252~115583767~115938465~115938468~116184927~116184929~116217636~116217638~116427946&z=1342677545

Requested by

Host: reurl.cc
URL: https://reurl.cc/8nzqdj

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.161.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s23-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Mon, 08 Dec 2025 13:19:44 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 1DAC 332 KB
0 0ms
0ms Script
application/x-javascript 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: fcm2.holmesmind.com
URL: https://fcm2.holmesmind.com/cm.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

eff958d6a66dede8a64c252dcf84e69d34c888460d5fcf6f835e655ab487d352

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' blob: ;script-src 'nonce-NC7gFT8c' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: 'self' https://.google-analytics.com .google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: .cdninstagram.com https://.google-analytics.com;font-src 'self' data: blob: ;img-src 'self' data: blob: https://.google-analytics.com;media-src 'self' data: blob: ;child-src 'self' data: blob: ;frame-src 'self' data: blob: ;manifest-src 'self' data: blob: ;object-src 'self' data: blob: ;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' blob: *;script-src 'nonce-NC7gFT8c' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: MODERATE; q=0.3, rtt=151, rtx=0, c=24, mss=1232, tbw=8738, tp=13, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: G4f144uT3tvk7NKRpKMieH58W3lZTAKn5aa5dwoRncVJwBeU85c5N+v09x7wyFlHnN7lV9GD3vxQwUZeqmF9Mg==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
content-length: 88493
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H3 200 UXtr_j2Fwe-.png
static.xx.fbcdn.net/rsrc.php/v4/yw/r/ Frame 73E8 573 B
716 B 153ms
151ms Image
image/png 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v4/yw/r/UXtr_j2Fwe-.png

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v5/yE/l/1,cross/iXGJEr7Orjl.css

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

96e3e8dfde6b1042514824bac1b44282d4a76bac028f2d767f6534dce2cf3db0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://static.xx.fbcdn.net/rsrc.php/v5/yE/l/1,cross/iXGJEr7Orjl.css

Response headers

content-md5: 07aG/2AEtDHVAZ5LUajMDQ==
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Wed, 02 Dec 2026 22:56:53 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: image/png
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: blTjacw4DOu2cdGkT8+8fgpmU5CjFW3wmxTUqR7+n73IFU+k7BptLtr2PVKn0SbCdgK3SorY+6NALNi0ldHqeg==
priority: u=3,i
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: UNKNOWN; q=-1, rtt=-1, rtx=0, c=20, mss=1232, tbw=2333, tp=5, tpl=0, uplat=0, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: *
content-length: 573
origin-agent-cluster: ?1

GET
H3 200 yOHGSiPxtnZ.js Show response
static.xx.fbcdn.net/rsrc.php/v4/yQ/r/ Frame 73E8 241 KB
68 KB 158ms
157ms Script
application/x-javascript 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v4/yQ/r/yOHGSiPxtnZ.js

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v4/ym/r/MH-P-6l6TZy.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

d50cad871cd252aca6f998215c8f1c3d372bef86a324e45fc1f60d0b5e1e61b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin: https://www.facebook.com
Referer: https://www.facebook.com/

Response headers

content-md5: ckYjKnync6z+PRlu4g5ckg==
content-encoding: zstd
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 05 Dec 2026 16:34:02 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: MAX1CqUA8aQaOsnVwtl5Z947mfk/moe6Uie2tQffpe4XJf9+8qgr9riT/6a352F/NRDp/tL9T69QLDc/uD6dTw==
priority: u=1
vary: Origin
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=148, rtx=9, c=21, mss=1232, tbw=15694, tp=20, tpl=9, uplat=1, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: https://www.facebook.com
content-length: 69106
origin-agent-cluster: ?1

POST
H2 204 collect
analytics.google.com/g/ 0
0 92ms
84ms Fetch
text/plain 216.239.32.181
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-N394QBRGC0&gtm=45je5c31v897965293za200zb9235665865zd9235665865&_p=1765199981857&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&cid=543771640.1765199982&ul=zh-tw&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&tag_exp=103116026~103200004~104527907~104528500~104684208~104684211~105391252~115583767~115616986~115938465~115938468~116184927~116184929~116217636~116217638~116427946&sid=1765199983&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2F8nzqdj&dt=%E7%B8%AE%E7%9F%AD%E7%B6%B2%E5%9D%80%E7%94%A2%E7%94%9F%E5%99%A8%20-%20reurl&en=page_view&_fv=1&_ss=1&_ee=1&tfd=3017
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.32.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:169:0
report-to: {"group":"ascnsrsggc:169:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:169:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://reurl.cc
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:169:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
57 B 101ms
82ms Ping
text/plain 74.125.23.154
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-N394QBRGC0&cid=543771640.1765199982&gtm=45je5c31v897965293za200zb9235665865zd9235665865&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=103116026~103200004~104527907~104528500~104684208~104684211~105391252~115583767~115616986~115938465~115938468~116184927~116184929~116217636~116217638~116427946
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 74.125.23.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: tg-in-f154.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:138:0
report-to: {"group":"ascnsrsggc:138:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:138:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://reurl.cc
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:138:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 ga-audiences
www.google.com.tw/ads/ 42 B
107 B 281ms
163ms Image
image/gif 172.217.161.35
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://www.google.com.tw/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-N394QBRGC0&cid=543771640.1765199982&gtm=45je5c31v897965293za200zb9235665865zd9235665865&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=103116026~103200004~104527907~104528500~104684208~104684211~105391252~115583767~115616986~115938465~115938468~116184927~116184929~116217636~116217638~116427946&z=2067833428

Requested by

Host: reurl.cc
URL: https://reurl.cc/8nzqdj

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.161.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s23-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Mon, 08 Dec 2025 13:19:44 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame 2112 0
194 B 86ms
82ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=cf&cid=undefined&mp=83e9bfa3-72be-41e6-bbf5-c9cad822781b

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

strict-transport-security: max-age=0
cache-control: no-cache, private
access-control-allow-credentials: true
access-control-allow-origin: https://cdn.holmesmind.com
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: image/png
vary: Origin
server: nginx

GET
H/1.1 200
OK pixel
83e9bfa3-72be-41e6-bbf5-c9cad822781b.t.ssp.hinet.net/ Frame 2112 0
177 B 379ms
80ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to Show image

Full URL

https://83e9bfa3-72be-41e6-bbf5-c9cad822781b.t.ssp.hinet.net/pixel?bd=83e9bfa3-72be-41e6-bbf5-c9cad822781b&t=cf&referrer=https%3A%2F%2Freurl.cc

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

Strict-Transport-Security: max-age=0
Content-Length: 0
Date: Mon, 08 Dec 2025 13:19:44 GMT
Content-Type: image/png
Server: nginx
Connection: keep-alive

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 065F 332 KB
0 2ms
2ms Script
application/x-javascript 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: fcm2.holmesmind.com
URL: https://fcm2.holmesmind.com/cm.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

eff958d6a66dede8a64c252dcf84e69d34c888460d5fcf6f835e655ab487d352

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' blob: ;script-src 'nonce-NC7gFT8c' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: 'self' https://.google-analytics.com .google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: .cdninstagram.com https://.google-analytics.com;font-src 'self' data: blob: ;img-src 'self' data: blob: https://.google-analytics.com;media-src 'self' data: blob: ;child-src 'self' data: blob: ;frame-src 'self' data: blob: ;manifest-src 'self' data: blob: ;object-src 'self' data: blob: ;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' blob: *;script-src 'nonce-NC7gFT8c' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: MODERATE; q=0.3, rtt=151, rtx=0, c=24, mss=1232, tbw=8738, tp=13, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: G4f144uT3tvk7NKRpKMieH58W3lZTAKn5aa5dwoRncVJwBeU85c5N+v09x7wyFlHnN7lV9GD3vxQwUZeqmF9Mg==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
content-length: 88493
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame D669 332 KB
0 2ms
2ms Script
application/x-javascript 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: fcm2.holmesmind.com
URL: https://fcm2.holmesmind.com/cm.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

eff958d6a66dede8a64c252dcf84e69d34c888460d5fcf6f835e655ab487d352

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' blob: ;script-src 'nonce-NC7gFT8c' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: 'self' https://.google-analytics.com .google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: .cdninstagram.com https://.google-analytics.com;font-src 'self' data: blob: ;img-src 'self' data: blob: https://.google-analytics.com;media-src 'self' data: blob: ;child-src 'self' data: blob: ;frame-src 'self' data: blob: ;manifest-src 'self' data: blob: ;object-src 'self' data: blob: ;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 08 Dec 2025 13:19:43 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' blob: *;script-src 'nonce-NC7gFT8c' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: MODERATE; q=0.3, rtt=151, rtx=0, c=24, mss=1232, tbw=8738, tp=13, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: G4f144uT3tvk7NKRpKMieH58W3lZTAKn5aa5dwoRncVJwBeU85c5N+v09x7wyFlHnN7lV9GD3vxQwUZeqmF9Mg==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
content-length: 88493
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 collect Show response
track.91app.io/ext/v1/ Frame 2112 46 B
228 B 288ms
107ms Fetch
application/json 35.201.76.198
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://track.91app.io/ext/v1/collect?v=1&ch=web&ul=zh-TW&ht=1765199984100&evtid=cdb257d6-74ef-4d7f-a9a8-a08671f6b1ad&tid=5&cid=782355-0NG8SqrcbUNqKHbjmrMsIO08y3Yw1NN1&evtn=pixel
Requested by: Host: tracking-client.91app.com
URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.76.198 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 198.76.201.35.bc.googleusercontent.com
Software: Google Frontend / Express
Resource Hash: c554a961e601658c6f0130aed9656ba02a54d97fa41846f800a008d16c9bc6d1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

cache-control: no-cache
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://cdn.holmesmind.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46
date: Mon, 08 Dec 2025 13:19:44 GMT
x-cloud-trace-context: 7cf6ac8c1f054644dbb56e3176f7636c
content-type: application/json; charset=utf-8
x-powered-by: Express
server: Google Frontend
vary: Accept-Encoding

GET
H2 200 collect Show response
track.91app.io/ext/v1/ Frame D669 46 B
227 B 289ms
110ms Fetch
application/json 35.201.76.198
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://track.91app.io/ext/v1/collect?v=1&ch=web&ul=zh-TW&ht=1765199984102&evtid=5edad6bb-6d3f-472e-b348-e8279fd13b60&tid=5&cid=782355-0NG8SqrcbUNqKHbjmrMsIO08y3Yw1NN1&evtn=pixel
Requested by: Host: tracking-client.91app.com
URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.76.198 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 198.76.201.35.bc.googleusercontent.com
Software: Google Frontend / Express
Resource Hash: 34af0025ec544bb24d18034783278490fb9fb70f3090037ebf83cb7a1979df1f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

cache-control: no-cache
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://cdn.holmesmind.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46
date: Mon, 08 Dec 2025 13:19:44 GMT
x-cloud-trace-context: d1c7244c6a3136f1dbb56e3176f7681b
content-type: application/json; charset=utf-8
x-powered-by: Express
server: Google Frontend
vary: Accept-Encoding

GET
H2 200 collect Show response
track.91app.io/ext/v1/ Frame 065F 46 B
227 B 289ms
111ms Fetch
application/json 35.201.76.198
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://track.91app.io/ext/v1/collect?v=1&ch=web&ul=zh-TW&ht=1765199984103&evtid=39155d3e-2048-49ef-9991-df20f0f5ba34&tid=5&cid=782355-0NG8SqrcbUNqKHbjmrMsIO08y3Yw1NN1&evtn=pixel
Requested by: Host: tracking-client.91app.com
URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.76.198 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 198.76.201.35.bc.googleusercontent.com
Software: Google Frontend / Express
Resource Hash: 5a88e1b1823b6f6d8ef43e89a88f95b4b4070c11ac48d02a26499a4f6d64617b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

cache-control: no-cache
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://cdn.holmesmind.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46
date: Mon, 08 Dec 2025 13:19:44 GMT
x-cloud-trace-context: 4ff01a83e4d29c77dbb56e3176f76a0e
content-type: application/json; charset=utf-8
x-powered-by: Express
server: Google Frontend
vary: Accept-Encoding

GET
H2 200 collect Show response
track.91app.io/ext/v1/ Frame 1DAC 46 B
227 B 288ms
111ms Fetch
application/json 35.201.76.198
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://track.91app.io/ext/v1/collect?v=1&ch=web&ul=zh-TW&ht=1765199984104&evtid=0ba8e622-ff58-41d9-90a0-e59716147070&tid=5&cid=782355-0NG8SqrcbUNqKHbjmrMsIO08y3Yw1NN1&evtn=pixel
Requested by: Host: tracking-client.91app.com
URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.76.198 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 198.76.201.35.bc.googleusercontent.com
Software: Google Frontend / Express
Resource Hash: 5fe9cc04d3f233dc1a28605f4d93944ceb3b7759167df37cab4ba8f3dab35aac

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

cache-control: no-cache
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://cdn.holmesmind.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46
date: Mon, 08 Dec 2025 13:19:44 GMT
x-cloud-trace-context: ae945ab712e482fcdbb56e3176f76ebd
content-type: application/json; charset=utf-8
x-powered-by: Express
server: Google Frontend
vary: Accept-Encoding

