reurl.cc Open in urlscan Pro
35.229.143.32 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://reurl.cc/Y3gKxl
Submission: On December 10 via api (December 10th 2025, 1:17:48 am UTC) from FR — Scanned from TW

Summary HTTP 343 Redirects Links 25 Behaviour Indicators

Summary

This website contacted 56 IPs in 6 countries across 40 domains to perform 343 HTTP transactions. The main IP is 35.229.143.32, located in Taipei, Taiwan and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is reurl.cc. The Cisco Umbrella rank of the primary domain is 313900.
TLS certificate: Issued by E7 on October 30th 2025. Valid for: 3 months.

This is the only time reurl.cc was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7	35.229.143.32 35.229.143.32	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	151.101.65.229 151.101.65.229	54113 (FASTLY) (FASTLY)
2	151.101.193.55 151.101.193.55	54113 (FASTLY) (FASTLY)
7	142.250.196.104 142.250.196.104	15169 (GOOGLE) (GOOGLE)
55	3.164.121.106 3.164.121.106	16509 (AMAZON-02) (AMAZON-02)
2	203.66.32.198 203.66.32.198	3462 (HINET Dat...) (HINET Data Communication Business Group)
4	142.250.194.194 142.250.194.194	15169 (GOOGLE) (GOOGLE)
5	107.178.241.176 107.178.241.176	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	57.144.44.128 57.144.44.128	32934 (FACEBOOK) (FACEBOOK)
2	142.250.194.206 142.250.194.206	15169 (GOOGLE) (GOOGLE)
6	31.13.82.36 31.13.82.36	32934 (FACEBOOK) (FACEBOOK)
2	35.185.136.122 35.185.136.122	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	13.213.216.213 13.213.216.213	16509 (AMAZON-02) (AMAZON-02)
2 2	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
1 2	18.177.116.10 18.177.116.10	16509 (AMAZON-02) (AMAZON-02)
1 1	151.101.65.44 151.101.65.44	54113 (FASTLY) (FASTLY)
1	104.21.25.44 104.21.25.44	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.96.225 104.18.96.225	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	192.0.78.25 192.0.78.25	2635 (AUTOMATTIC) (AUTOMATTIC)
1	104.21.96.9 104.21.96.9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.67.178.125 172.67.178.125	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	3.164.143.54 3.164.143.54	16509 (AMAZON-02) (AMAZON-02)
13	3.164.121.96 3.164.121.96	16509 (AMAZON-02) (AMAZON-02)
24	31.13.82.7 31.13.82.7	32934 (FACEBOOK) (FACEBOOK)
2	163.70.158.11 163.70.158.11	32934 (FACEBOOK) (FACEBOOK)
25	18.176.230.233 18.176.230.233	16509 (AMAZON-02) (AMAZON-02)
6	3.173.197.77 3.173.197.77	16509 (AMAZON-02) (AMAZON-02)
6	116.50.36.71 116.50.36.71	18046 (DONGFONG-...) (DONGFONG-TW DongFong Technology Co. Ltd.)
12	3.114.255.95 3.114.255.95	16509 (AMAZON-02) (AMAZON-02)
6	34.95.67.231 34.95.67.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
6	18.178.75.163 18.178.75.163	16509 (AMAZON-02) (AMAZON-02)
38	203.75.214.136 203.75.214.136	3462 (HINET Dat...) (HINET Data Communication Business Group)
6 12	35.201.76.93 35.201.76.93	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
12 12	142.250.194.130 142.250.194.130	15169 (GOOGLE) (GOOGLE)
6	35.227.249.156 35.227.249.156	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
9	216.239.34.181 216.239.34.181	15169 (GOOGLE) (GOOGLE)
5	142.251.8.157 142.251.8.157	15169 (GOOGLE) (GOOGLE)
7	142.251.42.163 142.251.42.163	15169 (GOOGLE) (GOOGLE)
14	142.250.194.78 142.250.194.78	15169 (GOOGLE) (GOOGLE)
3	182.161.74.47 182.161.74.47	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
1	103.132.192.30 103.132.192.30	138552 (RTBHOUSE-...) (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD.)
3 6	35.190.36.98 35.190.36.98	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3 3	172.104.105.5 172.104.105.5	63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud)
1	210.59.219.34 210.59.219.34	3462 (HINET Dat...) (HINET Data Communication Business Group)
1	182.161.74.26 182.161.74.26	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	3.175.227.74 3.175.227.74	16509 (AMAZON-02) (AMAZON-02)
1	34.96.70.87 34.96.70.87	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	142.251.42.193 142.251.42.193	15169 (GOOGLE) (GOOGLE)
2	157.240.199.15 157.240.199.15	32934 (FACEBOOK) (FACEBOOK)
12	35.201.76.198 35.201.76.198	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
6	182.161.74.19 182.161.74.19	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
1	184.27.185.92 184.27.185.92	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
1	3.5.157.81 3.5.157.81	16509 (AMAZON-02) (AMAZON-02)
4	142.250.196.34 142.250.196.34	15169 (GOOGLE) (GOOGLE)
1	142.251.42.129 142.251.42.129	15169 (GOOGLE) (GOOGLE)
3	142.250.196.129 142.250.196.129	15169 (GOOGLE) (GOOGLE)
1	142.250.194.68 142.250.194.68	15169 (GOOGLE) (GOOGLE)
2	142.250.193.194 142.250.193.194	15169 (GOOGLE) (GOOGLE)
343	56

7 35.229.143.32 (Taipei, Taiwan)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 32.143.229.35.bc.googleusercontent.com

reurl.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.65.229 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.193.55 (United States)

ASN54113 (FASTLY, US)

anymind360.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.196.104 (United States)

ASN15169 (GOOGLE, US)
PTR: nrt12s35-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

55 3.164.121.106 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-164-121-106.nrt12.r.cloudfront.net

cdn.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 203.66.32.198 (Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)
PTR: 203-66-32-198.hinet-ip.hinet.net

ad-specs.guoshipartners.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.194.194 (United States)

ASN15169 (GOOGLE, US)
PTR: lcnrta-bk-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 107.178.241.176 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 176.241.178.107.bc.googleusercontent.com

onead.onevision.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
onead-v6.onevision.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 57.144.44.128 (Tokyo, Japan)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-nrt6.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.194.206 (United States)

ASN15169 (GOOGLE, US)
PTR: del12s07-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 31.13.82.36 (Tokyo, Japan)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-nrt1.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.185.136.122 (Taipei, Taiwan)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 122.136.185.35.bc.googleusercontent.com

re-news.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.213.216.213 (Singapore, Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-213-216-213.ap-southeast-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.71.131.137 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.177.116.10 (Tokyo, Japan) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-177-116-10.ap-northeast-1.compute.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.44 (United States) 1 redirects

ASN54113 (FASTLY, US)

trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.25.44 (Ascension Island)

ASN13335 (CLOUDFLARENET, US)

nearbymed.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.96.225 (Ascension Island)

ASN13335 (CLOUDFLARENET, US)

mma.prnasia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.25 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

creditcards.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.96.9 (Ascension Island)

ASN13335 (CLOUDFLARENET, US)

img.gbyhn.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.178.125 (Ascension Island)

ASN13335 (CLOUDFLARENET, US)

img.racingcharger.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.164.143.54 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-164-143-54.nrt20.r.cloudfront.net

static.wixstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 3.164.121.96 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-164-121-96.nrt12.r.cloudfront.net

cdn.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 31.13.82.7 (Tokyo, Japan)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-nrt1.fbcdn.net

static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 163.70.158.11 (Chai Wan, Hong Kong)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-hkg1.fbcdn.net

scontent-hkg1-1.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 18.176.230.233 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-176-230-233.ap-northeast-1.compute.amazonaws.com

ad.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 3.173.197.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-173-197-77.nrt12.r.cloudfront.net

tracking-client.91app.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 116.50.36.71 (Taiwan)

ASN18046 (DONGFONG-TW DongFong Technology Co. Ltd., TW)
PTR: 116-50-36-71.dft.tw

cm.lndata.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 3.114.255.95 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-114-255-95.ap-northeast-1.compute.amazonaws.com

cm-dev-poc.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.95.67.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.67.95.34.bc.googleusercontent.com

fcm.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 18.178.75.163 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-178-75-163.ap-northeast-1.compute.amazonaws.com

fcm2.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

38 203.75.214.136 (Taipei, Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)
PTR: 203-75-214-136.hinet-ip.hinet.net

t.ssp.hinet.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b.t.ssp.hinet.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 35.201.76.93 (Kansas City, United States) 6 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 93.76.201.35.bc.googleusercontent.com

c.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.194.130 (United States) 12 redirects

ASN15169 (GOOGLE, US)
PTR: lcnrta-az-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.227.249.156 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 156.249.227.35.bc.googleusercontent.com

m.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 216.239.34.181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.251.8.157 (United States)

ASN15169 (GOOGLE, US)
PTR: tb-in-f157.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.251.42.163 (United States)

ASN15169 (GOOGLE, US)
PTR: nrt12s46-in-f3.1e100.net

www.google.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 142.250.194.78 (United States)

ASN15169 (GOOGLE, US)
PTR: lcnrta-bb-in-f14.1e100.net

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 182.161.74.47 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.132.192.30 (Singapore)

ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG)
PTR: ip-103-132-192-30.rtbhouse.net

prebid-asia.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.190.36.98 (United States) 3 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 98.36.190.35.bc.googleusercontent.com

ad2.apx.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.104.105.5 (Tokyo, Japan) 3 redirects

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: li1715-5.members.linode.com

gocm.c.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 210.59.219.34 (Taichung, Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)
PTR: 210-59-219-34.hinet-ip.hinet.net

prebid.scupio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 182.161.74.26 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.175.227.74 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-175-227-74.nrt12.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com

invstatic101.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.42.193 (United States)

ASN15169 (GOOGLE, US)
PTR: nrt12s47-in-f1.1e100.net

3075a318ad54e9b9674229a6a530ae19.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.199.15 (Chai Wan, Hong Kong)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-hkg4.fbcdn.net

scontent-hkg4-1.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 35.201.76.198 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 198.76.201.35.bc.googleusercontent.com

track.91app.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 182.161.74.19 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.27.185.92 (Tokyo, Japan)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a184-27-185-92.deploy.static.akamaitechnologies.com

code.createjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.5.157.81 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)

tpe-stock.s3.ap-northeast-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.196.34 (United States)

ASN15169 (GOOGLE, US)
PTR: maa03s45-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ep1.adtrafficquality.google	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.42.129 (United States)

ASN15169 (GOOGLE, US)
PTR: nrt12s45-in-f1.1e100.net

word-pt0777.blogspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.196.129 (United States)

ASN15169 (GOOGLE, US)
PTR: nrt12s36-in-f1.1e100.net

ep2.adtrafficquality.google	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.194.68 (United States)

ASN15169 (GOOGLE, US)
PTR: lcnrta-bb-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.193.194 (United States)

ASN15169 (GOOGLE, US)
PTR: del11s17-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
135	holmesmind.com 6 redirects cdn.holmesmind.com — Cisco Umbrella Rank: 237692 ad.holmesmind.com — Cisco Umbrella Rank: 143825 cm-dev-poc.holmesmind.com — Cisco Umbrella Rank: 230074 fcm.holmesmind.com — Cisco Umbrella Rank: 295745 fcm2.holmesmind.com — Cisco Umbrella Rank: 280119 c.holmesmind.com — Cisco Umbrella Rank: 157999 m.holmesmind.com — Cisco Umbrella Rank: 264664	1 MB
38	hinet.net t.ssp.hinet.net — Cisco Umbrella Rank: 89836 a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b.t.ssp.hinet.net	13 KB
24	google.com analytics.google.com — Cisco Umbrella Rank: 151 fundingchoicesmessages.google.com — Cisco Umbrella Rank: 780 apis.google.com — Cisco Umbrella Rank: 153 www.google.com — Cisco Umbrella Rank: 2	84 KB
22	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 865 scontent-hkg1-1.xx.fbcdn.net — Cisco Umbrella Rank: 42054 scontent-hkg4-1.xx.fbcdn.net — Cisco Umbrella Rank: 38607	322 KB
21	doubleclick.net 12 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 255 cm.g.doubleclick.net — Cisco Umbrella Rank: 296 stats.g.doubleclick.net — Cisco Umbrella Rank: 159	252 KB
12	91app.io track.91app.io — Cisco Umbrella Rank: 145118	2 KB
9	appier.net 6 redirects ad2.apx.appier.net — Cisco Umbrella Rank: 121001 gocm.c.appier.net — Cisco Umbrella Rank: 3048	3 KB
8	facebook.net connect.facebook.net — Cisco Umbrella Rank: 212	205 KB
7	criteo.com bidder.criteo.com — Cisco Umbrella Rank: 3379 gum.criteo.com — Cisco Umbrella Rank: 492	14 KB
7	google.com.tw www.google.com.tw — Cisco Umbrella Rank: 25152	1 KB
7	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 36	1023 KB
7	reurl.cc reurl.cc — Cisco Umbrella Rank: 313900	11 KB
6	lndata.com cm.lndata.com — Cisco Umbrella Rank: 222357	2 KB
6	91app.com tracking-client.91app.com — Cisco Umbrella Rank: 200848	17 KB
6	facebook.com www.facebook.com — Cisco Umbrella Rank: 121	33 KB
5	adtrafficquality.google ep1.adtrafficquality.google — Cisco Umbrella Rank: 334 ep2.adtrafficquality.google — Cisco Umbrella Rank: 343	26 KB
5	googlesyndication.com 3075a318ad54e9b9674229a6a530ae19.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 126	78 KB
5	onevision.com.tw onead.onevision.com.tw — Cisco Umbrella Rank: 165591 onead-v6.onevision.com.tw	2 KB
3	criteo.net static.criteo.net — Cisco Umbrella Rank: 1000	60 KB
3	crwdcntrl.net bcp.crwdcntrl.net — Cisco Umbrella Rank: 1101 tags.crwdcntrl.net — Cisco Umbrella Rank: 1077	14 KB
2	creativecdn.com prebid-asia.creativecdn.com — Cisco Umbrella Rank: 34260 invstatic101.creativecdn.com — Cisco Umbrella Rank: 2208	3 KB
2	eyeota.net 1 redirects ps.eyeota.net — Cisco Umbrella Rank: 1030	2 KB
2	adsrvr.org 2 redirects match.adsrvr.org — Cisco Umbrella Rank: 419	1 KB
2	re-news.tw re-news.tw	27 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 57	21 KB
2	guoshipartners.com ad-specs.guoshipartners.com — Cisco Umbrella Rank: 183614	21 KB
2	anymind360.com anymind360.com — Cisco Umbrella Rank: 19502	174 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 284	58 KB
1	blogspot.com word-pt0777.blogspot.com	715 B
1	amazonaws.com tpe-stock.s3.ap-northeast-1.amazonaws.com	1 KB
1	createjs.com code.createjs.com — Cisco Umbrella Rank: 2476	63 KB
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 2436	8 KB
1	scupio.com prebid.scupio.com — Cisco Umbrella Rank: 109415	168 B
1	wixstatic.com static.wixstatic.com — Cisco Umbrella Rank: 6375	1011 KB
1	racingcharger.tw img.racingcharger.tw	742 KB
1	gbyhn.com.tw img.gbyhn.com.tw	61 KB
1	creditcards.com.tw creditcards.com.tw	48 KB
1	prnasia.com mma.prnasia.com — Cisco Umbrella Rank: 491627	47 KB
1	nearbymed.com nearbymed.com	16 KB
1	taboola.com 1 redirects trc.taboola.com — Cisco Umbrella Rank: 749	542 B
343	40

	Domain	Requested by
68	cdn.holmesmind.com	reurl.cc cdn.holmesmind.com ad.holmesmind.com
29	t.ssp.hinet.net	cdn.holmesmind.com t.ssp.hinet.net
25	ad.holmesmind.com	cdn.holmesmind.com reurl.cc
18	static.xx.fbcdn.net	www.facebook.com static.xx.fbcdn.net
13	fundingchoicesmessages.google.com	securepubads.g.doubleclick.net
12	track.91app.io	tracking-client.91app.com
12	cm.g.doubleclick.net	12 redirects
12	c.holmesmind.com	6 redirects cdn.holmesmind.com
12	cm-dev-poc.holmesmind.com	cdn.holmesmind.com
9	a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b.t.ssp.hinet.net	cdn.holmesmind.com reurl.cc t.ssp.hinet.net
9	analytics.google.com	www.googletagmanager.com
8	connect.facebook.net	reurl.cc connect.facebook.net fcm2.holmesmind.com
7	www.google.com.tw	reurl.cc
7	www.googletagmanager.com	reurl.cc www.googletagmanager.com
7	reurl.cc	reurl.cc
6	gum.criteo.com	static.criteo.net gum.criteo.com
6	ad2.apx.appier.net	3 redirects reurl.cc
6	m.holmesmind.com	cdn.holmesmind.com
6	fcm2.holmesmind.com	cdn.holmesmind.com
6	fcm.holmesmind.com	cdn.holmesmind.com
6	cm.lndata.com	cdn.holmesmind.com
6	tracking-client.91app.com	cdn.holmesmind.com
6	www.facebook.com	reurl.cc connect.facebook.net static.xx.fbcdn.net
5	stats.g.doubleclick.net	www.googletagmanager.com
4	pagead2.googlesyndication.com	securepubads.g.doubleclick.net ep2.adtrafficquality.google
4	onead.onevision.com.tw	ad-specs.guoshipartners.com reurl.cc
4	securepubads.g.doubleclick.net	anymind360.com securepubads.g.doubleclick.net reurl.cc
3	ep2.adtrafficquality.google	securepubads.g.doubleclick.net ep2.adtrafficquality.google
3	gocm.c.appier.net	3 redirects
3	static.criteo.net	cdn.holmesmind.com securepubads.g.doubleclick.net
2	ep1.adtrafficquality.google	securepubads.g.doubleclick.net
2	scontent-hkg4-1.xx.fbcdn.net	reurl.cc
2	scontent-hkg1-1.xx.fbcdn.net	www.facebook.com reurl.cc
2	ps.eyeota.net	1 redirects reurl.cc
2	match.adsrvr.org	2 redirects
2	bcp.crwdcntrl.net	reurl.cc tags.crwdcntrl.net
2	re-news.tw	reurl.cc
2	www.google-analytics.com	reurl.cc www.google-analytics.com
2	ad-specs.guoshipartners.com	reurl.cc
2	anymind360.com	reurl.cc
2	cdn.jsdelivr.net	reurl.cc
1	www.google.com	ep2.adtrafficquality.google
1	word-pt0777.blogspot.com
1	tpe-stock.s3.ap-northeast-1.amazonaws.com	reurl.cc
1	code.createjs.com	cdn.holmesmind.com
1	apis.google.com	cdn.holmesmind.com
1	3075a318ad54e9b9674229a6a530ae19.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	invstatic101.creativecdn.com	securepubads.g.doubleclick.net
1	tags.crwdcntrl.net	securepubads.g.doubleclick.net
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	bidder.criteo.com	static.criteo.net
1	prebid.scupio.com	cdn.holmesmind.com
1	prebid-asia.creativecdn.com	cdn.holmesmind.com
1	static.wixstatic.com	reurl.cc
1	img.racingcharger.tw	reurl.cc
1	img.gbyhn.com.tw	reurl.cc
1	creditcards.com.tw	reurl.cc
1	mma.prnasia.com	reurl.cc
1	nearbymed.com	reurl.cc
1	onead-v6.onevision.com.tw	reurl.cc
1	trc.taboola.com	1 redirects
343	61

This site contains links to these domains. Also see Links.

Domain
word-pt0777.blogspot.com
re-news.tw
youtils.cc
www.comptw.com
stockinfo.tw
ad.holmesmind.com
www.multiforce.com.tw
l.facebook.com

Subject Issuer	Validity	Valid
reurl.cc E7	`2025-10-30` - `2026-01-28`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2025 Q2	`2025-06-02` - `2026-07-04`	a year	crt.sh
anymind360.com R13	`2025-10-13` - `2026-01-11`	3 months	crt.sh
*.google-analytics.com WR2	`2025-10-27` - `2026-01-19`	3 months	crt.sh
*.holmesmind.com Go Daddy Secure Certificate Authority - G2	`2025-03-06` - `2026-04-07`	a year	crt.sh
ad-specs.guoshipartners.com Go Daddy Secure Certificate Authority - G2	`2025-01-08` - `2026-01-21`	a year	crt.sh
*.g.doubleclick.net WR2	`2025-10-27` - `2026-01-19`	3 months	crt.sh
*.onevision.com.tw R13	`2025-12-01` - `2026-03-01`	3 months	crt.sh
*.facebook.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2025-09-18` - `2025-12-17`	3 months	crt.sh
re-news.tw R12	`2025-12-04` - `2026-03-04`	3 months	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M04	`2025-08-10` - `2026-09-08`	a year	crt.sh
nearbymed.com WE1	`2025-11-14` - `2026-02-12`	3 months	crt.sh
*.prnasia.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2025-10-21` - `2026-11-21`	a year	crt.sh
tls.automattic.com E7	`2025-10-20` - `2026-01-18`	3 months	crt.sh
gbyhn.com.tw WE1	`2025-10-29` - `2026-01-27`	3 months	crt.sh
racingcharger.tw WE1	`2025-12-08` - `2026-03-08`	3 months	crt.sh
*.wixstatic.com R12	`2025-11-16` - `2026-02-14`	3 months	crt.sh
*.91app.com Amazon RSA 2048 M04	`2025-07-25` - `2026-08-22`	a year	crt.sh
*.lndata.com GeoTrust G5 TLS RSA4096 SHA384 2022 CA1	`2025-12-08` - `2026-12-07`	a year	crt.sh
*.t.ssp.hinet.net HiPKI OV TLS CA - G1	`2025-02-12` - `2026-02-12`	a year	crt.sh
*.google.com WR2	`2025-10-27` - `2026-01-19`	3 months	crt.sh
*.google.com.tw WR2	`2025-10-27` - `2026-01-19`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2025-10-16` - `2026-01-18`	3 months	crt.sh
*.creativecdn.com RapidSSL TLS RSA CA G1	`2025-04-17` - `2026-05-02`	a year	crt.sh
*.scupio.com Sectigo RSA Organization Validation Secure Server CA	`2025-09-02` - `2026-10-03`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2025-11-14` - `2026-02-11`	3 months	crt.sh
oa.openxcdn.net WR3	`2025-11-06` - `2026-02-04`	3 months	crt.sh
invstatic101.creativecdn.com WR3	`2025-12-06` - `2026-03-06`	3 months	crt.sh
track.91app.io WR3	`2025-10-28` - `2026-01-26`	3 months	crt.sh
tls.adobe.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-12-13` - `2026-01-13`	a year	crt.sh
*.s3-ap-northeast-1.amazonaws.com Amazon RSA 2048 M01	`2025-06-27` - `2026-06-18`	a year	crt.sh
adtrafficquality.google WR2	`2025-10-27` - `2026-01-19`	3 months	crt.sh
misc-sni.blogspot.com WR2	`2025-10-27` - `2026-01-19`	3 months	crt.sh

This page contains 36 frames:

Primary Page: https://reurl.cc/Y3gKxl
Frame ID: C89C6B05D24D5457122764949D6C99A3
Requests: 81 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Freurl.cc%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Frame ID: 3313E2E63E69CA8E76B0C8FB80D1A314
Requests: 26 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: 571CCAF790CEF5DA18B1F2FC58266599
Requests: 16 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: 3A8F2D3E47F71094F3A4FB1905E23B0F
Requests: 9 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: E217A255DBF0612C8D9290335547FB0C
Requests: 25 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: 9A139354F88C6996773D6C82C11808EB
Requests: 8 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: BFAA8840A094D5B9844431AF0AE35367
Requests: 13 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: 4D86D161C723A1D97B1741F420A4105E
Requests: 21 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: C8956EE6A137CC174DE1D7FDF2AF388A
Requests: 21 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: C6DCD9B26A3731048AF293E58A4FC6C1
Requests: 12 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: 332CC3725C0DAAE7A852443CC9DCF7CC
Requests: 21 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: A90AF61780FF7B55B105E5A2F8255459
Requests: 11 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: 62B0F34A8C2FF377E44DDA182D11F50B
Requests: 11 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: F6961E67DD911BA0DB8CC6B05AE66A68
Requests: 11 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: FFE5C98510F6B4B4E6202DA97DDCBCCD
Requests: 11 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: 51592F6C2CA99B2A6E2D55A851605E0F
Requests: 11 HTTP requests in this frame

Frame: https://cm-dev-poc.holmesmind.com/fp
Frame ID: 07B9A1052665245D365A4A553E1279D6
Requests: 1 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: BA0CACC109B944E8744E9AFA0BD5ED8C
Requests: 1 HTTP requests in this frame

Frame: https://cm-dev-poc.holmesmind.com/fp
Frame ID: 000E6CC0E6936F80535E899B911AAD7B
Requests: 1 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: 2BBB9E783A8F66E5D9BCE5C53D6860E6
Requests: 1 HTTP requests in this frame

Frame: https://cm-dev-poc.holmesmind.com/fp
Frame ID: 236A9B686A7D42474216ED0F595EE8B9
Requests: 1 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: DFB86AE4D622265B7EC301518E794BEF
Requests: 1 HTTP requests in this frame

Frame: https://cm-dev-poc.holmesmind.com/fp
Frame ID: 2A9E6A58666A6C9F08588B392E499ADB
Requests: 1 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: 8882FC0A6019E8B2A45E10EC7E2BA722
Requests: 1 HTTP requests in this frame

Frame: https://cm-dev-poc.holmesmind.com/fp
Frame ID: 10579BDDFE77185C67ADBA59AF0156BA
Requests: 1 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: 66D15F913AFE85CE41214DBDF3A630BE
Requests: 1 HTTP requests in this frame

Frame: https://cm-dev-poc.holmesmind.com/fp
Frame ID: 990CAD6A8E554BD336FAF833BA023D08
Requests: 1 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: EEA8974CCC897477203878655D03E5F8
Requests: 1 HTTP requests in this frame

Frame: https://3075a318ad54e9b9674229a6a530ae19.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Frame ID: 1507EB27040CEA055FCF8072CE7BA9CF
Requests: 1 HTTP requests in this frame

Frame: https://apis.google.com/js/api.js
Frame ID: 7F2A75E289777DBE281D8A369D2ACC7B
Requests: 6 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/z/39368/92b9fa070b2808643f4a132b2f45766b/320x480/320x480.html
Frame ID: 19DFE9A12D70D964A3ABE1A06C42F766
Requests: 8 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=reurl.cc&gdpr=0&gdpr_consent=
Frame ID: 64F800F62DBAACF59519083FE609B2B1
Requests: 2 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Frame ID: CFB1516261356D7B71C9A587FB253AD3
Requests: 2 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Frame ID: 2259B396941308855C011DE37FF69324
Requests: 2 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/237/runner.html
Frame ID: F774C8572ECE790AE7B3DC757593145A
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 2027C56805C794BC5351CF0476484611
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

word-PT0777

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (UI frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Vue.js (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/vue(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Plus (Widgets) Expand

Overall confidence: 100%
Detected patterns

apis\.google\.com/js/[a-z]*\.js

Google Tag Manager (Tag managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

TrackJs (Analytics) Expand

Overall confidence: 100%
Detected patterns

tracker\.js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

343
Requests

93 %
HTTPS

0 %
IPv6

40
Domains

61
Subdomains

56
IPs

6
Countries

5658 kB
Transfer

13580 kB
Size

52
Cookies

25 Outgoing links

These are links going to different origins than the main page.

URL: https://word-pt0777.blogspot.com/
Title: 是，保持前往

Search URL Search Domain Scan URL

URL: https://re-news.tw/nearbymed/caring-concert-brings-support-to-cancer-patients-through-song

Search URL Search Domain Scan URL

URL: https://re-news.tw/prnasia/4842358_XG42358_2

Search URL Search Domain Scan URL

URL: https://re-news.tw/creditcard/303900

Search URL Search Domain Scan URL

URL: https://re-news.tw/gbyhn/71047

Search URL Search Domain Scan URL

URL: https://re-news.tw/rich101/7295

Search URL Search Domain Scan URL

URL: https://re-news.tw/racingcharger/61273

Search URL Search Domain Scan URL

URL: https://re-news.tw/zocha/664f06a4333c44b7de8afda5

Search URL Search Domain Scan URL

URL: https://youtils.cc/emoji
Title: 表情符號(emoji)

Search URL Search Domain Scan URL

URL: https://youtils.cc/geoip
Title: IP查詢

Search URL Search Domain Scan URL

URL: https://youtils.cc/big5gb
Title: 繁簡轉換

Search URL Search Domain Scan URL

URL: https://youtils.cc/qrcode
Title: QRCode

Search URL Search Domain Scan URL

URL: https://youtils.cc/length
Title: 身高/長度換算

Search URL Search Domain Scan URL

URL: https://www.comptw.com/
Title: 台灣公司查詢網

Search URL Search Domain Scan URL

URL: https://stockinfo.tw/
Title: 台股資訊網

Search URL Search Domain Scan URL

URL: https://youtils.cc/wordcounter/zh-Hants
Title: 字數統計

Search URL Search Domain Scan URL

URL: https://youtils.cc/dateCalculator
Title: 日期計算機

Search URL Search Domain Scan URL

URL: https://youtils.cc/lunarCalendar
Title: 農曆轉國曆

Search URL Search Domain Scan URL

URL: https://youtils.cc/utm
Title: UTM網址

Search URL Search Domain Scan URL

URL: https://ad.holmesmind.com/adserver/c?p=14210:244087:299209:be74b08d3c637e8ceb6c0eba2cd4ee73:36478&dest=https%3A%2F%2Flihi.cc%2Fesuqi

Search URL Search Domain Scan URL

URL: https://www.multiforce.com.tw/home.jsp?lang=tw

Search URL Search Domain Scan URL

URL: https://ad.holmesmind.com/adserver/c?p=18535:244087:299212:b5de7e43b23775f918550ae0ea6b298c:36478&dest=https%3A%2F%2Flihi.cc%2Fesuqi

Search URL Search Domain Scan URL

URL: https://ad.holmesmind.com/adserver/c?p=22213:244496:299524:9ef463257a6116b27b8bd6001bc8bd76:39368&dest=https%3A%2F%2Fwww.volkswagentaiwan.com.tw%2FTheall-newTiguan%2F%3Futm_source%3DClickforce%26utm_medium%3D320X480%26utm_campaign%3D202512TiguanSustain_W1

Search URL Search Domain Scan URL

URL: https://l.facebook.com/l.php?u=https%3A%2F%2Freurl.cc%2F&h=AT0sTsDwEoScCz1aNXR4mnoGervF6QPY9705UuFWaYeFgRvIWBjbByqfJZx_VJDFo50BpVessZqiagb-cb26i17PAVMP9PUWV1S6ZkOk5fOtpQaki-D-3PPhewD19TeJofNOL22Jz5noIfk
Title: https://reurl.cc

Search URL Search Domain Scan URL

URL: https://ad.holmesmind.com/adserver/c?p=13861:231972:291409:8c66248a3e8ce101c3e6f1755aeb8802:37985&dest=https%3A%2F%2Fwww.kingofwarrants.com.tw%2F%3Futm_source%3Dclickforce%26utm_medium%3Dcpc%26utm_campaign%3D2025Q4_api%26utm_content%3Dapi%23%2F
Title: 28274

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 24

https://match.adsrvr.org/track/cmf/generic?ttd_pid=r1jlltl&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=r1jlltl&ttd_tpi=1 HTTP 302
https://onead.onevision.com.tw/v2/pixel/ttd?id=654e7ffb-9b4a-4965-b494-aae185ca9ba9

Request Chain 25

https://ps.eyeota.net/pixel?pid=3m51m51&uid=0b3614ae-d566-11f0-9788-42010a000007&t=ajs HTTP 302
https://ps.eyeota.net/pixel/bounce/?pid=3m51m51&uid=0b3614ae-d566-11f0-9788-42010a000007&t=ajs

Request Chain 26

https://trc.taboola.com/sg/onedata/1/cm HTTP 302
https://onead.onevision.com.tw/v2/pixel/taboola?id=00068cad-bb58-4aeb-8fbe-9ea4efc0d502-tuct10324fbe

Request Chain 87

https://c.holmesmind.com/cm HTTP 302
https://c.holmesmind.com/cm?tc=getIn&

Request Chain 88

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=undefined&uu_m=undefined&google_tc= HTTP 302
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEGDnYZyhd0rau7Q9sae2kic&google_cver=1

Request Chain 92

https://c.holmesmind.com/cm HTTP 302
https://c.holmesmind.com/cm?tc=getIn&

Request Chain 96

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=undefined&uu_m=undefined&google_tc= HTTP 302
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEGDnYZyhd0rau7Q9sae2kic&google_cver=1

Request Chain 99

https://c.holmesmind.com/cm HTTP 302
https://c.holmesmind.com/cm?tc=getIn&

Request Chain 103

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=undefined&uu_m=undefined&google_tc= HTTP 302
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEGDnYZyhd0rau7Q9sae2kic&google_cver=1

Request Chain 106

https://c.holmesmind.com/cm HTTP 302
https://c.holmesmind.com/cm?tc=getIn&

Request Chain 110

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=undefined&uu_m=undefined&google_tc= HTTP 302
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEGDnYZyhd0rau7Q9sae2kic&google_cver=1

Request Chain 113

https://c.holmesmind.com/cm HTTP 302
https://c.holmesmind.com/cm?tc=getIn&

Request Chain 117

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=undefined&uu_m=undefined&google_tc= HTTP 302
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEGDnYZyhd0rau7Q9sae2kic&google_cver=1

Request Chain 120

https://c.holmesmind.com/cm HTTP 302
https://c.holmesmind.com/cm?tc=getIn&

Request Chain 124

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=undefined&uu_m=undefined&google_tc= HTTP 302
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEGDnYZyhd0rau7Q9sae2kic&google_cver=1

Request Chain 174

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=oAYDJwSUAPePTRYyP8o4aQ

Request Chain 175

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=UTAcQrrFBGqoVd3BP8o4aQ

Request Chain 176

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=wRdhLt_7BuauiXaqP8o4aQ

343 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Y3gKxl Show response
reurl.cc/ 17 KB
5 KB 237ms
80ms Document
text/html 35.229.143.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://reurl.cc/Y3gKxl
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 35.229.143.32 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.143.229.35.bc.googleusercontent.com
Software: nginx/1.22.1 /
Resource Hash: b98a75a919a1526769b4222026c612ec01c34abfbed384e3bec3eeaacae11959

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Wed, 10 Dec 2025 01:17:48 GMT
Server: nginx/1.22.1
Transfer-Encoding: chunked

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/ 152 KB
26 KB 423ms
136ms Stylesheet
text/css 151.101.65.229
FASTLY

General

Check archive.org

Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/bootstrap.min.css

Requested by

Host: reurl.cc
URL: https://reurl.cc/Y3gKxl

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.229 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"2606e-bhA1SChFSJj9qA9V897LNH/Z7SE"
age: 3074455
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Wed, 10 Dec 2025 01:17:49 GMT
content-type: text/css; charset=utf-8
x-served-by: cache-fra-etou8220110-FRA, cache-sin-wsss1830086-SIN
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 25648
x-jsd-version: 4.3.1

GET
H/1.1 200
OK style.css
reurl.cc/asset/stylesheets/ 6 KB
2 KB 77ms
76ms Stylesheet
text/css 35.229.143.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://reurl.cc/asset/stylesheets/style.css?v=1
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 35.229.143.32 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.143.229.35.bc.googleusercontent.com
Software: nginx/1.22.1 /
Resource Hash: 351966dece7214af3b43d9a94f07c1c936176ad5dd81f0bbe1f6b319b4cd96d1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/Y3gKxl

Response headers

Transfer-Encoding: chunked
Cache-Control: max-age=604800
Content-Encoding: gzip
ETag: W/"69159a16-16bb"
Connection: keep-alive
Expires: Wed, 17 Dec 2025 01:17:48 GMT
Date: Wed, 10 Dec 2025 01:17:48 GMT
Content-Type: text/css
Last-Modified: Thu, 13 Nov 2025 08:43:02 GMT
Server: nginx/1.22.1
Vary: Accept-Encoding

GET
H2 200 ats.js Show response
anymind360.com/js/9479/ 380 KB
114 KB 439ms
146ms Script
application/javascript 151.101.193.55
FASTLY

General

Check archive.org

Download Go to

Full URL

https://anymind360.com/js/9479/ats.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/Y3gKxl

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.55 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

a7c26694861bbd926c7d903f707b406aa8eaa6a5065a3acb6c8e0028e8eaee6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-goog-metageneration: 1
access-control-expose-headers: Content-Type
content-encoding: gzip
x-goog-hash: crc32c=+l4scw==, md5=RPhira7MebZTO3yL8IH51w==
etag: "44f862adaecc79b6533b7c8bf081f9d7"
age: 8831
x-goog-stored-content-encoding: gzip
expires: Tue, 09 Dec 2025 22:50:37 GMT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-goog-stored-content-length: 115683
x-cache: HIT
date: Wed, 10 Dec 2025 01:17:49 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 23 Sep 2025 04:37:48 GMT
x-served-by: cache-tyo11969-TYO
x-cache-hits: 13
x-guploader-uploadid: AHVrFxNIZ7aCRpwQwnQCYMqhuSOUiA_JM3bW0GIND8ksI9ygXrUBf376-e9uc-DAM37GR1N0BxAkui0
strict-transport-security: max-age=31557600
vary: Accept-Encoding
cache-control: max-age=1200
x-goog-storage-class: STANDARD
x-timer: S1765329469.333327,VS0,VE0
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1758602268219650
content-length: 115683
server: UploadServer

GET
H/1.1 200
OK clickforce_anchor.js Show response
reurl.cc/asset/javascripts/common/ 1 KB
907 B 76ms
75ms Script
application/javascript 35.229.143.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://reurl.cc/asset/javascripts/common/clickforce_anchor.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 35.229.143.32 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.143.229.35.bc.googleusercontent.com
Software: nginx/1.22.1 /
Resource Hash: 873b90cdbff7dcb26e9ea34c647a5d15e83daecca768a816619dd38a503c09b5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/Y3gKxl

Response headers

Transfer-Encoding: chunked
Cache-Control: max-age=604800
Content-Encoding: gzip
ETag: W/"687f3443-4bf"
Connection: keep-alive
Expires: Wed, 17 Dec 2025 01:17:49 GMT
Date: Wed, 10 Dec 2025 01:17:49 GMT
Content-Type: application/javascript
Last-Modified: Tue, 22 Jul 2025 06:48:35 GMT
Server: nginx/1.22.1
Vary: Accept-Encoding

GET
H/1.1 200
OK pixel.js Show response
reurl.cc/asset/javascripts/common/ 470 B
792 B 75ms
75ms Script
application/javascript 35.229.143.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://reurl.cc/asset/javascripts/common/pixel.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 35.229.143.32 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.143.229.35.bc.googleusercontent.com
Software: nginx/1.22.1 /
Resource Hash: 6e9ab8ab1d57a0695a66577e348ae4343e1a92f70cb4835a52c4863f11114037

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/Y3gKxl

Response headers

Cache-Control: max-age=604800
ETag: "680babe3-1d6"
Connection: keep-alive
Expires: Wed, 17 Dec 2025 01:17:49 GMT
Accept-Ranges: bytes
Content-Length: 470
Date: Wed, 10 Dec 2025 01:17:49 GMT
Content-Type: application/javascript
Last-Modified: Fri, 25 Apr 2025 15:36:03 GMT
Server: nginx/1.22.1

GET
H/1.1 200
OK ga.js Show response
reurl.cc/asset/javascripts/common/ 566 B
888 B 76ms
76ms Script
application/javascript 35.229.143.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://reurl.cc/asset/javascripts/common/ga.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 35.229.143.32 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.143.229.35.bc.googleusercontent.com
Software: nginx/1.22.1 /
Resource Hash: 3774a7ce325859b32b6b0b01bde2879c75b81131fafe4a584b18b744711bd75d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/Y3gKxl

Response headers

Cache-Control: max-age=604800
ETag: "680babe3-236"
Connection: keep-alive
Expires: Wed, 17 Dec 2025 01:17:49 GMT
Accept-Ranges: bytes
Content-Length: 566
Date: Wed, 10 Dec 2025 01:17:49 GMT
Content-Type: application/javascript
Last-Modified: Fri, 25 Apr 2025 15:36:03 GMT
Server: nginx/1.22.1

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 431 KB
145 KB 544ms
286ms Script
application/javascript 142.250.196.104
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-ZDFZCDVDK1

Requested by

Host: reurl.cc
URL: https://reurl.cc/Y3gKxl

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.196.104 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s35-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

e27d2490ee7ad3751399de5b580592b6a86be6c670af8a4cf47816539beb72f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
content-encoding: zstd
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Wed, 10 Dec 2025 01:17:49 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 148256
date: Wed, 10 Dec 2025 01:17:49 GMT
x-xss-protection: 0
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Google Tag Manager
access-control-allow-headers: Cache-Control

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 491 KB
161 KB 362ms
153ms Script
application/javascript 142.250.196.104
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0

Requested by

Host: reurl.cc
URL: https://reurl.cc/Y3gKxl

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.196.104 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s35-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

3bba534c8179e27624cc162e1521f5ef25b5296e8417c2e7e6562ef10649fafd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
content-encoding: zstd
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Wed, 10 Dec 2025 01:17:49 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 164200
date: Wed, 10 Dec 2025 01:17:49 GMT
x-xss-protection: 0
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Google Tag Manager
access-control-allow-headers: Cache-Control

GET
H2 200 init.js Show response
cdn.holmesmind.com/js/ 9 KB
10 KB 479ms
158ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/init.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ab187b70940d331c60646d5731fa8e86d6958ba69dfa241361e39d30d81c2d31

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: PKBfBRh_ckEc5dxIcFkl8Hvvqrcpi_Dy
etag: "daceea64521f6f981e4b58edc119028a"
age: 20
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 9646
x-amz-cf-id: oNq74mW5TvtoSAK3r9aeDAP8InviXUiB8eKuWN1BK8IAUghb2MMVrg==
date: Wed, 10 Dec 2025 01:17:31 GMT
content-type: application/javascript
last-modified: Fri, 09 May 2025 03:01:34 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 ad-serv.min.js Show response
ad-specs.guoshipartners.com/static/js/ 44 KB
14 KB 341ms
145ms Script
application/javascript 203.66.32.198
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://ad-specs.guoshipartners.com/static/js/ad-serv.min.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/Y3gKxl

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

203.66.32.198 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-66-32-198.hinet-ip.hinet.net

Software

HiNetCDN / OneAD

Resource Hash

c3235675553f0ec3e775d8a5bacc269077d31e76d49d3115bdc282005e735f64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: br
etag: W/"69378770-afb5"
age: 0
access-control-allow-methods: GET,POST,OPTIONS,PUT
x-varnish: 75106417 71508945
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date: Wed, 10 Dec 2025 01:17:49 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding
last-modified: Tue, 09 Dec 2025 02:20:32 GMT
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=360
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: *
x-powered-by: OneAD
server: HiNetCDN

GET
H2 200 onead-lib.min.js Show response
ad-specs.guoshipartners.com/static/js/ 25 KB
8 KB 349ms
152ms Script
application/javascript 203.66.32.198
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://ad-specs.guoshipartners.com/static/js/onead-lib.min.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/Y3gKxl

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

203.66.32.198 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-66-32-198.hinet-ip.hinet.net

Software

HiNetCDN / OneAD

Resource Hash

620a382665ff035abb643a19e12f088aef2bc27b55398d4ae3f131b773be6355

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: br
etag: W/"68c0e8bd-65e4"
age: 0
access-control-allow-methods: GET,POST,OPTIONS,PUT
x-varnish: 130662986
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date: Wed, 10 Dec 2025 01:17:49 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding
last-modified: Wed, 10 Sep 2025 02:55:57 GMT
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=360
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: *
x-powered-by: OneAD
server: HiNetCDN

GET
H2 200 vue.min.js Show response
cdn.jsdelivr.net/npm/vue@2.5.16/dist/ 84 KB
33 KB 140ms
137ms Script
application/javascript 151.101.65.229
FASTLY

General

Check archive.org

Download Go to

Full URL

https://cdn.jsdelivr.net/npm/vue@2.5.16/dist/vue.min.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/Y3gKxl

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.229 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4da2dc78cc23591a9ee3285ba8f3891fa57b506b7902fbdd35fa5a2172566c55

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"151b4-KLsckeN7U/TrtIzkgtzLJAAD4Hg"
age: 2311603
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Wed, 10 Dec 2025 01:17:49 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-fra-eddf8230088-FRA, cache-sin-wsss1830086-SIN
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 33184
x-jsd-version: 2.5.16

GET
H/1.1 200
OK renews.js Show response
reurl.cc/asset/javascripts/common/ 690 B
1012 B 77ms
75ms Script
application/javascript 35.229.143.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://reurl.cc/asset/javascripts/common/renews.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 35.229.143.32 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.143.229.35.bc.googleusercontent.com
Software: nginx/1.22.1 /
Resource Hash: 100d72a28123bcee974e8642b8bf1c0865bf1034c9b59f59597d53809e192fdc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/Y3gKxl

Response headers

Cache-Control: max-age=604800
ETag: "680babe3-2b2"
Connection: keep-alive
Expires: Wed, 17 Dec 2025 01:17:49 GMT
Accept-Ranges: bytes
Content-Length: 690
Date: Wed, 10 Dec 2025 01:17:49 GMT
Content-Type: application/javascript
Last-Modified: Fri, 25 Apr 2025 15:36:03 GMT
Server: nginx/1.22.1

GET
H/1.1 200
OK loading.js Show response
reurl.cc/asset/javascripts/redirect/ 240 B
561 B 155ms
77ms Script
application/javascript 35.229.143.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://reurl.cc/asset/javascripts/redirect/loading.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 35.229.143.32 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.143.229.35.bc.googleusercontent.com
Software: nginx/1.22.1 /
Resource Hash: 25355805f44af99037c6b951f9afd762f5fd74eb126aba4b2f82cafa563c0f90

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/Y3gKxl

Response headers

Cache-Control: max-age=604800
ETag: "680babe3-f0"
Connection: keep-alive
Expires: Wed, 17 Dec 2025 01:17:49 GMT
Accept-Ranges: bytes
Content-Length: 240
Date: Wed, 10 Dec 2025 01:17:49 GMT
Content-Type: application/javascript
Last-Modified: Fri, 25 Apr 2025 15:36:03 GMT
Server: nginx/1.22.1

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 104 KB
33 KB 373ms
154ms Script
text/javascript 142.250.194.194
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: anymind360.com
URL: https://anymind360.com/js/9479/ats.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.194.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcnrta-bk-in-f2.1e100.net

Software

cafe /

Resource Hash

0ffe084304e632a45ca9c1f57ab42ee62d75c393b0182eb5ff7b71115655f0e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: br
etag: 322 / 20432 / m202512040101 / config-hash: 9929759937843987686
x-content-type-options: nosniff
expires: Wed, 10 Dec 2025 01:17:50 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Wed, 10 Dec 2025 01:17:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 34141
x-xss-protection: 0
server: cafe

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 423 KB
143 KB 313ms
153ms Script
application/javascript 142.250.196.104
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-S9B9ZLEX4D

Requested by

Host: reurl.cc
URL: https://reurl.cc/Y3gKxl

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.196.104 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s35-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

70560513600f410d3620c5e3319e76f0d5e3db0569e23a4aff479c4ef7a0be47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
content-encoding: zstd
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Wed, 10 Dec 2025 01:17:49 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 146294
date: Wed, 10 Dec 2025 01:17:49 GMT
x-xss-protection: 0
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Google Tag Manager
access-control-allow-headers: Cache-Control

GET
H2 200 oid Show response
onead.onevision.com.tw/v2/et/ 373 B
1 KB 243ms
83ms Script
application/javascript 107.178.241.176
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL

https://onead.onevision.com.tw/v2/et/oid?cb=window.text_etag_callback_1zr27

Requested by

Host: ad-specs.guoshipartners.com
URL: https://ad-specs.guoshipartners.com/static/js/ad-serv.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

107.178.241.176 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

176.241.178.107.bc.googleusercontent.com

Software

gws / OneAD

Resource Hash

8e803d4b8efec9b2d014c7dbc70da8a099b6ae4e20c590c3db7b0599d8c0e557

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-onead-version: 29cc6b37
etag: 0b3614a1-d566-11f0-9788-42010a000007
age: 0
access-control-allow-methods: GET,POST,OPTIONS,PUT
expires: Mon, 01 Jan 1990 00:00:00 GMT
x-varnish: 22615077
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date: Wed, 10 Dec 2025 01:17:49 GMT
content-type: application/javascript
last-modified: Wed, 10 Dec 2025 01:17:49 GMT
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=600
pragma: no-cache
access-control-allow-credentials: true
via: 1.1 google
accept-ranges: bytes
access-control-allow-origin: *
content-length: 373
x-onead-backend: onead-http-event-22vp-gohttp
server: gws
x-powered-by: OneAD

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 343 KB
90 KB 286ms
140ms Script
application/x-javascript 57.144.44.128
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/asset/javascripts/common/pixel.js

Protocol

Security

QUIC, , AES_128_GCM

Server

57.144.44.128 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt6.fbcdn.net

Software

Resource Hash

1ff40d4951bdd1a0b6edeb873bc5855a9ce130101cc7e17b67d3a1aa5dc402c1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' blob: ;script-src 'nonce-E5Gdufei' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: 'self' https://.google-analytics.com .google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: .cdninstagram.com https://.google-analytics.com;font-src 'self' data: blob: ;img-src 'self' data: blob: https://.google-analytics.com;media-src 'self' data: blob: ;child-src 'self' data: blob: ;frame-src 'self' data: blob: ;manifest-src 'self' data: blob: ;object-src 'self' data: blob: ;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 10 Dec 2025 01:17:50 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' blob: *;script-src 'nonce-E5Gdufei' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
x-fb-connection-quality: GOOD; q=0.7, rtt=137, rtx=0, c=24, mss=1232, tbw=8748, tp=13, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: 6+GvmrE3pa4cv3dtc2EXs7w3bvYde2ViC1zPE6ey5sP35AL89vd48vdGZyr6uk0G4qxLBQtTnMAhPYnYY/CBCQ==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
content-length: 91837
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 51 KB
21 KB 384ms
111ms Script
text/javascript 142.250.194.206
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/asset/javascripts/common/ga.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.194.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

del12s07-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

f1a61277e3f902f50ab42015d8b07218db9b7601bb0967e54a52bfdcb4fa7e81

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: gzip
age: 4771
report-to: {"group":"ascnsrsgac:225:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Wed, 10 Dec 2025 01:58:19 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 09 Dec 2025 23:58:19 GMT
last-modified: Tue, 15 Jul 2025 00:44:26 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsgac:225:0
content-length: 20737
server: Golfe2

GET
H3 200 page.php Show response
www.facebook.com/plugins/ Frame 3313 42 KB
14 KB 567ms
354ms Document
text/html 31.13.82.36
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Freurl.cc%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId

Requested by

Host: reurl.cc
URL: https://reurl.cc/Y3gKxl

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.36 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-nrt1.facebook.com

Software

Resource Hash

448f38b4de0f77c110bc4523bc7e1e5ddfc5657d8a63e2ebe8584d9aca084b0a

Security Headers

Name	Value
Content-Security-Policy	default-src blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'nonce-Lb7B4UdD' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;child-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net accounts.meta.com .accounts.meta.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;manifest-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;object-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: zstd
content-security-policy: default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-Lb7B4UdD' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none;report-to="coop_report"
cross-origin-resource-policy: cross-origin
date: Wed, 10 Dec 2025 01:17:50 GMT
document-policy: force-load-at-top include-js-call-stacks-in-crash-reports
expires: Sat, 01 Jan 2000 00:00:00 GMT
origin-agent-cluster: ?1
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self "https://www.fbsbx.com"), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
pragma: no-cache
priority: u=0,i
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7582032341452171210&cpp=C3&cv=1030855194&st=1765329470160"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7582032341452171210&cpp=C3&cv=1030855194&st=1765329470160", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-connection-quality: GOOD; q=0.7, rtt=146, rtx=0, c=27, mss=1232, tbw=8879, tp=16, tpl=0, uplat=209, ullat=0
x-fb-debug: 2CMcKeWsZWwED5arFcU4Om08btJHD5ZfWgdNtOCVWRFy8l1coyZ4r7joLaKhWO9KMys19V03ZnWUA9nP56Yzwg==
x-xss-protection: 0

GET
H2 200 feeds Show response
re-news.tw/ 6 KB
3 KB 237ms
77ms XHR
text/html 35.185.136.122
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://re-news.tw/feeds
Requested by: Host: reurl.cc
URL: https://reurl.cc/asset/javascripts/common/renews.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.136.122 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 122.136.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: 546b0698973f44ccb63dc101f6aec8734015981d1f48facb304114e24ae92fea

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: gzip
etag: W/"1728-YzUzdYpGV2KkaS8yP7ROKL/UwQA"
access-control-allow-origin: https://reurl.cc
date: Wed, 10 Dec 2025 01:17:50 GMT
content-type: text/html; charset=utf-8
x-powered-by: Express
server: nginx/1.18.0 (Ubuntu)
vary: Origin

GET
H3 200 keywordCategories.json Show response
anymind360.com/ 148 KB
60 KB 255ms
127ms Fetch
application/json 151.101.193.55
FASTLY

General

Check archive.org

Download Go to

Full URL

https://anymind360.com/keywordCategories.json

Requested by

Host: reurl.cc
URL: https://reurl.cc/Y3gKxl

Protocol

Security

QUIC, , AES_256_GCM

Server

151.101.193.55 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

9aa92a9a076fd2e55f339cd82c8b540e96ea0a4e4c7c12da6602edfadf2a0819

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-goog-metageneration: 2
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash: crc32c=hYq3+w==, md5=ZJdPIhH4R+FB2zz6x81gJg==
content-encoding: gzip
etag: "64974f2211f847e141db3cfac7cd6026"
age: 79140
x-goog-stored-content-encoding: identity
expires: Wed, 27 Aug 2025 11:36:24 GMT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-goog-stored-content-length: 151503
x-cache: HIT, HIT
date: Wed, 10 Dec 2025 01:17:50 GMT
content-type: application/json
last-modified: Wed, 27 Aug 2025 06:51:59 GMT
x-served-by: cache-tyo11981-TYO, cache-qpg1271-QPG
x-cache-hits: 577146, 584
x-guploader-uploadid: ABgVH8_WbYCDB2LaOxaydMbIBmzZEeTdmD__y3SdRPYQiipklanNaJ-DP_0DBH49PGWyFZEEI1nzUSM
strict-transport-security: max-age=31557600
vary: Accept-Encoding
cache-control: max-age=1200
x-goog-storage-class: STANDARD
x-timer: S1765329470.148309,VS0,VE0
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1756277519403323
content-length: 61163
server: UploadServer

GET
H2 200 adsrv Show response
onead.onevision.com.tw/v2/ 176 B
477 B 94ms
93ms Script
application/javascript 107.178.241.176
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL

https://onead.onevision.com.tw/v2/adsrv?version=20250516&uid=1000480&category=-1&cookie=true&ip=&guid=0b3614ae-d566-11f0-9788-42010a000007&channel=0&volume=0.5&r=&adid=&response_freq_multiple=native-drive.0&web_location=https%3A%2F%2Freurl.cc%2FY3gKxl&title=word-PT0777&fp=df2b9eee402b941a38a546b11a134364&_t=1765329470051&cb=ONEAD_text_response_1zr27&pb=0&spid=&player_type=NATIVE_LIST&bgid=0

Requested by

Host: ad-specs.guoshipartners.com
URL: https://ad-specs.guoshipartners.com/static/js/ad-serv.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

107.178.241.176 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

176.241.178.107.bc.googleusercontent.com

Software

gws / OneAD

Resource Hash

4aea26b1170e0cd139f74e869c8cea235f082a74177409c00e932914b3e9907d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-onead-version: 29cc6b37
age: 0
access-control-allow-methods: GET,POST,OPTIONS,PUT
expires: Mon, 01 Jan 1990 00:00:00 GMT
x-varnish: 19038277
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date: Wed, 10 Dec 2025 01:17:50 GMT
content-type: application/javascript
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-onead-guid: 0b3614ae-d566-11f0-9788-42010a000007
x-onead-force-backend: false
access-control-allow-credentials: true
via: 1.1 google
accept-ranges: bytes
access-control-allow-origin: *
content-length: 176
x-onead-hit-counter: 1
x-onead-backend: onead-http-query-kcb7-gohttp
server: gws
x-powered-by: OneAD

GET
H2 422 lac=y
bcp.crwdcntrl.net/map/c=15135/tp=ONEA/ 0
240 B 368ms
118ms Image
text/html 13.213.216.213
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL

https://bcp.crwdcntrl.net/map/c=15135/tp=ONEA/lac=y?https://onead.onevision.com.tw/v2/pixel/ltm?id=${profile_id}

Requested by

Host: reurl.cc
URL: https://reurl.cc/Y3gKxl

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.213.216.213 Singapore, Singapore, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-213-216-213.ap-southeast-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains
cache-control: must-revalidate,no-cache,no-store
pragma: no-cache
accept-ranges: bytes
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
content-length: 0
date: Wed, 10 Dec 2025 01:17:50 GMT
content-type: text/html
last-modified: Thu, 06 Nov 2025 18:01:40 GMT

GET
H3

200

ttd
onead.onevision.com.tw/v2/pixel/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=r1jlltl&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=r1jlltl&ttd_tpi=1
https://onead.onevision.com.tw/v2/pixel/ttd?id=654e7ffb-9b4a-4965-b494-aae185ca9ba9

170 B
203 B

79ms
78ms

Image
image/png

107.178.241.176
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL

https://onead.onevision.com.tw/v2/pixel/ttd?id=654e7ffb-9b4a-4965-b494-aae185ca9ba9

Requested by

Host: reurl.cc
URL: https://reurl.cc/Y3gKxl

Protocol

Server

107.178.241.176 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

176.241.178.107.bc.googleusercontent.com

Software

gws / OneAD

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-onead-version: 29cc6b37
x-vendor: ttd
age: 0
access-control-allow-methods: GET,POST,OPTIONS,PUT
expires: Mon, 01 Jan 1990 00:00:00 GMT
x-varnish: 493526122
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date: Wed, 10 Dec 2025 01:17:50 GMT
content-type: image/png
last-modified: Tue, 27 Oct 2020 13:57:49 GMT
x-vendor-client-id: 654e7ffb-9b4a-4965-b494-aae185ca9ba9
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-status: okay
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-credentials: true
via: 1.1 google
accept-ranges: bytes
access-control-allow-origin: *
content-length: 170
x-onead-backend: onead-http-event-p173-gohttp
server: gws
x-powered-by: OneAD

Redirect headers

location: https://onead.onevision.com.tw/v2/pixel/ttd?id=654e7ffb-9b4a-4965-b494-aae185ca9ba9
content-length: 197
date: Wed, 10 Dec 2025 01:17:50 GMT
server: Kestrel

GET
H/1.1

200
OK

/
ps.eyeota.net/pixel/bounce/
Redirect Chain

https://ps.eyeota.net/pixel?pid=3m51m51&uid=0b3614ae-d566-11f0-9788-42010a000007&t=ajs
https://ps.eyeota.net/pixel/bounce/?pid=3m51m51&uid=0b3614ae-d566-11f0-9788-42010a000007&t=ajs

1 KB
1 KB

122ms
121ms

Image
application/javascript

18.177.116.10
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://ps.eyeota.net/pixel/bounce/?pid=3m51m51&uid=0b3614ae-d566-11f0-9788-42010a000007&t=ajs
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: HTTP/1.1
Server: 18.177.116.10 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-177-116-10.ap-northeast-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

Content-Length: 1304
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
Date: Wed, 10 Dec 2025 01:17:50 GMT
Content-Type: application/javascript

Redirect headers

Location: /pixel/bounce/?pid=3m51m51&uid=0b3614ae-d566-11f0-9788-42010a000007&t=ajs
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
Date: Wed, 10 Dec 2025 01:17:50 GMT

GET
H3

200

taboola
onead.onevision.com.tw/v2/pixel/
Redirect Chain

https://trc.taboola.com/sg/onedata/1/cm
https://onead.onevision.com.tw/v2/pixel/taboola?id=00068cad-bb58-4aeb-8fbe-9ea4efc0d502-tuct10324fbe

170 B
203 B

79ms
79ms

Image
image/png

107.178.241.176
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL

https://onead.onevision.com.tw/v2/pixel/taboola?id=00068cad-bb58-4aeb-8fbe-9ea4efc0d502-tuct10324fbe

Requested by

Host: reurl.cc
URL: https://reurl.cc/Y3gKxl

Protocol

Server

107.178.241.176 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

176.241.178.107.bc.googleusercontent.com

Software

gws / OneAD

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-onead-version: 29cc6b37
x-vendor: taboola
age: 0
access-control-allow-methods: GET,POST,OPTIONS,PUT
expires: Mon, 01 Jan 1990 00:00:00 GMT
x-varnish: 25628146
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date: Wed, 10 Dec 2025 01:17:50 GMT
content-type: image/png
last-modified: Tue, 27 Oct 2020 13:57:49 GMT
x-vendor-client-id: 00068cad-bb58-4aeb-8fbe-9ea4efc0d502-tuct10324fbe
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-status: okay
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-credentials: true
via: 1.1 google
accept-ranges: bytes
access-control-allow-origin: *
content-length: 170
x-onead-backend: onead-http-event-22vp-gohttp
server: gws
x-powered-by: OneAD

Redirect headers

x-fastly-to-nlb-rtt: 530
location: https://onead.onevision.com.tw/v2/pixel/taboola?id=00068cad-bb58-4aeb-8fbe-9ea4efc0d502-tuct10324fbe
x-timer: S1765329471.575516,VS0,VE2
x-vcl-time-ms: 2
via: 1.1 varnish
accept-ranges: bytes
x-cache: MISS
content-length: 0
date: Wed, 10 Dec 2025 01:17:50 GMT
x-service-version: v1
server: nginx
x-cache-hits: 0
x-served-by: cache-sin-wsss1830089-SIN

GET
H2 204 poke
onead-v6.onevision.com.tw/v2/ 0
59 B 85ms
77ms Image
text/plain 107.178.241.176
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL

https://onead-v6.onevision.com.tw/v2/poke?uuid=0b3614ae-d566-11f0-9788-42010a000007

Requested by

Host: reurl.cc
URL: https://reurl.cc/Y3gKxl

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

107.178.241.176 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

176.241.178.107.bc.googleusercontent.com

Software

gws / OneAD

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-onead-version: 29cc6b37
age: 0
access-control-allow-methods: GET,POST,OPTIONS,PUT
expires: Mon, 01 Jan 1990 00:00:00 GMT
x-varnish: 13617595
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date: Wed, 10 Dec 2025 01:17:50 GMT
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: *
x-onead-backend: onead-http-query-kcb7-gohttp
server: gws
x-powered-by: OneAD

GET
H2 200 result_MYSTIC_a4ae2903-dcb0-49f1-bc07-b24e68797496_0-390x220.jpeg
nearbymed.com/wp-content/uploads/2025/06/ 16 KB
16 KB 256ms
86ms Image
image/jpeg 104.21.25.44
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL: https://nearbymed.com/wp-content/uploads/2025/06/result_MYSTIC_a4ae2903-dcb0-49f1-bc07-b24e68797496_0-390x220.jpeg
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.25.44 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2895791e627956b7990bf4b7a81e3dac486947b3cc999091708052be9c7c39e7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: public, max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-cache-status: HIT
etag: "68d811db-3e7e"
age: 2159655
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=gySr7TEMgQpJ7HtSknyTMPmiBiYlpeNn0f6xSlT8seFAoy8q%2BX2jkd8py9v4L6K%2BbwlRw84cjgBsCFFMhGL1WPvMzYa0%2FJj7cZ%2BO"}]}
cf-ray: 9ab8e7a5e9114a12-TPE
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 15998
date: Wed, 10 Dec 2025 01:17:50 GMT
content-type: image/jpeg
last-modified: Sat, 27 Sep 2025 16:33:31 GMT
server: cloudflare
vary: accept-encoding

GET
H2 200 WWD_x_SJ_Global_Fashion___Business_Conference___Group.jpg
mma.prnasia.com/media2/2841486/ 46 KB
47 KB 564ms
383ms Image
image/jpeg 104.18.96.225
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL: https://mma.prnasia.com/media2/2841486/WWD_x_SJ_Global_Fashion___Business_Conference___Group.jpg?p=medium600
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.18.96.225 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 82317953fe7553cdf39da44b49137b1bc1811af5ceb00580feaeb63e0b9912b7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

access-control-allow-headers: Content-Type
cache-control: public, max-age=1
cf-cache-status: BYPASS
access-control-allow-methods: GET, POST, OPTIONS
cf-ray: 9ab8e7a5fbe17aab-TPE
expires: Wed, 10 Dec 2025 01:17:51 GMT
server-timing: intid;desc=3b57731fe777b2bb
access-control-allow-origin: *
content-length: 47086
date: Wed, 10 Dec 2025 01:17:50 GMT
content-type: image/jpeg
last-modified: Wed, 10 Dec 2025 01:17:50 GMT
vary: *, Accept-Encoding
server: cloudflare
x-powered-by: ASP.NET

GET
H2 200 2025-%E7%B9%B3%E8%B2%BB%E6%8E%A8%E8%96%A6%E4%BF%A1%E7%94%A8%E5%8D%A1%EF%BC%8C%E6%9C%80%E9%AB%98%E4%BA%AB-10-%E5%9B%9E%E9%A5%8B-1080x630.jpg
creditcards.com.tw/wp-content/uploads/2025/01/ 48 KB
48 KB 294ms
90ms Image
image/webp 192.0.78.25
AUTOMATTIC

General

Check archive.org

Download Go to Show image

Full URL

https://creditcards.com.tw/wp-content/uploads/2025/01/2025-%E7%B9%B3%E8%B2%BB%E6%8E%A8%E8%96%A6%E4%BF%A1%E7%94%A8%E5%8D%A1%EF%BC%8C%E6%9C%80%E9%AB%98%E4%BA%AB-10-%E5%9B%9E%E9%A5%8B-1080x630.jpg?crop=1

Requested by

Host: reurl.cc
URL: https://reurl.cc/Y3gKxl

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.25 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

e261cec667bd64cba650fe9a2fdb2617f09d3899271b80256f10662f0365c97a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

etag: "a5374cf1e8be26e5"
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD
expires: Sun, 21 Feb 2027 21:01:47 GMT
server-timing: a8c-cdn, dc;desc=bur, cache;desc=HIT;dur=2.0, a8c-cdn, dc;desc=hkg, cache;desc=HIT;dur=1.0
alt-svc: h3=":443"; ma=86400
date: Wed, 10 Dec 2025 01:17:50 GMT
content-type: image/webp
last-modified: Fri, 21 Feb 2025 09:01:47 GMT
vary: Accept
strict-transport-security: max-age=31536000
cache-control: public, max-age=63115200
timing-allow-origin: *
x-nc: HIT bur 8
access-control-allow-origin: *
content-length: 49122
x-ac: 21.hkg _atomic_bur HIT
server: nginx

GET
H2 200 1764922819-4b9941f48d591b6ed55e155b1fd1efdd-840x525.jpg
img.gbyhn.com.tw/2025/12/ 61 KB
61 KB 251ms
78ms Image
image/jpeg 104.21.96.9
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL: https://img.gbyhn.com.tw/2025/12/1764922819-4b9941f48d591b6ed55e155b1fd1efdd-840x525.jpg
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.96.9 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 66ff4ad29ec9611c45b2a36c657f7637f3b993dd6a1b2c011d2f63059e1a1ed4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cf-cache-status: HIT
age: 406363
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=%2BqyJkH6%2Fg4x14%2BZKLHqDi%2BfmOabpQV0dWwg5AWKqrzAkoUCuqvYfEcZ7rJ10tAbq3iiols0lOI6G9u6im22gC1zTD9t8AxwEj7QAcD6P"}]}
expires: Fri, 12 Dec 2025 08:25:06 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 10 Dec 2025 01:17:50 GMT
content-type: image/jpeg
last-modified: Fri, 05 Dec 2025 08:20:19 GMT
vary: accept-encoding
cache-control: public, max-age=604800
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 9ab8e7a5fb744a16-TPE
accept-ranges: bytes
content-length: 61986
x-turbo-charged-by: LiteSpeed
server: cloudflare

GET
H2 200 renews-title1.png
re-news.tw/images/ 24 KB
24 KB 299ms
149ms Image
image/png 35.185.136.122
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL: https://re-news.tw/images/renews-title1.png
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.136.122 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 122.136.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e9b96bc538ceb220fc5caff0d0a67916b74cf07b2bada0b3296a17b1b99c9990

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

accept-ranges: bytes
content-length: 24493
date: Wed, 10 Dec 2025 01:17:50 GMT
etag: "61a30347-5fad"
content-type: image/png
last-modified: Sun, 28 Nov 2021 04:19:19 GMT
server: nginx/1.18.0 (Ubuntu)

GET
H3 200 2025112917574367.jpg
img.racingcharger.tw/wp-content/uploads/2025/11/ 741 KB
742 KB 183ms
82ms Image
image/jpeg 172.67.178.125
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL: https://img.racingcharger.tw/wp-content/uploads/2025/11/2025112917574367.jpg
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.178.125 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 55d72e6c27809e3d9fcee9bfacc5e736e6c8c0f032004a22ca1f1ff2f4594af3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cf-cache-status: HIT
age: 7116
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=gq%2ByyOGgIlReDMaCD%2BpiC6X2Rl4gNS%2Bx9DlVoobxN0j1Ms5PfT2uUkNBEbn%2Bb1%2FxD9jBiczZ3dd8qy1Lg6ptOgpa3jBs0FtWeqrwhabf2fEhFA%3D%3D"}]}
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Wed, 10 Dec 2025 01:17:50 GMT
last-modified: Sat, 29 Nov 2025 17:57:33 GMT
content-type: image/jpeg
vary: accept-encoding
priority: u=1,i
cache-control: max-age=14400
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
cf-ray: 9ab8e7a57d718436-TPE
accept-ranges: bytes
content-length: 758789
server: cloudflare

GET
H2 200 file.png
static.wixstatic.com/media/9a254c_bd6ab9dc57c349009b5f1eedc6fb236d~mv2.png/v1/fit/w_1000,h_1000,al_c,q_80/ 1010 KB
1011 KB 733ms
247ms Image
image/png 3.164.143.54
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://static.wixstatic.com/media/9a254c_bd6ab9dc57c349009b5f1eedc6fb236d~mv2.png/v1/fit/w_1000,h_1000,al_c,q_80/file.png
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.143.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-143-54.nrt20.r.cloudfront.net
Software: openresty/1.27.1.2 /
Resource Hash: 76e0fe9b59aa81409567a77b7f5cfaebcbe6d1a5586d4979c5a83a327f68d517

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-cf-id: YvgUXpHQ_U_3SLNaW3Qn6OaiHGOkThm7pNdt5q7ZIiThwXiU7py4Ww==
cache-control: public, max-age=2592000, immutable
timing-allow-origin: *
age: 669543
via: 1.1 google, 1.1 48c842414e42020175fa571f72e1bb4a.cloudfront.net (CloudFront)
x-wixmp-trace: projects/wix-media-infrastructure/traces/36HOFh7YX6M2ADdDwVU4QEu4QJd
access-control-allow-origin: *
x-seen-by: image-manipulator-894575c6f-hdhb4
content-length: 1033732
alt-svc: h3=":443"; ma=86400
date: Tue, 02 Dec 2025 07:18:47 GMT
content-type: image/png
x-cache: Hit from cloudfront
server: openresty/1.27.1.2
x-amz-cf-pop: NRT20-P3

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/ 611 KB
193 KB 114ms
113ms Script
text/javascript 142.250.194.194
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.194.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcnrta-bk-in-f2.1e100.net

Software

cafe /

Resource Hash

9d6d7342264129047aedc4df11db9bdf238eec8fed367c7289ab11ca6ef6ccbe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: br
etag: 11880664601459717268
age: 19979
x-content-type-options: nosniff
expires: Wed, 09 Dec 2026 19:44:51 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Tue, 09 Dec 2025 19:44:51 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 197457
x-xss-protection: 0
server: cafe