GET
H2 200 collect Show response
track.91app.io/ext/v1/ Frame 0AA8 46 B
227 B 284ms
108ms Fetch
application/json 35.201.76.198
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://track.91app.io/ext/v1/collect?v=1&ch=web&ul=zh-TW&ht=1765199984105&evtid=44b6317d-ce23-458e-b52e-11a8c9a93335&tid=5&cid=782355-0NG8SqrcbUNqKHbjmrMsIO08y3Yw1NN1&evtn=pixel
Requested by: Host: tracking-client.91app.com
URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.76.198 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 198.76.201.35.bc.googleusercontent.com
Software: Google Frontend / Express
Resource Hash: f32f67aa8e576112994f6cb0e6d5c8858b0292db702beb57818358e68c160471

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

cache-control: no-cache
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://cdn.holmesmind.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46
date: Mon, 08 Dec 2025 13:19:44 GMT
x-cloud-trace-context: a6d47c2a68ca78c9dbb56e3176f7655f
content-type: application/json; charset=utf-8
x-powered-by: Express
server: Google Frontend
vary: Accept-Encoding

GET
H2 200 collect Show response
track.91app.io/ext/v1/ Frame 5528 46 B
417 B 280ms
105ms Fetch
application/json 35.201.76.198
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://track.91app.io/ext/v1/collect?v=1&ch=web&ul=zh-TW&ht=1765199984106&evtid=2d212f83-9cab-4b36-a1d9-fb73bedd38fd&tid=5&cid=782355-0NG8SqrcbUNqKHbjmrMsIO08y3Yw1NN1&evtn=pixel
Requested by: Host: tracking-client.91app.com
URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.76.198 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 198.76.201.35.bc.googleusercontent.com
Software: Google Frontend / Express
Resource Hash: 928c4ede6da477b569faeb1ed7531cf2ac9eb4c2ff46eb449db5eeb2cf9c28ec

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

cache-control: no-cache
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://cdn.holmesmind.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46
date: Mon, 08 Dec 2025 13:19:44 GMT
x-cloud-trace-context: 7dde736260e1b889dbb56e3176f760b0
content-type: application/json; charset=utf-8
x-powered-by: Express
server: Google Frontend
vary: Accept-Encoding

POST
H3 204 AGSKWxVBOoZvN85RCVznrEGZXltMSryQnzMOUeIqdL2xpmDRzjSqORhmgwhOlzPtaoTwKEVCfVlF9EC6Nmg5Ps2AlPcGLQdytkmR_QbZ_1ugFqAcltupObVUdlZ26r2OZbVHjmSyjaaD1Q== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 415ms
170ms XHR
text/html 142.251.42.142
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVBOoZvN85RCVznrEGZXltMSryQnzMOUeIqdL2xpmDRzjSqORhmgwhOlzPtaoTwKEVCfVlF9EC6Nmg5Ps2AlPcGLQdytkmR_QbZ_1ugFqAcltupObVUdlZ26r2OZbVHjmSyjaaD1Q==

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.zh_TW.RcR3kUpOxDM.es5.O/d=1/rs=AJlcJMxcMd8d0XtXoqTbA5iSu_1Dn2dFwQ/m=kernel_loader,loader_js_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.42.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s45-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-CHcl0R78Da1kwRNV0b-IJA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://reurl.cc/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 08 Dec 2025 13:19:44 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzj8tDikmLw0pBi-FB_mfUHEJv53Wa1A-Jqdy-2ZiC29fdhcwXivTl-bEeBOLPTj60QiM_v9WO7DsSrb_qxbQZiIR6ODwtun2QTOHHp0xNGJZek_ML45Py8ktS8Et3ElGJdELsoM6m0JL8IhZ1aBlKRk5-enpmXHm9kYGRqaGRgomdgHl9gAACa9jmX"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-CHcl0R78Da1kwRNV0b-IJA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://reurl.cc
content-length: 0
x-xss-protection: 0
server: ESF

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVBOoZvN85RCVznrEGZXltMSryQnzMOUeIqdL2xpmDRzjSqORhmgwhOlzPtaoTwKEVCfVlF9EC6Nmg5Ps2AlPcGLQdytkmR_QbZ_1ugFqAcltupObVUdlZ26r2OZbVHjmSyjaaD1Q==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.42.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s45-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-FfBZbIAzIlG_VkP8V465gg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://reurl.cc/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 08 Dec 2025 13:19:44 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzj8tDikmLw1JBi-FB_mfUHEJv53Wa1A-Jqdy-2ZiC29fdhcwXivTl-bEeBOLPTj60QiM_v9WO7DsSrb_qxbQZiIR6ODwtun2QTWDHz1kNGJZek_ML45Py8ktS8Et3ElGJdELsoM6m0JL8IhZ1aBlKRk5-enpmXHm9kYGRqaGRgomdgHl9gAAB41Dki"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-FfBZbIAzIlG_VkP8V465gg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://reurl.cc
content-length: 0
x-xss-protection: 0
server: ESF

GET
H2 200 AGSKWxXcAximMb9DHZcz1mZkWCn42U-H51ieSzt7-MOmh8vONHtIoSe6q5GIL4q0vg9XRK3MZacIZZ2wWqy4VKtC_MWFU-TqUkB9xYgnoji57BUwB-z5TdhUgW4a8pBNXJt06kc6whEe5w== Show response
fundingchoicesmessages.google.com/f/ 2 KB
2 KB 171ms
170ms Script
application/javascript 142.251.42.142
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXcAximMb9DHZcz1mZkWCn42U-H51ieSzt7-MOmh8vONHtIoSe6q5GIL4q0vg9XRK3MZacIZZ2wWqy4VKtC_MWFU-TqUkB9xYgnoji57BUwB-z5TdhUgW4a8pBNXJt06kc6whEe5w==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzY1MTk5OTg0LDE3NzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9yZXVybC5jYy84bnpxZGoiLG51bGwsW1s4LCJSY1Iza1VwT3hETSJdLFs5LCJ6aC1UVyJdLFsxOSwiMiJdLFsxNywiWzBdIl0sWzI0LCIiXSxbMjksImZhbHNlIl1dXQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.42.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s45-in-f14.1e100.net

Software

ESF /

Resource Hash

b8a3f9a336315ce96ef093f8618bdbbe763347d59c911dab946e5fa3b1a3ea57

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-6ezEuzhLrxm3RqvZij-okQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 08 Dec 2025 13:19:44 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjmsCoxSXF4KohxdB68xzrZCDuWnSedQYQGypcYrUH4g_1l1l_AHGRxBXWBiD-VHWDVaD6BmsS-03WAiA287vNagfE1e5ebM1AbOvvw-YKxN-KfdlYSnzZ9v33ZTsGxHtz_NiOAnFmpx9bIRCf3-vHdh2IV9_0Y9sMxCu8_Nk2ALEQD8eHBbdPsgk8mNrZxKikkZRfGJ-cn1dSlJlUWpJflJacllqcWlSWWhRvZGBkamhkYKJnYB5fYAAAVtxLZA"
content-security-policy: script-src 'report-sample' 'nonce-6ezEuzhLrxm3RqvZij-okQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 257ms
83ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512020101/pubads_impl.js?cb=31095969
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-goog-metageneration: 1
content-encoding: gzip
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
etag: "df5542b88bc0e368c6999754a5b9e2ba"
age: 1540591
x-goog-stored-content-encoding: gzip
expires: Fri, 20 Nov 2026 17:23:13 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 7927
date: Thu, 20 Nov 2025 17:23:13 GMT
last-modified: Thu, 27 May 2021 18:30:51 GMT
content-type: application/javascript
x-guploader-uploadid: AOCedOEKmls_J8dDbgRXiNXmf5dYkWH6BQGbBUXRtF4CKVpqeNscQqxcaSW36qVSZ-uUOLU
cache-control: no-transform
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
x-goog-generation: 1622140251693895
content-length: 7927
server: UploadServer

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16589/ 43 KB
13 KB 472ms
160ms Script
text/javascript 54.230.175.56
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512020101/pubads_impl.js?cb=31095969
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.230.175.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-230-175-56.nrt57.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3733ce04a5c4dbb8b07b847650fd68e82f93ab8abf6b35ca294d6d40130f06c0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

vary: Accept-Encoding
cache-control: public, max-age=86400
content-encoding: gzip
etag: W/"a01b40a9ecb8db243294facf32753015"
age: 14375
via: 1.1 d2104da91378e8b035256e7a8c6c9186.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: qVZ8Yh0RQojoYQMD0IdW0ViSIkE5DA7KiXXcE9Cxct3ngfne7nOMFA==
date: Mon, 08 Dec 2025 10:02:16 GMT
content-type: text/javascript
last-modified: Thu, 16 Oct 2025 16:30:59 GMT
server: AmazonS3
x-amz-cf-pop: NRT57-P9
x-amz-server-side-encryption: AES256

GET
H2 200 encrypted-tag-g.js Show response
invstatic101.creativecdn.com/encrypted-signals/ 3 KB
3 KB 537ms
364ms Script
text/javascript 34.96.70.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512020101/pubads_impl.js?cb=31095969
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 87.70.96.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 2e5f5cb912c0619933ea6c3ad8ac1466a005f792e3338d96a8432d144c63520f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

etag: 861bdaf24bda5c0db45c6ebe1c94a9eb
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2729
date: Mon, 08 Dec 2025 13:19:44 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 05 Feb 2025 14:45:21 GMT
server: Google Frontend
x-cloud-trace-context: 53423b3c53ab82b9d302cf63db90e260

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 42 KB
13 KB 455ms
164ms Script
text/javascript 182.161.74.47
CRITEO-AS-AP Crit...

General

Check archive.org

Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512020101/pubads_impl.js?cb=31095969

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.74.47 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

nginx /

Resource Hash

730b0155c953fb939df04b102b4a3028c6affd25cbaa7fb2fc9d298eea213c35

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: max-age=86400, public
timing-allow-origin: *
content-encoding: gzip
cross-origin-resource-policy: cross-origin
expires: Tue, 09 Dec 2025 13:19:44 GMT
access-control-allow-origin: *
date: Mon, 08 Dec 2025 13:19:44 GMT
content-type: text/javascript
vary: x-geo-country
server: nginx

GET
H2 200 ob.js Show response
cdn-ima.33across.com/ 18 KB
7 KB 268ms
94ms Script
application/javascript 104.18.28.101
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://cdn-ima.33across.com/ob.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512020101/pubads_impl.js?cb=31095969
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.28.101 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8da9b8dc7a16d03966226d79b3ab81fac5710dd28a52a6769568fdd4ac789159

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: public, max-age=259200
content-encoding: gzip
cf-cache-status: HIT
etag: W/"68c447fb-47f6"
age: 473280
cf-ray: 9aac8e5e8bc94a86-TPE
expires: Thu, 11 Dec 2025 13:19:44 GMT
date: Mon, 08 Dec 2025 13:19:44 GMT
content-type: application/javascript
last-modified: Fri, 12 Sep 2025 16:19:07 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 2 KB
549 B 424ms
423ms Fetch
text/plain 216.58.220.130
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=8744142892601007&correlator=2948783310227665&eid=31095983%2C31095969%2C83321073&output=ldjh&gdfp_req=1&vrg=202512020101&ptt=17&impl=fifs&gdpr=0&iu_parts=21787810958%2CTW_reurl.cc_res_all_truvid_1x1%2CTW_reurl.cc_res_allsite_top_avs&enc_prev_ius=%2F0%2F1%2C%2F0%2F2&prev_iu_szs=300x250%7C336x280%7C1x1%2C1x1&ifi=1&didk=3347717449~2825456951&dids=ats-slider-10~ats-insert_ads-8&adfs=2335287240~3992581161&sfv=1-0-45&sc=1&cookie_enabled=1&abxe=1&dt=1765199984196&lmt=1765199984&adxs=15%2C800&adys=33%2C171&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0&ucis=1%7C2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=480&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Freurl.cc%2F8nzqdj&vis=1&psz=1570x0%7C1600x0&msz=1570x0%7C1600x0&fws=0%2C0&ohw=0%2C0&a3p=Eh0KDmVzcC5jcml0ZW8uY29tGL7s-PCvM0gAUgIIZBIcCg1jcndkY250cmwubmV0GL3s-PCvM0gAUgIIZBIbCgwzM2Fjcm9zcy5jb20Yvuz48K8zSABSAghkEhcKCHJ0YmhvdXNlGL7s-PCvM0gAUgIIZBIUCgVvcGVueBi97PjwrzNIAFICCGQ.&psd=WzMxLFtdXQ..&dlt=1765199981168&idt=1906&cust_params=url%3D%252F8nzqdj%26ref%3Dnull%26Audience_Segment%3D%25E6%25A9%259F%25E8%25BB%258A%252C%25E9%259B%25BB%25E5%258B%2595%25E8%25BB%258A%252C%25E6%258A%2595%25E8%25B3%2587%25E7%2590%2586%25E8%25B2%25A1&adks=3936558959%2C940499867&frm=20&eoidce=1&pgls=CAs.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512020101/pubads_impl.js?cb=31095969