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
446 B 150ms
150ms XHR
text/plain 142.250.194.206
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j102&a=831626120&t=pageview&_s=1&dl=https%3A%2F%2Freurl.cc%2FY3gKxl&ul=zh-tw&dt=word-PT0777&sr=1600x1200&vp=1600x1200&_u=IEBAAEABAAAAACAAI~&jid=539790140&gjid=569308512&cid=1890991025.1765329470&tid=UA-102456694-1&_gid=86906129.1765329470&_r=1&_slc=1&z=1449499006

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.194.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

del12s07-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://reurl.cc/

Response headers

report-to: {"group":"ascnsrsgac:211:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:211:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 10 Dec 2025 01:17:50 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:211:0
access-control-allow-origin: https://reurl.cc
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsgac:211:0
content-length: 3
server: Golfe2

GET
H2 200 capmapping.htm Show response
cdn.holmesmind.com/js/ Frame 571C 12 KB
12 KB 418ms
146ms Document
text/html 3.164.121.96
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/capmapping.htm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-96.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 37cd16af9680e2eac2b065fe88fbc0ca6d80583c67a9d8c69969e5dcbe27b14d

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 7
content-length: 12184
content-type: text/html
date: Wed, 10 Dec 2025 01:17:44 GMT
etag: "313c12f57383ae26248323c3b33af799"
last-modified: Mon, 17 Mar 2025 05:33:47 GMT
server: AmazonS3
via: 1.1 abddbf0eca39746a52a1389ec09fb216.cloudfront.net (CloudFront)
x-amz-cf-id: F5xQtEfkAzYzjPIthnNO5Zkr1CpqZ6gPq_dqyw_Oi4z9AblTsaBOxg==
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256
x-amz-version-id: rSOjRFL3ruqyCRzzCV6Gk2MSJ9yPXZwf
x-cache: Hit from cloudfront

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame 3A8F 11 KB
11 KB 170ms
168ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag: "1ff97ce94c5a1127f915e6bf2a02c6a9"
age: 41
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 10957
x-amz-cf-id: 8XSYBZa7zEyRdST3_FnWH0purgke6GMHpG1uvnDn1IQwaDPlBhzVow==
date: Wed, 10 Dec 2025 01:17:09 GMT
content-type: application/javascript
last-modified: Thu, 16 Jan 2025 06:05:08 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame E217 11 KB
0 166ms
166ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag: "1ff97ce94c5a1127f915e6bf2a02c6a9"
age: 41
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 10957
x-amz-cf-id: 8XSYBZa7zEyRdST3_FnWH0purgke6GMHpG1uvnDn1IQwaDPlBhzVow==
date: Wed, 10 Dec 2025 01:17:09 GMT
content-type: application/javascript
last-modified: Thu, 16 Jan 2025 06:05:08 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame 9A13 11 KB
0 161ms
161ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag: "1ff97ce94c5a1127f915e6bf2a02c6a9"
age: 41
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 10957
x-amz-cf-id: 8XSYBZa7zEyRdST3_FnWH0purgke6GMHpG1uvnDn1IQwaDPlBhzVow==
date: Wed, 10 Dec 2025 01:17:09 GMT
content-type: application/javascript
last-modified: Thu, 16 Jan 2025 06:05:08 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame BFAA 11 KB
0 155ms
155ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag: "1ff97ce94c5a1127f915e6bf2a02c6a9"
age: 41
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 10957
x-amz-cf-id: 8XSYBZa7zEyRdST3_FnWH0purgke6GMHpG1uvnDn1IQwaDPlBhzVow==
date: Wed, 10 Dec 2025 01:17:09 GMT
content-type: application/javascript
last-modified: Thu, 16 Jan 2025 06:05:08 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame 4D86 11 KB
0 152ms
152ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag: "1ff97ce94c5a1127f915e6bf2a02c6a9"
age: 41
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 10957
x-amz-cf-id: 8XSYBZa7zEyRdST3_FnWH0purgke6GMHpG1uvnDn1IQwaDPlBhzVow==
date: Wed, 10 Dec 2025 01:17:09 GMT
content-type: application/javascript
last-modified: Thu, 16 Jan 2025 06:05:08 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame C895 11 KB
0 146ms
146ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag: "1ff97ce94c5a1127f915e6bf2a02c6a9"
age: 41
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 10957
x-amz-cf-id: 8XSYBZa7zEyRdST3_FnWH0purgke6GMHpG1uvnDn1IQwaDPlBhzVow==
date: Wed, 10 Dec 2025 01:17:09 GMT
content-type: application/javascript
last-modified: Thu, 16 Jan 2025 06:05:08 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame C6DC 11 KB
0 142ms
141ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag: "1ff97ce94c5a1127f915e6bf2a02c6a9"
age: 41
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 10957
x-amz-cf-id: 8XSYBZa7zEyRdST3_FnWH0purgke6GMHpG1uvnDn1IQwaDPlBhzVow==
date: Wed, 10 Dec 2025 01:17:09 GMT
content-type: application/javascript
last-modified: Thu, 16 Jan 2025 06:05:08 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame 332C 11 KB
0 138ms
138ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag: "1ff97ce94c5a1127f915e6bf2a02c6a9"
age: 41
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 10957
x-amz-cf-id: 8XSYBZa7zEyRdST3_FnWH0purgke6GMHpG1uvnDn1IQwaDPlBhzVow==
date: Wed, 10 Dec 2025 01:17:09 GMT
content-type: application/javascript
last-modified: Thu, 16 Jan 2025 06:05:08 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 capmapping.htm Show response
cdn.holmesmind.com/js/ Frame A90A 12 KB
0 292ms
292ms Document
text/html 3.164.121.96
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/capmapping.htm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-96.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 37cd16af9680e2eac2b065fe88fbc0ca6d80583c67a9d8c69969e5dcbe27b14d

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 7
content-length: 12184
content-type: text/html
date: Wed, 10 Dec 2025 01:17:44 GMT
etag: "313c12f57383ae26248323c3b33af799"
last-modified: Mon, 17 Mar 2025 05:33:47 GMT
server: AmazonS3
via: 1.1 abddbf0eca39746a52a1389ec09fb216.cloudfront.net (CloudFront)
x-amz-cf-id: F5xQtEfkAzYzjPIthnNO5Zkr1CpqZ6gPq_dqyw_Oi4z9AblTsaBOxg==
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256
x-amz-version-id: rSOjRFL3ruqyCRzzCV6Gk2MSJ9yPXZwf
x-cache: Hit from cloudfront

GET
H3 200 iXGJEr7Orjl.css
static.xx.fbcdn.net/rsrc.php/v5/yE/l/1,cross/ Frame 3313 20 KB
6 KB 293ms
138ms Stylesheet
text/css 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v5/yE/l/1,cross/iXGJEr7Orjl.css

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Freurl.cc%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

2a4c7b96514bcf9e8548de41d1fd7b0fa727ae09136bcb61273bf298c7ed67e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin: https://www.facebook.com
Referer: https://www.facebook.com/

Response headers

content-md5: BDmd8A+PMKI6MSceqiBEXQ==
content-encoding: zstd
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Wed, 09 Dec 2026 02:26:07 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 10 Dec 2025 01:17:50 GMT
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: sUmTsn76r6ZimlIVei2Zt3K8Ze/G8OfvoFZK9LHZEDAYlAl9pOtawcPAmG8V+6njqpCX6vVc3jG4FA7sZ6fmkg==
priority: u=0
vary: Origin
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=138, rtx=0, c=24, mss=1232, tbw=8703, tp=12, tpl=0, uplat=1, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: https://www.facebook.com
content-length: 5635
origin-agent-cluster: ?1

GET
H3 200 ME_OMQjzbIX.js Show response
static.xx.fbcdn.net/rsrc.php/v4/yg/r/ Frame 3313 339 KB
90 KB 294ms
140ms Script
application/x-javascript 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v4/yg/r/ME_OMQjzbIX.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

d9faa5b8b8c8286c2e343007840c80e8aacb1244250e3f47befacc84a44b5c90

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin: https://www.facebook.com
Referer: https://www.facebook.com/

Response headers

content-md5: 4f8PL1XLSaJTGz/OgKWPGg==
content-encoding: zstd
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Tue, 08 Dec 2026 20:45:13 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 10 Dec 2025 01:17:50 GMT
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: h35MEorIBn06WtQiiG6K9oivL4ntNDz2alvQ6DdKTDNeAHJ6T3VsoWPUIBlez0W3PWv7yYhuXXl1ICF3m6tkrQ==
priority: u=1
vary: Origin
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=138, rtx=0, c=24, mss=1232, tbw=16271, tp=25, tpl=0, uplat=1, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: https://www.facebook.com
content-length: 92028
origin-agent-cluster: ?1

GET
H3 200 XZtOE_fK9iK.js Show response
static.xx.fbcdn.net/rsrc.php/v4/yK/r/ Frame 3313 8 KB
3 KB 594ms
439ms Script
application/x-javascript 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v4/yK/r/XZtOE_fK9iK.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

8f7636a0b0dd99d49730dd0dd8f91db5bc76ead8b17b834c2071fdeac92ce0f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin: https://www.facebook.com
Referer: https://www.facebook.com/

Response headers

content-md5: PSFvzQDInesB10SfR39pWA==
content-encoding: zstd
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Thu, 03 Dec 2026 09:06:09 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 10 Dec 2025 01:17:50 GMT
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: 0oYK1fXZQElHqP64sq7NPBWoApgOrTvHIkywl+Mr532UjDXG66IG74QSbhBzr5i/w8kPSED/DmwJDCf2WTqXwg==
priority: u=1
vary: Origin
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=138, rtx=0, c=24, mss=1232, tbw=29311, tp=36, tpl=0, uplat=1, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: https://www.facebook.com
content-length: 2665
origin-agent-cluster: ?1

GET
H3 200 kk6p_7AfzQ4.js Show response
static.xx.fbcdn.net/rsrc.php/v4iEpO4/yA/l/zh_TW-j/ Frame 3313 185 KB
50 KB 295ms
141ms Script
application/x-javascript 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v4iEpO4/yA/l/zh_TW-j/kk6p_7AfzQ4.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

f0e781854d3e6e3faddedeff33e774667ceec5864261c41bff5499ea8e420b77

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin: https://www.facebook.com
Referer: https://www.facebook.com/

Response headers

content-md5: 8u8ppoqskzEoKl2DkHqIGQ==
content-encoding: zstd
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Wed, 09 Dec 2026 00:39:44 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 10 Dec 2025 01:17:50 GMT
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: 7mn3uPp44ccmXZ/9cIDVpBW//pJs9PK73Ttfietth6HF43H3WLUXW6xKhgMM9ZA0f1qtVvhNIdqrOZcepEEOtQ==
priority: u=1
vary: Origin
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=138, rtx=0, c=24, mss=1232, tbw=16991, tp=26, tpl=0, uplat=1, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: https://www.facebook.com
content-length: 50943
origin-agent-cluster: ?1

GET
H3 200 YvNVhqsZ8kM.js Show response
static.xx.fbcdn.net/rsrc.php/v4/y-/r/ Frame 3313 36 KB
12 KB 295ms
140ms Script
application/x-javascript 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v4/y-/r/YvNVhqsZ8kM.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

120a67e10b39b6b70dc52c65c77d016cba6e33b0ecc86d3fd49dda8f9efc2657

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin: https://www.facebook.com
Referer: https://www.facebook.com/

Response headers

content-md5: tXa15XQP+ilpiX2Yn0SYsQ==
content-encoding: zstd
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sun, 06 Dec 2026 17:16:55 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 10 Dec 2025 01:17:50 GMT
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: rsVNP7Nmi+gHnMA4+c8eT4T4uGI5ya6wUz8F/bXh5LuTVDBGREbSeC8eDv/6EqSm0FCIYMLzWnPAfyax9weFXA==
priority: u=1
vary: Origin
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=138, rtx=0, c=24, mss=1232, tbw=16271, tp=25, tpl=0, uplat=1, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: https://www.facebook.com
content-length: 12336
origin-agent-cluster: ?1

GET
H3 200 8wypiAW_bfk.js Show response
static.xx.fbcdn.net/rsrc.php/v4/yb/r/ Frame 3313 557 B
464 B 295ms
140ms Script
application/x-javascript 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v4/yb/r/8wypiAW_bfk.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

c2bfe20d9d58935828e75bc753e2655f240621077408ae64f9b40a20f5125487

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin: https://www.facebook.com
Referer: https://www.facebook.com/

Response headers

content-md5: WrWgdG79ReerxOLSJDvtvA==
content-encoding: zstd
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Thu, 03 Dec 2026 21:15:43 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 10 Dec 2025 01:17:50 GMT
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: qZ8OtW3BVJtLHJ2Vj2fBJfglSd5dtpPkO2voxu1Wshy+ucSJ/0KXhDWt/7vVDzq03w0c7hEiUZVoVRaOcZjlOQ==
priority: u=1
vary: Origin
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=138, rtx=0, c=24, mss=1232, tbw=16271, tp=25, tpl=0, uplat=1, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: https://www.facebook.com
content-length: 323
origin-agent-cluster: ?1

GET
H3 200 btUn9ic3fhE.js Show response
static.xx.fbcdn.net/rsrc.php/v4iLl54/yM/l/zh_TW-j/ Frame 3313 30 KB
9 KB 603ms
449ms Script
application/x-javascript 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v4iLl54/yM/l/zh_TW-j/btUn9ic3fhE.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

d6ced52e99589cf0f1c6fbecf2f7a50dca6f826039ae17e5f9b2a962b41f6d9d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin: https://www.facebook.com
Referer: https://www.facebook.com/

Response headers

content-md5: vOjCOeAX/TsT1wnXpBpa4Q==
content-encoding: zstd
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Tue, 08 Dec 2026 22:31:23 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 10 Dec 2025 01:17:50 GMT
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: iFQff8nG2hyaOQLuroEWDxNRUXuE3TDR5StVf/rGjimy/ehizW/za9wM/Y9f7en+ac1JqDJJOZkHRFrSplpfsw==
priority: u=1
vary: Origin
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=138, rtx=0, c=24, mss=1232, tbw=35471, tp=41, tpl=0, uplat=1, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: https://www.facebook.com
content-length: 8812
origin-agent-cluster: ?1

GET
H3 200 302181889_449668210518240_1343224774275673253_n.png
scontent-hkg1-1.xx.fbcdn.net/v/t39.30808-1/ Frame 3313 2 KB
2 KB 281ms
94ms Image
image/png 163.70.158.11
FACEBOOK

General

Check archive.org

Download Go to Show image

Full URL: https://scontent-hkg1-1.xx.fbcdn.net/v/t39.30808-1/302181889_449668210518240_1343224774275673253_n.png?stp=cp0_dst-png_s50x50&_nc_cat=105&ccb=1-7&_nc_sid=f907e8&_nc_ohc=9COxK_nZ7CIQ7kNvwFCXeeq&_nc_oc=Adna-I_vwpo7wnGie35unMkdps8zh0IxwwOuhIWodbFmq8ICo0BneOUqmtAHzri39zo&_nc_zt=24&_nc_ht=scontent-hkg1-1.xx&edm=ADwHzz8EAAAA&_nc_gid=H55S5f7jeOjINlzhTPF1TQ&oh=00_AflUG6HhCmliqf7LuMgIHYA37m7nU7gbiSWjvRrSZXp_Xg&oe=693E8A55
Requested by: Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Freurl.cc%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 163.70.158.11 Chai Wan, Hong Kong, ASN32934 (FACEBOOK, US),
Reverse DNS: xx-fbcdn-shv-01-hkg1.fbcdn.net
Software: /
Resource Hash: 352d0915216b13b935f1abedea04d4a039802faaf69153ae71c377410990e322

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://www.facebook.com/

Response headers

x-robots-tag: noarchive, noindex
alt-svc: h3=":443"; ma=86400
date: Wed, 10 Dec 2025 01:17:51 GMT
no-vary-search: key-order, params=("_nc_gid" "oh" "oe" "_nc_oc" "_nc_ohc" "_nc_cat" "_nc_ht" "_nc_cb")
last-modified: Tue, 06 Sep 2022 22:20:57 GMT
x-fb-ptm-uuid: 674790A1738E11AA39A7F973A07CC585
content-type: image/png
priority: u=1,i
cache-control: max-age=1209600, no-transform
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=92, rtx=0, c=23, mss=1232, tbw=4985, tp=9, tpl=0, uplat=0, ullat=-1
x-crypto-project: 0
cross-origin-resource-policy: cross-origin
content-digest: adler32=747767112
access-control-allow-origin: *
accept-ranges: bytes
content-length: 2066
x-additional-error-detail

GET
H2 200 capmapping.htm Show response
cdn.holmesmind.com/js/ Frame 62B0 12 KB
0 275ms
275ms Document
text/html 3.164.121.96
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/capmapping.htm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-96.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 37cd16af9680e2eac2b065fe88fbc0ca6d80583c67a9d8c69969e5dcbe27b14d

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 7
content-length: 12184
content-type: text/html
date: Wed, 10 Dec 2025 01:17:44 GMT
etag: "313c12f57383ae26248323c3b33af799"
last-modified: Mon, 17 Mar 2025 05:33:47 GMT
server: AmazonS3
via: 1.1 abddbf0eca39746a52a1389ec09fb216.cloudfront.net (CloudFront)
x-amz-cf-id: F5xQtEfkAzYzjPIthnNO5Zkr1CpqZ6gPq_dqyw_Oi4z9AblTsaBOxg==
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256
x-amz-version-id: rSOjRFL3ruqyCRzzCV6Gk2MSJ9yPXZwf
x-cache: Hit from cloudfront

GET
H2 200 capmapping.htm Show response
cdn.holmesmind.com/js/ Frame F696 12 KB
0 261ms
261ms Document
text/html 3.164.121.96
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/capmapping.htm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-96.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 37cd16af9680e2eac2b065fe88fbc0ca6d80583c67a9d8c69969e5dcbe27b14d

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 7
content-length: 12184
content-type: text/html
date: Wed, 10 Dec 2025 01:17:44 GMT
etag: "313c12f57383ae26248323c3b33af799"
last-modified: Mon, 17 Mar 2025 05:33:47 GMT
server: AmazonS3
via: 1.1 abddbf0eca39746a52a1389ec09fb216.cloudfront.net (CloudFront)
x-amz-cf-id: F5xQtEfkAzYzjPIthnNO5Zkr1CpqZ6gPq_dqyw_Oi4z9AblTsaBOxg==
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256
x-amz-version-id: rSOjRFL3ruqyCRzzCV6Gk2MSJ9yPXZwf
x-cache: Hit from cloudfront

GET
H2 200 capmapping.htm Show response
cdn.holmesmind.com/js/ Frame FFE5 12 KB
0 236ms
236ms Document
text/html 3.164.121.96
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/capmapping.htm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-96.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 37cd16af9680e2eac2b065fe88fbc0ca6d80583c67a9d8c69969e5dcbe27b14d

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 7
content-length: 12184
content-type: text/html
date: Wed, 10 Dec 2025 01:17:44 GMT
etag: "313c12f57383ae26248323c3b33af799"
last-modified: Mon, 17 Mar 2025 05:33:47 GMT
server: AmazonS3
via: 1.1 abddbf0eca39746a52a1389ec09fb216.cloudfront.net (CloudFront)
x-amz-cf-id: F5xQtEfkAzYzjPIthnNO5Zkr1CpqZ6gPq_dqyw_Oi4z9AblTsaBOxg==
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256
x-amz-version-id: rSOjRFL3ruqyCRzzCV6Gk2MSJ9yPXZwf
x-cache: Hit from cloudfront

GET
H2 200 capmapping.htm Show response
cdn.holmesmind.com/js/ Frame 5159 12 KB
0 234ms
234ms Document
text/html 3.164.121.96
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/capmapping.htm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-96.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 37cd16af9680e2eac2b065fe88fbc0ca6d80583c67a9d8c69969e5dcbe27b14d

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 7
content-length: 12184
content-type: text/html
date: Wed, 10 Dec 2025 01:17:44 GMT
etag: "313c12f57383ae26248323c3b33af799"
last-modified: Mon, 17 Mar 2025 05:33:47 GMT
server: AmazonS3
via: 1.1 abddbf0eca39746a52a1389ec09fb216.cloudfront.net (CloudFront)
x-amz-cf-id: F5xQtEfkAzYzjPIthnNO5Zkr1CpqZ6gPq_dqyw_Oi4z9AblTsaBOxg==
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256
x-amz-version-id: rSOjRFL3ruqyCRzzCV6Gk2MSJ9yPXZwf
x-cache: Hit from cloudfront

GET
H3 200 1675200226052423 Show response
connect.facebook.net/signals/config/ 99 KB
25 KB 144ms
143ms Script
application/x-javascript 57.144.44.128
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://connect.facebook.net/signals/config/1675200226052423?v=2.9.245&r=stable&domain=reurl.cc&hme=50bab31bbf5151cee3dcfa74ffeee9e761f22c9be18302d6c4b433b0d72b4e00&ex_m=94%2C156%2C134%2C20%2C67%2C68%2C127%2C63%2C43%2C128%2C72%2C62%2C10%2C141%2C80%2C15%2C93%2C28%2C122%2C115%2C70%2C73%2C121%2C138%2C102%2C143%2C7%2C3%2C4%2C6%2C5%2C2%2C81%2C91%2C144%2C223%2C167%2C57%2C225%2C226%2C50%2C182%2C27%2C69%2C231%2C230%2C170%2C30%2C56%2C9%2C59%2C87%2C88%2C89%2C95%2C118%2C29%2C26%2C120%2C117%2C116%2C135%2C71%2C137%2C136%2C45%2C55%2C111%2C14%2C140%2C40%2C212%2C214%2C177%2C23%2C24%2C25%2C17%2C18%2C39%2C35%2C37%2C36%2C76%2C82%2C86%2C100%2C126%2C129%2C41%2C101%2C21%2C19%2C107%2C64%2C33%2C131%2C130%2C132%2C123%2C22%2C32%2C54%2C99%2C139%2C65%2C16%2C133%2C104%2C31%2C192%2C163%2C283%2C210%2C154%2C195%2C188%2C164%2C97%2C119%2C75%2C109%2C49%2C42%2C108%2C114%2C53%2C60%2C113%2C44%2C103%2C48%2C51%2C47%2C90%2C142%2C0%2C112%2C13%2C110%2C11%2C1%2C52%2C83%2C58%2C61%2C106%2C79%2C78%2C145%2C146%2C84%2C85%2C8%2C92%2C46%2C124%2C77%2C74%2C66%2C105%2C96%2C38%2C125%2C34%2C98%2C12%2C147

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

57.144.44.128 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt6.fbcdn.net

Software

Resource Hash

e7da962fe0c25952958483c5fac8e52b19244e63525d58cce0125af7375e2bd4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' blob: ;script-src 'nonce-XmfoTEbf' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: 'self' https://.google-analytics.com .google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: .cdninstagram.com https://.google-analytics.com;font-src 'self' data: blob: ;img-src 'self' data: blob: https://.google-analytics.com;media-src 'self' data: blob: ;child-src 'self' data: blob: ;frame-src 'self' data: blob: ;manifest-src 'self' data: blob: ;object-src 'self' data: blob: ;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 10 Dec 2025 01:17:50 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' blob: *;script-src 'nonce-XmfoTEbf' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=137, rtx=0, c=105, mss=1232, tbw=105520, tp=98, tpl=0, uplat=4, ullat=-1
pragma: public
x-fb-debug: kYKTvpSVTqEpUj4Yrw6zVdUfdXjxp6UnfanF2pB23AUJOpQGHz1SpbpdJXRXtgqIUieG6GRm5w9AcfXHJB8sgA==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
content-length: 25829
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 Preset.js Show response
ad.holmesmind.com/adserver/ Frame BFAA 1 KB
609 B 462ms
128ms Script
text/html 18.176.230.233
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ad.holmesmind.com/adserver/Preset.js?z=13861
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.176.230.233 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-176-230-233.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 38a936bb3ef60e388edbed99554f9fa93ffafcd1669777d0e4e00a6b0e23f1da

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

access-control-allow-origin: https://reurl.cc
content-encoding: gzip
date: Wed, 10 Dec 2025 01:17:50 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx
access-control-allow-credentials: true

GET
H2 200 js-md5.js Show response
cdn.holmesmind.com/js/ Frame BFAA 30 KB
30 KB 165ms
164ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/js-md5.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag: "ab3f6a2aedec7585237d5fb727bebcbb"
age: 19
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 30621
x-amz-cf-id: qO5iZRe_41GgIxgi851KHvzCsdERWnbsnN0ySrnU4ESksaG0xpMtMw==
date: Wed, 10 Dec 2025 01:17:32 GMT
content-type: application/javascript
last-modified: Tue, 14 Nov 2023 14:04:56 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 Preset.js Show response
ad.holmesmind.com/adserver/ Frame 4D86 820 B
507 B 455ms
123ms Script
text/html 18.176.230.233
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ad.holmesmind.com/adserver/Preset.js?z=18535
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.176.230.233 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-176-230-233.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1005edce901738f3e7db638eb15c2aab780b0eb6980371a743f826e9edf02aa1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

access-control-allow-origin: https://reurl.cc
content-encoding: gzip
date: Wed, 10 Dec 2025 01:17:50 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx
access-control-allow-credentials: true

GET
H2 200 js-md5.js Show response
cdn.holmesmind.com/js/ Frame 4D86 30 KB
0 163ms
163ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/js-md5.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag: "ab3f6a2aedec7585237d5fb727bebcbb"
age: 19
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 30621
x-amz-cf-id: qO5iZRe_41GgIxgi851KHvzCsdERWnbsnN0ySrnU4ESksaG0xpMtMw==
date: Wed, 10 Dec 2025 01:17:32 GMT
content-type: application/javascript
last-modified: Tue, 14 Nov 2023 14:04:56 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 Preset.js Show response
ad.holmesmind.com/adserver/ Frame C895 820 B
506 B 454ms
124ms Script
text/html 18.176.230.233
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ad.holmesmind.com/adserver/Preset.js?z=22213
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.176.230.233 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-176-230-233.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1005edce901738f3e7db638eb15c2aab780b0eb6980371a743f826e9edf02aa1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

access-control-allow-origin: https://reurl.cc
content-encoding: gzip
date: Wed, 10 Dec 2025 01:17:50 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx
access-control-allow-credentials: true

GET
H2 200 js-md5.js Show response
cdn.holmesmind.com/js/ Frame C895 30 KB
0 162ms
162ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/js-md5.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag: "ab3f6a2aedec7585237d5fb727bebcbb"
age: 19
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 30621
x-amz-cf-id: qO5iZRe_41GgIxgi851KHvzCsdERWnbsnN0ySrnU4ESksaG0xpMtMw==
date: Wed, 10 Dec 2025 01:17:32 GMT
content-type: application/javascript
last-modified: Tue, 14 Nov 2023 14:04:56 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 Preset.js Show response
ad.holmesmind.com/adserver/ Frame C6DC 7 KB
1 KB 556ms
237ms Script
text/html 18.176.230.233
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ad.holmesmind.com/adserver/Preset.js?z=22214
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.176.230.233 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-176-230-233.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 9722a06b170a87794da6a4cf27efd1997b9616d64f1ab14cfbfb7d4738480cc4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

access-control-allow-origin: https://reurl.cc
content-encoding: gzip
date: Wed, 10 Dec 2025 01:17:50 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx
access-control-allow-credentials: true

GET
H2 200 js-md5.js Show response
cdn.holmesmind.com/js/ Frame C6DC 30 KB
0 152ms
152ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/js-md5.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag: "ab3f6a2aedec7585237d5fb727bebcbb"
age: 19
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 30621
x-amz-cf-id: qO5iZRe_41GgIxgi851KHvzCsdERWnbsnN0ySrnU4ESksaG0xpMtMw==
date: Wed, 10 Dec 2025 01:17:32 GMT
content-type: application/javascript
last-modified: Tue, 14 Nov 2023 14:04:56 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 Preset.js Show response
ad.holmesmind.com/adserver/ Frame 332C 7 KB
1 KB 556ms
239ms Script
text/html 18.176.230.233
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ad.holmesmind.com/adserver/Preset.js?z=14209
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.176.230.233 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-176-230-233.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 7ab261e572155915a8e6ef0476abedf3620a0a65af8fa91c057921344ceef112

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

access-control-allow-origin: https://reurl.cc
content-encoding: gzip
date: Wed, 10 Dec 2025 01:17:50 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx
access-control-allow-credentials: true

GET
H2 200 js-md5.js Show response
cdn.holmesmind.com/js/ Frame 332C 30 KB
0 151ms
151ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/js-md5.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag: "ab3f6a2aedec7585237d5fb727bebcbb"
age: 19
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 30621
x-amz-cf-id: qO5iZRe_41GgIxgi851KHvzCsdERWnbsnN0ySrnU4ESksaG0xpMtMw==
date: Wed, 10 Dec 2025 01:17:32 GMT
content-type: application/javascript
last-modified: Tue, 14 Nov 2023 14:04:56 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 Preset.js Show response
ad.holmesmind.com/adserver/ Frame E217 2 KB
853 B 410ms
124ms Script
text/html 18.176.230.233
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ad.holmesmind.com/adserver/Preset.js?z=14210
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.176.230.233 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-176-230-233.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 97526e5a5802eee45d0f67427c48dddd0eb0c90a24b22d33f509203c56c1a156

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

access-control-allow-origin: https://reurl.cc
content-encoding: gzip
date: Wed, 10 Dec 2025 01:17:50 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx
access-control-allow-credentials: true

GET
H2 200 js-md5.js Show response
cdn.holmesmind.com/js/ Frame E217 30 KB
0 120ms
120ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/js-md5.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag: "ab3f6a2aedec7585237d5fb727bebcbb"
age: 19
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 30621
x-amz-cf-id: qO5iZRe_41GgIxgi851KHvzCsdERWnbsnN0ySrnU4ESksaG0xpMtMw==
date: Wed, 10 Dec 2025 01:17:32 GMT
content-type: application/javascript
last-modified: Tue, 14 Nov 2023 14:04:56 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 Preset.js Show response
ad.holmesmind.com/adserver/ Frame 9A13 2 KB
636 B 164ms
163ms Script
text/html 18.176.230.233
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ad.holmesmind.com/adserver/Preset.js?z=13860
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.176.230.233 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-176-230-233.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: d2986d922842fcae8dd193d6d389060cc5ccd1f0d3ea67652c35a83ee9db4d24

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

access-control-allow-origin: https://reurl.cc
content-encoding: gzip
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx
access-control-allow-credentials: true

GET
H2 200 js-md5.js Show response
cdn.holmesmind.com/js/ Frame 9A13 30 KB
0 116ms
116ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/js-md5.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag: "ab3f6a2aedec7585237d5fb727bebcbb"
age: 19
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 30621
x-amz-cf-id: qO5iZRe_41GgIxgi851KHvzCsdERWnbsnN0ySrnU4ESksaG0xpMtMw==
date: Wed, 10 Dec 2025 01:17:32 GMT
content-type: application/javascript
last-modified: Tue, 14 Nov 2023 14:04:56 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 Preset.js Show response
ad.holmesmind.com/adserver/ Frame 3A8F 2 KB
636 B 165ms
164ms Script
text/html 18.176.230.233
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ad.holmesmind.com/adserver/Preset.js?z=13858
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.176.230.233 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-176-230-233.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: d2986d922842fcae8dd193d6d389060cc5ccd1f0d3ea67652c35a83ee9db4d24

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

access-control-allow-origin: https://reurl.cc
content-encoding: gzip
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx
access-control-allow-credentials: true

GET
H2 200 js-md5.js Show response
cdn.holmesmind.com/js/ Frame 3A8F 30 KB
0 113ms
113ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/js-md5.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag: "ab3f6a2aedec7585237d5fb727bebcbb"
age: 19
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 30621
x-amz-cf-id: qO5iZRe_41GgIxgi851KHvzCsdERWnbsnN0ySrnU4ESksaG0xpMtMw==
date: Wed, 10 Dec 2025 01:17:32 GMT
content-type: application/javascript
last-modified: Tue, 14 Nov 2023 14:04:56 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 nineyi.tracking.client.iife.js Show response
tracking-client.91app.com/1.2.0/ Frame 571C 42 KB
17 KB 727ms
250ms Script
application/javascript 3.173.197.77
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.173.197.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-173-197-77.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6fb04bf962208df81def881d4eb39e5f263c8f79e4c9425bbe79042eb36938c5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

vary: accept-encoding
cache-control: max-age=no-cache
content-encoding: br
etag: W/"3087e8bcd78cce0b2b4e3454c1fcd923"
age: 291
via: 1.1 3f53c5d558c7725105f3837916f8e5c2.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: es7XUKnkED8DoNuN9-xTWrKQjOrxACKykjioszUCbKVJLsWT3NUzlA==
date: Wed, 10 Dec 2025 01:13:01 GMT
content-type: application/javascript
last-modified: Mon, 20 Jan 2025 10:42:14 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P8
x-amz-server-side-encryption: AES256

GET
H2 200 nineyi.tracking.client.iife.js Show response
tracking-client.91app.com/1.2.0/ Frame A90A 42 KB
0 720ms
720ms Script
application/javascript 3.173.197.77
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.173.197.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-173-197-77.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6fb04bf962208df81def881d4eb39e5f263c8f79e4c9425bbe79042eb36938c5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

vary: accept-encoding
cache-control: max-age=no-cache
content-encoding: br
etag: W/"3087e8bcd78cce0b2b4e3454c1fcd923"
age: 291
via: 1.1 3f53c5d558c7725105f3837916f8e5c2.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: es7XUKnkED8DoNuN9-xTWrKQjOrxACKykjioszUCbKVJLsWT3NUzlA==
date: Wed, 10 Dec 2025 01:13:01 GMT
content-type: application/javascript
last-modified: Mon, 20 Jan 2025 10:42:14 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P8
x-amz-server-side-encryption: AES256

GET
H2 200 nineyi.tracking.client.iife.js Show response
tracking-client.91app.com/1.2.0/ Frame 62B0 42 KB
0 715ms
715ms Script
application/javascript 3.173.197.77
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.173.197.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-173-197-77.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6fb04bf962208df81def881d4eb39e5f263c8f79e4c9425bbe79042eb36938c5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

vary: accept-encoding
cache-control: max-age=no-cache
content-encoding: br
etag: W/"3087e8bcd78cce0b2b4e3454c1fcd923"
age: 291
via: 1.1 3f53c5d558c7725105f3837916f8e5c2.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: es7XUKnkED8DoNuN9-xTWrKQjOrxACKykjioszUCbKVJLsWT3NUzlA==
date: Wed, 10 Dec 2025 01:13:01 GMT
content-type: application/javascript
last-modified: Mon, 20 Jan 2025 10:42:14 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P8
x-amz-server-side-encryption: AES256

GET
H2 200 nineyi.tracking.client.iife.js Show response
tracking-client.91app.com/1.2.0/ Frame F696 42 KB
0 710ms
710ms Script
application/javascript 3.173.197.77
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.173.197.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-173-197-77.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6fb04bf962208df81def881d4eb39e5f263c8f79e4c9425bbe79042eb36938c5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

vary: accept-encoding
cache-control: max-age=no-cache
content-encoding: br
etag: W/"3087e8bcd78cce0b2b4e3454c1fcd923"
age: 291
via: 1.1 3f53c5d558c7725105f3837916f8e5c2.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: es7XUKnkED8DoNuN9-xTWrKQjOrxACKykjioszUCbKVJLsWT3NUzlA==
date: Wed, 10 Dec 2025 01:13:01 GMT
content-type: application/javascript
last-modified: Mon, 20 Jan 2025 10:42:14 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P8
x-amz-server-side-encryption: AES256

GET
H2 200 nineyi.tracking.client.iife.js Show response
tracking-client.91app.com/1.2.0/ Frame FFE5 42 KB
0 704ms
704ms Script
application/javascript 3.173.197.77
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.173.197.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-173-197-77.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6fb04bf962208df81def881d4eb39e5f263c8f79e4c9425bbe79042eb36938c5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

vary: accept-encoding
cache-control: max-age=no-cache
content-encoding: br
etag: W/"3087e8bcd78cce0b2b4e3454c1fcd923"
age: 291
via: 1.1 3f53c5d558c7725105f3837916f8e5c2.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: es7XUKnkED8DoNuN9-xTWrKQjOrxACKykjioszUCbKVJLsWT3NUzlA==
date: Wed, 10 Dec 2025 01:13:01 GMT
content-type: application/javascript
last-modified: Mon, 20 Jan 2025 10:42:14 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P8
x-amz-server-side-encryption: AES256

GET
H/1.1 200
OK /
cm.lndata.com/ Frame 571C 35 B
470 B 404ms
97ms Image
image/gif 116.50.36.71
DONGFONG-TW DongF...