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.220.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s01-in-f130.1e100.net

Software

cafe /

Resource Hash

494a3c1820c45a233469b5f8a5ed47e1c577b4b4b731a8ab785010a26eafad31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: dcb
google-lineitem-id: -2,-2
observe-browsing-topics: ?1
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2,-2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Mon, 08 Dec 2025 13:19:44 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -2,-2
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-length: 519
x-xss-protection: 0
server: cafe

GET
H3 200 container.html Show response
3f7c8398439d581fb0b47b69a86277bd.safeframe.googlesyndication.com/safeframe/1-0-45/html/ Frame C0DE 7 KB
3 KB 434ms
152ms Document
text/html 142.250.193.193
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://3f7c8398439d581fb0b47b69a86277bd.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512020101/pubads_impl.js?cb=31095969

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.193.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcnrta-bj-in-f1.1e100.net

Software

sffe /

Resource Hash

f1a68bf826c55985468304f4284a09cb8a68e82503d764166e611a7c58a85a4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: br
content-length: 3121
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 08 Dec 2025 13:19:44 GMT
expires: Mon, 08 Dec 2025 13:19:44 GMT
last-modified: Thu, 08 May 2025 23:15:48 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 did Show response
track.91app.io/ext/v1/ Frame 2112 46 B
228 B 97ms
96ms Fetch
application/json 35.201.76.198
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://track.91app.io/ext/v1/did
Requested by: Host: tracking-client.91app.com
URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.76.198 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 198.76.201.35.bc.googleusercontent.com
Software: Google Frontend / Express
Resource Hash: 2e2182cf9bb95ed129e4347c06b0e56b6b811544a13c58afb7d78cadc4ce332e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

cache-control: no-cache
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://cdn.holmesmind.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46
date: Mon, 08 Dec 2025 13:19:44 GMT
x-cloud-trace-context: 3690c62b9678d83bdbb56e3176f76689
content-type: application/json; charset=utf-8
x-powered-by: Express
server: Google Frontend
vary: Accept-Encoding

GET
H2 200 did Show response
track.91app.io/ext/v1/ Frame D669 46 B
227 B 155ms
93ms Fetch
application/json 35.201.76.198
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://track.91app.io/ext/v1/did
Requested by: Host: tracking-client.91app.com
URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.76.198 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 198.76.201.35.bc.googleusercontent.com
Software: Google Frontend / Express
Resource Hash: 4a76223f78d023c174f83154fa4c848dc343db0b3d8325af393a76a858ea9e15

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

cache-control: no-cache
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://cdn.holmesmind.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46
date: Mon, 08 Dec 2025 13:19:44 GMT
x-cloud-trace-context: cc2bffa00260e25bdbb56e3176f763bf
content-type: application/json; charset=utf-8
x-powered-by: Express
server: Google Frontend
vary: Accept-Encoding

GET
H3 200 did Show response
track.91app.io/ext/v1/ Frame 065F 46 B
66 B 187ms
92ms Fetch
application/json 35.201.76.198
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://track.91app.io/ext/v1/did
Requested by: Host: tracking-client.91app.com
URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.201.76.198 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 198.76.201.35.bc.googleusercontent.com
Software: Google Frontend / Express
Resource Hash: 2e2182cf9bb95ed129e4347c06b0e56b6b811544a13c58afb7d78cadc4ce332e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

cache-control: no-cache
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://cdn.holmesmind.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46
date: Mon, 08 Dec 2025 13:19:44 GMT
x-cloud-trace-context: d4ef4ca2d062194b9cd2cbdc0146f3a2
content-type: application/json; charset=utf-8
x-powered-by: Express
server: Google Frontend
vary: Accept-Encoding

GET
H3 200 did Show response
track.91app.io/ext/v1/ Frame 1DAC 46 B
66 B 234ms
94ms Fetch
application/json 35.201.76.198
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://track.91app.io/ext/v1/did
Requested by: Host: tracking-client.91app.com
URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.201.76.198 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 198.76.201.35.bc.googleusercontent.com
Software: Google Frontend / Express
Resource Hash: 2e2182cf9bb95ed129e4347c06b0e56b6b811544a13c58afb7d78cadc4ce332e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

cache-control: no-cache
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://cdn.holmesmind.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46
date: Mon, 08 Dec 2025 13:19:44 GMT
x-cloud-trace-context: cc3ed4a13f34e42d9cd2cbdc0146f7dd
content-type: application/json; charset=utf-8
x-powered-by: Express
server: Google Frontend
vary: Accept-Encoding

GET
H3 200 did Show response
track.91app.io/ext/v1/ Frame 0AA8 46 B
66 B 307ms
113ms Fetch
application/json 35.201.76.198
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://track.91app.io/ext/v1/did
Requested by: Host: tracking-client.91app.com
URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.201.76.198 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 198.76.201.35.bc.googleusercontent.com
Software: Google Frontend / Express
Resource Hash: 2e2182cf9bb95ed129e4347c06b0e56b6b811544a13c58afb7d78cadc4ce332e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

cache-control: no-cache
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://cdn.holmesmind.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46
date: Mon, 08 Dec 2025 13:19:44 GMT
x-cloud-trace-context: 67ecdaaa1534382c9cd2cbdc0146f73f
content-type: application/json; charset=utf-8
x-powered-by: Express
server: Google Frontend
vary: Accept-Encoding

GET
H3 200 did Show response
track.91app.io/ext/v1/ Frame 5528 46 B
66 B 338ms
93ms Fetch
application/json 35.201.76.198
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://track.91app.io/ext/v1/did
Requested by: Host: tracking-client.91app.com
URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.201.76.198 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 198.76.201.35.bc.googleusercontent.com
Software: Google Frontend / Express
Resource Hash: 4a76223f78d023c174f83154fa4c848dc343db0b3d8325af393a76a858ea9e15

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

cache-control: no-cache
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://cdn.holmesmind.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46
date: Mon, 08 Dec 2025 13:19:44 GMT
x-cloud-trace-context: 9863b4499af5f66c9cd2cbdc0146f935
content-type: application/json; charset=utf-8
x-powered-by: Express
server: Google Frontend
vary: Accept-Encoding

GET
H3 200 / Show response
www.facebook.com/platform/plugin/tab/renderer/ Frame 73E8 70 KB
18 KB 448ms
448ms XHR
application/x-javascript 31.13.82.36
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://www.facebook.com/platform/plugin/tab/renderer/?key=timeline&config_json=%7B%22app_id%22%3A%22776730922422337%22%2C%22href%22%3A%22https%3A%2F%2Fwww.facebook.com%2Freurl.cc%2F%22%2C%22width%22%3A340%2C%22height%22%3A500%2C%22has_cta%22%3Atrue%2C%22has_small_header%22%3Afalse%2C%22has_adapt_container_width%22%3Atrue%2C%22has_cover%22%3Atrue%2C%22has_posts%22%3Afalse%2C%22tabs%22%3A%22timeline%22%2C%22can_personalize%22%3Afalse%2C%22is_xfbml%22%3Afalse%2C%22referer_uri%22%3A%22https%3A%2F%2Freurl.cc%2F%22%7D&fb_dtsg_ag&__user=0&__a=1&__req=1&__hs=20430.BP%3Aplugin_default_pkg.2.0...0&dpr=1&__ccg=GOOD&__rev=1030754368&__s=%3A%3Akoef6x&__hsi=7581476195043067364&__dyn=7wKxa13wt8K2Wmh0Sw8W5U4e1Fx-ewpU3WwvE3vx609vCwjE0AC1xwEw7Bx61vw5zw78w5Uw64w8W1uw2oE17U2ZwrU1Xo1UU3jwea&__sp=1

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v4iEpO4/yD/l/zh_TW-j/XlAQ_TwXTjN.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.36 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-nrt1.facebook.com

Software

Resource Hash

5bc6a2e8a29950101c600d343f7f93ff81f236d65aca8ea360b8016f4f8d1155

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

X-ASBD-ID: 359341
X-FB-LSD: ZmhB0SO-_JI3FAq8vK2V3f
Referer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Freurl.cc%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7581476202485546705&cpp=C3&cv=1030754368&st=1765199984795"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 08 Dec 2025 13:19:44 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=1,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7581476202485546705&cpp=C3&cv=1030754368&st=1765199984795", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
cache-control: private, no-cache, no-store, must-revalidate
x-fb-debug: BaqqkHRDZBs8Ks/JTrM3uvhMLZoQkSq6ee/9ltsqOrdj4MsCONhMBxJ8eLadRpGKvWwmZjJV3028RXdNXqYbSQ==
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=145, rtx=0, c=40, mss=1232, tbw=31362, tp=46, tpl=0, uplat=303, ullat=0
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self "https://www.fbsbx.com"), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
origin-agent-cluster: ?1

POST
H3 200 / Show response
www.facebook.com/platform/plugin/page/logging/ Frame 73E8 94 B
223 B 293ms
292ms XHR
application/x-javascript 31.13.82.36
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://www.facebook.com/platform/plugin/page/logging/

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v4iEpO4/yD/l/zh_TW-j/XlAQ_TwXTjN.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.36 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-nrt1.facebook.com

Software

Resource Hash

7cf4cf20b3aaa1fbd77cb22b2223d395536263bc0b84dc0117998fb60b2cc099

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

X-ASBD-ID: 359341
X-FB-LSD: ZmhB0SO-_JI3FAq8vK2V3f
Referer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Freurl.cc%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-expose-headers: X-FB-Debug, X-Loader-Length, X-Stack, Error-MID
content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7581476203549824894&cpp=C3&cv=1030754368&st=1765199984796"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
access-control-allow-methods: OPTIONS
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 08 Dec 2025 13:19:44 GMT
content-type: application/x-javascript; charset=utf-8
vary: Origin, Accept-Encoding
x-fb-debug: tXWo9HGdldSrhFdvLKrn3Z5yJ5B20KpCsTcaaecWRXhvozqTJtzkSdjSEi0gBiwM4JXD0EmnTVrUzgHj89QzYg==
priority: u=1,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7581476203549824894&cpp=C3&cv=1030754368&st=1765199984796", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
cache-control: private, no-cache, no-store, must-revalidate
x-fb-connection-quality: GOOD; q=0.7, rtt=145, rtx=0, c=40, mss=1232, tbw=30322, tp=45, tpl=0, uplat=146, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self "https://www.fbsbx.com"), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?1

POST
H3 204 AGSKWxXjzROWc4Igom4AVM_-9LQdsTJZ1ojsGSp4vf1K_eEQwXmh_ybv4TJDLAbYjj8lBR65klQs8NJqd6UhyUIDpnjDBOGGrGVzQ4IzDjOZHD1ZFt58xocf8wUjkwL0RuLjMVNACTMGOQ== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 167ms
162ms XHR
text/html 142.251.42.142
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxXjzROWc4Igom4AVM_-9LQdsTJZ1ojsGSp4vf1K_eEQwXmh_ybv4TJDLAbYjj8lBR65klQs8NJqd6UhyUIDpnjDBOGGrGVzQ4IzDjOZHD1ZFt58xocf8wUjkwL0RuLjMVNACTMGOQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.42.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s45-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-vHahFlF-UydnR-wdbDH4fQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://reurl.cc/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 08 Dec 2025 13:19:44 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzj8tDikmJw1ZBi-FB_mfUHEJv53Wa1A-Jqdy-2ZiC29fdhcwXivTl-bEeBOLPTj60QiM_v9WO7DsSrb_qxbQZiIR6ODwtun2QTeHH93CMmJZek_ML45Py8ktS8Et3ElGJdELsoM6m0JL8IhZ1aBlKRk5-enpmXHm9kYGRqaGRgomdgHl9gAACYQzmS"
content-security-policy: script-src 'report-sample' 'nonce-vHahFlF-UydnR-wdbDH4fQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://reurl.cc
content-length: 0
x-xss-protection: 0
server: ESF

GET
H3 200 AGSKWxVmbb7LIoPIhA8H10441YuNPa4-bP9IqOJsx2-y9UCNbObx5Mm99XyUuljCLPYtKiJ94bAxSrXXADoTn8PNxT6Paw2xgmpvOmf2nkuvpA4mAa19oCwwzxwGVvXdh4B3-3CuV_eHoA== Show response
fundingchoicesmessages.google.com/f/ 9 KB
4 KB 177ms
174ms Script
application/javascript 142.251.42.142
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxVmbb7LIoPIhA8H10441YuNPa4-bP9IqOJsx2-y9UCNbObx5Mm99XyUuljCLPYtKiJ94bAxSrXXADoTn8PNxT6Paw2xgmpvOmf2nkuvpA4mAa19oCwwzxwGVvXdh4B3-3CuV_eHoA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzY1MTk5OTg0LDY2MTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVuIl0sImh0dHBzOi8vcmV1cmwuY2MvOG56cWRqIixudWxsLFtbOCwiUmNSM2tVcE94RE0iXSxbOSwiemgtVFciXSxbMTksIjIiXSxbMTcsIlswXSJdLFsyNCwiIl0sWzI5LCJmYWxzZSJdXV0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.42.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s45-in-f14.1e100.net

Software

ESF /

Resource Hash

63af96a219e95ec9d8c429adc9a2df9661e9b8a5c08b1d81f24cc018ece88cec

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ljm0_2MtWDHVlgB_5zXPvg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 08 Dec 2025 13:19:44 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjmsCoxSXF4KwhxdB68xzrZCDuWnSedQYQGypcYrUH4g_1l1l_AHGRxBXWBiD-VHWDVaD6BmsS-03WAiA287vNagfE1e5ebM1AbOvvw-YKxN-KfdlYSnzZ9v33ZTsGxHtz_NiOAnFmpx9bIRCf3-vHdh2IV9_0Y9sMxCu8_Nk2ALEQD8eHBbdPsgnsOPHhBZOSRlJ-YXxyfl5JUWZSaUl-UVpyWmpxalFZalG8kYGRqaGRgYmegXl8gQEAevRMOw"
content-security-policy: script-src 'report-sample' 'nonce-ljm0_2MtWDHVlgB_5zXPvg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H3 200 xgVgalBG80z.png
static.xx.fbcdn.net/rsrc.php/v4/yH/r/ Frame 73E8 1 KB
1 KB 155ms
153ms Image
image/png 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v4/yH/r/xgVgalBG80z.png

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v5/yE/l/1,cross/iXGJEr7Orjl.css

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

45444d590a67d30e8b2fde01bb6482f829383b64bf14a4b19b86e22fdc319fbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://static.xx.fbcdn.net/rsrc.php/v5/yE/l/1,cross/iXGJEr7Orjl.css

Response headers

content-md5: rB4cTW8WNZcBsFntToJGtA==
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Wed, 02 Dec 2026 20:31:32 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 08 Dec 2025 13:19:44 GMT
content-type: image/png
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: bPEXNckAPu0S/+onXQHQj1xi7qVn6GtQpQSh85Jj5laSHAD8QukwsTG8bSpCMmTxXE2O27O9X71vQLGcjHq6aQ==
priority: u=3,i
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: MODERATE; q=0.3, rtt=150, rtx=0, c=25, mss=1232, tbw=7248, tp=18, tpl=0, uplat=0, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: *
content-length: 1315
origin-agent-cluster: ?1

GET cm
ad.holmesmind.com/adserver/ Frame 2112 0
0

GET cm
ad.holmesmind.com/adserver/ Frame D669 0
0

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 14BD 15 KB
6 KB 463ms
152ms Document
text/html 182.161.74.19
CRITEO-AS-AP Crit...

General

Check archive.org

Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=reurl.cc&gdpr=0&gdpr_consent=

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.74.19 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

b2c8ea897dfa399f29a52d8a0a9cbd5e2dec7f5802ae9be475075fc062d2dcd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 08 Dec 2025 13:19:44 GMT
server: Kestrel
server-processing-duration-in-ticks: 318979
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
x-robots-tag: noindex

GET cm
ad.holmesmind.com/adserver/ Frame 065F 0
0

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 235 B
707 B 165ms
163ms XHR
application/json 52.77.94.58
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://bcp.crwdcntrl.net/6/map?xcid=16589

Requested by

Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.77.94.58 Singapore, Singapore, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-77-94-58.ap-southeast-1.compute.amazonaws.com

Software

Resource Hash

3b638f7b5069e627c843dbd622093efb6a7d72f8725d098fd7287c84af63f668

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains
cache-control: no-cache
pragma: no-cache
access-control-allow-credentials: true
expires: 0
access-control-allow-origin: https://reurl.cc
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
content-length: 235
date: Mon, 08 Dec 2025 13:19:44 GMT
content-type: application/json;charset=utf-8

GET cm
ad.holmesmind.com/adserver/ Frame 1DAC 0
0

GET cm
ad.holmesmind.com/adserver/ Frame 0AA8 0
0

GET cm
ad.holmesmind.com/adserver/ Frame 5528 0
0

GET
H3 200 Ubb04fKqLUX.css
static.xx.fbcdn.net/rsrc.php/v5/yx/l/1,cross/ Frame 73E8 22 KB
6 KB 282ms
280ms Stylesheet
text/css 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v5/yx/l/1,cross/Ubb04fKqLUX.css

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v4/ym/r/MH-P-6l6TZy.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

66d9338d99dbaf20815a20683e70ab8f164370705a19b5cfcb726e0fbdfeac70

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin: https://www.facebook.com
Referer: https://www.facebook.com/

Response headers

content-md5: hyVfKriRNg48FRAxP/z0/A==
content-encoding: zstd
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 05 Dec 2026 17:42:21 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 08 Dec 2025 13:19:45 GMT
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: gXtCKtgzvI3qLgeZ3bG3BAefzpbbL+749PKrnmzV0NHdnIn/wCA337fQpFEc7dwqNyFnMrbnT/i3VLodK0VRyg==
priority: u=0
vary: Origin
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=149, rtx=9, c=67, mss=1232, tbw=88078, tp=88, tpl=9, uplat=2, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: https://www.facebook.com
content-length: 5659
origin-agent-cluster: ?1

GET
DATA 200
OK truncated
/ Frame 73E8 1 KB
0 Stylesheet
text/css

General

Check archive.org

Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fa4737f35024386f5448fabd53d531f869ab5bc08b741de444bc88363c36c06e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin: https://www.facebook.com
Referer: https://www.facebook.com/

Response headers

Content-Type: text/css;charset=utf-8

GET
H3 200 oArmeD_dMWe.js Show response
static.xx.fbcdn.net/rsrc.php/v4/yi/r/ Frame 73E8 14 KB
5 KB 280ms
277ms Script
application/x-javascript 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v4/yi/r/oArmeD_dMWe.js

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v4/ym/r/MH-P-6l6TZy.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

e22fbfd22ad6713b1af70a2b6b8e1b1d2c20d04df17253cf61bf0956e963db4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin: https://www.facebook.com
Referer: https://www.facebook.com/

Response headers

content-md5: LNMgYkpAhOfOCc07U8b8jw==
content-encoding: zstd
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Thu, 03 Dec 2026 16:11:08 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 08 Dec 2025 13:19:45 GMT
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: OUTie5NnaWGVOVuVo/CY96MBHpT+Ms13cojOxCc/oEclLJNqx6Sfk5sT4nMKER0aWwyNH/nEH2Fl6OhSADNDWQ==
priority: u=1
vary: Origin
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=149, rtx=9, c=67, mss=1232, tbw=94190, tp=94, tpl=9, uplat=1, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: https://www.facebook.com
content-length: 4987
origin-agent-cluster: ?1

GET
H3 200 IBMxsyOas0F.js Show response
static.xx.fbcdn.net/rsrc.php/v4/y2/r/ Frame 73E8 62 KB
16 KB 281ms
278ms Script
application/x-javascript 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v4/y2/r/IBMxsyOas0F.js

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v4/ym/r/MH-P-6l6TZy.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

eedec869f43c9ff3a4443c405aaf18662cc6bc8795a393c65a1ddff6e317217f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin: https://www.facebook.com
Referer: https://www.facebook.com/

Response headers

content-md5: +yJbWhzPAw3f1Oy9KJqDIA==
content-encoding: zstd
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Thu, 03 Dec 2026 16:04:33 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 08 Dec 2025 13:19:45 GMT
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: o902JLe6XZ70eEMCGFR0XNLTqLBLHbLjr1gncDzsSWrDXKJoUCEtHWsSPFex9GIyaxjLD6/oluCasycIvQmpJQ==
priority: u=1
vary: Origin
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=149, rtx=9, c=67, mss=1232, tbw=94190, tp=94, tpl=9, uplat=1, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: https://www.facebook.com
content-length: 16605
origin-agent-cluster: ?1

GET
H3 200 atv-3qMDl2i.js Show response
static.xx.fbcdn.net/rsrc.php/v4/yd/r/ Frame 73E8 36 KB
11 KB 283ms
279ms Script
application/x-javascript 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v4/yd/r/atv-3qMDl2i.js

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v4/ym/r/MH-P-6l6TZy.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

5ccb6c69b900610a41f5056880f80d1d0b9cc982957e9b8b47f0d3308e15f4f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin: https://www.facebook.com
Referer: https://www.facebook.com/

Response headers

content-md5: LzFpgJnHDzbwl7iijumFjQ==
content-encoding: zstd
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Wed, 25 Nov 2026 01:08:43 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 08 Dec 2025 13:19:45 GMT
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: +a14nyWtEarsx/H0JM8RDgliJdGdBOwO2B8O0Sum0KJhpoeXh6fXX5el4YbGtqS0V/fXCYIbZXJMfIfcL81Emg==
priority: u=1
vary: Origin
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=149, rtx=9, c=67, mss=1232, tbw=100846, tp=100, tpl=9, uplat=1, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: https://www.facebook.com
content-length: 11587
origin-agent-cluster: ?1

GET
H3 200 jTXziHT_cAS.js Show response
static.xx.fbcdn.net/rsrc.php/v4izx64/ye/l/zh_TW-j/ Frame 73E8 19 KB
7 KB 288ms
285ms Script
application/x-javascript 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v4izx64/ye/l/zh_TW-j/jTXziHT_cAS.js

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v4/ym/r/MH-P-6l6TZy.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

8679a1ef5fcaef4155d4e0829668276e2e8545ba209b3befc58b0e88246c8720

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin: https://www.facebook.com
Referer: https://www.facebook.com/

Response headers

content-md5: h1zCsV9+nsZtClVkLzMi8Q==
content-encoding: zstd
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Thu, 03 Dec 2026 16:52:34 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 08 Dec 2025 13:19:45 GMT
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: NEoLqYACQs0WGqFYeZzEpFj3IEad4zXjlHIvD0XlniKl2er/W0g7mY0hxlFKd8Wa6ObMThc8tnB+PCCjvs1b1A==
priority: u=1
vary: Origin
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=149, rtx=9, c=67, mss=1232, tbw=100846, tp=100, tpl=9, uplat=1, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: https://www.facebook.com
content-length: 6915
origin-agent-cluster: ?1

GET
H3 200 v_kkAv_-wGQ.js Show response
static.xx.fbcdn.net/rsrc.php/v4/yx/r/ Frame 73E8 24 KB
10 KB 287ms
286ms Script
application/x-javascript 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v4/yx/r/v_kkAv_-wGQ.js

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v4/ym/r/MH-P-6l6TZy.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

f1c56a198201b67b6ccb53824985f9c142b0a1600c3696a13879b17b06050197

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin: https://www.facebook.com
Referer: https://www.facebook.com/

Response headers

content-md5: t3zOk8uL6qbnQiZrM32GhA==
content-encoding: zstd
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Wed, 25 Nov 2026 01:52:03 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 08 Dec 2025 13:19:45 GMT
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: F1dejRGdAemYjIjuXgYLWaPTr5X+1+TrtvEaZH60ACOz23EJxJTbasFXeuAqM75WxT4gk+cU26KPI5dkmMwypQ==
priority: u=1
vary: Origin
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=149, rtx=9, c=67, mss=1232, tbw=100846, tp=100, tpl=9, uplat=1, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: https://www.facebook.com
content-length: 10408
origin-agent-cluster: ?1

POST
H3 204 ping
pagead2.googlesyndication.com/pagead/ 0
0 544ms
207ms Fetch
text/html 142.251.42.194
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512020101/pubads_impl.js?cb=31095969
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.42.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: nrt12s47-in-f2.1e100.net
Software: /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://reurl.cc/

Response headers

GET
H2 200 json Show response
gum.criteo.com/sid/ Frame 14BD 430 B
896 B 169ms
142ms Fetch
application/json 182.161.74.19
CRITEO-AS-AP Crit...