General

Check archive.org

Download Go to Show image

Full URL: https://cm.lndata.com/?tid=4084&uid=media_cookie_id
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 116.50.36.71 , Taiwan, ASN18046 (DONGFONG-TW DongFong Technology Co. Ltd., TW),
Reverse DNS: 116-50-36-71.dft.tw
Software: TornadoServer/1.2.1 /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

Content-Length: 35
P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR
Date: Wed, 10 Dec 2025 01:17:51 GMT
Etag: "0f4e929dd5bb2564f7ab9c76338e04e292a42ace"
Content-Type: image/gif
Connection: keep-alive
Server: TornadoServer/1.2.1

GET
H2 200 fp Show response
cm-dev-poc.holmesmind.com/ Frame 07B9 0
218 B 517ms
121ms Document
text/html 3.114.255.95
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cm-dev-poc.holmesmind.com/fp
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.114.255.95 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-114-255-95.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 10 Dec 2025 01:17:51 GMT
server: nginx/1.18.0 (Ubuntu)

GET
H2 200 cm.php Show response
fcm.holmesmind.com/ Frame BA0C 39 B
182 B 415ms
261ms Document
text/html 34.95.67.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://fcm.holmesmind.com/cm.php
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.67.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.67.95.34.bc.googleusercontent.com
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: d51ae4a1096fac36fe9055d5c3f4daa85de0120b567636c89327b544a2a6a795

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39
content-type: text/html; charset=UTF-8
date: Wed, 10 Dec 2025 01:17:50 GMT
server: Apache/2.4.29 (Ubuntu)
via: 1.1 google

GET
H2 200 cm.js Show response
fcm2.holmesmind.com/ Frame 571C 409 B
632 B 408ms
122ms Script
application/javascript 18.178.75.163
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://fcm2.holmesmind.com/cm.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.178.75.163 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-178-75-163.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c205c874491530a4288b8f643e5da8fbcf7c54bee71bb787f4444e77de90e821

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

access-control-allow-origin: *
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0 (Ubuntu)

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame 571C 5 KB
3 KB 275ms
72ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

strict-transport-security: max-age=0
cache-control: max-age=600
content-encoding: gzip
etag: W/"65e6c0fa-15e4"
expires: Wed, 10 Dec 2025 01:27:50 GMT
date: Wed, 10 Dec 2025 01:17:50 GMT
content-type: application/javascript
last-modified: Tue, 05 Mar 2024 06:51:38 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 fp
cm-dev-poc.holmesmind.com/ Frame 571C 0
217 B 515ms
122ms Image
text/html 3.114.255.95
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://cm-dev-poc.holmesmind.com/fp
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.114.255.95 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-114-255-95.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

content-encoding: gzip
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.18.0 (Ubuntu)

GET
H2

200

cm
c.holmesmind.com/ Frame 571C
Redirect Chain

https://c.holmesmind.com/cm
https://c.holmesmind.com/cm?tc=getIn&

0
502 B

243ms
238ms

Image
text/html

35.201.76.93
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL: https://c.holmesmind.com/cm?tc=getIn&
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Server: 35.201.76.93 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 93.76.201.35.bc.googleusercontent.com
Software: nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
server: nginx/1.10.3 (Ubuntu)

Redirect headers

location: https://c.holmesmind.com/cm?tc=getIn&
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Wed, 10 Dec 2025 01:17:50 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
server: nginx/1.10.3 (Ubuntu)

GET
H2

200

google
m.holmesmind.com/ml/ Frame 571C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined
https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=undefined&uu_m=undefined&google_tc=
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEGDnYZyhd0rau7Q9sae2kic&google_cver=1

0
447 B

288ms
119ms

Image
image/png

35.227.249.156
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL: https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEGDnYZyhd0rau7Q9sae2kic&google_cver=1
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Server: 35.227.249.156 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 156.249.227.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

x-goog-metageneration: 1
x-goog-hash: crc32c=AAAAAA==, md5=1B2M2Y8AsgTpgAmY7PhCfg==
etag: "d41d8cd98f00b204e9800998ecf8427e"
x-goog-stored-content-encoding: identity
expires: Wed, 10 Dec 2025 02:17:51 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 0
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: image/png
last-modified: Wed, 21 Feb 2018 07:36:41 GMT
x-guploader-uploadid: AHVrFxMGRIHxoqOdQdRba9RIF-ILdT3cnkQ6j-FR7EoUEK3oNA0w-ioW8TmefgDJrkaBC0I
cache-control: public, max-age=3600
x-goog-storage-class: REGIONAL
accept-ranges: bytes
x-goog-generation: 1519198601160228
content-length: 0
server: UploadServer

Redirect headers

cache-control: no-cache, must-revalidate
location: https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEGDnYZyhd0rau7Q9sae2kic&google_cver=1
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 328
date: Wed, 10 Dec 2025 01:17:51 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)

GET
H2 200 nineyi.tracking.client.iife.js Show response
tracking-client.91app.com/1.2.0/ Frame 5159 42 KB
0 692ms
692ms Script
application/javascript 3.173.197.77
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.173.197.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-173-197-77.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6fb04bf962208df81def881d4eb39e5f263c8f79e4c9425bbe79042eb36938c5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

vary: accept-encoding
cache-control: max-age=no-cache
content-encoding: br
etag: W/"3087e8bcd78cce0b2b4e3454c1fcd923"
age: 291
via: 1.1 3f53c5d558c7725105f3837916f8e5c2.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: es7XUKnkED8DoNuN9-xTWrKQjOrxACKykjioszUCbKVJLsWT3NUzlA==
date: Wed, 10 Dec 2025 01:13:01 GMT
content-type: application/javascript
last-modified: Mon, 20 Jan 2025 10:42:14 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P8
x-amz-server-side-encryption: AES256

GET
H/1.1 200
OK /
cm.lndata.com/ Frame A90A 35 B
394 B 473ms
81ms Image
image/gif 116.50.36.71
DONGFONG-TW DongF...

General

Check archive.org

Download Go to Show image

Full URL: https://cm.lndata.com/?tid=4084&uid=media_cookie_id
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 116.50.36.71 , Taiwan, ASN18046 (DONGFONG-TW DongFong Technology Co. Ltd., TW),
Reverse DNS: 116-50-36-71.dft.tw
Software: TornadoServer/1.2.1 /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR
Content-Length: 35
Date: Wed, 10 Dec 2025 01:17:51 GMT
Etag: "0f4e929dd5bb2564f7ab9c76338e04e292a42ace"
Content-Type: image/gif
Server: TornadoServer/1.2.1

GET
H2 200 fp
cm-dev-poc.holmesmind.com/ Frame A90A 0
217 B 619ms
121ms Image
text/html 3.114.255.95
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://cm-dev-poc.holmesmind.com/fp
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.114.255.95 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-114-255-95.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

content-encoding: gzip
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.18.0 (Ubuntu)

GET
H3

200

cm
c.holmesmind.com/ Frame A90A
Redirect Chain

https://c.holmesmind.com/cm
https://c.holmesmind.com/cm?tc=getIn&

0
17 B

242ms
236ms

Image
text/html

35.201.76.93
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL: https://c.holmesmind.com/cm?tc=getIn&
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H3
Server: 35.201.76.93 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 93.76.201.35.bc.googleusercontent.com
Software: nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
server: nginx/1.10.3 (Ubuntu)

Redirect headers

location: https://c.holmesmind.com/cm?tc=getIn&
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
server: nginx/1.10.3 (Ubuntu)

GET
H2 200 fp Show response
cm-dev-poc.holmesmind.com/ Frame 000E 0
217 B 616ms
120ms Document
text/html 3.114.255.95
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cm-dev-poc.holmesmind.com/fp
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.114.255.95 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-114-255-95.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 10 Dec 2025 01:17:51 GMT
server: nginx/1.18.0 (Ubuntu)

GET
H2 200 cm.php Show response
fcm.holmesmind.com/ Frame 2BBB 39 B
97 B 657ms
259ms Document
text/html 34.95.67.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://fcm.holmesmind.com/cm.php
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.67.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.67.95.34.bc.googleusercontent.com
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: d51ae4a1096fac36fe9055d5c3f4daa85de0120b567636c89327b544a2a6a795

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39
content-type: text/html; charset=UTF-8
date: Wed, 10 Dec 2025 01:17:51 GMT
server: Apache/2.4.29 (Ubuntu)
via: 1.1 google

GET
H2 200 cm.js Show response
fcm2.holmesmind.com/ Frame A90A 409 B
631 B 512ms
116ms Script
application/javascript 18.178.75.163
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://fcm2.holmesmind.com/cm.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.178.75.163 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-178-75-163.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c205c874491530a4288b8f643e5da8fbcf7c54bee71bb787f4444e77de90e821

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

access-control-allow-origin: *
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0 (Ubuntu)

GET
H2

200

google
m.holmesmind.com/ml/ Frame A90A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined
https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=undefined&uu_m=undefined&google_tc=
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEGDnYZyhd0rau7Q9sae2kic&google_cver=1

0
0

139ms
139ms

Image
image/png

35.227.249.156
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL: https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEGDnYZyhd0rau7Q9sae2kic&google_cver=1
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Server: 35.227.249.156 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 156.249.227.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

x-goog-metageneration: 1
x-goog-hash: crc32c=AAAAAA==, md5=1B2M2Y8AsgTpgAmY7PhCfg==
etag: "d41d8cd98f00b204e9800998ecf8427e"
x-goog-stored-content-encoding: identity
expires: Wed, 10 Dec 2025 02:17:51 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 0
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: image/png
last-modified: Wed, 21 Feb 2018 07:36:41 GMT
x-guploader-uploadid: AHVrFxMGRIHxoqOdQdRba9RIF-ILdT3cnkQ6j-FR7EoUEK3oNA0w-ioW8TmefgDJrkaBC0I
cache-control: public, max-age=3600
x-goog-storage-class: REGIONAL
accept-ranges: bytes
x-goog-generation: 1519198601160228
content-length: 0
server: UploadServer

Redirect headers

cache-control: no-cache, must-revalidate
location: https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEGDnYZyhd0rau7Q9sae2kic&google_cver=1
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 328
date: Wed, 10 Dec 2025 01:17:51 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)

GET
H/1.1 200
OK /
cm.lndata.com/ Frame 62B0 35 B
394 B 543ms
73ms Image
image/gif 116.50.36.71
DONGFONG-TW DongF...

General

Check archive.org

Download Go to Show image

Full URL: https://cm.lndata.com/?tid=4084&uid=media_cookie_id
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 116.50.36.71 , Taiwan, ASN18046 (DONGFONG-TW DongFong Technology Co. Ltd., TW),
Reverse DNS: 116-50-36-71.dft.tw
Software: TornadoServer/1.2.1 /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR
Content-Length: 35
Date: Wed, 10 Dec 2025 01:17:51 GMT
Etag: "0f4e929dd5bb2564f7ab9c76338e04e292a42ace"
Content-Type: image/gif
Server: TornadoServer/1.2.1

GET
H2 200 fp
cm-dev-poc.holmesmind.com/ Frame 62B0 0
217 B 737ms
122ms Image
text/html 3.114.255.95
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://cm-dev-poc.holmesmind.com/fp
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.114.255.95 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-114-255-95.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

content-encoding: gzip
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.18.0 (Ubuntu)

GET
H3

200

cm
c.holmesmind.com/ Frame 62B0
Redirect Chain

https://c.holmesmind.com/cm
https://c.holmesmind.com/cm?tc=getIn&

0
12 B

242ms
235ms

Image
text/html

35.201.76.93
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL: https://c.holmesmind.com/cm?tc=getIn&
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H3
Server: 35.201.76.93 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 93.76.201.35.bc.googleusercontent.com
Software: nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
server: nginx/1.10.3 (Ubuntu)

Redirect headers

location: https://c.holmesmind.com/cm?tc=getIn&
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
server: nginx/1.10.3 (Ubuntu)

GET
H2 200 fp Show response
cm-dev-poc.holmesmind.com/ Frame 236A 0
217 B 733ms
121ms Document
text/html 3.114.255.95
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cm-dev-poc.holmesmind.com/fp
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.114.255.95 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-114-255-95.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 10 Dec 2025 01:17:51 GMT
server: nginx/1.18.0 (Ubuntu)

GET
H3 200 cm.php Show response
fcm.holmesmind.com/ Frame DFB8 39 B
52 B 917ms
263ms Document
text/html 34.95.67.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://fcm.holmesmind.com/cm.php
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.95.67.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.67.95.34.bc.googleusercontent.com
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: d51ae4a1096fac36fe9055d5c3f4daa85de0120b567636c89327b544a2a6a795

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39
content-type: text/html; charset=UTF-8
date: Wed, 10 Dec 2025 01:17:51 GMT
server: Apache/2.4.29 (Ubuntu)
via: 1.1 google

GET
H2 200 cm.js Show response
fcm2.holmesmind.com/ Frame 62B0 409 B
631 B 629ms
121ms Script
application/javascript 18.178.75.163
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://fcm2.holmesmind.com/cm.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.178.75.163 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-178-75-163.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c205c874491530a4288b8f643e5da8fbcf7c54bee71bb787f4444e77de90e821

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

access-control-allow-origin: *
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0 (Ubuntu)

GET
H2

200

google
m.holmesmind.com/ml/ Frame 62B0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined
https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=undefined&uu_m=undefined&google_tc=
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEGDnYZyhd0rau7Q9sae2kic&google_cver=1

0
0

0ms
0ms

Image
image/png

35.227.249.156
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL: https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEGDnYZyhd0rau7Q9sae2kic&google_cver=1
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Server: 35.227.249.156 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 156.249.227.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

x-goog-metageneration: 1
x-goog-hash: crc32c=AAAAAA==, md5=1B2M2Y8AsgTpgAmY7PhCfg==
etag: "d41d8cd98f00b204e9800998ecf8427e"
x-goog-stored-content-encoding: identity
expires: Wed, 10 Dec 2025 02:17:51 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 0
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: image/png
last-modified: Wed, 21 Feb 2018 07:36:41 GMT
x-guploader-uploadid: AHVrFxMGRIHxoqOdQdRba9RIF-ILdT3cnkQ6j-FR7EoUEK3oNA0w-ioW8TmefgDJrkaBC0I
cache-control: public, max-age=3600
x-goog-storage-class: REGIONAL
accept-ranges: bytes
x-goog-generation: 1519198601160228
content-length: 0
server: UploadServer

Redirect headers

cache-control: no-cache, must-revalidate
location: https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEGDnYZyhd0rau7Q9sae2kic&google_cver=1
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 328
date: Wed, 10 Dec 2025 01:17:51 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)

GET
H/1.1 200
OK /
cm.lndata.com/ Frame F696 35 B
394 B 612ms
72ms Image
image/gif 116.50.36.71
DONGFONG-TW DongF...

General

Check archive.org

Download Go to Show image

Full URL: https://cm.lndata.com/?tid=4084&uid=media_cookie_id
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 116.50.36.71 , Taiwan, ASN18046 (DONGFONG-TW DongFong Technology Co. Ltd., TW),
Reverse DNS: 116-50-36-71.dft.tw
Software: TornadoServer/1.2.1 /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR
Content-Length: 35
Date: Wed, 10 Dec 2025 01:17:51 GMT
Etag: "0f4e929dd5bb2564f7ab9c76338e04e292a42ace"
Content-Type: image/gif
Server: TornadoServer/1.2.1

GET
H2 200 fp
cm-dev-poc.holmesmind.com/ Frame F696 0
217 B 856ms
122ms Image
text/html 3.114.255.95
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://cm-dev-poc.holmesmind.com/fp
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.114.255.95 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-114-255-95.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

content-encoding: gzip
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.18.0 (Ubuntu)

GET
H3

200

cm
c.holmesmind.com/ Frame F696
Redirect Chain

https://c.holmesmind.com/cm
https://c.holmesmind.com/cm?tc=getIn&

0
12 B

237ms
237ms

Image
text/html

35.201.76.93
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL: https://c.holmesmind.com/cm?tc=getIn&
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H3
Server: 35.201.76.93 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 93.76.201.35.bc.googleusercontent.com
Software: nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
server: nginx/1.10.3 (Ubuntu)

Redirect headers

location: https://c.holmesmind.com/cm?tc=getIn&
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
server: nginx/1.10.3 (Ubuntu)

GET
H2 200 fp Show response
cm-dev-poc.holmesmind.com/ Frame 2A9E 0
217 B 852ms
122ms Document
text/html 3.114.255.95
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cm-dev-poc.holmesmind.com/fp
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.114.255.95 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-114-255-95.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 10 Dec 2025 01:17:51 GMT
server: nginx/1.18.0 (Ubuntu)

GET
H3 200 cm.php Show response
fcm.holmesmind.com/ Frame 8882 39 B
52 B 1173ms
261ms Document
text/html 34.95.67.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://fcm.holmesmind.com/cm.php
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.95.67.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.67.95.34.bc.googleusercontent.com
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: d51ae4a1096fac36fe9055d5c3f4daa85de0120b567636c89327b544a2a6a795

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39
content-type: text/html; charset=UTF-8
date: Wed, 10 Dec 2025 01:17:51 GMT
server: Apache/2.4.29 (Ubuntu)
via: 1.1 google

GET
H2 200 cm.js Show response
fcm2.holmesmind.com/ Frame F696 409 B
631 B 744ms
121ms Script
application/javascript 18.178.75.163
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://fcm2.holmesmind.com/cm.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.178.75.163 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-178-75-163.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c205c874491530a4288b8f643e5da8fbcf7c54bee71bb787f4444e77de90e821

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

access-control-allow-origin: *
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0 (Ubuntu)

GET
H2

200

google
m.holmesmind.com/ml/ Frame F696
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined
https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=undefined&uu_m=undefined&google_tc=
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEGDnYZyhd0rau7Q9sae2kic&google_cver=1

0
0

0ms
0ms

Image
image/png

35.227.249.156
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL: https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEGDnYZyhd0rau7Q9sae2kic&google_cver=1
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Server: 35.227.249.156 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 156.249.227.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

x-goog-metageneration: 1
x-goog-hash: crc32c=AAAAAA==, md5=1B2M2Y8AsgTpgAmY7PhCfg==
etag: "d41d8cd98f00b204e9800998ecf8427e"
x-goog-stored-content-encoding: identity
expires: Wed, 10 Dec 2025 02:17:51 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 0
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: image/png
last-modified: Wed, 21 Feb 2018 07:36:41 GMT
x-guploader-uploadid: AHVrFxMGRIHxoqOdQdRba9RIF-ILdT3cnkQ6j-FR7EoUEK3oNA0w-ioW8TmefgDJrkaBC0I
cache-control: public, max-age=3600
x-goog-storage-class: REGIONAL
accept-ranges: bytes
x-goog-generation: 1519198601160228
content-length: 0
server: UploadServer

Redirect headers

cache-control: no-cache, must-revalidate
location: https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEGDnYZyhd0rau7Q9sae2kic&google_cver=1
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 328
date: Wed, 10 Dec 2025 01:17:51 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)

GET
H/1.1 200
OK /
cm.lndata.com/ Frame FFE5 35 B
394 B 681ms
75ms Image
image/gif 116.50.36.71
DONGFONG-TW DongF...

General

Check archive.org

Download Go to Show image

Full URL: https://cm.lndata.com/?tid=4084&uid=media_cookie_id
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 116.50.36.71 , Taiwan, ASN18046 (DONGFONG-TW DongFong Technology Co. Ltd., TW),
Reverse DNS: 116-50-36-71.dft.tw
Software: TornadoServer/1.2.1 /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR
Content-Length: 35
Date: Wed, 10 Dec 2025 01:17:51 GMT
Etag: "0f4e929dd5bb2564f7ab9c76338e04e292a42ace"
Content-Type: image/gif
Server: TornadoServer/1.2.1

GET
H2 200 fp
cm-dev-poc.holmesmind.com/ Frame FFE5 0
217 B 975ms
124ms Image
text/html 3.114.255.95
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://cm-dev-poc.holmesmind.com/fp
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.114.255.95 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-114-255-95.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

content-encoding: gzip
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.18.0 (Ubuntu)

GET
H3

200

cm
c.holmesmind.com/ Frame FFE5
Redirect Chain

https://c.holmesmind.com/cm
https://c.holmesmind.com/cm?tc=getIn&

0
12 B

251ms
236ms

Image
text/html

35.201.76.93
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL: https://c.holmesmind.com/cm?tc=getIn&
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H3
Server: 35.201.76.93 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 93.76.201.35.bc.googleusercontent.com
Software: nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
server: nginx/1.10.3 (Ubuntu)

Redirect headers

location: https://c.holmesmind.com/cm?tc=getIn&
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
server: nginx/1.10.3 (Ubuntu)

GET
H2 200 fp Show response
cm-dev-poc.holmesmind.com/ Frame 1057 0
217 B 969ms
121ms Document
text/html 3.114.255.95
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cm-dev-poc.holmesmind.com/fp
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.114.255.95 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-114-255-95.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 10 Dec 2025 01:17:51 GMT
server: nginx/1.18.0 (Ubuntu)

GET
H3 200 cm.php Show response
fcm.holmesmind.com/ Frame 66D1 39 B
52 B 1431ms
261ms Document
text/html 34.95.67.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://fcm.holmesmind.com/cm.php
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.95.67.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.67.95.34.bc.googleusercontent.com
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: d51ae4a1096fac36fe9055d5c3f4daa85de0120b567636c89327b544a2a6a795

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39
content-type: text/html; charset=UTF-8
date: Wed, 10 Dec 2025 01:17:52 GMT
server: Apache/2.4.29 (Ubuntu)
via: 1.1 google

GET
H2 200 cm.js Show response
fcm2.holmesmind.com/ Frame FFE5 409 B
631 B 861ms
120ms Script
application/javascript 18.178.75.163
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://fcm2.holmesmind.com/cm.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.178.75.163 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-178-75-163.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c205c874491530a4288b8f643e5da8fbcf7c54bee71bb787f4444e77de90e821

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

access-control-allow-origin: *
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0 (Ubuntu)

GET
H2

200

google
m.holmesmind.com/ml/ Frame FFE5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined
https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=undefined&uu_m=undefined&google_tc=
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEGDnYZyhd0rau7Q9sae2kic&google_cver=1

0
0

0ms
0ms

Image
image/png

35.227.249.156
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL: https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEGDnYZyhd0rau7Q9sae2kic&google_cver=1
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Server: 35.227.249.156 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 156.249.227.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

x-goog-metageneration: 1
x-goog-hash: crc32c=AAAAAA==, md5=1B2M2Y8AsgTpgAmY7PhCfg==
etag: "d41d8cd98f00b204e9800998ecf8427e"
x-goog-stored-content-encoding: identity
expires: Wed, 10 Dec 2025 02:17:51 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 0
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: image/png
last-modified: Wed, 21 Feb 2018 07:36:41 GMT
x-guploader-uploadid: AHVrFxMGRIHxoqOdQdRba9RIF-ILdT3cnkQ6j-FR7EoUEK3oNA0w-ioW8TmefgDJrkaBC0I
cache-control: public, max-age=3600
x-goog-storage-class: REGIONAL
accept-ranges: bytes
x-goog-generation: 1519198601160228
content-length: 0
server: UploadServer

Redirect headers

cache-control: no-cache, must-revalidate
location: https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEGDnYZyhd0rau7Q9sae2kic&google_cver=1
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 328
date: Wed, 10 Dec 2025 01:17:51 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)

GET
H/1.1 200
OK /
cm.lndata.com/ Frame 5159 35 B
394 B 759ms
81ms Image
image/gif 116.50.36.71
DONGFONG-TW DongF...

General

Check archive.org

Download Go to Show image

Full URL: https://cm.lndata.com/?tid=4084&uid=media_cookie_id
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 116.50.36.71 , Taiwan, ASN18046 (DONGFONG-TW DongFong Technology Co. Ltd., TW),
Reverse DNS: 116-50-36-71.dft.tw
Software: TornadoServer/1.2.1 /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR
Content-Length: 35
Date: Wed, 10 Dec 2025 01:17:51 GMT
Etag: "0f4e929dd5bb2564f7ab9c76338e04e292a42ace"
Content-Type: image/gif
Server: TornadoServer/1.2.1

GET
H2 200 fp
cm-dev-poc.holmesmind.com/ Frame 5159 0
217 B 1121ms
150ms Image
text/html 3.114.255.95
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://cm-dev-poc.holmesmind.com/fp
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.114.255.95 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-114-255-95.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

content-encoding: gzip
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.18.0 (Ubuntu)

GET
H3

200

cm
c.holmesmind.com/ Frame 5159
Redirect Chain

https://c.holmesmind.com/cm
https://c.holmesmind.com/cm?tc=getIn&

0
12 B

236ms
236ms

Image
text/html

35.201.76.93
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL: https://c.holmesmind.com/cm?tc=getIn&
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H3
Server: 35.201.76.93 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 93.76.201.35.bc.googleusercontent.com
Software: nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
server: nginx/1.10.3 (Ubuntu)

Redirect headers

location: https://c.holmesmind.com/cm?tc=getIn&
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
server: nginx/1.10.3 (Ubuntu)

GET
H2 200 fp Show response
cm-dev-poc.holmesmind.com/ Frame 990C 0
217 B 1110ms
145ms Document
text/html 3.114.255.95
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cm-dev-poc.holmesmind.com/fp
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.114.255.95 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-114-255-95.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 10 Dec 2025 01:17:51 GMT
server: nginx/1.18.0 (Ubuntu)

GET
H3 200 cm.php Show response
fcm.holmesmind.com/ Frame EEA8 39 B
52 B 1690ms
263ms Document
text/html 34.95.67.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://fcm.holmesmind.com/cm.php
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.95.67.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.67.95.34.bc.googleusercontent.com
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: d51ae4a1096fac36fe9055d5c3f4daa85de0120b567636c89327b544a2a6a795

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39
content-type: text/html; charset=UTF-8
date: Wed, 10 Dec 2025 01:17:52 GMT
server: Apache/2.4.29 (Ubuntu)
via: 1.1 google

GET
H2 200 cm.js Show response
fcm2.holmesmind.com/ Frame 5159 409 B
631 B 979ms
121ms Script
application/javascript 18.178.75.163
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://fcm2.holmesmind.com/cm.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.178.75.163 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-178-75-163.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c205c874491530a4288b8f643e5da8fbcf7c54bee71bb787f4444e77de90e821

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

access-control-allow-origin: *
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0 (Ubuntu)

GET
H2

200

google
m.holmesmind.com/ml/ Frame 5159
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined
https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=undefined&uu_m=undefined&google_tc=
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEGDnYZyhd0rau7Q9sae2kic&google_cver=1

0
0

0ms
0ms

Image
image/png

35.227.249.156
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL: https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEGDnYZyhd0rau7Q9sae2kic&google_cver=1
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Server: 35.227.249.156 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 156.249.227.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

x-goog-metageneration: 1
x-goog-hash: crc32c=AAAAAA==, md5=1B2M2Y8AsgTpgAmY7PhCfg==
etag: "d41d8cd98f00b204e9800998ecf8427e"
x-goog-stored-content-encoding: identity
expires: Wed, 10 Dec 2025 02:17:51 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 0
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: image/png
last-modified: Wed, 21 Feb 2018 07:36:41 GMT
x-guploader-uploadid: AHVrFxMGRIHxoqOdQdRba9RIF-ILdT3cnkQ6j-FR7EoUEK3oNA0w-ioW8TmefgDJrkaBC0I
cache-control: public, max-age=3600
x-goog-storage-class: REGIONAL
accept-ranges: bytes
x-goog-generation: 1519198601160228
content-length: 0
server: UploadServer

Redirect headers

cache-control: no-cache, must-revalidate
location: https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEGDnYZyhd0rau7Q9sae2kic&google_cver=1
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 328
date: Wed, 10 Dec 2025 01:17:51 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 431 KB
145 KB 155ms
154ms Script
application/javascript 142.250.196.104
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-ZDFZCDVDK1&cx=c&gtm=4e5c90

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.196.104 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s35-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

67bbd68b1adecd28d34e0c8bcab5c94e8c26bbd8a14efc89d539a7f1df2042d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
content-encoding: zstd
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Wed, 10 Dec 2025 01:17:50 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 148270
date: Wed, 10 Dec 2025 01:17:50 GMT
x-xss-protection: 0
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Google Tag Manager
access-control-allow-headers: Cache-Control

POST
H2 204 collect
analytics.google.com/g/ 0
0 231ms
77ms Fetch
text/plain 216.239.34.181
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-N394QBRGC0&gtm=45je5c90v897965293za200zd897965293&_p=1765329469745&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&cid=1890991025.1765329470&ul=zh-tw&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391253~115583767~115938465~115938468~116184927~116184929~116217636~116217638~116251938~116251940&sid=1765329470&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2FY3gKxl&dt=word-PT0777&en=page_view&_fv=1&_ss=1&_ee=1&tfd=2114
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.34.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:171:0
report-to: {"group":"ascnsrsggc:171:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:171:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://reurl.cc
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:171:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 10 Dec 2025 01:17:50 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
544 B 228ms
75ms Ping
text/plain 142.251.8.157
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-N394QBRGC0&cid=1890991025.1765329470&gtm=45je5c90v897965293za200zd897965293&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391253~115583767~115938465~115938468~116184927~116184929~116217636~116217638~116251938~116251940
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.8.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: tb-in-f157.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:139:0
report-to: {"group":"ascnsrsggc:139:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:139:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://reurl.cc
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:139:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 10 Dec 2025 01:17:50 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 423 KB
143 KB 151ms
150ms Script
application/javascript 142.250.196.104
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-S9B9ZLEX4D&cx=c&gtm=4e5c90

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.196.104 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s35-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

eeca7deee8321a978d32697228bf627d7d8f9265cfee1c84dc5de42b44aa4311

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
content-encoding: zstd
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Wed, 10 Dec 2025 01:17:50 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 146298
date: Wed, 10 Dec 2025 01:17:50 GMT
x-xss-protection: 0
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Google Tag Manager
access-control-allow-headers: Cache-Control

GET
H2 200 ga-audiences
www.google.com.tw/ads/ 42 B
107 B 417ms
155ms Image
image/gif 142.251.42.163
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://www.google.com.tw/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-N394QBRGC0&cid=1890991025.1765329470&gtm=45je5c90v897965293za200zd897965293&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391253~115583767~115938465~115938468~116184927~116184929~116217636~116217638~116251938~116251940&z=1769842336

Requested by

Host: reurl.cc
URL: https://reurl.cc/Y3gKxl

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.42.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s46-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Wed, 10 Dec 2025 01:17:51 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

POST
H2 204 collect
analytics.google.com/g/ 0
0 173ms
78ms Fetch
text/plain 216.239.34.181
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-S9B9ZLEX4D&gtm=45je5c90v9235665865za200zb897965293zd897965293&_p=1765329469745&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&cid=1890991025.1765329470&ul=zh-tw&sr=1600x1200&_ng=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&tag_exp=103116026~103200004~104527907~104528500~104684208~104684211~105391252~115583767~115938465~115938468~116184927~116184929~116217636~116217638~116251938~116251940&sid=1765329470&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2FY3gKxl&dt=word-PT0777&en=page_view&_fv=1&_ss=1&_ee=1&tfd=2172
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S9B9ZLEX4D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.34.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:171:0
report-to: {"group":"ascnsrsggc:171:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:171:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://reurl.cc
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:171:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 10 Dec 2025 01:17:50 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
57 B 170ms
76ms Ping
text/plain 142.251.8.157
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&_ng=1&tid=G-S9B9ZLEX4D&cid=1890991025.1765329470&gtm=45je5c90v9235665865za200zb897965293zd897965293&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=103116026~103200004~104527907~104528500~104684208~104684211~105391252~115583767~115938465~115938468~116184927~116184929~116217636~116217638~116251938~116251940
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S9B9ZLEX4D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.8.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: tb-in-f157.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:139:0
report-to: {"group":"ascnsrsggc:139:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:139:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://reurl.cc
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:139:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 10 Dec 2025 01:17:50 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 ga-audiences
www.google.com.tw/ads/ 42 B
408 B 357ms
154ms Image
image/gif 142.251.42.163
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://www.google.com.tw/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ng=1&tid=G-S9B9ZLEX4D&cid=1890991025.1765329470&gtm=45je5c90v9235665865za200zb897965293zd897965293&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=103116026~103200004~104527907~104528500~104684208~104684211~105391252~115583767~115938465~115938468~116184927~116184929~116217636~116217638~116251938~116251940&z=1718216194

Requested by

Host: reurl.cc
URL: https://reurl.cc/Y3gKxl

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.42.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s46-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Wed, 10 Dec 2025 01:17:51 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

POST
H2 204 collect
analytics.google.com/g/ 0
0 128ms
78ms Fetch
text/plain 216.239.34.181
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-ZDFZCDVDK1&gtm=45je5c90v9181474282za200zb897965293zd897965293&_p=1765329469745&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&cid=1890991025.1765329470&ecid=1160555381&ul=zh-tw&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&ec_mode=a&_s=1&tag_exp=103116026~103200004~104527907~104528500~104684208~104684211~105391252~115583767~115938465~115938469~116184927~116184929~116217636~116217638~116251938~116251940&sid=1765329470&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2FY3gKxl&dt=word-PT0777&en=page_view&_fv=1&_ss=1&_ee=1&tfd=2217
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZDFZCDVDK1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.34.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:171:0
report-to: {"group":"ascnsrsggc:171:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:171:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://reurl.cc
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:171:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 10 Dec 2025 01:17:50 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
57 B 76ms
75ms Ping
text/plain 142.251.8.157
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-ZDFZCDVDK1&cid=1890991025.1765329470&gtm=45je5c90v9181474282za200zb897965293zd897965293&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=103116026~103200004~104527907~104528500~104684208~104684211~105391252~115583767~115938465~115938469~116184927~116184929~116217636~116217638~116251938~116251940
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZDFZCDVDK1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.8.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: tb-in-f157.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:139:0
report-to: {"group":"ascnsrsggc:139:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:139:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://reurl.cc
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:139:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 ga-audiences
www.google.com.tw/ads/ 42 B
107 B 214ms
156ms Image
image/gif 142.251.42.163
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://www.google.com.tw/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-ZDFZCDVDK1&cid=1890991025.1765329470&gtm=45je5c90v9181474282za200zb897965293zd897965293&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=103116026~103200004~104527907~104528500~104684208~104684211~105391252~115583767~115938465~115938469~116184927~116184929~116217636~116217638~116251938~116251940&z=715595751

Requested by

Host: reurl.cc
URL: https://reurl.cc/Y3gKxl

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.42.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s46-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Wed, 10 Dec 2025 01:17:51 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 128002626 Show response
fundingchoicesmessages.google.com/i/ 215 KB
69 KB 463ms
193ms Script
application/javascript 142.250.194.78
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/128002626?ers=3

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.194.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcnrta-bb-in-f14.1e100.net

Software

ESF /

Resource Hash

bde4aaa41e8f51d32ec0684f649d12438b4b299ae8024e94f7c614868164e76b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-tYTDq0XXk8CVLNN11obVjQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjmsGoxSXF4K0hxdB68xzrZCDuWnSedQYQGypcYrUH4g_1l1l_AHGRxBXWBiD-VHWDVaD6BmsS-03WAiA287vNagfE1e5ebM1AbOvvw-YKxN-KfdlYSnzZ9v33ZTsGxHtz_NiOAnFmpx9bIRDrbPZjMwHi83v92K4D8eqbfmybgXiFlz_bBiAW4uHYP-XxSTaBFWu_7mJU0kjKL4xPzs8rKcpMKi3JL0pLTkstTi0qSy2KNzIwMjU0MrDQMzCNLzAAAKR3TjE"
content-security-policy: script-src 'report-sample' 'nonce-tYTDq0XXk8CVLNN11obVjQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H3 200 /
www.facebook.com/privacy_sandbox/topics/registration/ 67 B
0 426ms
286ms Fetch
image/png 31.13.82.36
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://www.facebook.com/privacy_sandbox/topics/registration/?id=1675200226052423