General

Check archive.org

Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=publishertagids&domain=reurl.cc&sn=ChromeSyncframe&so=0&topUrl=reurl.cc&topicsavail=1&fledgeavail=1

Requested by

Host: gum.criteo.com
URL: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=reurl.cc&gdpr=0&gdpr_consent=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.74.19 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

4beb92d3d67900dd56957e65cdc1fa38338fb0e2275e30fce4806a744c52b480

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=reurl.cc&gdpr=0&gdpr_consent=

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
pragma: no-cache
server-processing-duration-in-ticks: 986844
expires: 0
date: Mon, 08 Dec 2025 13:19:45 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: Kestrel

GET
H3 200 sodar Show response
ep1.adtrafficquality.google/getconfig/ 18 KB
13 KB 385ms
226ms XHR
application/json 142.250.196.130
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gpt&tv=m202512020101&st=env&sjk=8744142892601007

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512020101/pubads_impl.js?cb=31095969

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.196.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s36-in-f2.1e100.net

Software

cafe /

Resource Hash

51942200970247b8d0a3416e69f1695f6f4abf3e218830815bb6e04d5871559e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

timing-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 13756
date: Mon, 08 Dec 2025 13:19:45 GMT
x-xss-protection: 0
content-type: application/json; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H/1.1 200
OK favicon.ico
reurl.cc/ 1 KB
1 KB 90ms
82ms Other
image/x-icon 35.229.143.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://reurl.cc/favicon.ico
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 35.229.143.32 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.143.229.35.bc.googleusercontent.com
Software: nginx/1.22.1 /
Resource Hash: 1346d656b8aeb6a9d4d5bd59ab8026645fcc90874f54814d6ee8cac226d32a51

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/8nzqdj

Response headers

Cache-Control: max-age=604800
ETag: "680babe3-47e"
Connection: keep-alive
Expires: Mon, 15 Dec 2025 13:19:45 GMT
Accept-Ranges: bytes
Content-Length: 1150
Date: Mon, 08 Dec 2025 13:19:45 GMT
Content-Type: image/x-icon
Last-Modified: Fri, 25 Apr 2025 15:36:03 GMT
Server: nginx/1.22.1

GET
H3 200 302181889_449668210518240_1343224774275673253_n.png
scontent-hkg1-1.xx.fbcdn.net/v/t39.30808-1/ Frame 73E8 2 KB
2 KB 103ms
102ms Image
image/png 163.70.158.11
FACEBOOK

General

Check archive.org

Download Go to Show image

Full URL: https://scontent-hkg1-1.xx.fbcdn.net/v/t39.30808-1/302181889_449668210518240_1343224774275673253_n.png?stp=cp0_dst-png_s50x50&_nc_cat=105&ccb=1-7&_nc_sid=f907e8&_nc_ohc=wjho_hblH3IQ7kNvwFadKJY&_nc_oc=AdlW2dkxWk0cIx1uzyCDozwRkmfLTPERrltfESLk0ApSImJUochXnSaX1LNrGMdRgPw&_nc_zt=24&_nc_ht=scontent-hkg1-1.xx&_nc_gid=uRBAbyXxkI1ma1-SrTHAWw&oh=00_AfkoJqYiEY7XH84CRPilYQncoyq5ZqQBD_zwv6otpeyNsQ&oe=693C9015
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 163.70.158.11 Chai Wan, Hong Kong, ASN32934 (FACEBOOK, US),
Reverse DNS: xx-fbcdn-shv-01-hkg1.fbcdn.net
Software: /
Resource Hash: 352d0915216b13b935f1abedea04d4a039802faaf69153ae71c377410990e322

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://www.facebook.com/

Response headers

x-robots-tag: noarchive, noindex
alt-svc: h3=":443"; ma=86400
date: Mon, 08 Dec 2025 13:19:45 GMT
no-vary-search: key-order, params=("_nc_gid" "oh" "oe" "_nc_oc" "_nc_ohc" "_nc_cat" "_nc_ht" "_nc_cb")
last-modified: Tue, 06 Sep 2022 22:20:57 GMT
x-fb-ptm-uuid: 26445461835D192897E11A65AE78B6B2
content-type: image/png
priority: u=3,i
cache-control: max-age=1209600, no-transform
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=100, rtx=0, c=26, mss=1232, tbw=7709, tp=14, tpl=0, uplat=0, ullat=-1
x-crypto-project: 0
cross-origin-resource-policy: cross-origin
content-digest: adler32=747767112
access-control-allow-origin: *
accept-ranges: bytes
content-length: 2066
x-additional-error-detail

GET
H3 200 186149949_5378375078904348_5830021147058150167_n.png
scontent-hkg4-1.xx.fbcdn.net/v/t1.6435-9/ Frame 73E8 13 KB
13 KB 190ms
93ms Image
image/png 157.240.199.15
FACEBOOK

General

Check archive.org

Download Go to Show image

Full URL: https://scontent-hkg4-1.xx.fbcdn.net/v/t1.6435-9/186149949_5378375078904348_5830021147058150167_n.png?stp=dst-png_p173x172&_nc_cat=106&ccb=1-7&_nc_sid=e5c1b6&_nc_ohc=c0H9QhxjAasQ7kNvwF6k8le&_nc_oc=AdnTc50SOHPyvuAsCW4scnHBNkvZIqRg5QYvTV5qFX68EIR5-LuBv0KGEnowS20FklM&_nc_zt=23&_nc_ht=scontent-hkg4-1.xx&_nc_gid=uRBAbyXxkI1ma1-SrTHAWw&oh=00_AfnRV8HPXeqczYdfs-1azzyVrlWX4iejmz0QEW2AKDHGYg&oe=695E2E5D
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 157.240.199.15 Chai Wan, Hong Kong, ASN32934 (FACEBOOK, US),
Reverse DNS: xx-fbcdn-shv-01-hkg4.fbcdn.net
Software: /
Resource Hash: 111eaf414e95313afc251a7eea0d5eec5d771b8f49f9c8856ba859e796d8773d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://www.facebook.com/

Response headers

x-robots-tag: noarchive, noindex
alt-svc: h3=":443"; ma=86400
date: Mon, 08 Dec 2025 13:19:45 GMT
no-vary-search: key-order, params=("_nc_gid" "oh" "oe" "_nc_oc" "_nc_ohc" "_nc_cat" "_nc_ht" "_nc_cb")
last-modified: Thu, 13 May 2021 12:22:23 GMT
x-fb-ptm-uuid: 294474204976397BB2C90110E793AB98
content-type: image/png
priority: u=3,i
cache-control: max-age=1209600, no-transform
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=90, rtx=0, c=23, mss=1232, tbw=12303, tp=17, tpl=0, uplat=1, ullat=-1
x-crypto-project: 0
cross-origin-resource-policy: cross-origin
content-digest: adler32=3798339901
access-control-allow-origin: *
accept-ranges: bytes
content-length: 13033
x-additional-error-detail

GET
H3 200 126199574_4593091710766026_7412644862123303221_n.jpg
scontent-hkg4-1.xx.fbcdn.net/v/t1.6435-9/ Frame 73E8 6 KB
7 KB 189ms
93ms Image
image/jpeg 157.240.199.15
FACEBOOK

General

Check archive.org

Download Go to Show image

Full URL: https://scontent-hkg4-1.xx.fbcdn.net/v/t1.6435-9/126199574_4593091710766026_7412644862123303221_n.jpg?stp=dst-jpg_s350x350_tt6&_nc_cat=110&ccb=1-7&_nc_sid=e21142&_nc_ohc=z-pdCmgLh_gQ7kNvwF97jhq&_nc_oc=Adli51AJi8-B69VkngY7r6fe5I_ZhJfTA_qYwRD_Vmyss7j4JsaVtKIzaMRWnX1pq-U&_nc_zt=23&_nc_ht=scontent-hkg4-1.xx&_nc_gid=uRBAbyXxkI1ma1-SrTHAWw&oh=00_Afnrp4ssFM35c7gihGu4YthEVqLqxRqs1O_JEX673bvSGg&oe=695E56E6
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 157.240.199.15 Chai Wan, Hong Kong, ASN32934 (FACEBOOK, US),
Reverse DNS: xx-fbcdn-shv-01-hkg4.fbcdn.net
Software: /
Resource Hash: 771174ef9483d0ae9e294a23d66f372ed9ce4538d8a7e94adfeb4630162a3598

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://www.facebook.com/

Response headers

x-robots-tag: noarchive, noindex
alt-svc: h3=":443"; ma=86400
date: Mon, 08 Dec 2025 13:19:45 GMT
no-vary-search: key-order, params=("_nc_gid" "oh" "oe" "_nc_oc" "_nc_ohc" "_nc_cat" "_nc_ht" "_nc_cb")
last-modified: Sun, 22 Nov 2020 05:25:53 GMT
x-fb-ptm-uuid: 294474204976397BB2C90110E793AB98
content-type: image/jpeg
priority: u=3,i
cache-control: max-age=1209600, no-transform
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=90, rtx=0, c=23, mss=1232, tbw=5023, tp=10, tpl=0, uplat=1, ullat=-1
x-crypto-project: 0
cross-origin-resource-policy: cross-origin
content-digest: adler32=3193130998
access-control-allow-origin: *
accept-ranges: bytes
content-length: 6618
x-additional-error-detail

GET
H3 200 jU145U5v66V.png
static.xx.fbcdn.net/rsrc.php/v4/yz/r/ Frame 73E8 3 KB
3 KB 146ms
146ms Image
image/png 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v4/yz/r/jU145U5v66V.png

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v5/yx/l/1,cross/Ubb04fKqLUX.css

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

7818e84f0f0e542edfed541661a2adc13c4e926d5f4de3cea0ab8547d495287b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://static.xx.fbcdn.net/rsrc.php/v5/yx/l/1,cross/Ubb04fKqLUX.css

Response headers

content-md5: Dzw10i1anyZaPsx21lEUWg==
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Wed, 02 Dec 2026 20:47:40 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 08 Dec 2025 13:19:45 GMT
content-type: image/png
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: 44dr1UrsIZ25feU8hWzkQzfjZL+/eE+a4lV89ptD5j6RYc+tDWQW3m+ptQbbzyUcYUtyH84ACFzotYahZOal5g==
priority: u=3,i
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=149, rtx=0, c=27, mss=1232, tbw=9024, tp=23, tpl=0, uplat=0, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: *
content-length: 2700
origin-agent-cluster: ?1

GET
H3 200 MKQzjVd1bVq.png
static.xx.fbcdn.net/rsrc.php/v4/yD/r/ Frame 73E8 548 B
688 B 150ms
150ms Image
image/png 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v4/yD/r/MKQzjVd1bVq.png

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v5/yE/l/1,cross/iXGJEr7Orjl.css

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

83b7d2afe243941c2527b2d875836ad2cb864290690dd1b253389de3f7bc7da4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://static.xx.fbcdn.net/rsrc.php/v5/yE/l/1,cross/iXGJEr7Orjl.css

Response headers

content-md5: l20F61ct/3QC2rM+eGjRow==
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Wed, 02 Dec 2026 20:42:01 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 08 Dec 2025 13:19:45 GMT
content-type: image/png
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: FvaJSa5q7sJNTku0kVNKhY3KZXyhZnSgJxw3AbnnNU5JSV/mQrK3AJd9A8LrXKg/i+VLVW/ej/FP/aoIqysfKA==
priority: u=3,i
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=149, rtx=0, c=27, mss=1232, tbw=12176, tp=28, tpl=0, uplat=0, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: *
content-length: 548
origin-agent-cluster: ?1

GET
H3 200 adslides. Show response
fundingchoicesmessages.google.com/f/AGSKWxXGruUEBxXEVXfFz6OTrntK7QGs9dMbzWv8U9XYcZewVN6UpibteV985I8LJdjgIyXpfKzJMyQtKfRCV-I8IVf6dlwmgajp0bQAb3yoswFwQhwKgt8CVYIkA3ymFOwlS4Ww0_10iyZwzYrpqwUPD88KB9iHr... 54 B
109 B 158ms
157ms Script
application/javascript 142.251.42.142
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXGruUEBxXEVXfFz6OTrntK7QGs9dMbzWv8U9XYcZewVN6UpibteV985I8LJdjgIyXpfKzJMyQtKfRCV-I8IVf6dlwmgajp0bQAb3yoswFwQhwKgt8CVYIkA3ymFOwlS4Ww0_10iyZwzYrpqwUPD88KB9iHrA4B4uHU6DWDGcna977AJ-pgj7cs1iUp/_/adblockpopup./clickunder._ad_serving./retrad./adslides.