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/signals/config/1675200226052423?v=2.9.245&r=stable&domain=reurl.cc&hme=50bab31bbf5151cee3dcfa74ffeee9e761f22c9be18302d6c4b433b0d72b4e00&ex_m=94%2C156%2C134%2C20%2C67%2C68%2C127%2C63%2C43%2C128%2C72%2C62%2C10%2C141%2C80%2C15%2C93%2C28%2C122%2C115%2C70%2C73%2C121%2C138%2C102%2C143%2C7%2C3%2C4%2C6%2C5%2C2%2C81%2C91%2C144%2C223%2C167%2C57%2C225%2C226%2C50%2C182%2C27%2C69%2C231%2C230%2C170%2C30%2C56%2C9%2C59%2C87%2C88%2C89%2C95%2C118%2C29%2C26%2C120%2C117%2C116%2C135%2C71%2C137%2C136%2C45%2C55%2C111%2C14%2C140%2C40%2C212%2C214%2C177%2C23%2C24%2C25%2C17%2C18%2C39%2C35%2C37%2C36%2C76%2C82%2C86%2C100%2C126%2C129%2C41%2C101%2C21%2C19%2C107%2C64%2C33%2C131%2C130%2C132%2C123%2C22%2C32%2C54%2C99%2C139%2C65%2C16%2C133%2C104%2C31%2C192%2C163%2C283%2C210%2C154%2C195%2C188%2C164%2C97%2C119%2C75%2C109%2C49%2C42%2C108%2C114%2C53%2C60%2C113%2C44%2C103%2C48%2C51%2C47%2C90%2C142%2C0%2C112%2C13%2C110%2C11%2C1%2C52%2C83%2C58%2C61%2C106%2C79%2C78%2C145%2C146%2C84%2C85%2C8%2C92%2C46%2C124%2C77%2C74%2C66%2C105%2C96%2C38%2C125%2C34%2C98%2C12%2C147

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.36 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-nrt1.facebook.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'nonce-uMxnv3OJ' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;child-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net accounts.meta.com .accounts.meta.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;manifest-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;object-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

access-control-expose-headers: X-FB-Debug, X-Loader-Length, X-Stack, Error-MID
content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7582032345948777054&cpp=C3&cv=1030855194&st=1765329471280"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
observe-browsing-topics: ?1
expires: Sat, 01 Jan 2000 00:00:00 GMT
access-control-allow-methods: OPTIONS
alt-svc: h3=":443"; ma=86400
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: image/png
vary: Origin, Accept-Encoding
x-fb-debug: rclyKDQbg9hjufc/wNmyMErmxagsobcC4HhEGRyHoiXFm2f/m0To1NWl+Zooa2gKUpovE5dXD9gZXFr3qWR1hw==
priority: u=1,i
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7582032345948777054&cpp=C3&cv=1030855194&st=1765329471280", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-uMxnv3OJ' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: GOOD; q=0.7, rtt=137, rtx=0, c=27, mss=1232, tbw=8931, tp=17, tpl=0, uplat=147, ullat=0
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
pragma: no-cache
cross-origin-resource-policy: same-origin
access-control-allow-credentials: true
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self "https://www.fbsbx.com"), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: *
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H3 200 /
www.facebook.com/tr/ 0
16 B 294ms
146ms Image
text/plain 31.13.82.36
FACEBOOK

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1675200226052423&ev=PageView&dl=https%3A%2F%2Freurl.cc%2FY3gKxl&rl=&if=false&ts=1765329470994&sw=1600&sh=1200&v=2.9.245&r=stable&ec=0&o=4124&fbp=fb.1.1765329470992.592461067981808392&cs_est=true&ler=empty&cdl=API_unavailable&plt=1259.6999969482422&it=1765329470506&coo=false&exp=s1&expv2[0]=pl0&expv2[1]=el3&expv2[2]=bc1&expv2[3]=mr0&expv2[4]=ct0&rqm=GET

Requested by

Host: reurl.cc
URL: https://reurl.cc/Y3gKxl

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.36 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-nrt1.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: GOOD; q=0.7, rtt=145, rtx=0, c=24, mss=1232, tbw=8527, tp=13, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=3,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
199 B 480ms
336ms Image
image/png 31.13.82.36
FACEBOOK

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1675200226052423&ev=PageView&dl=https%3A%2F%2Freurl.cc%2FY3gKxl&rl=&if=false&ts=1765329470994&sw=1600&sh=1200&v=2.9.245&r=stable&ec=0&o=4124&fbp=fb.1.1765329470992.592461067981808392&cs_est=true&ler=empty&cdl=API_unavailable&plt=1259.6999969482422&it=1765329470506&coo=false&exp=s1&expv2[0]=pl0&expv2[1]=el3&expv2[2]=bc1&expv2[3]=mr0&expv2[4]=ct0&rqm=FGET

Requested by

Host: reurl.cc
URL: https://reurl.cc/Y3gKxl

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.36 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-nrt1.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'nonce-GGMGsyDR' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;child-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net accounts.meta.com .accounts.meta.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;manifest-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;object-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7582032345345552544&cpp=C3&cv=1030855194&st=1765329471300"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: ZgnzvaKmMjGoPuPxFBvYL5CCRc68dUgzxAkMt6qQt9uvEiLEK9iVyrO/aT5wTXCYQO0ZY84C2ZLjiqlmxiwOWw==
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7582032345345552544&cpp=C3&cv=1030855194&st=1765329471300", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-GGMGsyDR' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: GOOD; q=0.7, rtt=144, rtx=0, c=27, mss=1232, tbw=9593, tp=22, tpl=0, uplat=189, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self "https://www.fbsbx.com"), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame 571C 37 B
408 B 75ms
75ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e77acc18e876190207af5099bdef42b75975e932cd70a86a643fcf7708f82b6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

strict-transport-security: max-age=0
cache-control: no-cache, private
content-encoding: gzip
access-control-allow-credentials: true
access-control-allow-origin: https://cdn.holmesmind.com
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Origin
server: nginx

GET
H3 200 UXtr_j2Fwe-.png
static.xx.fbcdn.net/rsrc.php/v4/yw/r/ Frame 3313 573 B
716 B 146ms
144ms Image
image/png 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v4/yw/r/UXtr_j2Fwe-.png

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v5/yE/l/1,cross/iXGJEr7Orjl.css

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

96e3e8dfde6b1042514824bac1b44282d4a76bac028f2d767f6534dce2cf3db0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://static.xx.fbcdn.net/rsrc.php/v5/yE/l/1,cross/iXGJEr7Orjl.css

Response headers

content-md5: 07aG/2AEtDHVAZ5LUajMDQ==
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Wed, 02 Dec 2026 22:56:53 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: image/png
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: blTjacw4DOu2cdGkT8+8fgpmU5CjFW3wmxTUqR7+n73IFU+k7BptLtr2PVKn0SbCdgK3SorY+6NALNi0ldHqeg==
priority: u=3,i
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: UNKNOWN; q=-1, rtt=-1, rtx=0, c=20, mss=1232, tbw=2332, tp=5, tpl=0, uplat=0, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: *
content-length: 573
origin-agent-cluster: ?1

GET
H2 200 ads.js Show response
ad.holmesmind.com/adserver/ Frame 4D86 4 KB
1 KB 163ms
162ms Script
text/html 18.176.230.233
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ad.holmesmind.com/adserver/ads.js?z=18535&rf=https%3A%2F%2Freurl.cc%2FY3gKxl&n=118&o=4&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=8658-reQdZAdzZIQNADjILGPq0SAik0IKuidN&fp_uuid=8658-0ddf25b156dc4736a45ffdeb192d2dc0&initver=230627P
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.176.230.233 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-176-230-233.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: ef8e92bc69e8abe2ac6875a06ad69f0a27f423a7e0e8aab6d2e78a4b8827570c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

access-control-allow-origin: https://reurl.cc
content-encoding: gzip
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx
access-control-allow-credentials: true

GET
H2 200 ads.js Show response
ad.holmesmind.com/adserver/ Frame E217 3 KB
1 KB 183ms
180ms Script
text/html 18.176.230.233
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ad.holmesmind.com/adserver/ads.js?z=14210&rf=https%3A%2F%2Freurl.cc%2FY3gKxl&n=137&o=4&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=8658-reQdZAdzZIQNADjILGPq0SAik0IKuidN&fp_uuid=8658-0ddf25b156dc4736a45ffdeb192d2dc0&initver=230627P
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.176.230.233 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-176-230-233.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 37b2a05bd0a69613b8e5b988ef5789b6e4904393f70477c82132d165026edd26

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

access-control-allow-origin: https://reurl.cc
content-encoding: gzip
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx
access-control-allow-credentials: true

GET
H2 200 rtbhouseV2.js Show response
cdn.holmesmind.com/js/ Frame E217 3 KB
3 KB 152ms
149ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b97b6a79b734e9323aa8c3847d0b2a1bb5db32fc6a7df92ac69653d1c8ba13c5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: BhYfibf8ln9C4F8AF59WvZqelYblDtF0
etag: "519bf06eca29382b4ee4cc4f1dace214"
age: 18
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 2905
x-amz-cf-id: tAVV2p-YNZU7Y1Dn_T9u4wimr_-NwKpg5_TRswJx7lvZRKooffqApQ==
date: Wed, 10 Dec 2025 01:17:34 GMT
content-type: application/javascript
last-modified: Mon, 04 Sep 2023 03:28:50 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 publishertag.js Show response
static.criteo.net/js/ld/ Frame E217 129 KB
46 KB 410ms
134ms Script
text/javascript 182.161.74.47
CRITEO-AS-AP Crit...

General

Check archive.org

Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.74.47 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

10ce9b3c5545fc3da53d8b996c68090c2e89dd375d3ace4ce0cc348a26ec9235

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: public, max-age=86400
timing-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
expires: Thu, 11 Dec 2025 01:17:51 GMT
access-control-allow-origin: *
date: Wed, 10 Dec 2025 01:17:50 GMT
content-type: text/javascript
vary: x-geo-country, Accept-Encoding
server: Kestrel

GET
H2 200 criteoV2.js Show response
cdn.holmesmind.com/js/ Frame E217 3 KB
4 KB 165ms
162ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/criteoV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cef005a7925817203365e696b47631a1bb7741d6b22f19399f5b958069a09eda

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: ScZOn53LDZH9EqQBQtTybn_n.yFFnixh
etag: "13519f9e63c9828d93a698c47992e115"
age: 15
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 3197
x-amz-cf-id: Uk0iJca0YngjnZMWS9O7GvEKZPycJAQ-y5nhhCAp5gPevN75uGHPcg==
date: Wed, 10 Dec 2025 01:17:37 GMT
content-type: application/javascript
last-modified: Thu, 27 Jul 2023 02:29:01 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 bridgewellV3.js Show response
cdn.holmesmind.com/js/ Frame E217 3 KB
4 KB 165ms
162ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f3c5e5a0064eec4419f514718f35b3eb4ff163a77ebf16445041f5498a84638b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: DID93KRiG7PHJMF22E9BP3B26tce7ZQK
etag: "41ecd67a1e57b2a3aa7cf0c876da0a59"
age: 15
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 3470
x-amz-cf-id: QRU_l5i-rF7YlOK_oc3xc1WyN99Etxdog1I58k12AvjpvhWapW9NzA==
date: Wed, 10 Dec 2025 01:17:37 GMT
content-type: application/javascript
last-modified: Mon, 02 Oct 2023 08:50:04 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 appier_mainV3.js Show response
cdn.holmesmind.com/js/ Frame E217 5 KB
6 KB 160ms
158ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/appier_mainV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8f73a10773dae7dadd7ca1e735ae7da6028aca748f9d01cff8aeebb462767c6e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: ku3H1MOUSfLuWtW9r59UrEXWrMCJMqc1
etag: "ec9ddd169f5fd01f28f9b31866cd4701"
age: 18
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 5467
x-amz-cf-id: 9hF9lp51uJEdno16ho1-ohnPUWm5kH30dOokIuSv6PxV7eF-6l-PhQ==
date: Wed, 10 Dec 2025 01:17:34 GMT
content-type: application/javascript
last-modified: Tue, 14 Nov 2023 14:15:25 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 teads_mainV3.js Show response
cdn.holmesmind.com/js/ Frame E217 46 KB
46 KB 165ms
163ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/teads_mainV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6d4c444108925dc2ec8fe761f55a6760241c123740591e1348f0f94a653a3985

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: 0GyqAf7LKhNiqEjX8VRsAWlYH_I2gXHI
etag: "a7e4fcfdedcaf972df92c41e4c9dc6b0"
age: 15
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 46892
x-amz-cf-id: 6SBrPW5OVD7ZMy0rRqy-ebbdNSxaQNw4sLLYEWaT2dhtufpSgdf3Dw==
date: Wed, 10 Dec 2025 01:17:37 GMT
content-type: application/javascript
last-modified: Thu, 16 May 2024 06:07:06 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 ucfunnel.js Show response
cdn.holmesmind.com/js/ Frame E217 2 KB
3 KB 173ms
171ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/ucfunnel.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6215cea030001547475bd19ec624e50c85af367309e115d7813ae4eaff664d32

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: 7FnOHKe__pwg0dVwIyTfAcdImUIZ6pwv
etag: "8ebabc4e0b1d40fe52514166c7db7048"
age: 15
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 2166
x-amz-cf-id: pySvCRmUoUkGTrVoikOeGd_he4tFmYv3VbnZBZQ1fX20zeVr5BiZ-A==
date: Wed, 10 Dec 2025 01:17:37 GMT
content-type: application/javascript
last-modified: Fri, 21 Jul 2023 03:54:43 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 ads.js Show response
ad.holmesmind.com/adserver/ Frame C895 4 KB
2 KB 147ms
146ms Script
text/html 18.176.230.233
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ad.holmesmind.com/adserver/ads.js?z=22213&rf=https%3A%2F%2Freurl.cc%2FY3gKxl&n=759&o=4&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=8658-reQdZAdzZIQNADjILGPq0SAik0IKuidN&fp_uuid=8658-0ddf25b156dc4736a45ffdeb192d2dc0&initver=230627P
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.176.230.233 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-176-230-233.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 484e1b0d45ee110fb8e45337e56374b6f54f671c0e0fde8efa4ea10635a69ea3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

access-control-allow-origin: https://reurl.cc
content-encoding: gzip
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx
access-control-allow-credentials: true

GET
H2 200 ads.js Show response
ad.holmesmind.com/adserver/ Frame BFAA 23 KB
4 KB 148ms
147ms Script
text/html 18.176.230.233
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ad.holmesmind.com/adserver/ads.js?z=13861&rf=https%3A%2F%2Freurl.cc%2FY3gKxl&n=658&o=4&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=8658-reQdZAdzZIQNADjILGPq0SAik0IKuidN&fp_uuid=8658-0ddf25b156dc4736a45ffdeb192d2dc0&initver=230627P
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.176.230.233 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-176-230-233.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6f10c38220b1bc16b1b899eab0e20e9509cbb5dd0d35182155248593c3a04493

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

access-control-allow-origin: https://reurl.cc
content-encoding: gzip
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx
access-control-allow-credentials: true

GET
H3 200 -SHiuVCQD1Y.js Show response
static.xx.fbcdn.net/rsrc.php/v4/yu/r/ Frame 3313 241 KB
68 KB 138ms
138ms Script
application/x-javascript 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v4/yu/r/-SHiuVCQD1Y.js

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v4/yg/r/ME_OMQjzbIX.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

5191041582e8314aaaf06091d46eb703b2a32ff8ae59c38146d221a960b324db

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin: https://www.facebook.com
Referer: https://www.facebook.com/

Response headers

content-md5: p1egVBnCngZmonQ4dvo1Ig==
content-encoding: zstd
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Wed, 09 Dec 2026 20:19:27 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: qjck6TLEPP+2LI8i8xo55M4mBUnYz1NLB11xnrRC9PZYfgUdXDJ7bsZf7mZWP0AA9EsYYtMpoMqqTyAh8xbs8Q==
priority: u=1
vary: Origin
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=135, rtx=0, c=172, mss=1232, tbw=188579, tp=171, tpl=0, uplat=0, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: https://www.facebook.com
content-length: 69106
origin-agent-cluster: ?1

GET
H2 200 emome2 Show response
t.ssp.hinet.net/ Frame 571C 30 B
278 B 77ms
77ms XHR
application/json 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/emome2?u=a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

strict-transport-security: max-age=0
cache-control: no-cache, private
content-encoding: gzip
access-control-allow-credentials: true
access-control-allow-origin: https://cdn.holmesmind.com
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: application/json
vary: Accept-Encoding, Origin
server: nginx

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 571C 343 KB
90 KB 271ms
135ms Script
application/x-javascript 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: fcm2.holmesmind.com
URL: https://fcm2.holmesmind.com/cm.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

1ff40d4951bdd1a0b6edeb873bc5855a9ce130101cc7e17b67d3a1aa5dc402c1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' blob: ;script-src 'nonce-vxUvzO7R' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: 'self' https://.google-analytics.com .google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: .cdninstagram.com https://.google-analytics.com;font-src 'self' data: blob: ;img-src 'self' data: blob: https://.google-analytics.com;media-src 'self' data: blob: ;child-src 'self' data: blob: ;frame-src 'self' data: blob: ;manifest-src 'self' data: blob: ;object-src 'self' data: blob: ;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' blob: *;script-src 'nonce-vxUvzO7R' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=132, rtx=0, c=24, mss=1232, tbw=8752, tp=13, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: ipoRsTNM2sVsOk0+b30Is7jbH5fPRRPLAJsA7Xi7dT8zIDAvFZHadPXwzN2qRqExVl8hd9KJVQC5AmakCyeETw==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
content-length: 91837
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 ads.js Show response
ad.holmesmind.com/adserver/ Frame C6DC 4 KB
2 KB 172ms
166ms Script
text/html 18.176.230.233
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ad.holmesmind.com/adserver/ads.js?z=22214&rf=https%3A%2F%2Freurl.cc%2FY3gKxl&n=710&o=4&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=8658-reQdZAdzZIQNADjILGPq0SAik0IKuidN&fp_uuid=8658-0ddf25b156dc4736a45ffdeb192d2dc0&initver=230627P
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.176.230.233 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-176-230-233.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 41324bf1d673a22b9f8632386858df7cb21341adb6aa9368b75762ff9bca5ccb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

access-control-allow-origin: https://reurl.cc
content-encoding: gzip
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx
access-control-allow-credentials: true

GET
H2 200 ads.js Show response
ad.holmesmind.com/adserver/ Frame 9A13 0
201 B 154ms
151ms Script
text/html 18.176.230.233
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ad.holmesmind.com/adserver/ads.js?z=13860&rf=https%3A%2F%2Freurl.cc%2FY3gKxl&n=200&o=4&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=8658-reQdZAdzZIQNADjILGPq0SAik0IKuidN&fp_uuid=8658-0ddf25b156dc4736a45ffdeb192d2dc0&initver=230627P
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.176.230.233 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-176-230-233.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

access-control-allow-origin: https://reurl.cc
content-encoding: gzip
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx
access-control-allow-credentials: true

GET
H2 200 ads.js Show response
ad.holmesmind.com/adserver/ Frame 3A8F 1 KB
852 B 142ms
142ms Script
text/html 18.176.230.233
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ad.holmesmind.com/adserver/ads.js?z=13858&rf=https%3A%2F%2Freurl.cc%2FY3gKxl&n=571&o=4&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=8658-reQdZAdzZIQNADjILGPq0SAik0IKuidN&fp_uuid=8658-0ddf25b156dc4736a45ffdeb192d2dc0&initver=230627P
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.176.230.233 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-176-230-233.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6bf05736dc22123bfa066f27b5e5b109277ace95dabbc565d185631e1c4404d0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

access-control-allow-origin: https://reurl.cc
content-encoding: gzip
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx
access-control-allow-credentials: true

GET
H2 200 ads.js Show response
ad.holmesmind.com/adserver/ Frame 332C 5 KB
2 KB 256ms
254ms Script
text/html 18.176.230.233
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ad.holmesmind.com/adserver/ads.js?z=14209&rf=https%3A%2F%2Freurl.cc%2FY3gKxl&n=867&o=4&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=8658-reQdZAdzZIQNADjILGPq0SAik0IKuidN&fp_uuid=8658-0ddf25b156dc4736a45ffdeb192d2dc0&initver=230627P
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.176.230.233 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-176-230-233.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: cd6ca974844aaa5b66056d35a60b6bfade3126636a014a5c1840d7fd970542b9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

access-control-allow-origin: https://reurl.cc
content-encoding: gzip
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx
access-control-allow-credentials: true

GET
H2 200 rtbhouseV2.js Show response
cdn.holmesmind.com/js/ Frame 332C 3 KB
0 66ms
66ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b97b6a79b734e9323aa8c3847d0b2a1bb5db32fc6a7df92ac69653d1c8ba13c5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: BhYfibf8ln9C4F8AF59WvZqelYblDtF0
etag: "519bf06eca29382b4ee4cc4f1dace214"
age: 18
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 2905
x-amz-cf-id: tAVV2p-YNZU7Y1Dn_T9u4wimr_-NwKpg5_TRswJx7lvZRKooffqApQ==
date: Wed, 10 Dec 2025 01:17:34 GMT
content-type: application/javascript
last-modified: Mon, 04 Sep 2023 03:28:50 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 publishertag.js Show response
static.criteo.net/js/ld/ Frame 332C 129 KB
0 323ms
323ms Script
text/javascript 182.161.74.47
CRITEO-AS-AP Crit...

General

Check archive.org

Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 182.161.74.47 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),
Reverse DNS
Software: Kestrel /
Resource Hash: 10ce9b3c5545fc3da53d8b996c68090c2e89dd375d3ace4ce0cc348a26ec9235

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: public, max-age=86400
timing-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
expires: Thu, 11 Dec 2025 01:17:51 GMT
access-control-allow-origin: *
date: Wed, 10 Dec 2025 01:17:50 GMT
content-type: text/javascript
vary: x-geo-country, Accept-Encoding
server: Kestrel

GET
H2 200 criteoV2.js Show response
cdn.holmesmind.com/js/ Frame 332C 3 KB
0 79ms
79ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/criteoV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cef005a7925817203365e696b47631a1bb7741d6b22f19399f5b958069a09eda

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: ScZOn53LDZH9EqQBQtTybn_n.yFFnixh
etag: "13519f9e63c9828d93a698c47992e115"
age: 15
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 3197
x-amz-cf-id: Uk0iJca0YngjnZMWS9O7GvEKZPycJAQ-y5nhhCAp5gPevN75uGHPcg==
date: Wed, 10 Dec 2025 01:17:37 GMT
content-type: application/javascript
last-modified: Thu, 27 Jul 2023 02:29:01 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 bridgewellV3.js Show response
cdn.holmesmind.com/js/ Frame 332C 3 KB
0 79ms
79ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f3c5e5a0064eec4419f514718f35b3eb4ff163a77ebf16445041f5498a84638b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: DID93KRiG7PHJMF22E9BP3B26tce7ZQK
etag: "41ecd67a1e57b2a3aa7cf0c876da0a59"
age: 15
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 3470
x-amz-cf-id: QRU_l5i-rF7YlOK_oc3xc1WyN99Etxdog1I58k12AvjpvhWapW9NzA==
date: Wed, 10 Dec 2025 01:17:37 GMT
content-type: application/javascript
last-modified: Mon, 02 Oct 2023 08:50:04 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 appierV2.js Show response
cdn.holmesmind.com/js/ Frame 332C 3 KB
4 KB 211ms
210ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/appierV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2650f0bf9347561322354447171981c0a052401f826695fec1281e29fa16c840

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: L_ytFJI.iZbA3Ys9mJ75ciLmXqmRfuVO
etag: "21253aa5d7ee0c3b700ce5f1a4a1b4d1"
age: 18
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 3446
x-amz-cf-id: lZYUO4Bb4vWc_SdJEo-sNQtv7eWZNr76RQpwFzM-iKmsmX7kRnkY7g==
date: Wed, 10 Dec 2025 01:17:34 GMT
content-type: application/javascript
last-modified: Thu, 14 Dec 2023 06:52:43 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 appier_mainV3.js Show response
cdn.holmesmind.com/js/ Frame 332C 5 KB
0 74ms
74ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/appier_mainV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8f73a10773dae7dadd7ca1e735ae7da6028aca748f9d01cff8aeebb462767c6e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: ku3H1MOUSfLuWtW9r59UrEXWrMCJMqc1
etag: "ec9ddd169f5fd01f28f9b31866cd4701"
age: 18
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 5467
x-amz-cf-id: 9hF9lp51uJEdno16ho1-ohnPUWm5kH30dOokIuSv6PxV7eF-6l-PhQ==
date: Wed, 10 Dec 2025 01:17:34 GMT
content-type: application/javascript
last-modified: Tue, 14 Nov 2023 14:15:25 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 prebid_mainV3.js Show response
cdn.holmesmind.com/js/ Frame 332C 3 KB
4 KB 219ms
219ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/prebid_mainV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 979da208bbb4e7e775544f9ea351afe3cae32b74ca9b980e05762c5b0533fe17

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: qFW_bhDMYXaROfK7pGZd0YtcGDNChS4b
etag: "3a64d41cf3ddc5d6b7a060ad46bee403"
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: RefreshHit from cloudfront
content-length: 3414
x-amz-cf-id: 6hhbJgA_FHQzkgl5Dh10Mfs-W2iJYH_GWPieZe-VXt4KLpxTfXHm-w==
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: application/javascript
last-modified: Fri, 14 Jul 2023 03:27:51 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H3 200 gpt
securepubads.g.doubleclick.net/pagead/managed/dict/m202512040101/ 64 KB
22 KB 148ms
147ms Other
text/plain 142.250.194.194
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/dict/m202512040101/gpt

Requested by

Host: reurl.cc
URL: https://reurl.cc/Y3gKxl

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.194.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcnrta-bk-in-f2.1e100.net

Software

cafe /

Resource Hash

8d23693251d0923a21dba7083e1e3a58a18123b146cebbcefb828e1caa7c3aa3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: br
etag: 4740477158928784528
age: 33384
x-content-type-options: nosniff
expires: Tue, 16 Dec 2025 16:01:27 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Tue, 09 Dec 2025 16:01:27 GMT
content-type: text/plain; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=604800, stale-while-revalidate=7200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 22756
x-xss-protection: 0
server: cafe
use-as-dictionary: match="/gampad/ads", id="m202512040101"

GET
H2 200 drawV2.js Show response
cdn.holmesmind.com/js/ Frame C895 13 KB
13 KB 176ms
175ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/drawV2.js
Requested by: Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=22213&rf=https%3A%2F%2Freurl.cc%2FY3gKxl&n=759&o=4&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=8658-reQdZAdzZIQNADjILGPq0SAik0IKuidN&fp_uuid=8658-0ddf25b156dc4736a45ffdeb192d2dc0&initver=230627P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 31b4d2ac4928b0129a5a969594be92783dbbb13112dd350f128de1b8d7215f30

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: MSt.illVoQb3pO8IADvHgNboFaeniBxV
etag: "dcf480340ca4b65dc9aa76bd9e677036"
age: 20
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 13033
x-amz-cf-id: WQ86U3xoTSUzEnupCBCn3LR7R7LQn3Enb6yNhrJu-kcCQ2azh48iMQ==
date: Wed, 10 Dec 2025 01:17:32 GMT
content-type: application/javascript
last-modified: Tue, 19 Dec 2023 06:01:02 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 f.js Show response
cdn.holmesmind.com/js/ Frame C895 12 KB
12 KB 193ms
192ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/f.js
Requested by: Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=22213&rf=https%3A%2F%2Freurl.cc%2FY3gKxl&n=759&o=4&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=8658-reQdZAdzZIQNADjILGPq0SAik0IKuidN&fp_uuid=8658-0ddf25b156dc4736a45ffdeb192d2dc0&initver=230627P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f8bcd058a4fbee6f8b68a5ff2930470c1890fc714914c226cf950b4e11ffdcdb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: I0L11em9y2rEWUbgZZxQXYLhoIMX8Pv6
etag: "1d98c42a6ebd67d5137147fbb5ad912f"
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: RefreshHit from cloudfront
content-length: 12254
x-amz-cf-id: NwK4fBI8LBKBgjrL5RnBSk_Adc44sRFnfaXH9UL_LK0TNCOjgB83TA==
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: application/javascript
last-modified: Fri, 14 Jun 2024 08:45:07 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 drawV2.js Show response
cdn.holmesmind.com/js/ Frame BFAA 13 KB
0 174ms
174ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/drawV2.js
Requested by: Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=13861&rf=https%3A%2F%2Freurl.cc%2FY3gKxl&n=658&o=4&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=8658-reQdZAdzZIQNADjILGPq0SAik0IKuidN&fp_uuid=8658-0ddf25b156dc4736a45ffdeb192d2dc0&initver=230627P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 31b4d2ac4928b0129a5a969594be92783dbbb13112dd350f128de1b8d7215f30

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: MSt.illVoQb3pO8IADvHgNboFaeniBxV
etag: "dcf480340ca4b65dc9aa76bd9e677036"
age: 20
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 13033
x-amz-cf-id: WQ86U3xoTSUzEnupCBCn3LR7R7LQn3Enb6yNhrJu-kcCQ2azh48iMQ==
date: Wed, 10 Dec 2025 01:17:32 GMT
content-type: application/javascript
last-modified: Tue, 19 Dec 2023 06:01:02 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

POST
H2 204 bids Show response
prebid-asia.creativecdn.com/bidder/prebid/ Frame E217 0
171 B 364ms
120ms XHR
text/plain 103.132.192.30
RTBHOUSE-AS-AP RT...

General

Check archive.org

Download Go to

Full URL: https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS: ip-103-132-192-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://reurl.cc/

Response headers

access-control-max-age: 3600
access-control-allow-origin: https://reurl.cc
date: Wed, 10 Dec 2025 01:17:51 GMT
vary: Origin
access-control-allow-credentials: true
access-control-allow-methods: POST

GET
H2 200 drawV2.js Show response
cdn.holmesmind.com/js/ Frame 4D86 13 KB
0 165ms
164ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/drawV2.js
Requested by: Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=18535&rf=https%3A%2F%2Freurl.cc%2FY3gKxl&n=118&o=4&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=8658-reQdZAdzZIQNADjILGPq0SAik0IKuidN&fp_uuid=8658-0ddf25b156dc4736a45ffdeb192d2dc0&initver=230627P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 31b4d2ac4928b0129a5a969594be92783dbbb13112dd350f128de1b8d7215f30

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: MSt.illVoQb3pO8IADvHgNboFaeniBxV
etag: "dcf480340ca4b65dc9aa76bd9e677036"
age: 20
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 13033
x-amz-cf-id: WQ86U3xoTSUzEnupCBCn3LR7R7LQn3Enb6yNhrJu-kcCQ2azh48iMQ==
date: Wed, 10 Dec 2025 01:17:32 GMT
content-type: application/javascript
last-modified: Tue, 19 Dec 2023 06:01:02 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 f.js Show response
cdn.holmesmind.com/js/ Frame 4D86 12 KB
0 182ms
182ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/f.js
Requested by: Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=18535&rf=https%3A%2F%2Freurl.cc%2FY3gKxl&n=118&o=4&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=8658-reQdZAdzZIQNADjILGPq0SAik0IKuidN&fp_uuid=8658-0ddf25b156dc4736a45ffdeb192d2dc0&initver=230627P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f8bcd058a4fbee6f8b68a5ff2930470c1890fc714914c226cf950b4e11ffdcdb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: I0L11em9y2rEWUbgZZxQXYLhoIMX8Pv6
etag: "1d98c42a6ebd67d5137147fbb5ad912f"
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: RefreshHit from cloudfront
content-length: 12254
x-amz-cf-id: NwK4fBI8LBKBgjrL5RnBSk_Adc44sRFnfaXH9UL_LK0TNCOjgB83TA==
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: application/javascript
last-modified: Fri, 14 Jun 2024 08:45:07 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

POST
H2

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame E217
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=oAYDJwSUAPePTRYyP8o4aQ

2 B
159 B

80ms
78ms

XHR
application/json

35.190.36.98
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=oAYDJwSUAPePTRYyP8o4aQ
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: H2
Server: 35.190.36.98 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 98.36.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: no-store
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
access-control-allow-credentials: true
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
via: 1.1 google
access-control-allow-origin: null
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: application/json; charset=utf-8

Redirect headers

Cache-Control: no-store
Location: https://ad2.apx.appier.net/v1/prebid/bid?acid=oAYDJwSUAPePTRYyP8o4aQ
Accept-Ch: Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: null
Content-Length: 0
P3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Wed, 10 Dec 2025 01:17:51 GMT
Server: nginx

POST
H2

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame 332C
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=UTAcQrrFBGqoVd3BP8o4aQ

2 B
130 B

120ms
119ms

XHR
application/json

35.190.36.98
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=UTAcQrrFBGqoVd3BP8o4aQ
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: H2
Server: 35.190.36.98 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 98.36.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: no-store
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
access-control-allow-credentials: true
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
via: 1.1 google
access-control-allow-origin: null
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: application/json; charset=utf-8

Redirect headers

Cache-Control: no-store
Location: https://ad2.apx.appier.net/v1/prebid/bid?acid=UTAcQrrFBGqoVd3BP8o4aQ
Accept-Ch: Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: null
Content-Length: 0
P3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Wed, 10 Dec 2025 01:17:51 GMT
Server: nginx

POST
H2

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame 332C
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=wRdhLt_7BuauiXaqP8o4aQ

2 B
129 B

80ms
76ms

XHR
application/json

35.190.36.98
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=wRdhLt_7BuauiXaqP8o4aQ
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: H2
Server: 35.190.36.98 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 98.36.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: no-store
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
access-control-allow-credentials: true
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
via: 1.1 google
access-control-allow-origin: null
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: application/json; charset=utf-8

Redirect headers

Cache-Control: no-store
Location: https://ad2.apx.appier.net/v1/prebid/bid?acid=wRdhLt_7BuauiXaqP8o4aQ
Accept-Ch: Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: null
Content-Length: 0
P3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Wed, 10 Dec 2025 01:17:51 GMT
Server: nginx

GET
H3 200 / Show response
www.facebook.com/platform/plugin/tab/renderer/ Frame 3313 73 KB
18 KB 426ms
425ms XHR
application/x-javascript 31.13.82.36
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://www.facebook.com/platform/plugin/tab/renderer/?key=timeline&config_json=%7B%22app_id%22%3A%22776730922422337%22%2C%22href%22%3A%22https%3A%2F%2Fwww.facebook.com%2Freurl.cc%2F%22%2C%22width%22%3A340%2C%22height%22%3A500%2C%22has_cta%22%3Atrue%2C%22has_small_header%22%3Afalse%2C%22has_adapt_container_width%22%3Atrue%2C%22has_cover%22%3Atrue%2C%22has_posts%22%3Afalse%2C%22tabs%22%3A%22timeline%22%2C%22can_personalize%22%3Afalse%2C%22is_xfbml%22%3Afalse%2C%22referer_uri%22%3A%22https%3A%2F%2Freurl.cc%2F%22%7D&fb_dtsg_ag&__user=0&__a=1&__req=1&__hs=20432.BP%3Aplugin_default_pkg.2.0...0&dpr=1&__ccg=MODERATE&__rev=1030855194&__s=%3A%3Abquq9i&__hsi=7582032341452171210&__dyn=7wKxa13wt8K2Wmh0Sw8W5U4e1Fx-ewpU3WwvE3vx609vCwjE0AC1xwEw7Bx61vw5zw78w5Uw64w8W1uw2oE17U2ZwrU1Xo1UU3jwea&__sp=1&__jssesw=1

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v4iEpO4/yA/l/zh_TW-j/kk6p_7AfzQ4.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.36 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-nrt1.facebook.com

Software

Resource Hash

7f7a536dddeaf9021bb9ceddbdd35ec99076de33df95e24a6c90ab18040ae8fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

X-ASBD-ID: 359341
X-FB-LSD: LpTFM9jck_b1iV_sP5mgVJ
Referer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Freurl.cc%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7582032344967554715&cpp=C3&cv=1030855194&st=1765329471414"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
x-fb-debug: frbmyqqncTU6xVqUSf3myOVtFl4WsffsqMJ5OqoO1W4L3o/P+sSa6GEqCxCSBqC1Rjw1Udj07LbPXi42fcBbsw==
priority: u=1,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7582032344967554715&cpp=C3&cv=1030855194&st=1765329471414", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
cache-control: private, no-cache, no-store, must-revalidate
x-fb-connection-quality: GOOD; q=0.7, rtt=144, rtx=0, c=40, mss=1232, tbw=28047, tp=38, tpl=0, uplat=281, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self "https://www.fbsbx.com"), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
origin-agent-cluster: ?1