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.zh_TW.RcR3kUpOxDM.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMxcMd8d0XtXoqTbA5iSu_1Dn2dFwQ/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.42.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s45-in-f14.1e100.net

Software

ESF /

Resource Hash

316976efcac8e4cc967c221252289c4a9993d45170bd7200cca72ec9969b171d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-B5eInM_HYL3kT-JFaSfxJQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 08 Dec 2025 13:19:45 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjmsCoxSXF4KIhxdB68xzrZCDuWnSedQYQGypcYrUH4g_1l1l_AHGRxBXWBiD-VHWDVaD6BmsS-03WAiA287vNagfE1e5ebM1AbOvvw-YKxN-KfdlYSnzZ9v33ZTsGxHtz_NiOAnFmpx9bIRCf3-vHdh2IV9_0Y9sMxCu8_Nk2ALEQD8fHBbdPsgksmPzhMpOSRlJ-YXxyfl5JUWZSaUl-UVpyWmpxalFZalG8kYGRqaGRgYmegXl8gQEAamNL2w"
content-security-policy: script-src 'report-sample' 'nonce-B5eInM_HYL3kT-JFaSfxJQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 162 KB
54 KB 407ms
166ms Script
text/javascript 142.251.42.194
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?fcd=true

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.zh_TW.RcR3kUpOxDM.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMxcMd8d0XtXoqTbA5iSu_1Dn2dFwQ/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.42.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s47-in-f2.1e100.net

Software

cafe /

Resource Hash

c3964eaff371e6f80ef107a97ca8a936d9b272609e887d74189b4f834661d788

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: br
etag: 5932961810906491277
x-content-type-options: nosniff
expires: Mon, 08 Dec 2025 13:19:45 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Mon, 08 Dec 2025 13:19:45 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 55705
x-xss-protection: 0
server: cafe

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVBOoZvN85RCVznrEGZXltMSryQnzMOUeIqdL2xpmDRzjSqORhmgwhOlzPtaoTwKEVCfVlF9EC6Nmg5Ps2AlPcGLQdytkmR_QbZ_1ugFqAcltupObVUdlZ26r2OZbVHjmSyjaaD1Q==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.42.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s45-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Fnv9eek1jVjQ93d1VRJgNg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://reurl.cc/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 08 Dec 2025 13:19:45 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzj8tDikmJw0ZBi-FB_mfUHEJv53Wa1A-Jqdy-2ZiC29fdhcwXivTl-bEeBOLPTj60QiM_v9WO7DsSrb_qxbQZiIR6Ojwtun2QTaPh07DKTkktSfmF8cn5eSWpeiW5iSrEuiF2UmVRakl-Ewk4tA6nIyU9Pz8xLjzcyMDI1NDIw0TMwjy8wAAB60jku"
content-security-policy: script-src 'report-sample' 'nonce-Fnv9eek1jVjQ93d1VRJgNg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://reurl.cc
content-length: 0
x-xss-protection: 0
server: ESF

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVBOoZvN85RCVznrEGZXltMSryQnzMOUeIqdL2xpmDRzjSqORhmgwhOlzPtaoTwKEVCfVlF9EC6Nmg5Ps2AlPcGLQdytkmR_QbZ_1ugFqAcltupObVUdlZ26r2OZbVHjmSyjaaD1Q==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.42.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s45-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-xvsYFVo3cn0qaruHSI4aaw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://reurl.cc/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 08 Dec 2025 13:19:45 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzj8tDikmJw0JBi-FB_mfUHEJv53Wa1A-Jqdy-2ZiC29fdhcwXivTl-bEeBOLPTj60QiM_v9WO7DsSrb_qxbQZiIR6Ojwtun2QTuNC0bR6zkktSfmF8cn5eSWpeiW5iSrEuiF2UmVRakl-Ewk4tA6nIyU9Pz8xLjzcyMDI1NDIw0TMwjy8wAABcUTjG"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-xvsYFVo3cn0qaruHSI4aaw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://reurl.cc
content-length: 0
x-xss-protection: 0
server: ESF

GET
H2 200 sodar2.js Show response
ep2.adtrafficquality.google/sodar/ 20 KB
7 KB 444ms
161ms Script
text/javascript 172.217.175.33
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://ep2.adtrafficquality.google/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512020101/pubads_impl.js?cb=31095969

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.175.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt20s19-in-f1.1e100.net

Software

sffe /

Resource Hash

a7f65c0446b6cac3175458f6388304d0c23e70d11fa0db20920a619f1bc18623

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: gzip
etag: "1747411493688989"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options: nosniff
expires: Mon, 08 Dec 2025 13:19:46 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 08 Dec 2025 13:19:46 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: private, max-age=3000
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 7188
x-xss-protection: 0
server: sffe

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVBOoZvN85RCVznrEGZXltMSryQnzMOUeIqdL2xpmDRzjSqORhmgwhOlzPtaoTwKEVCfVlF9EC6Nmg5Ps2AlPcGLQdytkmR_QbZ_1ugFqAcltupObVUdlZ26r2OZbVHjmSyjaaD1Q==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.42.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s45-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-fFqdHOo3S0p63XNd5XO4ww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://reurl.cc/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 08 Dec 2025 13:19:46 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzj8tDikmLw0pBi-FB_mfUHEJv53Wa1A-Jqdy-2ZiC29fdhcwXivTl-bEeBOLPTj60QiM_v9WO7DsSrb_qxbQZiIR6OTwtun2QTaPj1pplRySUpvzA-OT-vJDWvRDcxpVgXxC7KTCotyS9CYaeWgVTk5KenZ-alxxsZGJkaGhmY6BmYxxcYAAB1EjkS"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-fFqdHOo3S0p63XNd5XO4ww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://reurl.cc
content-length: 0
x-xss-protection: 0
server: ESF

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVBOoZvN85RCVznrEGZXltMSryQnzMOUeIqdL2xpmDRzjSqORhmgwhOlzPtaoTwKEVCfVlF9EC6Nmg5Ps2AlPcGLQdytkmR_QbZ_1ugFqAcltupObVUdlZ26r2OZbVHjmSyjaaD1Q==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.42.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s45-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-tSoQytgD4KszO7zvrOUHEg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://reurl.cc/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 08 Dec 2025 13:19:46 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzj8tDikmJw0pBi-FB_mfUHEJv53Wa1A-Jqdy-2ZiC29fdhcwXivTl-bEeBOLPTj60QiM_v9WO7DsSrb_qxbQZiIR6OTwtun2QTmHDgZBOjkktSfmF8cn5eSWpeiW5iSrEuiF2UmVRakl-Ewk4tA6nIyU9Pz8xLjzcyMDI1NDIw0TMwjy8wAABZ-zi8"
content-security-policy: script-src 'report-sample' 'nonce-tSoQytgD4KszO7zvrOUHEg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://reurl.cc
content-length: 0
x-xss-protection: 0
server: ESF

GET
H3 200 AGSKWxVhphdfFV5pYTECAHJj29_GJEbkcNkKCersQcJTxCKabZzd2tJUj7NKG-Jz9SprGaDtfMP0OFC6TyqVvSsDEQXTNPm3_KTkixIsxWY7v0oZRezKKTS57q9AjzXTt-Q9uYyFrqogfA== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 170ms
169ms Script
application/javascript 142.251.42.142
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxVhphdfFV5pYTECAHJj29_GJEbkcNkKCersQcJTxCKabZzd2tJUj7NKG-Jz9SprGaDtfMP0OFC6TyqVvSsDEQXTNPm3_KTkixIsxWY7v0oZRezKKTS57q9AjzXTt-Q9uYyFrqogfA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzY1MTk5OTg2LDE5NjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly9yZXVybC5jYy84bnpxZGoiLG51bGwsW1s4LCJSY1Iza1VwT3hETSJdLFs5LCJ6aC1UVyJdLFsxOSwiMiJdLFsxNywiWzBdIl0sWzI0LCIiXSxbMjksImZhbHNlIl1dXQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.42.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s45-in-f14.1e100.net

Software

ESF /

Resource Hash

d1dfaa28d92667fdc705bea1aeb8259f130c7b8a24c93fa98252af7aa3f85fe8

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-QAf14QhlNOTb38NoKuJiuA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 08 Dec 2025 13:19:46 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjmsCoxSXF4KEhxdB68xzrZCDuWnSedQYQGypcYrUH4g_1l1l_AHGRxBXWBiD-VHWDVaD6BmsS-03WAiA287vNagfE1e5ebM1AbOvvw-YKxN-KfdlYSnzZ9v33ZTsGxHtz_NiOAnFmpx9bIRCf3-vHdh2IV9_0Y9sMxCu8_Nk2ALEQD8enBbdPsgm8WLOsg1FJIym_MD45P6-kKDOptCS_KC05LbU4tagstSjeyMDI1NDIwETPwDy-wAAAZU1Lqw"
content-security-policy: script-src 'report-sample' 'nonce-QAf14QhlNOTb38NoKuJiuA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H2 200 runner.html Show response
ep2.adtrafficquality.google/sodar/sodar2/237/ Frame E84F 13 KB
5 KB 376ms
114ms Document
text/html 172.217.175.33
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://ep2.adtrafficquality.google/sodar/sodar2/237/runner.html

Requested by

Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.175.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt20s19-in-f1.1e100.net

Software

sffe /

Resource Hash

14b660a511e14a9a481c6fe43c576f36c61b656cfd379728c54f1128e1855966

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 2561
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3000
content-encoding: gzip
content-length: 5044
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 08 Dec 2025 12:37:05 GMT
expires: Mon, 08 Dec 2025 13:27:05 GMT
last-modified: Tue, 13 May 2025 23:17:50 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 9AA7 829 B
568 B 382ms
152ms Document
text/html 142.250.196.132
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.196.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s36-in-f4.1e100.net

Software

ESF /

Resource Hash

d20f5f22b85b4435149f07c63467a2eeeea0b1bff406b2817caec8ea446965cb

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-NYevIM6ZZNrtewDycADQSw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-NYevIM6ZZNrtewDycADQSw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
date: Mon, 08 Dec 2025 13:19:46 GMT
expires: Mon, 08 Dec 2025 13:19:46 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 204 AGSKWxXEyFUExN-OsrL3cgf7F3-ypMEOY0dgs7Wx5rfgAqztJ2yP8ps3XYi0cnd2TAdYGuS4AtkvpUyCIkVfzOQNP4mGBZb35VzVlMm8kjZEebvuhZvs2uzayrVZONmnJ5PhraXgc7vF7A== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 163ms
163ms XHR
text/html 142.251.42.142
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxXEyFUExN-OsrL3cgf7F3-ypMEOY0dgs7Wx5rfgAqztJ2yP8ps3XYi0cnd2TAdYGuS4AtkvpUyCIkVfzOQNP4mGBZb35VzVlMm8kjZEebvuhZvs2uzayrVZONmnJ5PhraXgc7vF7A==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.42.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s45-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-MIRgD6NMRMT9h9_iUhvObA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://reurl.cc/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 08 Dec 2025 13:19:46 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzj8tHikmJw15BiWMy_i-lD_WXWH0Bs5neb1Q6Iq9292JqB2Nbfh80ViPfm-LEdBeLMTj-2QiA-v9eP7ToQr77px7YZiIV4OD4tuH2STWDDvLU3GJVckvIL45Pz80pS80p0E1OKdUHsosyk0pL8IhR2ahlIRU5-enpmXnq8kYGRqaGRgYmegXl8gQEAS7U6aw"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-MIRgD6NMRMT9h9_iUhvObA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://reurl.cc
content-length: 0
x-xss-protection: 0
server: ESF

GET
H3 200 YiCOpexcQgOfoMkclsluC7vt7GOe_jPXuu-BGc7bRMM.js Show response
pagead2.googlesyndication.com/bg/ Frame E84F 53 KB
20 KB 348ms
114ms Script
text/javascript 142.251.42.194
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YiCOpexcQgOfoMkclsluC7vt7GOe_jPXuu-BGc7bRMM.js

Requested by

Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2/237/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.42.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s47-in-f2.1e100.net

Software

sffe /

Resource Hash

62208ea5ec5c42039fa0c91c96c96e0bbbedec639efe33d7baef8119cedb44c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://ep2.adtrafficquality.google/

Response headers

content-encoding: br
age: 502408
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
x-content-type-options: nosniff
expires: Wed, 02 Dec 2026 17:46:18 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 02 Dec 2025 17:46:18 GMT
last-modified: Mon, 01 Dec 2025 15:28:00 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
accept-ranges: bytes
content-length: 20943
x-xss-protection: 0
server: sffe

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 9AA7 0
17 B 434ms
212ms Image
image/ 142.251.42.194
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=237&li=gpt_m202512020101&jk=8744142892601007&rc=

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.42.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s47-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://www.google.com/

Response headers

timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Mon, 08 Dec 2025 13:19:47 GMT
x-xss-protection: 0
content-type: image/
server: cafe

GET
H2 204 generate_204
ep2.adtrafficquality.google/ Frame E84F 0
40 B 114ms
113ms Image
text/plain 172.217.175.33
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL: https://ep2.adtrafficquality.google/generate_204?PNyaPA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.175.33 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: nrt20s19-in-f1.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://ep2.adtrafficquality.google/sodar/sodar2/237/runner.html

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Mon, 08 Dec 2025 13:19:47 GMT
cross-origin-resource-policy: cross-origin

GET
H3 204 sodar
ep1.adtrafficquality.google/pagead/ 0
17 B 265ms
263ms Image
image/ 142.250.196.130
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=237&t=2&li=gpt_m202512020101&jk=8744142892601007&bg=!GBulG1TNAAZCJko1YiY7ADQBe5WfONzEqPjGAm1c-CfHEVkDkU5LEeAdTFAQxSBSJVwL5C-2byZ54Q5rFKEna80ZyBXkAgAAAFNSAAAAA2gBB34AN3THfSiwPl6kj4sllscQR85guTF7taQHunNJ_nm_fe7oE2bl2I2XHY2f64TMKxq8CJzzDIcIUcOZAkOZ1gVN0OHZUWkUMJMblIIyEEJRhc4PA3oKg778YESrHb9CyHlzY5AWe6BNDXJrAZVgYxPRzGaAVrCzNrqScU8bFD2wDz0vnn80J0DOu9DCqwGtaqAat-L37faBoZ01c03vJoqw8wAppV12u5aTsOOzEGsgdyDKjT9wuMpne4y7GaFii3sDOrhChQDd44TM2v-kzfGlav9vn-DuNGJlVtLyRauKG6QI8Thjwd0w5G9GzVwRBrf7nw0DnSM2i3ZYRbCD_VO-6S6wY2_2ga7yHOdd0YklRezCtv8DO-lUwDrr7DzDEBZpwpz83pGEOVQgtsdsIX-23HXiMa2fVgc_m1rrGK5WFsVGCysQHK30AF7lDNfyPDRW3UewcMziN6LuvGfwpeL454wwiitbKQEoYcYQ1xK-iiB8onqRtRD7ju300tWnJAR7UV73FKhyvXEqbhLv3rHn_1BMPWfJ-D8sLIE6N2iUYzx4RGNwLwlG-4yS2KOIc8TJ_MzLMRufqYU6zXyHz-o00nRVqe2VxGMyf2j_8DM1xuzBpZbX7dwXMSHaZl_H1NpLF24DwnZriH1czhXT250kKcfauIB7FDjvQvMZHXygUfu0xJb6pnoSPOCPVxWRkXyNw6CRRzQuodALFQnr06OYlLnSjauunXyagVTcE2AMngVPM3HRfbmFYVpHajU0CRytS3rc8HObosVszPkBHGodIBTbpuR5a3kSw7t8tGMw-gzWnOVgj7Ft-uuLoyt6SnQS4b32d6LDHI1v3GT9_-4