POST
H3 200 / Show response
www.facebook.com/platform/plugin/page/logging/ Frame 3313 94 B
224 B 282ms
281ms XHR
application/x-javascript 31.13.82.36
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://www.facebook.com/platform/plugin/page/logging/

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v4iEpO4/yA/l/zh_TW-j/kk6p_7AfzQ4.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.36 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-nrt1.facebook.com

Software

Resource Hash

26b386296dbe8cdb2a87240868b54301c2338b678b132ddeed3d667a728d0762

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

X-ASBD-ID: 359341
X-FB-LSD: LpTFM9jck_b1iV_sP5mgVJ
Referer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Freurl.cc%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-expose-headers: X-FB-Debug, X-Loader-Length, X-Stack, Error-MID
content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7582032345954605922&cpp=C3&cv=1030855194&st=1765329471414"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
access-control-allow-methods: OPTIONS
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: application/x-javascript; charset=utf-8
vary: Origin, Accept-Encoding
x-fb-debug: XKPHf7DsTfzVRHgb3kgfr3hS0TLaE6pzC/lHVEwXTWAh9jpa43ysrqPZoO6C4qZ+cHcUgoBzw+4IoFrLo45DBg==
priority: u=1,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7582032345954605922&cpp=C3&cv=1030855194&st=1765329471414", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
cache-control: private, no-cache, no-store, must-revalidate
x-fb-connection-quality: GOOD; q=0.7, rtt=145, rtx=0, c=40, mss=1232, tbw=26911, tp=37, tpl=0, uplat=138, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self "https://www.fbsbx.com"), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?1

GET
H3 200 xgVgalBG80z.png
static.xx.fbcdn.net/rsrc.php/v4/yH/r/ Frame 3313 1 KB
1 KB 144ms
144ms Image
image/png 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v4/yH/r/xgVgalBG80z.png

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v5/yE/l/1,cross/iXGJEr7Orjl.css

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

45444d590a67d30e8b2fde01bb6482f829383b64bf14a4b19b86e22fdc319fbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://static.xx.fbcdn.net/rsrc.php/v5/yE/l/1,cross/iXGJEr7Orjl.css

Response headers

content-md5: rB4cTW8WNZcBsFntToJGtA==
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Wed, 02 Dec 2026 20:31:32 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: image/png
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: bPEXNckAPu0S/+onXQHQj1xi7qVn6GtQpQSh85Jj5laSHAD8QukwsTG8bSpCMmTxXE2O27O9X71vQLGcjHq6aQ==
priority: u=3,i
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=145, rtx=0, c=24, mss=1232, tbw=7155, tp=16, tpl=0, uplat=0, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: *
content-length: 1315
origin-agent-cluster: ?1

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame 4D86 5 KB
3 KB 231ms
77ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=0
cache-control: max-age=600
content-encoding: gzip
etag: W/"65e6c0fa-15e4"
expires: Wed, 10 Dec 2025 01:27:51 GMT
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: application/javascript
last-modified: Tue, 05 Mar 2024 06:51:38 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame E217 5 KB
0 229ms
229ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL: https://t.ssp.hinet.net/utag.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 203-75-214-136.hinet-ip.hinet.net
Software: nginx /
Resource Hash: 73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: max-age=600
content-encoding: gzip
etag: W/"65e6c0fa-15e4"
expires: Wed, 10 Dec 2025 01:27:51 GMT
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: application/javascript
last-modified: Tue, 05 Mar 2024 06:51:38 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame C895 5 KB
0 227ms
227ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL: https://t.ssp.hinet.net/utag.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 203-75-214-136.hinet-ip.hinet.net
Software: nginx /
Resource Hash: 73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: max-age=600
content-encoding: gzip
etag: W/"65e6c0fa-15e4"
expires: Wed, 10 Dec 2025 01:27:51 GMT
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: application/javascript
last-modified: Tue, 05 Mar 2024 06:51:38 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame BFAA 5 KB
0 226ms
226ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL: https://t.ssp.hinet.net/utag.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 203-75-214-136.hinet-ip.hinet.net
Software: nginx /
Resource Hash: 73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: max-age=600
content-encoding: gzip
etag: W/"65e6c0fa-15e4"
expires: Wed, 10 Dec 2025 01:27:51 GMT
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: application/javascript
last-modified: Tue, 05 Mar 2024 06:51:38 GMT
server: nginx
vary: Accept-Encoding

POST
H/1.1 204
No Content prebid.aspx Show response
prebid.scupio.com/recweb/ Frame E217 0
168 B 354ms
82ms XHR
text/plain 210.59.219.34
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL: https://prebid.scupio.com/recweb/prebid.aspx?cb=0.2684795764766549
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 210.59.219.34 Taichung, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 210-59-219-34.hinet-ip.hinet.net
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://reurl.cc/

Response headers

Access-Control-Allow-Origin: https://reurl.cc
Date: Wed, 10 Dec 2025 01:17:51 GMT
Server: Kestrel
Access-Control-Allow-Credentials: true

GET
H2 200 drawV2.js Show response
cdn.holmesmind.com/js/ Frame E217 13 KB
0 79ms
79ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/drawV2.js
Requested by: Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=14210&rf=https%3A%2F%2Freurl.cc%2FY3gKxl&n=137&o=4&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=8658-reQdZAdzZIQNADjILGPq0SAik0IKuidN&fp_uuid=8658-0ddf25b156dc4736a45ffdeb192d2dc0&initver=230627P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 31b4d2ac4928b0129a5a969594be92783dbbb13112dd350f128de1b8d7215f30

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: MSt.illVoQb3pO8IADvHgNboFaeniBxV
etag: "dcf480340ca4b65dc9aa76bd9e677036"
age: 20
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 13033
x-amz-cf-id: WQ86U3xoTSUzEnupCBCn3LR7R7LQn3Enb6yNhrJu-kcCQ2azh48iMQ==
date: Wed, 10 Dec 2025 01:17:32 GMT
content-type: application/javascript
last-modified: Tue, 19 Dec 2023 06:01:02 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame A90A 343 KB
0 92ms
92ms Script
application/x-javascript 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: fcm2.holmesmind.com
URL: https://fcm2.holmesmind.com/cm.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

1ff40d4951bdd1a0b6edeb873bc5855a9ce130101cc7e17b67d3a1aa5dc402c1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' blob: ;script-src 'nonce-vxUvzO7R' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: 'self' https://.google-analytics.com .google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: .cdninstagram.com https://.google-analytics.com;font-src 'self' data: blob: ;img-src 'self' data: blob: https://.google-analytics.com;media-src 'self' data: blob: ;child-src 'self' data: blob: ;frame-src 'self' data: blob: ;manifest-src 'self' data: blob: ;object-src 'self' data: blob: ;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' blob: *;script-src 'nonce-vxUvzO7R' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=132, rtx=0, c=24, mss=1232, tbw=8752, tp=13, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: ipoRsTNM2sVsOk0+b30Is7jbH5fPRRPLAJsA7Xi7dT8zIDAvFZHadPXwzN2qRqExVl8hd9KJVQC5AmakCyeETw==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
content-length: 91837
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 drawV2.js Show response
cdn.holmesmind.com/js/ Frame 3A8F 13 KB
0 76ms
76ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/drawV2.js
Requested by: Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=13858&rf=https%3A%2F%2Freurl.cc%2FY3gKxl&n=571&o=4&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=8658-reQdZAdzZIQNADjILGPq0SAik0IKuidN&fp_uuid=8658-0ddf25b156dc4736a45ffdeb192d2dc0&initver=230627P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 31b4d2ac4928b0129a5a969594be92783dbbb13112dd350f128de1b8d7215f30

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: MSt.illVoQb3pO8IADvHgNboFaeniBxV
etag: "dcf480340ca4b65dc9aa76bd9e677036"
age: 20
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 13033
x-amz-cf-id: WQ86U3xoTSUzEnupCBCn3LR7R7LQn3Enb6yNhrJu-kcCQ2azh48iMQ==
date: Wed, 10 Dec 2025 01:17:32 GMT
content-type: application/javascript
last-modified: Tue, 19 Dec 2023 06:01:02 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 drawV2.js Show response
cdn.holmesmind.com/js/ Frame C6DC 13 KB
0 76ms
75ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/drawV2.js
Requested by: Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=22214&rf=https%3A%2F%2Freurl.cc%2FY3gKxl&n=710&o=4&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=8658-reQdZAdzZIQNADjILGPq0SAik0IKuidN&fp_uuid=8658-0ddf25b156dc4736a45ffdeb192d2dc0&initver=230627P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 31b4d2ac4928b0129a5a969594be92783dbbb13112dd350f128de1b8d7215f30

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: MSt.illVoQb3pO8IADvHgNboFaeniBxV
etag: "dcf480340ca4b65dc9aa76bd9e677036"
age: 20
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 13033
x-amz-cf-id: WQ86U3xoTSUzEnupCBCn3LR7R7LQn3Enb6yNhrJu-kcCQ2azh48iMQ==
date: Wed, 10 Dec 2025 01:17:32 GMT
content-type: application/javascript
last-modified: Tue, 19 Dec 2023 06:01:02 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame C6DC 5 KB
0 200ms
200ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL: https://t.ssp.hinet.net/utag.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 203-75-214-136.hinet-ip.hinet.net
Software: nginx /
Resource Hash: 73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: max-age=600
content-encoding: gzip
etag: W/"65e6c0fa-15e4"
expires: Wed, 10 Dec 2025 01:27:51 GMT
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: application/javascript
last-modified: Tue, 05 Mar 2024 06:51:38 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame 9A13 5 KB
0 199ms
199ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL: https://t.ssp.hinet.net/utag.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 203-75-214-136.hinet-ip.hinet.net
Software: nginx /
Resource Hash: 73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: max-age=600
content-encoding: gzip
etag: W/"65e6c0fa-15e4"
expires: Wed, 10 Dec 2025 01:27:51 GMT
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: application/javascript
last-modified: Tue, 05 Mar 2024 06:51:38 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame 3A8F 5 KB
0 37ms
37ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL: https://t.ssp.hinet.net/utag.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 203-75-214-136.hinet-ip.hinet.net
Software: nginx /
Resource Hash: 73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: max-age=600
content-encoding: gzip
etag: W/"65e6c0fa-15e4"
expires: Wed, 10 Dec 2025 01:27:51 GMT
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: application/javascript
last-modified: Tue, 05 Mar 2024 06:51:38 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame 332C 5 KB
0 38ms
38ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL: https://t.ssp.hinet.net/utag.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 203-75-214-136.hinet-ip.hinet.net
Software: nginx /
Resource Hash: 73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: max-age=600
content-encoding: gzip
etag: W/"65e6c0fa-15e4"
expires: Wed, 10 Dec 2025 01:27:51 GMT
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: application/javascript
last-modified: Tue, 05 Mar 2024 06:51:38 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 62B0 343 KB
0 29ms
29ms Script
application/x-javascript 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: fcm2.holmesmind.com
URL: https://fcm2.holmesmind.com/cm.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

1ff40d4951bdd1a0b6edeb873bc5855a9ce130101cc7e17b67d3a1aa5dc402c1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' blob: ;script-src 'nonce-vxUvzO7R' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: 'self' https://.google-analytics.com .google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: .cdninstagram.com https://.google-analytics.com;font-src 'self' data: blob: ;img-src 'self' data: blob: https://.google-analytics.com;media-src 'self' data: blob: ;child-src 'self' data: blob: ;frame-src 'self' data: blob: ;manifest-src 'self' data: blob: ;object-src 'self' data: blob: ;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' blob: *;script-src 'nonce-vxUvzO7R' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=132, rtx=0, c=24, mss=1232, tbw=8752, tp=13, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: ipoRsTNM2sVsOk0+b30Is7jbH5fPRRPLAJsA7Xi7dT8zIDAvFZHadPXwzN2qRqExVl8hd9KJVQC5AmakCyeETw==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
content-length: 91837
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 drawV2.js Show response
cdn.holmesmind.com/js/ Frame 332C 13 KB
0 76ms
75ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/drawV2.js
Requested by: Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=14209&rf=https%3A%2F%2Freurl.cc%2FY3gKxl&n=867&o=4&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=8658-reQdZAdzZIQNADjILGPq0SAik0IKuidN&fp_uuid=8658-0ddf25b156dc4736a45ffdeb192d2dc0&initver=230627P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 31b4d2ac4928b0129a5a969594be92783dbbb13112dd350f128de1b8d7215f30

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: MSt.illVoQb3pO8IADvHgNboFaeniBxV
etag: "dcf480340ca4b65dc9aa76bd9e677036"
age: 20
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 13033
x-amz-cf-id: WQ86U3xoTSUzEnupCBCn3LR7R7LQn3Enb6yNhrJu-kcCQ2azh48iMQ==
date: Wed, 10 Dec 2025 01:17:32 GMT
content-type: application/javascript
last-modified: Tue, 19 Dec 2023 06:01:02 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 close_btn.png
cdn.holmesmind.com/image/creative/20200629/ 23 KB
23 KB 156ms
155ms Image
image/png 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://cdn.holmesmind.com/image/creative/20200629/close_btn.png
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0e83a8ffdd161a80e179732ca1f514ee08dcc3c4a128baa9c92bcffebc2a7c52

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: eftIHNkZLvs_zrsThuw3iZTYVcb2Z_86
etag: "e08deb6b87983b314d88a24c09f4d13f"
age: 34772
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 23254
x-amz-cf-id: OOj1vnG_O3y3JzXzjolsTOBO2F95iLFMfQkMtfv-TDdbVZbqFmy-1Q==
date: Tue, 09 Dec 2025 15:38:20 GMT
content-type: image/png
last-modified: Thu, 15 Jun 2023 01:01:51 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame F696 343 KB
0 0ms
0ms Script
application/x-javascript 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: fcm2.holmesmind.com
URL: https://fcm2.holmesmind.com/cm.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

1ff40d4951bdd1a0b6edeb873bc5855a9ce130101cc7e17b67d3a1aa5dc402c1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' blob: ;script-src 'nonce-vxUvzO7R' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: 'self' https://.google-analytics.com .google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: .cdninstagram.com https://.google-analytics.com;font-src 'self' data: blob: ;img-src 'self' data: blob: https://.google-analytics.com;media-src 'self' data: blob: ;child-src 'self' data: blob: ;frame-src 'self' data: blob: ;manifest-src 'self' data: blob: ;object-src 'self' data: blob: ;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' blob: *;script-src 'nonce-vxUvzO7R' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=132, rtx=0, c=24, mss=1232, tbw=8752, tp=13, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: ipoRsTNM2sVsOk0+b30Is7jbH5fPRRPLAJsA7Xi7dT8zIDAvFZHadPXwzN2qRqExVl8hd9KJVQC5AmakCyeETw==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
content-length: 91837
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame 571C 0
194 B 77ms
76ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=cf&cid=undefined&mp=a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

strict-transport-security: max-age=0
cache-control: no-cache, private
access-control-allow-credentials: true
access-control-allow-origin: https://cdn.holmesmind.com
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: image/png
vary: Origin
server: nginx

GET
H/1.1 200
OK pixel
a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b.t.ssp.hinet.net/ Frame 571C 0
177 B 365ms
73ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to Show image

Full URL

https://a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b.t.ssp.hinet.net/pixel?bd=a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b&t=cf&referrer=https%3A%2F%2Freurl.cc

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

Strict-Transport-Security: max-age=0
Content-Length: 0
Date: Wed, 10 Dec 2025 01:17:51 GMT
Content-Type: image/png
Server: nginx
Connection: keep-alive

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame 4D86 36 B
400 B 76ms
74ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e90b4b5d6fc1c240954b944baa831b5e8ae464fd568fcab3cb360ac86a27be77

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=0
cache-control: no-cache, private
content-encoding: gzip
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Origin
server: nginx

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame E217 36 B
400 B 151ms
75ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e90b4b5d6fc1c240954b944baa831b5e8ae464fd568fcab3cb360ac86a27be77

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=0
cache-control: no-cache, private
content-encoding: gzip
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Origin
server: nginx

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame BFAA 36 B
400 B 227ms
76ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e90b4b5d6fc1c240954b944baa831b5e8ae464fd568fcab3cb360ac86a27be77

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=0
cache-control: no-cache, private
content-encoding: gzip
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Origin
server: nginx

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame C6DC 36 B
400 B 303ms
76ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e90b4b5d6fc1c240954b944baa831b5e8ae464fd568fcab3cb360ac86a27be77

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=0
cache-control: no-cache, private
content-encoding: gzip
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Origin
server: nginx

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame 9A13 36 B
400 B 378ms
75ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e90b4b5d6fc1c240954b944baa831b5e8ae464fd568fcab3cb360ac86a27be77

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=0
cache-control: no-cache, private
content-encoding: gzip
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Origin
server: nginx

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame 3A8F 36 B
400 B 452ms
74ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e90b4b5d6fc1c240954b944baa831b5e8ae464fd568fcab3cb360ac86a27be77

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=0
cache-control: no-cache, private
content-encoding: gzip
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Origin
server: nginx

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame 332C 36 B
400 B 526ms
74ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e90b4b5d6fc1c240954b944baa831b5e8ae464fd568fcab3cb360ac86a27be77

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=0
cache-control: no-cache, private
content-encoding: gzip
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Origin
server: nginx

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame C895 36 B
400 B 598ms
75ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e90b4b5d6fc1c240954b944baa831b5e8ae464fd568fcab3cb360ac86a27be77

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=0
cache-control: no-cache, private
content-encoding: gzip
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Origin
server: nginx

GET
H2 200 emome2 Show response
t.ssp.hinet.net/ Frame 4D86 30 B
271 B 77ms
76ms XHR
application/json 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/emome2?u=a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=0
cache-control: no-cache, private
content-encoding: gzip
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: application/json
vary: Accept-Encoding, Origin
server: nginx

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame FFE5 343 KB
0 0ms
0ms Script
application/x-javascript 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: fcm2.holmesmind.com
URL: https://fcm2.holmesmind.com/cm.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

1ff40d4951bdd1a0b6edeb873bc5855a9ce130101cc7e17b67d3a1aa5dc402c1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' blob: ;script-src 'nonce-vxUvzO7R' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: 'self' https://.google-analytics.com .google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: .cdninstagram.com https://.google-analytics.com;font-src 'self' data: blob: ;img-src 'self' data: blob: https://.google-analytics.com;media-src 'self' data: blob: ;child-src 'self' data: blob: ;frame-src 'self' data: blob: ;manifest-src 'self' data: blob: ;object-src 'self' data: blob: ;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' blob: *;script-src 'nonce-vxUvzO7R' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=132, rtx=0, c=24, mss=1232, tbw=8752, tp=13, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: ipoRsTNM2sVsOk0+b30Is7jbH5fPRRPLAJsA7Xi7dT8zIDAvFZHadPXwzN2qRqExVl8hd9KJVQC5AmakCyeETw==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
content-length: 91837
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 3.js Show response
cdn.holmesmind.com/js/tmp2/ Frame C895 18 KB
18 KB 176ms
175ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/tmp2/3.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 07e03452d83bc61a7e173fad3355f9053a3def6b011b26071f4acf48c6ca3f69

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: DWX7oCuQkbHGmaFP3iAkPgRXXZSaF.7e
etag: "7783d599cb0f4142d9c6102af4d15a22"
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: RefreshHit from cloudfront
content-length: 18098
x-amz-cf-id: gqTd6kI42zopyE15VnNYR1qon5HZqAprEAnQhXRP46gYywlLb80BGA==
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: application/javascript
last-modified: Thu, 19 Oct 2023 06:41:12 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame C895 423 KB
143 KB 155ms
154ms Script
application/javascript 142.250.196.104
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-F6EJJH79R2

Requested by

Host: reurl.cc
URL: https://reurl.cc/Y3gKxl

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.196.104 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s35-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

4994e93b25eb50f313e0d660e38f6062e966358a87e46d973ec4cc5048b16f29

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
content-encoding: zstd
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Wed, 10 Dec 2025 01:17:51 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 146295
date: Wed, 10 Dec 2025 01:17:51 GMT
x-xss-protection: 0
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Google Tag Manager
access-control-allow-headers: Cache-Control

GET
H2 200 cf.png
cdn.holmesmind.com/ Frame C895 2 KB
3 KB 149ms
148ms Image
image/png 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://cdn.holmesmind.com/cf.png
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bca7ee31fc622c935a1ba3d3d012111f3aab926dc898ed011513fc7a9145f90e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: JXDsYp0MpCsC07xlgs6M6Edv23lP_HUM
etag: "7cb0cc414e01c6f48a9eefee02d81959"
age: 41114
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 2399
x-amz-cf-id: yO4ob0HZNZJxwlvsvEYsKzlFBV2nwrgW3zAIOJeTB87xCiyvyfi2OQ==
date: Tue, 09 Dec 2025 13:52:38 GMT
content-type: image/png
last-modified: Mon, 19 Jun 2023 03:09:39 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 2.js Show response
cdn.holmesmind.com/js/tmp2/ Frame BFAA 1 KB
2 KB 148ms
146ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/tmp2/2.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 763f093a0d2dcde080edc79357783ab2a54ca65ced78b2cd5c4150d3bfeb2138

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: kCPjLfZFDq.6P72kCZooVhpVL3Oyq606
etag: "b3f88f110d7b895df19748d7a0d19991"
age: 26
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 1329
x-amz-cf-id: 7hSuKHJODzT9gyWHMc0MOPkB3cz11Iv62JuwUdDu2mK7yOmS9agIhA==
date: Wed, 10 Dec 2025 01:17:26 GMT
content-type: application/javascript
last-modified: Fri, 23 Aug 2024 01:16:26 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 cf.png
cdn.holmesmind.com/ Frame BFAA 2 KB
0 147ms
147ms Image
image/png 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://cdn.holmesmind.com/cf.png
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bca7ee31fc622c935a1ba3d3d012111f3aab926dc898ed011513fc7a9145f90e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: JXDsYp0MpCsC07xlgs6M6Edv23lP_HUM
etag: "7cb0cc414e01c6f48a9eefee02d81959"
age: 41114
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 2399
x-amz-cf-id: yO4ob0HZNZJxwlvsvEYsKzlFBV2nwrgW3zAIOJeTB87xCiyvyfi2OQ==
date: Tue, 09 Dec 2025 13:52:38 GMT
content-type: image/png
last-modified: Mon, 19 Jun 2023 03:09:39 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame E217 0
455 B 674ms
393ms XHR
text/plain 182.161.74.26
CRITEO-AS-AP Crit...

General

Check archive.org

Download Go to

Full URL

https://bidder.criteo.com/cdb?ptv=164&profileId=184&cb=85319883328

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.74.26 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded
Referer: https://reurl.cc/

Response headers

cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
access-control-allow-origin: https://reurl.cc
date: Wed, 10 Dec 2025 01:17:51 GMT
vary: Origin
server: Kestrel
access-control-allow-credentials: true

GET
H3 200 MZ9aux6A0Qo.css
static.xx.fbcdn.net/rsrc.php/v5/yV/l/1,cross/ Frame 3313 23 KB
6 KB 138ms
138ms Stylesheet
text/css 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v5/yV/l/1,cross/MZ9aux6A0Qo.css

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v4/yg/r/ME_OMQjzbIX.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

db6d7de3de5d08d7cfa6bb65f4551b1e9fe3d459344be873e7bf4564964d4409

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin: https://www.facebook.com
Referer: https://www.facebook.com/

Response headers

content-md5: kva0Dy3fFK/iv4AXjgdjlw==
content-encoding: zstd
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Tue, 08 Dec 2026 23:42:46 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: ykoPJFonvF2uwk07YocDuw2zgGQd4yHwOhR7lRROjzDxY2JzYiJMzaPmIWwWJLfNxIgsh+AD+aX0faUrzMgwEg==
priority: u=0
vary: Origin
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=135, rtx=0, c=211, mss=1232, tbw=259747, tp=237, tpl=0, uplat=1, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-fb-optimizer: 0
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: https://www.facebook.com
content-length: 5831
origin-agent-cluster: ?1

GET
DATA 200
OK truncated
/ Frame 3313 1 KB
0 Stylesheet
text/css

General

Check archive.org

Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fa4737f35024386f5448fabd53d531f869ab5bc08b741de444bc88363c36c06e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin: https://www.facebook.com
Referer: https://www.facebook.com/

Response headers

Content-Type: text/css;charset=utf-8

GET
H3 200 oArmeD_dMWe.js Show response
static.xx.fbcdn.net/rsrc.php/v4/yi/r/ Frame 3313 14 KB
5 KB 139ms
138ms Script
application/x-javascript 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v4/yi/r/oArmeD_dMWe.js

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v4/yg/r/ME_OMQjzbIX.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

e22fbfd22ad6713b1af70a2b6b8e1b1d2c20d04df17253cf61bf0956e963db4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin: https://www.facebook.com
Referer: https://www.facebook.com/

Response headers

content-md5: LNMgYkpAhOfOCc07U8b8jw==
content-encoding: zstd
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Thu, 03 Dec 2026 16:11:08 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: OUTie5NnaWGVOVuVo/CY96MBHpT+Ms13cojOxCc/oEclLJNqx6Sfk5sT4nMKER0aWwyNH/nEH2Fl6OhSADNDWQ==
priority: u=1
vary: Origin
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=135, rtx=0, c=211, mss=1232, tbw=266019, tp=243, tpl=0, uplat=1, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: https://www.facebook.com
content-length: 4987
origin-agent-cluster: ?1

GET
H3 200 Mzvi-g11J57.js Show response
static.xx.fbcdn.net/rsrc.php/v4/yx/r/ Frame 3313 62 KB
16 KB 141ms
140ms Script
application/x-javascript 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v4/yx/r/Mzvi-g11J57.js

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v4/yg/r/ME_OMQjzbIX.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

625a22961ac05120669ecd0e7a9a8a644cf2f71e1e8502f27ff589253aa8fd69

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin: https://www.facebook.com
Referer: https://www.facebook.com/

Response headers

content-md5: UDsInMSYtKIozQgHYboEUQ==
content-encoding: zstd
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Tue, 08 Dec 2026 22:10:28 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: zW7LMZmIkZzc7P657DE3fUg+Oj7f8SMcWotj/jrvtAZ1XikbpvQjdB4wwL8kD8CJYWAfU1oOaUD8eKyLc5hjwQ==
priority: u=1
vary: Origin
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=135, rtx=0, c=211, mss=1232, tbw=277891, tp=255, tpl=0, uplat=1, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: https://www.facebook.com
content-length: 16599
origin-agent-cluster: ?1

GET
H3 200 atv-3qMDl2i.js Show response
static.xx.fbcdn.net/rsrc.php/v4/yd/r/ Frame 3313 36 KB
11 KB 139ms
138ms Script
application/x-javascript 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v4/yd/r/atv-3qMDl2i.js

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v4/yg/r/ME_OMQjzbIX.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

5ccb6c69b900610a41f5056880f80d1d0b9cc982957e9b8b47f0d3308e15f4f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin: https://www.facebook.com
Referer: https://www.facebook.com/

Response headers

content-md5: LzFpgJnHDzbwl7iijumFjQ==
content-encoding: zstd
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Wed, 09 Dec 2026 01:08:44 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: DqnIMmW4jhRXLEmWMOvJt4jqmYMXopTIl113PbCKZiKrT7tS/j94YRDMZlEM5dQHStIZ0UgK+UlNS/eIjydTsw==
priority: u=1
vary: Origin
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=135, rtx=0, c=211, mss=1232, tbw=271427, tp=249, tpl=0, uplat=1, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: https://www.facebook.com
content-length: 11587
origin-agent-cluster: ?1

GET
H3 200 jTXziHT_cAS.js Show response
static.xx.fbcdn.net/rsrc.php/v4izx64/ye/l/zh_TW-j/ Frame 3313 19 KB
7 KB 149ms
148ms Script
application/x-javascript 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v4izx64/ye/l/zh_TW-j/jTXziHT_cAS.js

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v4/yg/r/ME_OMQjzbIX.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

8679a1ef5fcaef4155d4e0829668276e2e8545ba209b3befc58b0e88246c8720

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin: https://www.facebook.com
Referer: https://www.facebook.com/

Response headers

content-md5: h1zCsV9+nsZtClVkLzMi8Q==
content-encoding: zstd
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Tue, 08 Dec 2026 23:30:48 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: rc2WPC5oNRIpDXeObbKOOdWghap0mCciDLvF3fAYEN6+TqFP/fj8wafojgR8Ds3W3CkYrXr+1/37hFUdWrOlpQ==
priority: u=1
vary: Origin
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=135, rtx=0, c=211, mss=1232, tbw=277891, tp=255, tpl=0, uplat=1, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: https://www.facebook.com
content-length: 6915
origin-agent-cluster: ?1

GET
H3 200 v_kkAv_-wGQ.js Show response
static.xx.fbcdn.net/rsrc.php/v4/yx/r/ Frame 3313 24 KB
10 KB 150ms
149ms Script
application/x-javascript 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v4/yx/r/v_kkAv_-wGQ.js

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v4/yg/r/ME_OMQjzbIX.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

f1c56a198201b67b6ccb53824985f9c142b0a1600c3696a13879b17b06050197

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Origin: https://www.facebook.com
Referer: https://www.facebook.com/

Response headers

content-md5: t3zOk8uL6qbnQiZrM32GhA==
content-encoding: zstd
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Wed, 09 Dec 2026 01:52:04 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: Qv8OeKatHoDOpdx6b0slQXzEqZP4FP09D9XJiuuPrTOMkKczRIEBg0eDMWJI+TaaPdWpjK3knxJc5p0X6BWsPg==
priority: u=1
vary: Origin
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=135, rtx=0, c=211, mss=1232, tbw=277891, tp=255, tpl=0, uplat=1, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: https://www.facebook.com
content-length: 10408
origin-agent-cluster: ?1

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 5159 343 KB
0 0ms
0ms Script
application/x-javascript 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: fcm2.holmesmind.com
URL: https://fcm2.holmesmind.com/cm.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

1ff40d4951bdd1a0b6edeb873bc5855a9ce130101cc7e17b67d3a1aa5dc402c1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' blob: ;script-src 'nonce-vxUvzO7R' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: 'self' https://.google-analytics.com .google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: .cdninstagram.com https://.google-analytics.com;font-src 'self' data: blob: ;img-src 'self' data: blob: https://.google-analytics.com;media-src 'self' data: blob: ;child-src 'self' data: blob: ;frame-src 'self' data: blob: ;manifest-src 'self' data: blob: ;object-src 'self' data: blob: ;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' blob: *;script-src 'nonce-vxUvzO7R' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=132, rtx=0, c=24, mss=1232, tbw=8752, tp=13, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: ipoRsTNM2sVsOk0+b30Is7jbH5fPRRPLAJsA7Xi7dT8zIDAvFZHadPXwzN2qRqExVl8hd9KJVQC5AmakCyeETw==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
content-length: 91837
x-xss-protection: 0
origin-agent-cluster: ?1

POST
H3 204 AGSKWxVSQ34WID80EkOpuEZq_yI4Va_zP_qrJrJKFjd6BcnrGAuregADXt1TI40qNsThDAqg0ePMA2u-GwBJ0YUO7WbcgAT_fWHg3tDadC6s458N_1wG2JzKdcVQoOMJDgg8ubCdkDnviA== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 382ms
156ms XHR
text/html 142.250.194.78
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVSQ34WID80EkOpuEZq_yI4Va_zP_qrJrJKFjd6BcnrGAuregADXt1TI40qNsThDAqg0ePMA2u-GwBJ0YUO7WbcgAT_fWHg3tDadC6s458N_1wG2JzKdcVQoOMJDgg8ubCdkDnviA==

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.zh_TW.Z_3AxSf5eRA.es5.O/d=1/rs=AJlcJMxUYaQlJjwCCEoe84n7Un5ZCZTJPg/m=kernel_loader,loader_js_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.194.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcnrta-bb-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ftZ_7TmXOXYVDpryT_TC-g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://reurl.cc/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjCtDikmLw05Bi-FB_mfUHEJv53Wa1A-Jqdy-2ZiC29fdhcwXivTl-bEeBOLPTj60QiHU2-7GZAPH5vX5s14F49U0_ts1ALMTNcWDK45NsAhemftdWcknKL4xPzs8rSc0r0U1MKdYFsYsyk0pL8otQ2KllIBU5-enpmXnp8UYGRqaGRgYWegam8QUGAL13OvQ"
content-security-policy: script-src 'report-sample' 'nonce-ftZ_7TmXOXYVDpryT_TC-g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://reurl.cc
content-length: 0
x-xss-protection: 0
server: ESF

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVSQ34WID80EkOpuEZq_yI4Va_zP_qrJrJKFjd6BcnrGAuregADXt1TI40qNsThDAqg0ePMA2u-GwBJ0YUO7WbcgAT_fWHg3tDadC6s458N_1wG2JzKdcVQoOMJDgg8ubCdkDnviA==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.194.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcnrta-bb-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-8T8_eJCuCEpfRXfC4bwz9g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://reurl.cc/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjCtDikmLw1JBi-FB_mfUHEJv53Wa1A-Jqdy-2ZiC29fdhcwXivTl-bEeBOLPTj60QiHU2-7GZAPH5vX5s14F49U0_ts1ALMTNcWDK45NsAhdedGgruSTlF8Yn5-eVpOaV6CamFOuC2EWZSaUl-UUo7NQykIqc_PT0zLz0eCMDI1NDIwMLPQPT-AIDALLPOtM"
content-security-policy: script-src 'report-sample' 'nonce-8T8_eJCuCEpfRXfC4bwz9g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://reurl.cc
content-length: 0
x-xss-protection: 0
server: ESF

GET
H2 200 AGSKWxVQMj-5xxHXAqFdOacN0lXU3eJaTsn84dq09R-sfLm26wVQr_e-tR6_ROfMwcOC6HVuarRRCj5pNQvlZTXdi7Y5ln6QxbfqpDTIx-1gTDQ2pH8Z71MrOaChk7PqbSygD0cw6krhBg== Show response
fundingchoicesmessages.google.com/f/ 2 KB
2 KB 164ms
163ms Script
application/javascript 142.250.194.78
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxVQMj-5xxHXAqFdOacN0lXU3eJaTsn84dq09R-sfLm26wVQr_e-tR6_ROfMwcOC6HVuarRRCj5pNQvlZTXdi7Y5ln6QxbfqpDTIx-1gTDQ2pH8Z71MrOaChk7PqbSygD0cw6krhBg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzY1MzI5NDcxLDgxMDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9yZXVybC5jYy9ZM2dLeGwiLG51bGwsW1s4LCJaXzNBeFNmNWVSQSJdLFs5LCJ6aC1UVyJdLFsxOSwiMiJdLFsxNywiWzBdIl0sWzI0LCIiXSxbMjksImZhbHNlIl1dXQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.194.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcnrta-bb-in-f14.1e100.net

Software

ESF /

Resource Hash

e63ee22e8f66aa5275025936b0fd0194597040691beeec06f3b6cc2a68ff1ae2

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-TKwoIlvUSJ5ROjk0SOXAkw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjmsGoxSXF4KEhxdB68xzrZCDuWnSedQYQGypcYrUH4g_1l1l_AHGRxBXWBiD-VHWDVaD6BmsS-03WAiA287vNagfE1e5ebM1AbOvvw-YKxN-KfdlYSnzZ9v33ZTsGxHtz_NiOAnFmpx9bIRDrbPZjMwHi83v92K4D8eqbfmybgXiFlz_bBiAW4uHYP-XxSTaBht5Va5mVNJLyC-OT8_NKijKTSkvyi9KS01KLU4vKUovijQyMTA2NDCz0DEzjCwwAheZNkA"
content-security-policy: script-src 'report-sample' 'nonce-TKwoIlvUSJ5ROjk0SOXAkw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 227ms
74ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-goog-metageneration: 1
content-encoding: gzip
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
etag: "df5542b88bc0e368c6999754a5b9e2ba"
age: 1670079
x-goog-stored-content-encoding: gzip
expires: Fri, 20 Nov 2026 17:23:13 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 7927
date: Thu, 20 Nov 2025 17:23:13 GMT
last-modified: Thu, 27 May 2021 18:30:51 GMT
content-type: application/javascript
x-guploader-uploadid: AOCedOF1mDHANcGf-c_3O9brhkLtxV34Z_31p2l38tBLk976XSoazaAEjnON1Dgd1npspvr8FZqYzP4
cache-control: no-transform
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
x-goog-generation: 1622140251693895
content-length: 7927
server: UploadServer

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16589/ 43 KB
13 KB 461ms
159ms Script
text/javascript 3.175.227.74
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.175.227.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-175-227-74.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3733ce04a5c4dbb8b07b847650fd68e82f93ab8abf6b35ca294d6d40130f06c0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

vary: Accept-Encoding
cache-control: public, max-age=86400
content-encoding: gzip
etag: W/"a01b40a9ecb8db243294facf32753015"
age: 57463
via: 1.1 fa8fd833c9e3ef09a09a2312a54a53a6.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: PSl_AVyHnjNl1U_L2wb9lRCezF0DrOf7Xi7EUn2m_kwmBk8d7xQFYA==
date: Tue, 09 Dec 2025 09:20:10 GMT
content-type: text/javascript
last-modified: Thu, 16 Oct 2025 16:30:59 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P7
x-amz-server-side-encryption: AES256

GET
H2 200 encrypted-tag-g.js Show response
invstatic101.creativecdn.com/encrypted-signals/ 3 KB
3 KB 509ms
356ms Script
text/javascript 34.96.70.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 87.70.96.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 2e5f5cb912c0619933ea6c3ad8ac1466a005f792e3338d96a8432d144c63520f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

etag: 861bdaf24bda5c0db45c6ebe1c94a9eb
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2729
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 05 Feb 2025 14:45:21 GMT
server: Google Frontend
x-cloud-trace-context: 5de858ea5df2a531d5961b47831bb84b

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 42 KB
13 KB 155ms
155ms Script
text/javascript 182.161.74.47
CRITEO-AS-AP Crit...