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.196.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s36-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Mon, 08 Dec 2025 13:19:47 GMT
x-xss-protection: 0
content-type: image/
server: cafe

POST
H2 204 collect
analytics.google.com/g/ 0
0 84ms
83ms Fetch
text/plain 216.239.32.181
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-N394QBRGC0&gtm=45je5c31v897965293za200zb9235665865zd9235665865&_p=1765199981857&gcd=13l3l3l3l1l1&npa=0&dma=0&cid=543771640.1765199982&ul=zh-tw&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=gAAAAAQ&_s=2&tag_exp=103116026~103200004~104527907~104528500~104684208~104684211~105391252~115583767~115616986~115938465~115938468~116184927~116184929~116217636~116217638~116427946&sid=1765199983&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2F8nzqdj&dt=%E7%B8%AE%E7%9F%AD%E7%B6%B2%E5%9D%80%E7%94%A2%E7%94%9F%E5%99%A8%20-%20reurl&en=0&ep.event_category=pause&ep.event_label=MjMuMjQ4LjE3Ni4xMzk&epn.value=1&_et=26&tfd=8048
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.32.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:169:0
report-to: {"group":"ascnsrsggc:169:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:169:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://reurl.cc
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:169:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 08 Dec 2025 13:19:49 GMT
content-type: text/plain
server: Golfe2

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/cm?app=91app&P=782355-0NG8SqrcbUNqKHbjmrMsIO08y3Yw1NN1&uid=604f9f6c-30f8-452a-91e2-c09db45f98c8

Domain: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/cm?app=91app&P=782355-0NG8SqrcbUNqKHbjmrMsIO08y3Yw1NN1&uid=d5912052-e9f3-40d4-a48e-658b3159506f

Domain: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/cm?app=91app&P=782355-0NG8SqrcbUNqKHbjmrMsIO08y3Yw1NN1&uid=604f9f6c-30f8-452a-91e2-c09db45f98c8

Domain: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/cm?app=91app&P=782355-0NG8SqrcbUNqKHbjmrMsIO08y3Yw1NN1&uid=604f9f6c-30f8-452a-91e2-c09db45f98c8

Domain: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/cm?app=91app&P=782355-0NG8SqrcbUNqKHbjmrMsIO08y3Yw1NN1&uid=604f9f6c-30f8-452a-91e2-c09db45f98c8

Domain: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/cm?app=91app&P=782355-0NG8SqrcbUNqKHbjmrMsIO08y3Yw1NN1&uid=d5912052-e9f3-40d4-a48e-658b3159506f

Verdicts & Comments Add Verdict or Comment

220 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

42 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
onead.onevision.com.tw/	1970-01-21 19:05:35	Name: onevision_guid Value: 8e6ca8d6-d438-11f0-9dfc-42010a00004a
onead.onevision.com.tw/	1970-01-21 19:05:35	Name: oid Value: 8e6ca8cc-d438-11f0-9dfc-42010a00004a
reurl.cc/	1970-01-21 19:05:35	Name: oid Value: %257B%2522oid%2522%253A%25228e6ca8d6-d438-11f0-9dfc-42010a00004a%2522%252C%2522ts%2522%253A-62135596800%252C%2522v%2522%253A%252220201117%2522%257D
.reurl.cc/	1970-01-21 10:21:26	Name: _gid Value: GA1.2.288456421.1765199982
.reurl.cc/	1970-01-21 10:20:00	Name: _gat Value: 1
.prnasia.com/	1970-01-21 10:20:01	Name: __cf_bm Value: jGWuCtBX2cLf9SAIgLIt2e_GpBZbenKi.BjCIYES1LQ-1765199982-1.0.1.1-e6cRZxG47G0x5WxS8IcbTMiZWmAizeQOmq3Gy_dFJ2q6CN1_jJ7Txn.2q5PEB8hP6.aySU.pBLiHCkIE0xxZjaNx_o8ZlGzAWbohz9K3X5M
.reurl.cc/	1970-01-21 11:03:11	Name: CFFPCKUUID Value: 6341-SOTX9HV99sZVmak9hBQvscYhwEBz0tec
.eyeota.net/	1970-01-21 19:05:35	Name: mako_uid Value: 19afe1e30dd-3ffc0000010e4123
.eyeota.net/	1970-01-21 10:20:00	Name: SERVERID Value: 16675~DM
.holmesmind.com/	1970-01-21 10:21:26	Name: fcm Value: 1
.taboola.com/	1970-01-21 19:05:35	Name: t_gid Value: 7a3c5e35-d71e-40f2-aa70-b6a3f8999175-tuct103055ee
.taboola.com/	1970-01-21 19:05:35	Name: t_pt_gid Value: 7a3c5e35-d71e-40f2-aa70-b6a3f8999175-tuct103055ee
.reurl.cc/	1970-01-21 11:03:11	Name: ISMD5VERSION Value: 1
.reurl.cc/	1970-01-21 11:03:11	Name: FPUUID Value: 6320-a3c081890088523141160aeb45bbd22a
.hinet.net/	1970-01-21 19:55:59	Name: uuid Value: 83e9bfa3-72be-41e6-bbf5-c9cad822781b
.holmesmind.com/	1970-01-21 19:55:59	Name: P Value: 782355-0NG8SqrcbUNqKHbjmrMsIO08y3Yw1NN1
.holmesmind.com/	1970-01-21 10:41:07	Name: Vision Value: 20251208-23:59,20251209-00,20251209-00,20251208-23:59
.holmesmind.com/	1970-01-21 10:41:07	Name: C Value: null
.holmesmind.com/	1970-01-21 12:44:57	Name: RK Value: null
.doubleclick.net/	1970-01-21 19:55:59	Name: IDE Value: AHWqTUn-a61Hsv7AuzaiEqo-gP2DbOXtLETlH2-16aUYFRnjKPEiGTPzN3PuMycaoD8
.lndata.com/	1970-01-21 19:06:04	Name: admckid Value: 2512082119431537607
.reurl.cc/	1970-01-21 19:55:59	Name: _ga_S9B9ZLEX4D Value: GS2.1.s1765199983$o1$g0$t1765199983$j60$l0$h0
.reurl.cc/	1970-01-21 19:55:59	Name: _ga Value: GA1.1.543771640.1765199982
.adsrvr.org/	1970-01-21 19:05:35	Name: TDID Value: 2375f82b-b137-444e-a412-657e42a3102e
.holmesmind.com/	1970-01-21 10:20:57	Name: test_cookie Value: CheckForPermission
.doubleclick.net/	1970-01-21 10:20:00	Name: test_cookie Value: CheckForPermission
.adsrvr.org/	1970-01-21 19:05:35	Name: TDCPM Value: CAEYBSABKAIyCwiihLXg5ZnbPhAFOAE.
.reurl.cc/	1970-01-21 19:55:59	Name: _ga_N394QBRGC0 Value: GS2.1.s1765199983$o1$g0$t1765199983$j60$l0$h0
.reurl.cc/	1970-01-21 19:41:35	Name: FCCDCF Value: %5Bnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2C%5B%5B32%2C%22%5B%5C%22c5397c20-6321-455c-b062-14e681cd4803%5C%22%2C%5B1765199984%2C150000000%5D%5D%22%5D%5D%5D
.reurl.cc/	1970-01-21 19:41:35	Name: __gads Value: ID=5327cf2b09a99715:T=1765199984:RT=1765199984:S=ALNI_ManJUbERe-O6JFd6AVKjq8Du457bg
.reurl.cc/	1970-01-21 19:41:35	Name: __gpi Value: UID=000011c593b400c9:T=1765199984:RT=1765199984:S=ALNI_MaIMyUAP3y2CiOothYhLcAeJCrBBA
.reurl.cc/	1970-01-21 14:39:11	Name: __eoi Value: ID=3df48479c545a843:T=1765199984:RT=1765199984:S=AA-AfjZ5yoGpXg9avqaPgdMDA1ep
track.91app.io/	1970-01-21 19:55:59	Name: deviceid Value: d5912052-e9f3-40d4-a48e-658b3159506f
.crwdcntrl.net/	1970-01-21 16:48:47	Name: _cc_id Value: 36f050ef332240069899733d3473bfff
.reurl.cc/	1970-01-21 16:48:47	Name: _cc_id Value: 36f050ef332240069899733d3473bfff
.reurl.cc/	1970-01-21 10:30:04	Name: panoramaId_expiry Value: 1765804784818
.reurl.cc/	1970-01-21 10:30:04	Name: panoramaId Value: de330974a50c31276a3d0e9e0d31185ca02cd0606ef9343407ae33033ed3f168
.reurl.cc/	1970-01-21 10:30:04	Name: panoramaIdType Value: panoDevice
.criteo.com/	1970-01-21 19:41:35	Name: uid Value: f91980f2-1d89-4eda-a221-a287270a2520
.criteo.com/	1970-01-21 19:41:35	Name: cto_bundle Value: kQemn19GVXdnN1pyaUZKYlNhYm9jSVNLWDdSN0E0YVl2ZDFFdGd3bEQ4TFNlaWd3RDFEUGpsNzlwSkFJJTJCaDNvNjAxN0pQV25MOGJXTFc0bDNkSFV3M2ZVa1Ztd2lWJTJCdjcyRmRLVVNXNDJJd1lNcW1nJTJGSTB1WkxYdlRzanlYeWRVcmRScXI5VTNVZERSM0YzWUUzSG5TajgwSVElM0QlM0Q
.reurl.cc/	1970-01-21 19:41:35	Name: cto_bundle Value: xN3Dq19SS3I0TDZaWElLQXBVRyUyRlNHd0V5eGtZREEycWMzRHNPRlVkbVZzS0p3YTJNZW5iUDBOQzlnTVNxSEZpRCUyQjc2UFlTUUpHTHRSeVg2YTAlMkZkRGZqOEsxOElmeFBscnZBQmJRUmdmV1J3ekRuVWpvcmdYU1IlMkZEYnklMkI5MmFDYlJjUmNjb01nRndzY2dIYnFZNG5abVVtTUd3JTNEJTNE
.reurl.cc/	1970-01-21 19:05:35	Name: FCNEC Value: %5B%5B%22AKsRol_x8KH7wE5SsJkaI5CYd4Iy9CgEMIVletjDkkXYgwNtINFlhxbpcMZm8tPFZIf4Fd0CpjhfstM2vHwnZpwOlUCR9CgBdypNy8LAMIYLeIsjWU33K5EmvOHfTq-vNo_SOL0oMRr9nXTc5Iy0eT7YuhhBOOMA-A%3D%3D%22%5D%5D