General

Check archive.org

Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.74.47 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

nginx /

Resource Hash

730b0155c953fb939df04b102b4a3028c6affd25cbaa7fb2fc9d298eea213c35

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: max-age=86400, public
timing-allow-origin: *
content-encoding: gzip
cross-origin-resource-policy: cross-origin
expires: Thu, 11 Dec 2025 01:17:51 GMT
access-control-allow-origin: *
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: text/javascript
vary: x-geo-country
server: nginx

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 2 KB
547 B 392ms
391ms Fetch
text/plain 142.250.194.194
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=6451195994897883&correlator=1690929307017506&eid=31095883%2C83321072&output=ldjh&gdfp_req=1&vrg=202512040101&ptt=17&impl=fifs&gdpr=0&iu_parts=21787810958%2CTW_reurl.cc_res_all_truvid_1x1%2CTW_reurl.cc_res_allsite_top_avs&enc_prev_ius=%2F0%2F1%2C%2F0%2F2&prev_iu_szs=300x250%7C336x280%7C1x1%2C1x1&ifi=1&didk=3347717449~2825456951&dids=ats-slider-10~ats-insert_ads-8&adfs=2335287240~3992581161&sfv=1-0-45&sc=1&cookie_enabled=1&abxe=1&dt=1765329471826&lmt=1765329471&adxs=15%2C800&adys=33%2C171&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0&ucis=1%7C2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=480&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Freurl.cc%2FY3gKxl&vis=1&psz=1570x0%7C1600x0&msz=1570x0%7C1600x0&fws=0%2C0&ohw=0%2C0&a3p=EhwKDWNyd2RjbnRybC5uZXQYzJLYrrAzSABSAghkEhQKBW9wZW54GMyS2K6wM0gAUgIIZBIdCg5lc3AuY3JpdGVvLmNvbRjMktiusDNIAFICCGQSFwoIcnRiaG91c2UYzJLYrrAzSABSAghk&psd=WzMxLFtdXQ..&dlt=1765329468935&idt=1993&cust_params=url%3D%252FY3gKxl%26ref%3Dnull%26Audience_Segment%3D%25E6%25A9%259F%25E8%25BB%258A%252C%25E9%259B%25BB%25E5%258B%2595%25E8%25BB%258A%252C%25E6%258A%2595%25E8%25B3%2587%25E7%2590%2586%25E8%25B2%25A1&adks=3936558959%2C940499867&frm=20&eoidce=1&pgls=CAs.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.194.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcnrta-bk-in-f2.1e100.net

Software

cafe /

Resource Hash

b45d91018a85c28e98ab4ee52c7808eaa665862fa8b75d28e7a02cba11f362da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: dcb
google-lineitem-id: -2,-2
observe-browsing-topics: ?1
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2,-2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -2,-2
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-length: 517
x-xss-protection: 0
server: cafe

GET
H3 200 container.html Show response
3075a318ad54e9b9674229a6a530ae19.safeframe.googlesyndication.com/safeframe/1-0-45/html/ Frame 1507 7 KB
3 KB 384ms
153ms Document
text/html 142.251.42.193
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://3075a318ad54e9b9674229a6a530ae19.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.42.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s47-in-f1.1e100.net

Software

sffe /

Resource Hash

f1a68bf826c55985468304f4284a09cb8a68e82503d764166e611a7c58a85a4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: br
content-length: 3121
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 10 Dec 2025 01:17:52 GMT
expires: Wed, 10 Dec 2025 01:17:52 GMT
last-modified: Thu, 08 May 2025 23:15:48 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 api.js Show response
apis.google.com/js/ Frame 7F2A 14 KB
6 KB 170ms
152ms Script
text/javascript 142.250.194.78
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://apis.google.com/js/api.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/tmp2/2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.194.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcnrta-bb-in-f14.1e100.net

Software

sffe /

Resource Hash

e833908a75795c0298daa9b7a6befd14009ef6e14eb285984eaeee77f0ddcf42

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: gzip
etag: "0beef945e279c26b"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
x-content-type-options: nosniff
expires: Wed, 10 Dec 2025 01:17:51 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: text/javascript
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cache-control: private, max-age=1800, stale-while-revalidate=1800
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="gapi-team"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 5796
x-xss-protection: 0
server: sffe

GET
H2 200 300x250.png
cdn.holmesmind.com/image/creative/20250724/guild/notime/ Frame 7F2A 317 KB
318 KB 161ms
159ms Image
image/png 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://cdn.holmesmind.com/image/creative/20250724/guild/notime/300x250.png
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/tmp2/2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2e8da6f5db33e948148605021f536387b59c2a358306ebaf6e4292e8d7e9f3f4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

vary: accept-encoding
x-amz-version-id: XxOqPAZa4WXZr.RdCIlgl44iBomwzZUR
etag: "1ed0380fa93d399d1c85adcbf9b6a206"
age: 519
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 324664
x-amz-cf-id: IWrqxfuDFcrgDV1IyFWA5IvtlkI_HQxVZtGL_ORj27gvga80mcmBkw==
date: Wed, 10 Dec 2025 01:09:13 GMT
content-type: image/png
last-modified: Fri, 25 Jul 2025 01:43:55 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 common.js Show response
cdn.holmesmind.com/module/develop/customize/common/ Frame BFAA 3 KB
4 KB 397ms
395ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/module/develop/customize/common/common.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/tmp2/2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 80adf5127a510debc25364ed4ecde412ad218c210ea9a4685e055403475a1b65

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: jxz7YAXUTaKxbQMLccIR_VZOT.btjDdM
etag: "42aeabdce0bf5af2416ca2d378028061"
age: 217
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 3539
x-amz-cf-id: qiinaBEfVXmwGJyko0gFHVN1Hr5iEE-IZoMfDVbSejOG5w_FDKX2Kw==
date: Wed, 10 Dec 2025 01:14:15 GMT
content-type: application/javascript
last-modified: Fri, 23 Aug 2024 01:07:39 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 320x480.html Show response
cdn.holmesmind.com/z/39368/92b9fa070b2808643f4a132b2f45766b/320x480/ Frame 19DF 3 KB
2 KB 150ms
149ms Document
text/html 3.164.121.96
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/z/39368/92b9fa070b2808643f4a132b2f45766b/320x480/320x480.html
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/tmp2/3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-96.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a1e47f32ec9b20c860e074d65f03528f0d9b2fc91db97259f45fbe99898f4758

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-type: text/html
date: Wed, 10 Dec 2025 01:17:52 GMT
etag: W/"01041476e8a1484fb7d24a1aad5d3c50"
last-modified: Fri, 28 Nov 2025 10:17:21 GMT
server: AmazonS3
vary: accept-encoding
via: 1.1 abddbf0eca39746a52a1389ec09fb216.cloudfront.net (CloudFront)
x-amz-cf-id: _hkOpHLhtl7xZPMwWvy3MYH8zZnsy63eOuEUc81xfmX9D-sVaJhX8w==
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256
x-amz-version-id: ZVQO_6tvzRcJWL2P_GkdvXQ3i7hJh1vV
x-cache: RefreshHit from cloudfront

GET
H2 200 ade-tracker.js Show response
cdn.holmesmind.com/js/modle/ade/ Frame C895 2 KB
2 KB 383ms
383ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/modle/ade/ade-tracker.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/tmp2/3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 72e9ecb7db91e5a334caa4e36a70071de2851fe7c5a6e4b1028cc80c5be0fa84

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: e6irG_P5F2jdCF9fNky2jWkkhxNctdGx
etag: "cc88de770769cdecaa524a5801120c78"
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: RefreshHit from cloudfront
content-length: 1646
x-amz-cf-id: KXd3TFN-N9EYjXj9TP15AlF6-d01SsKAVDbgHgT3nPQg6qTSbWA_rg==
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: application/javascript
last-modified: Fri, 14 Jul 2023 03:26:15 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 i
ad.holmesmind.com/adserver/ Frame C895 0
64 B 123ms
122ms Image
image/png 18.176.230.233
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://ad.holmesmind.com/adserver/i?ut=1765329471&p=22213:244496:299524:9ef463257a6116b27b8bd6001bc8bd76:39368
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.176.230.233 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-176-230-233.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: image/png
server: nginx

GET
H3 200 302181889_449668210518240_1343224774275673253_n.png
scontent-hkg1-1.xx.fbcdn.net/v/t39.30808-1/ Frame 3313 2 KB
2 KB 96ms
95ms Image
image/png 163.70.158.11
FACEBOOK

General

Check archive.org

Download Go to Show image

Full URL: https://scontent-hkg1-1.xx.fbcdn.net/v/t39.30808-1/302181889_449668210518240_1343224774275673253_n.png?stp=cp0_dst-png_s50x50&_nc_cat=105&ccb=1-7&_nc_sid=f907e8&_nc_ohc=9COxK_nZ7CIQ7kNvwFCXeeq&_nc_oc=Adna-I_vwpo7wnGie35unMkdps8zh0IxwwOuhIWodbFmq8ICo0BneOUqmtAHzri39zo&_nc_zt=24&_nc_ht=scontent-hkg1-1.xx&_nc_gid=x7X_6je6dfOkNBRyEJ9oBg&oh=00_AfnxvJPrDLeorSP_9VhmiV4ti1FSV5nccbEZvZ8e_MK5jQ&oe=693E8A55
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 163.70.158.11 Chai Wan, Hong Kong, ASN32934 (FACEBOOK, US),
Reverse DNS: xx-fbcdn-shv-01-hkg1.fbcdn.net
Software: /
Resource Hash: 352d0915216b13b935f1abedea04d4a039802faaf69153ae71c377410990e322

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://www.facebook.com/

Response headers

x-robots-tag: noarchive, noindex
alt-svc: h3=":443"; ma=86400
date: Wed, 10 Dec 2025 01:17:52 GMT
no-vary-search: key-order, params=("_nc_gid" "oh" "oe" "_nc_oc" "_nc_ohc" "_nc_cat" "_nc_ht" "_nc_cb")
last-modified: Tue, 06 Sep 2022 22:20:57 GMT
x-fb-ptm-uuid: 674790A1738E11AA39A7F973A07CC585
content-type: image/png
priority: u=3,i
cache-control: max-age=1209600, no-transform
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=92, rtx=0, c=26, mss=1232, tbw=7721, tp=14, tpl=0, uplat=0, ullat=-1
x-crypto-project: 0
cross-origin-resource-policy: cross-origin
content-digest: adler32=747767112
access-control-allow-origin: *
accept-ranges: bytes
content-length: 2066
x-additional-error-detail

GET
H3 200 186149949_5378375078904348_5830021147058150167_n.png
scontent-hkg4-1.xx.fbcdn.net/v/t1.6435-9/ Frame 3313 13 KB
13 KB 188ms
93ms Image
image/png 157.240.199.15
FACEBOOK

General

Check archive.org

Download Go to Show image

Full URL: https://scontent-hkg4-1.xx.fbcdn.net/v/t1.6435-9/186149949_5378375078904348_5830021147058150167_n.png?stp=dst-png_p173x172&_nc_cat=106&ccb=1-7&_nc_sid=e5c1b6&_nc_ohc=c0H9QhxjAasQ7kNvwFTB1y1&_nc_oc=AdlWBqYNHjPfc7sLHfyFQPXWk_YZXk3rYwrBJIGB5jJEHOgHNpipsJk8HBfR1XOb4hs&_nc_zt=23&_nc_ht=scontent-hkg4-1.xx&_nc_gid=x7X_6je6dfOkNBRyEJ9oBg&oh=00_Aflge5snEiTRzAm44aLS54v_eHUJfjNbOebdumU-ALXTZg&oe=6960289D
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 157.240.199.15 Chai Wan, Hong Kong, ASN32934 (FACEBOOK, US),
Reverse DNS: xx-fbcdn-shv-01-hkg4.fbcdn.net
Software: /
Resource Hash: 111eaf414e95313afc251a7eea0d5eec5d771b8f49f9c8856ba859e796d8773d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://www.facebook.com/

Response headers

x-robots-tag: noarchive, noindex
alt-svc: h3=":443"; ma=86400
date: Wed, 10 Dec 2025 01:17:52 GMT
no-vary-search: key-order, params=("_nc_gid" "oh" "oe" "_nc_oc" "_nc_ohc" "_nc_cat" "_nc_ht" "_nc_cb")
last-modified: Thu, 13 May 2021 12:22:23 GMT
x-fb-ptm-uuid: B44C73D684696C552E84999318755F87
content-type: image/png
priority: u=3,i
cache-control: max-age=1209600, no-transform
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=88, rtx=0, c=23, mss=1232, tbw=5033, tp=10, tpl=0, uplat=0, ullat=-1
x-crypto-project: 0
cross-origin-resource-policy: cross-origin
content-digest: adler32=3798339901
access-control-allow-origin: *
accept-ranges: bytes
content-length: 13033
x-additional-error-detail

GET
H3 200 126199574_4593091710766026_7412644862123303221_n.jpg
scontent-hkg4-1.xx.fbcdn.net/v/t1.6435-9/ Frame 3313 6 KB
7 KB 188ms
93ms Image
image/jpeg 157.240.199.15
FACEBOOK

General

Check archive.org

Download Go to Show image

Full URL: https://scontent-hkg4-1.xx.fbcdn.net/v/t1.6435-9/126199574_4593091710766026_7412644862123303221_n.jpg?stp=dst-jpg_s350x350_tt6&_nc_cat=110&ccb=1-7&_nc_sid=e21142&_nc_ohc=z-pdCmgLh_gQ7kNvwFjQbQ6&_nc_oc=AdkoBSx2iNvqM8dbHqhJZOtFl_-VFNMuv3wHkMNTru5MlteRyurcj0mkntMSJ9rxIVI&_nc_zt=23&_nc_ht=scontent-hkg4-1.xx&_nc_gid=x7X_6je6dfOkNBRyEJ9oBg&oh=00_AfmSEvv5eYaRuo0DAwKYz1O9XBrS4g6ACwBVtKmVTscQgA&oe=69605126
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 157.240.199.15 Chai Wan, Hong Kong, ASN32934 (FACEBOOK, US),
Reverse DNS: xx-fbcdn-shv-01-hkg4.fbcdn.net
Software: /
Resource Hash: 771174ef9483d0ae9e294a23d66f372ed9ce4538d8a7e94adfeb4630162a3598

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://www.facebook.com/

Response headers

x-robots-tag: noarchive, noindex
alt-svc: h3=":443"; ma=86400
date: Wed, 10 Dec 2025 01:17:52 GMT
no-vary-search: key-order, params=("_nc_gid" "oh" "oe" "_nc_oc" "_nc_ohc" "_nc_cat" "_nc_ht" "_nc_cb")
last-modified: Sun, 22 Nov 2020 05:25:53 GMT
x-fb-ptm-uuid: B44C73D684696C552E84999318755F87
content-type: image/jpeg
priority: u=3,i
cache-control: max-age=1209600, no-transform
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=88, rtx=0, c=23, mss=1232, tbw=18825, tp=22, tpl=0, uplat=1, ullat=-1
x-crypto-project: 0
cross-origin-resource-policy: cross-origin
content-digest: adler32=3193130998
access-control-allow-origin: *
accept-ranges: bytes
content-length: 6618
x-additional-error-detail

GET
H2 200 av Show response
ad.holmesmind.com/adserver/ Frame C895 0
139 B 125ms
122ms Script
text/html 18.176.230.233
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ad.holmesmind.com/adserver/av?p=22213:244496:299524:9ef463257a6116b27b8bd6001bc8bd76:39368&type=1
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/drawV2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.176.230.233 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-176-230-233.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: gzip
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx

GET
H2 200 collect Show response
track.91app.io/ext/v1/ Frame 571C 46 B
227 B 251ms
91ms Fetch
application/json 35.201.76.198
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://track.91app.io/ext/v1/collect?v=1&ch=web&ul=zh-TW&ht=1765329471956&evtid=ab9fc4d0-54f5-4ddc-851a-420f3b2ce786&tid=5&cid=658067-KdrG3zXqFCG4fVyQhLLLDOj8a3tchz81&evtn=pixel
Requested by: Host: tracking-client.91app.com
URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.76.198 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 198.76.201.35.bc.googleusercontent.com
Software: Google Frontend / Express
Resource Hash: 84a9f0eb893e8dc76f14c3234afc86e300c22cd9de5c2fa9574f896180f7df14

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

cache-control: no-cache
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://cdn.holmesmind.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46
date: Wed, 10 Dec 2025 01:17:52 GMT
x-cloud-trace-context: 896b56c0840efa3a8ac31042b3c5d9a9
content-type: application/json; charset=utf-8
x-powered-by: Express
server: Google Frontend
vary: Accept-Encoding

GET
H2 200 collect Show response
track.91app.io/ext/v1/ Frame 5159 46 B
227 B 248ms
89ms Fetch
application/json 35.201.76.198
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://track.91app.io/ext/v1/collect?v=1&ch=web&ul=zh-TW&ht=1765329471958&evtid=259753fb-1358-4e99-a73d-702bd4a9e0c0&tid=5&cid=658067-KdrG3zXqFCG4fVyQhLLLDOj8a3tchz81&evtn=pixel
Requested by: Host: tracking-client.91app.com
URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.76.198 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 198.76.201.35.bc.googleusercontent.com
Software: Google Frontend / Express
Resource Hash: 2169961a409937d5510ab4533a3eb9468bfaf08524f84d71372ac9516ce65190

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

cache-control: no-cache
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://cdn.holmesmind.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46
date: Wed, 10 Dec 2025 01:17:52 GMT
x-cloud-trace-context: 599dd034a37b21c38ac31042b3c5d3a8
content-type: application/json; charset=utf-8
x-powered-by: Express
server: Google Frontend
vary: Accept-Encoding

GET
H2 200 collect Show response
track.91app.io/ext/v1/ Frame FFE5 46 B
418 B 247ms
88ms Fetch
application/json 35.201.76.198
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://track.91app.io/ext/v1/collect?v=1&ch=web&ul=zh-TW&ht=1765329471959&evtid=4d33fd5c-1f2d-457d-b21b-a4e3826374fe&tid=5&cid=658067-KdrG3zXqFCG4fVyQhLLLDOj8a3tchz81&evtn=pixel
Requested by: Host: tracking-client.91app.com
URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.76.198 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 198.76.201.35.bc.googleusercontent.com
Software: Google Frontend / Express
Resource Hash: 21353156752d264231430470d9e89e4ce2568c16bd7df7f2e3845ac03bcbc333

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

cache-control: no-cache
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://cdn.holmesmind.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46
date: Wed, 10 Dec 2025 01:17:52 GMT
x-cloud-trace-context: d43367214c61e4818ac31042b3c5d7a6
content-type: application/json; charset=utf-8
x-powered-by: Express
server: Google Frontend
vary: Accept-Encoding

GET
H2 200 collect Show response
track.91app.io/ext/v1/ Frame F696 46 B
225 B 246ms
90ms Fetch
application/json 35.201.76.198
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://track.91app.io/ext/v1/collect?v=1&ch=web&ul=zh-TW&ht=1765329471961&evtid=81a5d728-bd80-47bf-b850-2a16ea5e2aad&tid=5&cid=658067-KdrG3zXqFCG4fVyQhLLLDOj8a3tchz81&evtn=pixel
Requested by: Host: tracking-client.91app.com
URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.76.198 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 198.76.201.35.bc.googleusercontent.com
Software: Google Frontend / Express
Resource Hash: 64e72c7f19b2a5dbebb44d8380f5fd858b0d0ca1fbc82557f9f834e287a2abb9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

cache-control: no-cache
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://cdn.holmesmind.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46
date: Wed, 10 Dec 2025 01:17:52 GMT
x-cloud-trace-context: 76c5a072cab0e6c98ac31042b3c5dda7
content-type: application/json; charset=utf-8
x-powered-by: Express
server: Google Frontend
vary: Accept-Encoding

GET
H2 200 collect Show response
track.91app.io/ext/v1/ Frame 62B0 46 B
227 B 248ms
93ms Fetch
application/json 35.201.76.198
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://track.91app.io/ext/v1/collect?v=1&ch=web&ul=zh-TW&ht=1765329471962&evtid=c1bebf74-c5d6-41f5-8fe1-b290f7fc59da&tid=5&cid=658067-KdrG3zXqFCG4fVyQhLLLDOj8a3tchz81&evtn=pixel
Requested by: Host: tracking-client.91app.com
URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.76.198 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 198.76.201.35.bc.googleusercontent.com
Software: Google Frontend / Express
Resource Hash: 95196aeb3751322b9c441a1e006131e5d9110f336feaf37c41567a976f0ead07

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

cache-control: no-cache
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://cdn.holmesmind.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46
date: Wed, 10 Dec 2025 01:17:52 GMT
x-cloud-trace-context: f27670b4adb932a18ac31042b3c5d1a5
content-type: application/json; charset=utf-8
x-powered-by: Express
server: Google Frontend
vary: Accept-Encoding

GET
H2 200 collect Show response
track.91app.io/ext/v1/ Frame A90A 46 B
225 B 247ms
93ms Fetch
application/json 35.201.76.198
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://track.91app.io/ext/v1/collect?v=1&ch=web&ul=zh-TW&ht=1765329471963&evtid=92c09fd0-24a6-45d4-ba9c-13a802e01c5a&tid=5&cid=658067-KdrG3zXqFCG4fVyQhLLLDOj8a3tchz81&evtn=pixel
Requested by: Host: tracking-client.91app.com
URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.76.198 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 198.76.201.35.bc.googleusercontent.com
Software: Google Frontend / Express
Resource Hash: 6ffe0c47c82257f343c8bc82ba189e8205fecd7e78235513a44c17cf0aa635a3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

cache-control: no-cache
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://cdn.holmesmind.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46
date: Wed, 10 Dec 2025 01:17:52 GMT
x-cloud-trace-context: 076b2a072093e81a8ac31042b3c5dba4
content-type: application/json; charset=utf-8
x-powered-by: Express
server: Google Frontend
vary: Accept-Encoding

GET
H2 200 did Show response
track.91app.io/ext/v1/ Frame 571C 46 B
227 B 163ms
91ms Fetch
application/json 35.201.76.198
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://track.91app.io/ext/v1/did
Requested by: Host: tracking-client.91app.com
URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.76.198 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 198.76.201.35.bc.googleusercontent.com
Software: Google Frontend / Express
Resource Hash: ce3b1280318eb4a27c7c3281c4c677eeebf7425c1dffdff8f19a6d281c9c1b7d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

cache-control: no-cache
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://cdn.holmesmind.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46
date: Wed, 10 Dec 2025 01:17:52 GMT
x-cloud-trace-context: d4984160770120788ac31042b3c5d5a3
content-type: application/json; charset=utf-8
x-powered-by: Express
server: Google Frontend
vary: Accept-Encoding

GET
H2 200 main.js Show response
cdn.holmesmind.com/module/product/inner/inner_image/ Frame E217 26 KB
27 KB 244ms
244ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/module/product/inner/inner_image/main.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 651219c93cab2078fb7f9f5f3d091d56009b1108ff95b312d5b518a8639fbf2a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: 5eDfF61po8mbPAqic7Z9nmad18STHB0v
etag: "9570d1addd7f3b91ecb1c725d51a1458"
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: RefreshHit from cloudfront
content-length: 26746
x-amz-cf-id: HXchDxz2ZRW84hPVyhAosC4DXxrHHLmsi7mP_SrYL7qXWezrNDdecg==
date: Wed, 10 Dec 2025 01:17:53 GMT
content-type: application/javascript
last-modified: Wed, 21 Aug 2024 05:57:19 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 main.js Show response
cdn.holmesmind.com/module/product/inner/inner_image/ Frame 4D86 26 KB
0 244ms
244ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/module/product/inner/inner_image/main.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 651219c93cab2078fb7f9f5f3d091d56009b1108ff95b312d5b518a8639fbf2a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: 5eDfF61po8mbPAqic7Z9nmad18STHB0v
etag: "9570d1addd7f3b91ecb1c725d51a1458"
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: RefreshHit from cloudfront
content-length: 26746
x-amz-cf-id: HXchDxz2ZRW84hPVyhAosC4DXxrHHLmsi7mP_SrYL7qXWezrNDdecg==
date: Wed, 10 Dec 2025 01:17:53 GMT
content-type: application/javascript
last-modified: Wed, 21 Aug 2024 05:57:19 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame 4D86 423 KB
143 KB 154ms
153ms Script
application/javascript 142.250.196.104
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-M4J67EDHV2

Requested by

Host: reurl.cc
URL: https://reurl.cc/Y3gKxl

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.196.104 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s35-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

0e7c280c5b77abf1794c7fecca6cf54ad87bad46a00952bdaa7e37baede883b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
content-encoding: zstd
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Wed, 10 Dec 2025 01:17:52 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 146296
date: Wed, 10 Dec 2025 01:17:52 GMT
x-xss-protection: 0
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Google Tag Manager
access-control-allow-headers: Cache-Control

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame 4D86 0
187 B 76ms
75ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=50ef57&cid=8658-reQdZAdzZIQNADjILGPq0SAik0IKuidN&mp=a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=0
cache-control: no-cache, private
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: image/png
vary: Origin
server: nginx

GET
H/1.1 200
OK pixel
a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b.t.ssp.hinet.net/ Frame 4D86 0
177 B 293ms
73ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to Show image

Full URL

https://a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b.t.ssp.hinet.net/pixel?bd=a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b&t=50ef57&referrer=

Requested by

Host: reurl.cc
URL: https://reurl.cc/Y3gKxl

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

Strict-Transport-Security: max-age=0
Content-Length: 0
Date: Wed, 10 Dec 2025 01:17:52 GMT
Content-Type: image/png
Server: nginx
Connection: keep-alive

GET
H/1.1 200
OK pixel
a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b.t.ssp.hinet.net/ Frame E217 0
177 B 437ms
73ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to Show image

Full URL

https://a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b.t.ssp.hinet.net/pixel?bd=a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b&t=50ef57&referrer=

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

Strict-Transport-Security: max-age=0
Content-Length: 0
Date: Wed, 10 Dec 2025 01:17:52 GMT
Content-Type: image/png
Server: nginx
Connection: keep-alive

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame E217 0
187 B 152ms
75ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=50ef57&cid=8658-reQdZAdzZIQNADjILGPq0SAik0IKuidN&mp=a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=0
cache-control: no-cache, private
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: image/png
vary: Origin
server: nginx

GET
H/1.1 200
OK pixel
a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b.t.ssp.hinet.net/ Frame BFAA 0
177 B 583ms
73ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to Show image

Full URL

https://a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b.t.ssp.hinet.net/pixel?bd=a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b&t=50ef57&referrer=

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

Strict-Transport-Security: max-age=0
Content-Length: 0
Date: Wed, 10 Dec 2025 01:17:52 GMT
Content-Type: image/png
Server: nginx
Connection: keep-alive

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame BFAA 0
187 B 228ms
76ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=50ef57&cid=8658-reQdZAdzZIQNADjILGPq0SAik0IKuidN&mp=a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=0
cache-control: no-cache, private
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: image/png
vary: Origin
server: nginx

GET
H/1.1 200
OK pixel
a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b.t.ssp.hinet.net/ Frame C6DC 0
177 B 727ms
72ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to Show image

Full URL

https://a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b.t.ssp.hinet.net/pixel?bd=a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b&t=50ef57&referrer=

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

Strict-Transport-Security: max-age=0
Content-Length: 0
Date: Wed, 10 Dec 2025 01:17:52 GMT
Content-Type: image/png
Server: nginx
Connection: keep-alive

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame C6DC 0
187 B 305ms
76ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=50ef57&cid=8658-reQdZAdzZIQNADjILGPq0SAik0IKuidN&mp=a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=0
cache-control: no-cache, private
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: image/png
vary: Origin
server: nginx

GET
H/1.1 200
OK pixel
a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b.t.ssp.hinet.net/ Frame 9A13 0
177 B 871ms
73ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to Show image

Full URL

https://a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b.t.ssp.hinet.net/pixel?bd=a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b&t=50ef57&referrer=

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

Strict-Transport-Security: max-age=0
Content-Length: 0
Date: Wed, 10 Dec 2025 01:17:52 GMT
Content-Type: image/png
Server: nginx
Connection: keep-alive

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame 9A13 0
187 B 380ms
74ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=50ef57&cid=8658-reQdZAdzZIQNADjILGPq0SAik0IKuidN&mp=a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=0
cache-control: no-cache, private
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: image/png
vary: Origin
server: nginx

GET
H/1.1 200
OK pixel
a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b.t.ssp.hinet.net/ Frame 3A8F 0
177 B 1015ms
72ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to Show image

Full URL

https://a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b.t.ssp.hinet.net/pixel?bd=a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b&t=50ef57&referrer=

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

Strict-Transport-Security: max-age=0
Content-Length: 0
Date: Wed, 10 Dec 2025 01:17:53 GMT
Content-Type: image/png
Server: nginx
Connection: keep-alive

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame 3A8F 0
187 B 458ms
78ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=50ef57&cid=8658-reQdZAdzZIQNADjILGPq0SAik0IKuidN&mp=a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=0
cache-control: no-cache, private
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: image/png
vary: Origin
server: nginx

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame 332C 0
187 B 82ms
77ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=50ef57&cid=8658-reQdZAdzZIQNADjILGPq0SAik0IKuidN

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=0
cache-control: no-cache, private
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: image/png
vary: Origin
server: nginx

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame C895 0
187 B 164ms
82ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=50ef57&cid=8658-reQdZAdzZIQNADjILGPq0SAik0IKuidN

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=0
cache-control: no-cache, private
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: image/png
vary: Origin
server: nginx

POST
H3 204 AGSKWxVA1cDMcOSI2Uv4YqALQ47g1TXQmhP53rs5AETPmV6s3lsE8QjehLRdHvmJFovAqWTFXXyrcHkaHhLCDcEcMsI9S2GdJgJkkGLcYnXkxWihQJjJDfn4lX_NbB4uiZY4qXslnqzV5g== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 161ms
160ms XHR
text/html 142.250.194.78
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVA1cDMcOSI2Uv4YqALQ47g1TXQmhP53rs5AETPmV6s3lsE8QjehLRdHvmJFovAqWTFXXyrcHkaHhLCDcEcMsI9S2GdJgJkkGLcYnXkxWihQJjJDfn4lX_NbB4uiZY4qXslnqzV5g==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.194.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcnrta-bb-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-Wa6xvZybZMf5vxAVX_ma9Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://reurl.cc/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjCtDikmJw1ZBi-FB_mfUHEJv53Wa1A-Jqdy-2ZiC29fdhcwXivTl-bEeBOLPTj60QiHU2-7GZAPH5vX5s14F49U0_ts1ALMTNcWDK45NsAjvO3fJWcknKL4xPzs8rSc0r0U1MKdYFsYsyk0pL8otQ2KllIBU5-enpmXnp8UYGRqaGRgYWegam8QUGAMHpOw8"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-Wa6xvZybZMf5vxAVX_ma9Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://reurl.cc
content-length: 0
x-xss-protection: 0
server: ESF

GET
H3 200 AGSKWxUH4aT7tR8eUj535iVwE8vFsztQYX2hOP_QYdlGfWMFGOc7tQ8WcnQXV3IYaZd3c61h9eDvGrnFq5yXIMna3OSElUV2fIBbnXBBn221-0lo4z_DpBnb0TuC93xlyioeZCN1pHfaww== Show response
fundingchoicesmessages.google.com/f/ 9 KB
4 KB 166ms
165ms Script
application/javascript 142.250.194.78
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxUH4aT7tR8eUj535iVwE8vFsztQYX2hOP_QYdlGfWMFGOc7tQ8WcnQXV3IYaZd3c61h9eDvGrnFq5yXIMna3OSElUV2fIBbnXBBn221-0lo4z_DpBnb0TuC93xlyioeZCN1pHfaww==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzY1MzI5NDcyLDgxMDAwMDAwXSxudWxsLG51bGwsbnVsbCxbbnVsbCxbNyw5XSxudWxsLDIsbnVsbCwiZW4iXSwiaHR0cHM6Ly9yZXVybC5jYy9ZM2dLeGwiLG51bGwsW1s4LCJaXzNBeFNmNWVSQSJdLFs5LCJ6aC1UVyJdLFsxOSwiMiJdLFsxNywiWzBdIl0sWzI0LCIiXSxbMjksImZhbHNlIl1dXQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.194.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcnrta-bb-in-f14.1e100.net

Software

ESF /

Resource Hash

0d33b7573956208fd53e36b885e26d39f07399c53dcf30760f3ad3dda8525677

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-KwHkdqKuF9IcLV6xi1Nl4A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjmsGoxSXF4KohxdB68xzrZCDuWnSedQYQGypcYrUH4g_1l1l_AHGRxBXWBiD-VHWDVaD6BmsS-03WAiA287vNagfE1e5ebM1AbOvvw-YKxN-KfdlYSnzZ9v33ZTsGxHtz_NiOAnFmpx9bIRDrbPZjMwHi83v92K4D8eqbfmybgXiFlz_bBiAW4uY4MOXxSTaBEytO-ytpJOUXxifn55UUZSaVluQXpSWnpRanFpWlFsUbGRiZGhoZWOgZmMYXGAAAS1xNsA"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-KwHkdqKuF9IcLV6xi1Nl4A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 64F8 13 KB
5 KB 398ms
132ms Document
text/html 182.161.74.19
CRITEO-AS-AP Crit...