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://reurl.cc/8nzqdj(Line 157) Message: [GroupMarkerNotSet(crbug.com/242999)!:A0D01800742B0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'bluetooth'.
rendering	warning	URL: https://cdn.holmesmind.com/js/capmapping.htm Message: [GroupMarkerNotSet(crbug.com/242999)!:A0C0DB06742B0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.
rendering	warning	URL: https://cdn.holmesmind.com/js/capmapping.htm Message: [GroupMarkerNotSet(crbug.com/242999)!:A050DC06742B0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.
rendering	warning	URL: https://cdn.holmesmind.com/js/capmapping.htm Message: [GroupMarkerNotSet(crbug.com/242999)!:A0C04D00742B0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.
rendering	warning	URL: https://cdn.holmesmind.com/js/capmapping.htm Message: [GroupMarkerNotSet(crbug.com/242999)!:A0F04D00742B0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.
rendering	warning	URL: https://cdn.holmesmind.com/js/capmapping.htm Message: [GroupMarkerNotSet(crbug.com/242999)!:A0504E00742B0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.
rendering	warning	URL: https://cdn.holmesmind.com/js/capmapping.htm Message: [GroupMarkerNotSet(crbug.com/242999)!:A0809506742B0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.
rendering	warning	URL: https://ep2.adtrafficquality.google/sodar/sodar2/237/runner.html Message: [GroupMarkerNotSet(crbug.com/242999)!:A0204E00742B0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3f7c8398439d581fb0b47b69a86277bd.safeframe.googlesyndication.com
83e9bfa3-72be-41e6-bbf5-c9cad822781b.t.ssp.hinet.net
ad-specs.guoshipartners.com
ad.holmesmind.com
analytics.google.com
anymind360.com
bcp.crwdcntrl.net
c.holmesmind.com
cdn-ima.33across.com
cdn.holmesmind.com
cdn.jsdelivr.net
cm-dev-poc.holmesmind.com
cm.g.doubleclick.net
cm.lndata.com
connect.facebook.net
creditcards.com.tw
ep1.adtrafficquality.google
ep2.adtrafficquality.google
fcm.holmesmind.com
fcm2.holmesmind.com
fundingchoicesmessages.google.com
gum.criteo.com
img.gbyhn.com.tw
img.racingcharger.tw
invstatic101.creativecdn.com
m.holmesmind.com
match.adsrvr.org
mma.prnasia.com
nearbymed.com
oa.openxcdn.net
onead-v6.onevision.com.tw
onead.onevision.com.tw
pagead2.googlesyndication.com
ps.eyeota.net
re-news.tw
reurl.cc
scontent-hkg1-1.xx.fbcdn.net
scontent-hkg4-1.xx.fbcdn.net
securepubads.g.doubleclick.net
static.criteo.net
static.wixstatic.com
static.xx.fbcdn.net
stats.g.doubleclick.net
t.ssp.hinet.net
tags.crwdcntrl.net
track.91app.io
tracking-client.91app.com
trc.taboola.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.com.tw
www.googletagmanager.com
ad.holmesmind.com
104.18.28.101
104.18.96.225
104.21.67.166
104.21.96.9
107.178.241.176
116.50.36.71
142.250.193.193
142.250.196.130
142.250.196.132
142.250.196.136
142.250.77.162
142.251.42.142
142.251.42.194
151.101.1.55
151.101.129.229
151.101.65.44
157.240.199.15
163.70.158.11
172.217.161.35
172.217.175.33
172.67.222.174
18.176.230.233
18.178.75.163
18.180.66.169
18.182.162.20
182.161.74.19
182.161.74.47
192.0.78.25
203.66.35.97
203.75.214.136
216.239.32.178
216.239.32.181
216.58.220.130
3.164.121.106
3.164.121.117
3.164.143.112
3.173.197.105
31.13.82.36
31.13.82.7
34.102.146.192
34.95.67.231
34.96.70.87
35.185.136.122
35.201.76.198
35.201.76.93
35.227.249.156
35.229.143.32
35.71.131.137
52.77.94.58
54.230.175.56
74.125.23.154
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2
1005edce901738f3e7db638eb15c2aab780b0eb6980371a743f826e9edf02aa1
100d72a28123bcee974e8642b8bf1c0865bf1034c9b59f59597d53809e192fdc
111eaf414e95313afc251a7eea0d5eec5d771b8f49f9c8856ba859e796d8773d
120a67e10b39b6b70dc52c65c77d016cba6e33b0ecc86d3fd49dda8f9efc2657
1346d656b8aeb6a9d4d5bd59ab8026645fcc90874f54814d6ee8cac226d32a51
14b660a511e14a9a481c6fe43c576f36c61b656cfd379728c54f1128e1855966
1a66fd60fa46f1db167fedf82c137b1cc4439b28f9db3e6760e54f436a37e83e
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
2a4c7b96514bcf9e8548de41d1fd7b0fa727ae09136bcb61273bf298c7ed67e6
2e2182cf9bb95ed129e4347c06b0e56b6b811544a13c58afb7d78cadc4ce332e
2e5f5cb912c0619933ea6c3ad8ac1466a005f792e3338d96a8432d144c63520f
2f21ca1bad31359ce2041c86891097057888c6d0884206f6dbfdcc4a16203278
316976efcac8e4cc967c221252289c4a9993d45170bd7200cca72ec9969b171d
34af0025ec544bb24d18034783278490fb9fb70f3090037ebf83cb7a1979df1f
351966dece7214af3b43d9a94f07c1c936176ad5dd81f0bbe1f6b319b4cd96d1
352d0915216b13b935f1abedea04d4a039802faaf69153ae71c377410990e322
365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60
3733ce04a5c4dbb8b07b847650fd68e82f93ab8abf6b35ca294d6d40130f06c0
3774a7ce325859b32b6b0b01bde2879c75b81131fafe4a584b18b744711bd75d
37cd16af9680e2eac2b065fe88fbc0ca6d80583c67a9d8c69969e5dcbe27b14d
3b638f7b5069e627c843dbd622093efb6a7d72f8725d098fd7287c84af63f668
45444d590a67d30e8b2fde01bb6482f829383b64bf14a4b19b86e22fdc319fbb
45d40ded3dba5097cd90b076aa3f97f9349a00228aaafe79ec5bb380eaf49457
494a3c1820c45a233469b5f8a5ed47e1c577b4b4b731a8ab785010a26eafad31
4a76223f78d023c174f83154fa4c848dc343db0b3d8325af393a76a858ea9e15
4beb92d3d67900dd56957e65cdc1fa38338fb0e2275e30fce4806a744c52b480
4da2dc78cc23591a9ee3285ba8f3891fa57b506b7902fbdd35fa5a2172566c55
514224fbc0d9e2ca6cb34615eb8d01ce2be9c3666b08a145102c5ef363280a00
51942200970247b8d0a3416e69f1695f6f4abf3e218830815bb6e04d5871559e
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
54f187c15ad0d435cf9d00b0d12fd99f4a1fd21838c991d6de23909463228666
55d72e6c27809e3d9fcee9bfacc5e736e6c8c0f032004a22ca1f1ff2f4594af3
5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd
5a88e1b1823b6f6d8ef43e89a88f95b4b4070c11ac48d02a26499a4f6d64617b
5bc6a2e8a29950101c600d343f7f93ff81f236d65aca8ea360b8016f4f8d1155
5ccb6c69b900610a41f5056880f80d1d0b9cc982957e9b8b47f0d3308e15f4f0
5e09f2cadc4174f4ffdb8b1dd238e5f3f6dc3c323e2a1f625d952fefc04ffb89
5fe9cc04d3f233dc1a28605f4d93944ceb3b7759167df37cab4ba8f3dab35aac
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
620a382665ff035abb643a19e12f088aef2bc27b55398d4ae3f131b773be6355
62129cf0b1632161f23f207cc4edd90a3d10b1f400680596f1225c8fe0cb82b7
62208ea5ec5c42039fa0c91c96c96e0bbbedec639efe33d7baef8119cedb44c3
63af96a219e95ec9d8c429adc9a2df9661e9b8a5c08b1d81f24cc018ece88cec
66d9338d99dbaf20815a20683e70ab8f164370705a19b5cfcb726e0fbdfeac70
66ff4ad29ec9611c45b2a36c657f7637f3b993dd6a1b2c011d2f63059e1a1ed4
6d39177e2ba7ddb3a4905648e289d718d766b62b47315f5aa6d2f42520b67f3d
6fb04bf962208df81def881d4eb39e5f263c8f79e4c9425bbe79042eb36938c5
730b0155c953fb939df04b102b4a3028c6affd25cbaa7fb2fc9d298eea213c35
73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c
76e0fe9b59aa81409567a77b7f5cfaebcbe6d1a5586d4979c5a83a327f68d517
771174ef9483d0ae9e294a23d66f372ed9ce4538d8a7e94adfeb4630162a3598
7818e84f0f0e542edfed541661a2adc13c4e926d5f4de3cea0ab8547d495287b
7ab261e572155915a8e6ef0476abedf3620a0a65af8fa91c057921344ceef112
7cf4cf20b3aaa1fbd77cb22b2223d395536263bc0b84dc0117998fb60b2cc099
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83b7d2afe243941c2527b2d875836ad2cb864290690dd1b253389de3f7bc7da4
8679a1ef5fcaef4155d4e0829668276e2e8545ba209b3befc58b0e88246c8720
873b90cdbff7dcb26e9ea34c647a5d15e83daecca768a816619dd38a503c09b5
8d23693251d0923a21dba7083e1e3a58a18123b146cebbcefb828e1caa7c3aa3
8da9b8dc7a16d03966226d79b3ab81fac5710dd28a52a6769568fdd4ac789159
8e6e6a26bb32791b1aeaa7d1eda01fb3a69d5a8ce872ee893e0226b2be3f895e
8f7636a0b0dd99d49730dd0dd8f91db5bc76ead8b17b834c2071fdeac92ce0f4
928c4ede6da477b569faeb1ed7531cf2ac9eb4c2ff46eb449db5eeb2cf9c28ec
96e3e8dfde6b1042514824bac1b44282d4a76bac028f2d767f6534dce2cf3db0
9722a06b170a87794da6a4cf27efd1997b9616d64f1ab14cfbfb7d4738480cc4
97526e5a5802eee45d0f67427c48dddd0eb0c90a24b22d33f509203c56c1a156
9aa92a9a076fd2e55f339cd82c8b540e96ea0a4e4c7c12da6602edfadf2a0819
9b20e6d4595c3d44cdd0b81124ab294e2fbfe0922045986bf9504d65588e7652
9eb74814e2da2d4034e5a77acf0b3deab7feef170f6d9067d263041563bea368
a6ddb6d50380239f4f7ce83d4fd61fc7319596d20328d407ca513a1870b4ad32
a7c26694861bbd926c7d903f707b406aa8eaa6a5065a3acb6c8e0028e8eaee6e
a7f65c0446b6cac3175458f6388304d0c23e70d11fa0db20920a619f1bc18623
a9a9fbd21c6499c21b78c4b4e7bdb6bd52c96fd9674686ca6399c98afa5da931
ab187b70940d331c60646d5731fa8e86d6958ba69dfa241361e39d30d81c2d31
b2c8ea897dfa399f29a52d8a0a9cbd5e2dec7f5802ae9be475075fc062d2dcd0
b5e3c942a7a29f2edcf943490da066f5f3492336c103a9d4ca0a75e32eacbfaf
b8a3f9a336315ce96ef093f8618bdbbe763347d59c911dab946e5fa3b1a3ea57
c14f197a36e4ee001d1116a17867f979f20b1e4d3d49fcd30734d6bab4d7e491
c205c874491530a4288b8f643e5da8fbcf7c54bee71bb787f4444e77de90e821
c2bfe20d9d58935828e75bc753e2655f240621077408ae64f9b40a20f5125487
c3964eaff371e6f80ef107a97ca8a936d9b272609e887d74189b4f834661d788
c554a961e601658c6f0130aed9656ba02a54d97fa41846f800a008d16c9bc6d1
cc6cdc88d0b8d6e81f19c2bca9e328697cf165120ae7161b7aa34d96a85596d0
cdf207042b9030c6e625d7042dac68355209cda211f30a59d25b2b4baafd8c1d
d1dfaa28d92667fdc705bea1aeb8259f130c7b8a24c93fa98252af7aa3f85fe8
d20f5f22b85b4435149f07c63467a2eeeea0b1bff406b2817caec8ea446965cb
d2986d922842fcae8dd193d6d389060cc5ccd1f0d3ea67652c35a83ee9db4d24
d50cad871cd252aca6f998215c8f1c3d372bef86a324e45fc1f60d0b5e1e61b5
d51ae4a1096fac36fe9055d5c3f4daa85de0120b567636c89327b544a2a6a795
e0b4dc5eb620130087d8834ddc5aa8792b984309f7ffac2f5bd889328cc4b5d2
e1f4fc988bece86a44450f51b6475a6c5e6b464452ad72b3291b0aa3299fb524
e22fbfd22ad6713b1af70a2b6b8e1b1d2c20d04df17253cf61bf0956e963db4f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8bd42176ae17481a04d85bfbb28b3b4e99a6924a45bae94ad56e1678cf11914
e9b96bc538ceb220fc5caff0d0a67916b74cf07b2bada0b3296a17b1b99c9990
eedec869f43c9ff3a4443c405aaf18662cc6bc8795a393c65a1ddff6e317217f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
eff958d6a66dede8a64c252dcf84e69d34c888460d5fcf6f835e655ab487d352
f1a61277e3f902f50ab42015d8b07218db9b7601bb0967e54a52bfdcb4fa7e81
f1a68bf826c55985468304f4284a09cb8a68e82503d764166e611a7c58a85a4b
f1c56a198201b67b6ccb53824985f9c142b0a1600c3696a13879b17b06050197
f32f67aa8e576112994f6cb0e6d5c8858b0292db702beb57818358e68c160471
fa4737f35024386f5448fabd53d531f869ab5bc08b741de444bc88363c36c06e
fb282435c2aa56b0a8871ede47eb8737463d36a243e53cb23669d9bd6fb187df

reurl.cc Open in urlscan Pro 35.229.143.32 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

209 Requests

89 %HTTPS

0 %IPv6

36 Domains

53 Subdomains

49 IPs

6 Countries

4580 kBTransfer

10406 kBSize

42 Cookies

19 Outgoing links

Redirected requests

209 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

reurl.cc Open in urlscan Pro
35.229.143.32 Public Scan

Screenshot
Live screenshot

Full Image

209
Requests

89 %
HTTPS

0 %
IPv6

36
Domains

53
Subdomains

49
IPs

6
Countries

4580 kB
Transfer

10406 kB
Size

42
Cookies

209 HTTP transactions
1 data transactions