General

Check archive.org

Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=reurl.cc&gdpr=0&gdpr_consent=

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.74.19 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

8536a980185040ec91e6e85b5211f8ca03c6cb337203989a37c722199792ed33

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 10 Dec 2025 01:17:51 GMT
server: Kestrel
server-processing-duration-in-ticks: 266951
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
x-robots-tag: noindex

GET
H3 200 kCJsgLPeQH3.png
static.xx.fbcdn.net/rsrc.php/v4/yL/r/ Frame 3313 2 KB
3 KB 148ms
148ms Image
image/png 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v4/yL/r/kCJsgLPeQH3.png

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v5/yV/l/1,cross/MZ9aux6A0Qo.css

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

b731f6f512bd9443dcddcf78cebc120726288d861fb81d87e5ffd45155a180a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://static.xx.fbcdn.net/rsrc.php/v5/yV/l/1,cross/MZ9aux6A0Qo.css

Response headers

content-md5: d4hTxoqShN08pWHdIU4OSg==
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Tue, 08 Dec 2026 16:50:40 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: image/png
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: qbK+MNp8/uYTsz8lSkOFzPx7fb2akqwGB4cU7znIIGnF6JQ4/RLQ2QQ0ii34hhp4jH4cmJZycx3FiyWVEpQu2A==
priority: u=3,i
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=143, rtx=0, c=27, mss=1232, tbw=9068, tp=24, tpl=0, uplat=0, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: *
content-length: 2527
origin-agent-cluster: ?1

GET
H3 200 MKQzjVd1bVq.png
static.xx.fbcdn.net/rsrc.php/v4/yD/r/ Frame 3313 548 B
688 B 146ms
146ms Image
image/png 31.13.82.7
FACEBOOK

General

Check archive.org

Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v4/yD/r/MKQzjVd1bVq.png

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v5/yE/l/1,cross/iXGJEr7Orjl.css

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.82.7 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-nrt1.fbcdn.net

Software

Resource Hash

83b7d2afe243941c2527b2d875836ad2cb864290690dd1b253389de3f7bc7da4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://static.xx.fbcdn.net/rsrc.php/v5/yE/l/1,cross/iXGJEr7Orjl.css

Response headers

content-md5: l20F61ct/3QC2rM+eGjRow==
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Wed, 02 Dec 2026 20:42:01 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: image/png
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: FvaJSa5q7sJNTku0kVNKhY3KZXyhZnSgJxw3AbnnNU5JSV/mQrK3AJd9A8LrXKg/i+VLVW/ej/FP/aoIqysfKA==
priority: u=3,i
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: GOOD; q=0.7, rtt=143, rtx=0, c=27, mss=1232, tbw=9068, tp=24, tpl=0, uplat=0, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: *
content-length: 548
origin-agent-cluster: ?1

GET
H2 200 did Show response
track.91app.io/ext/v1/ Frame 5159 46 B
226 B 114ms
82ms Fetch
application/json 35.201.76.198
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://track.91app.io/ext/v1/did
Requested by: Host: tracking-client.91app.com
URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.76.198 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 198.76.201.35.bc.googleusercontent.com
Software: Google Frontend / Express
Resource Hash: f90c386029a40c52eb807fefb6064c3db2022bb489ec916052ab674e15b0d11f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

cache-control: no-cache
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://cdn.holmesmind.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46
date: Wed, 10 Dec 2025 01:17:52 GMT
x-cloud-trace-context: 229ebee8c1b145888ac31042b3c5d368
content-type: application/json; charset=utf-8
x-powered-by: Express
server: Google Frontend
vary: Accept-Encoding

GET
H3 200 did Show response
track.91app.io/ext/v1/ Frame FFE5 46 B
66 B 144ms
85ms Fetch
application/json 35.201.76.198
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://track.91app.io/ext/v1/did
Requested by: Host: tracking-client.91app.com
URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.201.76.198 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 198.76.201.35.bc.googleusercontent.com
Software: Google Frontend / Express
Resource Hash: 6ffe0c47c82257f343c8bc82ba189e8205fecd7e78235513a44c17cf0aa635a3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

cache-control: no-cache
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://cdn.holmesmind.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46
date: Wed, 10 Dec 2025 01:17:52 GMT
x-cloud-trace-context: ad8ceff7d0dfe120d58e5fa907dc262c
content-type: application/json; charset=utf-8
x-powered-by: Express
server: Google Frontend
vary: Accept-Encoding

GET
H2 200 createjs.min.js Show response
code.createjs.com/1.0.0/ Frame 19DF 236 KB
63 KB 477ms
171ms Script
text/javascript 184.27.185.92
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to

Full URL: https://code.createjs.com/1.0.0/createjs.min.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/z/39368/92b9fa070b2808643f4a132b2f45766b/320x480/320x480.html
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 184.27.185.92 Tokyo, Japan, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS: a184-27-185-92.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

x-n: S
cache-control: max-age=900
content-encoding: gzip
expires: Wed, 10 Dec 2025 01:32:52 GMT
accept-ranges: bytes
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: text/javascript
vary: Accept-Encoding
server: Apache

GET
H2 200 320x480.js Show response
cdn.holmesmind.com/z/39368/92b9fa070b2808643f4a132b2f45766b/320x480/ Frame 19DF 108 KB
109 KB 190ms
186ms Script
application/javascript 3.164.121.96
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/z/39368/92b9fa070b2808643f4a132b2f45766b/320x480/320x480.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/z/39368/92b9fa070b2808643f4a132b2f45766b/320x480/320x480.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-96.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8ca4070843ebf59dce3feef85f251b379ac12e07e4674463bb7fe43a421fbaff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/z/39368/92b9fa070b2808643f4a132b2f45766b/320x480/320x480.html

Response headers

x-amz-version-id: jPkDxs1TsQGIVwTwaTx3.iSNcYM7ic74
etag: "42f4b55b24c4ac1a2c12a4bb836e7e53"
via: 1.1 abddbf0eca39746a52a1389ec09fb216.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: RefreshHit from cloudfront
content-length: 111072
x-amz-cf-id: ApH_QqNU0B9yQVpufQwp1HAR_joSfBPRzZQxXXNcbamv2A6-8hVWiA==
date: Wed, 10 Dec 2025 01:17:53 GMT
content-type: application/javascript
last-modified: Fri, 28 Nov 2025 10:17:21 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H/1.1 200
OK pixel
a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b.t.ssp.hinet.net/ Frame 332C 0
177 B 873ms
72ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to Show image

Full URL

https://a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b.t.ssp.hinet.net/pixel?bd=a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b&t=50ef57&referrer=

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

Strict-Transport-Security: max-age=0
Content-Length: 0
Date: Wed, 10 Dec 2025 01:17:53 GMT
Content-Type: image/png
Server: nginx
Connection: keep-alive

GET
H3 200 did Show response
track.91app.io/ext/v1/ Frame F696 46 B
66 B 162ms
81ms Fetch
application/json 35.201.76.198
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://track.91app.io/ext/v1/did
Requested by: Host: tracking-client.91app.com
URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.201.76.198 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 198.76.201.35.bc.googleusercontent.com
Software: Google Frontend / Express
Resource Hash: f90c386029a40c52eb807fefb6064c3db2022bb489ec916052ab674e15b0d11f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

cache-control: no-cache
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://cdn.holmesmind.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46
date: Wed, 10 Dec 2025 01:17:52 GMT
x-cloud-trace-context: 4697180da35da9d7d58e5fa907dc2fee
content-type: application/json; charset=utf-8
x-powered-by: Express
server: Google Frontend
vary: Accept-Encoding

GET
H3 200 did Show response
track.91app.io/ext/v1/ Frame 62B0 46 B
66 B 199ms
83ms Fetch
application/json 35.201.76.198
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://track.91app.io/ext/v1/did
Requested by: Host: tracking-client.91app.com
URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.201.76.198 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 198.76.201.35.bc.googleusercontent.com
Software: Google Frontend / Express
Resource Hash: f90c386029a40c52eb807fefb6064c3db2022bb489ec916052ab674e15b0d11f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

cache-control: no-cache
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://cdn.holmesmind.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46
date: Wed, 10 Dec 2025 01:17:52 GMT
x-cloud-trace-context: 32b2b9d1b3c273a2d58e5fa907dc2e8c
content-type: application/json; charset=utf-8
x-powered-by: Express
server: Google Frontend
vary: Accept-Encoding

GET
H3 200 did Show response
track.91app.io/ext/v1/ Frame A90A 46 B
66 B 230ms
83ms Fetch
application/json 35.201.76.198
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://track.91app.io/ext/v1/did
Requested by: Host: tracking-client.91app.com
URL: https://tracking-client.91app.com/1.2.0/nineyi.tracking.client.iife.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.201.76.198 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 198.76.201.35.bc.googleusercontent.com
Software: Google Frontend / Express
Resource Hash: 6ffe0c47c82257f343c8bc82ba189e8205fecd7e78235513a44c17cf0aa635a3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/

Response headers

cache-control: no-cache
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://cdn.holmesmind.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46
date: Wed, 10 Dec 2025 01:17:52 GMT
x-cloud-trace-context: d8070af90c2c7683d58e5fa907dc2636
content-type: application/json; charset=utf-8
x-powered-by: Express
server: Google Frontend
vary: Accept-Encoding

GET
H2 200 ade-tracker.js Show response
cdn.holmesmind.com/js/modle/ade/ Frame 7F2A 2 KB
0 0ms
0ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/modle/ade/ade-tracker.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 72e9ecb7db91e5a334caa4e36a70071de2851fe7c5a6e4b1028cc80c5be0fa84

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: e6irG_P5F2jdCF9fNky2jWkkhxNctdGx
etag: "cc88de770769cdecaa524a5801120c78"
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: RefreshHit from cloudfront
content-length: 1646
x-amz-cf-id: KXd3TFN-N9EYjXj9TP15AlF6-d01SsKAVDbgHgT3nPQg6qTSbWA_rg==
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: application/javascript
last-modified: Fri, 14 Jul 2023 03:26:15 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 i
ad.holmesmind.com/adserver/ Frame 7F2A 0
64 B 124ms
124ms Image
image/png 18.176.230.233
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://ad.holmesmind.com/adserver/i?ut=1765329471&p=13861:231972:291409:8c66248a3e8ce101c3e6f1755aeb8802:37985
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.176.230.233 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-176-230-233.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: image/png
server: nginx

GET DFHeiStd-W9.woff
cdn.holmesmind.com/image/creative/20240802/guild/ Frame 7F2A 0
0

GET
H2 200 main.js Show response
cdn.holmesmind.com/module/product/bottom/bottom_popupImage/ Frame C6DC 29 KB
29 KB 191ms
191ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/module/product/bottom/bottom_popupImage/main.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5e6b0fcd41bdb8173bd00bd9234767246098090f2cddaa5ce75b21fcc7780dfc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: lNirYf2KXKZwI4lo1FtEp.YfhWC9nymf
etag: "cdf83e8561809b47b46991bb20e9769c"
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: RefreshHit from cloudfront
content-length: 29244
x-amz-cf-id: lCSaQqSdQgStRXDrPpxaxI_erKZjQOA9VUsF4dSYntP-iCsIOIyFUA==
date: Wed, 10 Dec 2025 01:17:53 GMT
content-type: application/javascript
last-modified: Wed, 21 Aug 2024 05:57:31 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 cf.png
cdn.holmesmind.com/ Frame C6DC 2 KB
0 147ms
147ms Image
image/png 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://cdn.holmesmind.com/cf.png
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bca7ee31fc622c935a1ba3d3d012111f3aab926dc898ed011513fc7a9145f90e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: JXDsYp0MpCsC07xlgs6M6Edv23lP_HUM
etag: "7cb0cc414e01c6f48a9eefee02d81959"
age: 41114
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 2399
x-amz-cf-id: yO4ob0HZNZJxwlvsvEYsKzlFBV2nwrgW3zAIOJeTB87xCiyvyfi2OQ==
date: Tue, 09 Dec 2025 13:52:38 GMT
content-type: image/png
last-modified: Mon, 19 Jun 2023 03:09:39 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 main.js Show response
cdn.holmesmind.com/module/product/bottom/bottom_popupImage/ Frame 332C 29 KB
0 179ms
179ms Script
application/javascript 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/module/product/bottom/bottom_popupImage/main.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5e6b0fcd41bdb8173bd00bd9234767246098090f2cddaa5ce75b21fcc7780dfc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: lNirYf2KXKZwI4lo1FtEp.YfhWC9nymf
etag: "cdf83e8561809b47b46991bb20e9769c"
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: RefreshHit from cloudfront
content-length: 29244
x-amz-cf-id: lCSaQqSdQgStRXDrPpxaxI_erKZjQOA9VUsF4dSYntP-iCsIOIyFUA==
date: Wed, 10 Dec 2025 01:17:53 GMT
content-type: application/javascript
last-modified: Wed, 21 Aug 2024 05:57:31 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 cf.png
cdn.holmesmind.com/ Frame 332C 2 KB
0 147ms
147ms Image
image/png 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://cdn.holmesmind.com/cf.png
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bca7ee31fc622c935a1ba3d3d012111f3aab926dc898ed011513fc7a9145f90e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: JXDsYp0MpCsC07xlgs6M6Edv23lP_HUM
etag: "7cb0cc414e01c6f48a9eefee02d81959"
age: 41114
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 2399
x-amz-cf-id: yO4ob0HZNZJxwlvsvEYsKzlFBV2nwrgW3zAIOJeTB87xCiyvyfi2OQ==
date: Tue, 09 Dec 2025 13:52:38 GMT
content-type: image/png
last-modified: Mon, 19 Jun 2023 03:09:39 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H/1.1 200
OK pixel
a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b.t.ssp.hinet.net/ Frame C895 0
177 B 873ms
73ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to Show image

Full URL

https://a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b.t.ssp.hinet.net/pixel?bd=a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b&t=50ef57&referrer=

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

Strict-Transport-Security: max-age=0
Content-Length: 0
Date: Wed, 10 Dec 2025 01:17:53 GMT
Content-Type: image/png
Server: nginx
Connection: keep-alive

GET
H2 200 i
ad.holmesmind.com/adserver/ Frame E217 0
64 B 123ms
122ms Image
image/png 18.176.230.233
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://ad.holmesmind.com/adserver/i?ut=1765329471&p=14210:244087:299209:be74b08d3c637e8ceb6c0eba2cd4ee73:36478
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.176.230.233 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-176-230-233.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: image/png
server: nginx

GET
H2 200 979d33b193d7fd190249a0fbd6d9b6b5.jpg
cdn.holmesmind.com/image/36478/ Frame E217 73 KB
74 KB 150ms
149ms Image
image/jpeg 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://cdn.holmesmind.com/image/36478/979d33b193d7fd190249a0fbd6d9b6b5.jpg
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cd80937d0e779c545c7969e749a75728012ca7d2b5a857f03ec52adaa947a1c7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

vary: accept-encoding
x-amz-version-id: LuVv4Ty4xtHHx0dqwRbecgr3YppC_cbK
etag: "9c8a05de3b2ca7adcad0a5806b11ae5d"
age: 62895
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 75064
x-amz-cf-id: 87u2HLxisLEIzUBh8hXlJ0RlxMOPkznrf3CZUOFSqJUJWAAsJdZUMg==
date: Tue, 09 Dec 2025 07:49:38 GMT
content-type: image/jpeg
last-modified: Thu, 27 Nov 2025 06:17:25 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 i
ad.holmesmind.com/adserver/ Frame 4D86 0
64 B 123ms
122ms Image
image/png 18.176.230.233
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://ad.holmesmind.com/adserver/i?ut=1765329471&p=18535:244087:299212:b5de7e43b23775f918550ae0ea6b298c:36478
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.176.230.233 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-176-230-233.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: image/png
server: nginx

GET
H2 200 f906d20bc98dd2cc4eb7e69847ee6230.jpg
cdn.holmesmind.com/image/36478/ Frame 4D86 117 KB
117 KB 168ms
168ms Image
image/jpeg 3.164.121.106
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://cdn.holmesmind.com/image/36478/f906d20bc98dd2cc4eb7e69847ee6230.jpg
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-106.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 28ae84511e3b105c273ef15ec49e6c1735b692a4404bd16ffbef4878f87b7570

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-version-id: 8sO5tXfieINin7I8gpDr3h_lhU6daMs3
etag: "033a99efc28b19da9a16cdafbdb8753d"
age: 4192
via: 1.1 ef359af61e64577c628090c2363bcb22.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 119761
x-amz-cf-id: 6Hp0Raymm-hI0N4da2XLQRiyB_rwr0zZ7SoDG0EMhqEThtL0kW33tw==
date: Wed, 10 Dec 2025 00:08:01 GMT
content-type: image/jpeg
last-modified: Thu, 27 Nov 2025 06:17:26 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

POST
H2 204 collect
analytics.google.com/g/ Frame C895 0
0 81ms
76ms Fetch
text/plain 216.239.34.181
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-F6EJJH79R2&gtm=45je5c90v9235663064za200zd9235663064&_p=1765329471718&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tcfd=10000&cid=1890991025.1765329470&ul=zh-tw&sr=1600x1200&_ng=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=1&pscdl=noapi&_s=1&tag_exp=103116026~103200004~104527906~104528500~104684208~104684211~105391252~115583767~115616986~115938465~115938469~116184927~116184929~116217636~116217638~116251938~116251940&sid=1765329472&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2FY3gKxl&dt=&en=page_view&_fv=1&_ss=1&_ee=1&tfd=2471
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-F6EJJH79R2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.34.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:171:0
report-to: {"group":"ascnsrsggc:171:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:171:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://reurl.cc
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:171:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ Frame C895 0
57 B 78ms
74ms Ping
text/plain 142.251.8.157
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&_ng=1&tid=G-F6EJJH79R2&cid=1890991025.1765329470&gtm=45je5c90v9235663064za200zd9235663064&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=1&tag_exp=103116026~103200004~104527906~104528500~104684208~104684211~105391252~115583767~115616986~115938465~115938469~116184927~116184929~116217636~116217638~116251938~116251940
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-F6EJJH79R2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.8.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: tb-in-f157.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:139:0
report-to: {"group":"ascnsrsggc:139:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:139:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://reurl.cc
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:139:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 ga-audiences
www.google.com.tw/ads/ Frame C895 42 B
107 B 158ms
155ms Image
image/gif 142.251.42.163
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://www.google.com.tw/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ng=1&tid=G-F6EJJH79R2&cid=1890991025.1765329470&gtm=45je5c90v9235663064za200zd9235663064&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=1&tag_exp=103116026~103200004~104527906~104528500~104684208~104684211~105391252~115583767~115616986~115938465~115938469~116184927~116184929~116217636~116217638~116251938~116251940&z=1374936065

Requested by

Host: reurl.cc
URL: https://reurl.cc/Y3gKxl

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.42.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s46-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Wed, 10 Dec 2025 01:17:52 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET cm
ad.holmesmind.com/adserver/ Frame 571C 0
0

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 235 B
690 B 129ms
127ms XHR
application/json 13.213.216.213
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://bcp.crwdcntrl.net/6/map?xcid=16589

Requested by

Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.213.216.213 Singapore, Singapore, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-213-216-213.ap-southeast-1.compute.amazonaws.com

Software

Resource Hash

d29fa03e123c1fe5926f78c91f58fe07cdd16bbac1dd25247bda0c19066b1b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains
cache-control: no-cache
pragma: no-cache
access-control-allow-credentials: true
expires: 0
access-control-allow-origin: https://reurl.cc
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
content-length: 235
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: application/json;charset=utf-8

GET cm
ad.holmesmind.com/adserver/ Frame 5159 0
0

POST
H2 204 collect
analytics.google.com/g/ Frame 4D86 0
0 78ms
78ms Fetch
text/plain 216.239.34.181
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-M4J67EDHV2&gtm=45je5c91h2v9235662620za200zd9235662620&_p=1765329472061&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tcfd=10000&cid=1890991025.1765329470&ul=zh-tw&sr=1600x1200&_ng=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=1&pscdl=noapi&_s=1&tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391253~115583767~115938466~115938468~116184927~116184929~116217636~116217638~116251938~116251940&sid=1765329472&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2FY3gKxl&dt=&en=page_view&_fv=1&_ss=1&_ee=1&tfd=2529
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-M4J67EDHV2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.34.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:171:0
report-to: {"group":"ascnsrsggc:171:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:171:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://reurl.cc
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:171:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ Frame 4D86 0
57 B 76ms
75ms Ping
text/plain 142.251.8.157
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&_ng=1&tid=G-M4J67EDHV2&cid=1890991025.1765329470&gtm=45je5c91h2v9235662620za200zd9235662620&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=1&tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391253~115583767~115938466~115938468~116184927~116184929~116217636~116217638~116251938~116251940
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-M4J67EDHV2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.8.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: tb-in-f157.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:139:0
report-to: {"group":"ascnsrsggc:139:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:139:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://reurl.cc
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:139:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 ga-audiences
www.google.com.tw/ads/ Frame 4D86 42 B
107 B 161ms
160ms Image
image/gif 142.251.42.163
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://www.google.com.tw/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ng=1&tid=G-M4J67EDHV2&cid=1890991025.1765329470&gtm=45je5c91h2v9235662620za200zd9235662620&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=1&tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391253~115583767~115938466~115938468~116184927~116184929~116217636~116217638~116251938~116251940&z=1288139034

Requested by

Host: reurl.cc
URL: https://reurl.cc/Y3gKxl

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.42.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s46-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Wed, 10 Dec 2025 01:17:52 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET cm
ad.holmesmind.com/adserver/ Frame FFE5 0
0

GET
H2 200 json Show response
gum.criteo.com/sid/ Frame 64F8 441 B
930 B 136ms
136ms Fetch
application/json 182.161.74.19
CRITEO-AS-AP Crit...

General

Check archive.org

Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=publishertagids&domain=reurl.cc&sn=ChromeSyncframe&so=0&topUrl=reurl.cc

Requested by

Host: gum.criteo.com
URL: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=reurl.cc&gdpr=0&gdpr_consent=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.74.19 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

04cae14f53d2ac4fb3c0b19b7fc7cbf69943f9b64c9feaebd2b17565c1513ce0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=reurl.cc&gdpr=0&gdpr_consent=

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
pragma: no-cache
server-processing-duration-in-ticks: 1266527
expires: 0
date: Wed, 10 Dec 2025 01:17:51 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: Kestrel

POST
H2 204 collect
analytics.google.com/g/ Frame C895 0
0 81ms
80ms Fetch
text/plain 216.239.34.181
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-F6EJJH79R2&gtm=45je5c90v9235663064za200zd9235663064&_p=1765329471718&_gaz=1&gcs=G1--&gcd=13l3l3l3l5l1&npa=0&dma=0&tcfd=10000&cid=1890991025.1765329470&ul=zh-tw&sr=1600x1200&_ng=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=1&pscdl=noapi&_eu=AEAAAAQ&_s=2&tag_exp=103116026~103200004~104527906~104528500~104684208~104684211~105391252~115583767~115616986~115938465~115938469~116184927~116184929~116217636~116217638~116251938~116251940&sid=1765329472&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2FY3gKxl&dt=&en=scroll&epn.percent_scrolled=90&tfd=2547
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-F6EJJH79R2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.34.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:171:0
report-to: {"group":"ascnsrsggc:171:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:171:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://reurl.cc
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:171:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 ga-audiences
www.google.com.tw/ads/ Frame C895 42 B
107 B 157ms
157ms Image
image/gif 142.251.42.163
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://www.google.com.tw/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ng=1&tid=G-F6EJJH79R2&cid=1890991025.1765329470&gtm=45je5c90v9235663064za200zd9235663064&aip=1&dma=0&gcs=G1--&gcd=13l3l3l3l5l1&npa=0&frm=1&tag_exp=103116026~103200004~104527906~104528500~104684208~104684211~105391252~115583767~115616986~115938465~115938469~116184927~116184929~116217636~116217638~116251938~116251940&z=685959017

Requested by

Host: reurl.cc
URL: https://reurl.cc/Y3gKxl

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.42.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s46-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Wed, 10 Dec 2025 01:17:52 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET cm
ad.holmesmind.com/adserver/ Frame F696 0
0

GET
H2 200 i
ad.holmesmind.com/adserver/ Frame C6DC 0
64 B 125ms
124ms Image
image/png 18.176.230.233
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://ad.holmesmind.com/adserver/i?ut=1765329471&p=22214:245187:299876:f78195253e82e5019f855725a646f79f:39418
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.176.230.233 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-176-230-233.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: image/png
server: nginx

GET
H2 200 i
ad.holmesmind.com/adserver/ Frame 332C 0
64 B 126ms
126ms Image
image/png 18.176.230.233
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://ad.holmesmind.com/adserver/i?ut=1765329471&p=14209:245187:299876:eb0d33b2ffffa62a237c2089eb4b3802:39418
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.176.230.233 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-176-230-233.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: image/png
server: nginx

GET
H/1.1 200
OK result.json Show response
tpe-stock.s3.ap-northeast-1.amazonaws.com/IX0001/ Frame 7F2A 708 B
1 KB 425ms
155ms Fetch
binary/octet-stream 3.5.157.81
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://tpe-stock.s3.ap-northeast-1.amazonaws.com/IX0001/result.json?random=42046
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: HTTP/1.1
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 3.5.157.81 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 56215d229ed36047aadeee570259e970b1e62987173c5e39cd0d1a260fa7ff4a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

x-amz-server-side-encryption: AES256
Access-Control-Max-Age: 3000
ETag: "19bc88b13407b5342a1178f2c23f6661"
Access-Control-Allow-Methods: GET
x-amz-request-id: MJQCNTP4H45GVERH
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Length: 708
Date: Wed, 10 Dec 2025 01:17:54 GMT
Last-Modified: Wed, 10 Dec 2025 01:17:31 GMT
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Server: AmazonS3
Content-Type: binary/octet-stream
x-amz-id-2: qSXMwDDX0bY7tjdAjlf/8xq8aNGvzUuEXNc9+6YoVEXXLyssy6ZWcKBwy+h791xgFgC69ezui6S8MEpjpiSQhpqxjBoM+1OT

POST
H2 204 collect
analytics.google.com/g/ Frame 4D86 0
0 77ms
77ms Fetch
text/plain 216.239.34.181
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-M4J67EDHV2&gtm=45je5c91h2v9235662620za200zd9235662620&_p=1765329472061&_gaz=1&gcs=G1--&gcd=13l3l3l3l5l1&npa=0&dma=0&tcfd=10000&cid=1890991025.1765329470&ul=zh-tw&sr=1600x1200&_ng=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=1&pscdl=noapi&_eu=AEAAAAQ&_s=2&tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391253~115583767~115938466~115938468~116184927~116184929~116217636~116217638~116251938~116251940&sid=1765329472&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2FY3gKxl&dt=&en=scroll&epn.percent_scrolled=90&tfd=2582
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-M4J67EDHV2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.34.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:171:0
report-to: {"group":"ascnsrsggc:171:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:171:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://reurl.cc
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:171:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 ga-audiences
www.google.com.tw/ads/ Frame 4D86 42 B
107 B 153ms
152ms Image
image/gif 142.251.42.163
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://www.google.com.tw/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ng=1&tid=G-M4J67EDHV2&cid=1890991025.1765329470&gtm=45je5c91h2v9235662620za200zd9235662620&aip=1&dma=0&gcs=G1--&gcd=13l3l3l3l5l1&npa=0&frm=1&tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391253~115583767~115938466~115938468~116184927~116184929~116217636~116217638~116251938~116251940&z=1594436480

Requested by

Host: reurl.cc
URL: https://reurl.cc/Y3gKxl

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.42.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s46-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Wed, 10 Dec 2025 01:17:52 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

POST
H3 204 ping
pagead2.googlesyndication.com/pagead/ 0
0 366ms
144ms Fetch
text/html 142.250.196.34
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/pubads_impl.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.196.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: maa03s45-in-f2.1e100.net
Software: /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://reurl.cc/

Response headers

GET cm
ad.holmesmind.com/adserver/ Frame 62B0 0
0

GET
DATA 200
OK truncated
/ Frame E217 351 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f31502bd8b58a334acc32b695f096fde6dd136fa1106f2d2d9fb4825d41b1abb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 4D86 351 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f31502bd8b58a334acc32b695f096fde6dd136fa1106f2d2d9fb4825d41b1abb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET cm
ad.holmesmind.com/adserver/ Frame A90A 0
0

GET
H2 200 _016.jpg
cdn.holmesmind.com/z/39368/92b9fa070b2808643f4a132b2f45766b/320x480/images/ Frame 19DF 108 KB
109 KB 144ms
144ms Image
image/jpeg 3.164.121.96
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://cdn.holmesmind.com/z/39368/92b9fa070b2808643f4a132b2f45766b/320x480/images/_016.jpg?1764097388601
Requested by: Host: reurl.cc
URL: https://reurl.cc/Y3gKxl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-96.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 31044e22660bf72b12776b4cfd362a81040f63a8cfd316098c986ddef16c7e7c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/z/39368/92b9fa070b2808643f4a132b2f45766b/320x480/320x480.html

Response headers

x-amz-version-id: zpGtz6t6nYt65eGUkBKMYsCHpP2CBUN4
etag: "9b48db55e3f46310f620a3d973f87442"
age: 4510
via: 1.1 abddbf0eca39746a52a1389ec09fb216.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 111030
x-amz-cf-id: OoEW2JdgtIYS3qOABz4Jz_8hu3li66JJQsk68X3R-gwoICGVhjdKFg==
date: Wed, 10 Dec 2025 00:02:43 GMT
content-type: image/jpeg
last-modified: Fri, 28 Nov 2025 10:17:21 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 av Show response
ad.holmesmind.com/adserver/ Frame BFAA 0
139 B 122ms
122ms Script
text/html 18.176.230.233
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ad.holmesmind.com/adserver/av?p=13861:231972:291409:8c66248a3e8ce101c3e6f1755aeb8802:37985&type=1
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/drawV2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.176.230.233 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-176-230-233.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: gzip
date: Wed, 10 Dec 2025 01:17:53 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame CFB1 13 KB
5 KB 137ms
136ms Document
text/html 182.161.74.19
CRITEO-AS-AP Crit...

General

Check archive.org

Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.74.19 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

8536a980185040ec91e6e85b5211f8ca03c6cb337203989a37c722199792ed33

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 10 Dec 2025 01:17:52 GMT
server: Kestrel
server-processing-duration-in-ticks: 785658
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
x-robots-tag: noindex

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 2259 13 KB
0 132ms
132ms Document
text/html 182.161.74.19
CRITEO-AS-AP Crit...

General

Check archive.org

Download Go to

Full URL: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 182.161.74.19 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),
Reverse DNS
Software: Kestrel /
Resource Hash: 8536a980185040ec91e6e85b5211f8ca03c6cb337203989a37c722199792ed33

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 10 Dec 2025 01:17:52 GMT
server: Kestrel
server-processing-duration-in-ticks: 785658
vary: Accept-Encoding
x-robots-tag: noindex

GET
H3 200 sodar Show response
ep1.adtrafficquality.google/getconfig/ 18 KB
14 KB 330ms
176ms XHR
application/json 142.250.196.34
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gpt&tv=m202512040101&st=env&sjk=6451195994897883

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.196.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

maa03s45-in-f2.1e100.net

Software

cafe /

Resource Hash

86103a4ec9737f571df1f46c6cc28af14f5730e949bf078f74ea3a8c8254ed66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

timing-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 13815
date: Wed, 10 Dec 2025 01:17:53 GMT
x-xss-protection: 0
content-type: application/json; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 _02.jpg
cdn.holmesmind.com/z/39368/92b9fa070b2808643f4a132b2f45766b/320x480/images/ Frame 19DF 32 KB
33 KB 142ms
142ms Image
image/jpeg 3.164.121.96
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://cdn.holmesmind.com/z/39368/92b9fa070b2808643f4a132b2f45766b/320x480/images/_02.jpg?1764097388601
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-96.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 72b1fa87a30ed1e60fd3dd2ebfec5d4efc7d3d8c73d160d2b3a4254454a68fd6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/z/39368/92b9fa070b2808643f4a132b2f45766b/320x480/320x480.html

Response headers

vary: accept-encoding
x-amz-version-id: lCHuDRwL.kyC0FEC70QgPK6rohNLTkEE
etag: "adfb9d5ec055afae74893cd1b3e11577"
age: 2457
via: 1.1 abddbf0eca39746a52a1389ec09fb216.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 32872
x-amz-cf-id: aWNEUX2wgg69TuVveaLC2OQv4M0bl8wMww3GUYvvphozd2L--lGIoA==
date: Wed, 10 Dec 2025 00:36:57 GMT
content-type: image/jpeg
last-modified: Fri, 28 Nov 2025 10:17:21 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 json Show response
gum.criteo.com/sid/ Frame CFB1 433 B
920 B 133ms
132ms Fetch
application/json 182.161.74.19
CRITEO-AS-AP Crit...

General

Check archive.org

Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=ChromeSyncframe&so=3&topUrl=reurl.cc&bundle=GtBSeF9zSTNYNkVldmZCJTJGTWpBJTJGUUFYT0REOGlOTVRUbEdGcXppeSUyQnU5Vk1Xdk9sR0tQT0dLN21ZdmVhaGVvOEJKS0ViJTJGc1FsQ09RMWI3NENEVWVxU2wyM1YwazRJNkRUaGtpcTNyMEUxJTJGJTJCN1Z3bENlT0VKTEJkTkRMdFJxNExxMFY2MUYlMkZvQU1oSm4xV2JHTElKeDhxZ2t5dyUzRCUzRA

Requested by

Host: gum.criteo.com
URL: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.74.19 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

d6ec7ee4f9b0e5adb14f515f434ffb4435146cda8608be1be1cc5214371de429

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
pragma: no-cache
server-processing-duration-in-ticks: 872509
expires: 0
date: Wed, 10 Dec 2025 01:17:52 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: Kestrel

GET
H2 200 json Show response
gum.criteo.com/sid/ Frame 2259 430 B
928 B 259ms
132ms Fetch
application/json 182.161.74.19
CRITEO-AS-AP Crit...

General

Check archive.org

Download Go to

Full URL

Requested by

Host: gum.criteo.com
URL: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.74.19 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

9bc6fdda00d959fd4830840d08aa15eec00a127e8f8cedb60d059ae16ab125db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
pragma: no-cache
server-processing-duration-in-ticks: 1004628
expires: 0
date: Wed, 10 Dec 2025 01:17:53 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: Kestrel

GET
H2 200 _03.jpg
cdn.holmesmind.com/z/39368/92b9fa070b2808643f4a132b2f45766b/320x480/images/ Frame 19DF 21 KB
21 KB 142ms
142ms Image
image/jpeg 3.164.121.96
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://cdn.holmesmind.com/z/39368/92b9fa070b2808643f4a132b2f45766b/320x480/images/_03.jpg?1764097388601
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-96.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4903aa530b66d97f297f458a51a822a039d57a2da5df6bf464ec3632faaf50b5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/z/39368/92b9fa070b2808643f4a132b2f45766b/320x480/320x480.html

Response headers

x-amz-version-id: aEhhDV8b7ebbMxOLxA8yba_IymxQfZd1
etag: "40d36ae281b9c003ee4a6b24aa2b8d0c"
age: 4511
via: 1.1 abddbf0eca39746a52a1389ec09fb216.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 21410
x-amz-cf-id: _Zh-dMwsno-83SNtYdNyjJeP3AuKRs4Az_Jd2R5cj_fU7VCCyPpoIA==
date: Wed, 10 Dec 2025 00:02:43 GMT
content-type: image/jpeg
last-modified: Fri, 28 Nov 2025 10:17:22 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 favicon.ico
word-pt0777.blogspot.com/ 4 KB
715 B 644ms
374ms Other
image/x-icon 142.251.42.129
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://word-pt0777.blogspot.com/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.42.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s45-in-f1.1e100.net

Software

GSE /

Resource Hash

a1495da3cf3db37bf105a12658636ff628fee7b73975b9200049af7747e60b1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: private, max-age=86400
content-encoding: gzip
etag: W/"3d06b472e97dd89511704b93d3c8bbbc8051d87ddc5863147f945b1ef1216c30"
x-content-type-options: nosniff
expires: Wed, 10 Dec 2025 01:17:53 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 412
date: Wed, 10 Dec 2025 01:17:53 GMT
x-xss-protection: 1; mode=block
content-type: image/x-icon; charset=UTF-8
last-modified: Sat, 25 Oct 2025 01:50:18 GMT
server: GSE

GET
H3 200 adlink Show response
fundingchoicesmessages.google.com/f/AGSKWxXmopI_dAPvvZ8qDwSWfZKu4UVl6xVAu8Z6P9IO4NNPg-nfLpAvaXMUCG1J2dmikbU9_Mjxjtjt-Nd5-mVxeTqkn5_u4xlkendFzaKGyk8solZELADRQV83MCWfNEOCnb2lkgPI127E3Ib6OF0b5hzncbTfs... 54 B
109 B 167ms
165ms Script
application/javascript 142.250.194.78
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXmopI_dAPvvZ8qDwSWfZKu4UVl6xVAu8Z6P9IO4NNPg-nfLpAvaXMUCG1J2dmikbU9_Mjxjtjt-Nd5-mVxeTqkn5_u4xlkendFzaKGyk8solZELADRQV83MCWfNEOCnb2lkgPI127E3Ib6OF0b5hzncbTfswE5w6vUmWYmc7AjsFv3XEZbIW1-oViX/_/adlink?/adrotator_/OAS/show?/ad-blacklist./adtagtranslator.

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.zh_TW.Z_3AxSf5eRA.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMxUYaQlJjwCCEoe84n7Un5ZCZTJPg/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.194.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcnrta-bb-in-f14.1e100.net

Software

ESF /

Resource Hash

8ad1742a817bc3af99a4b2fe0d34a60308bfd9469921e66856c957afd0c70b9d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-qUVReMtU0KQnCpjzTvIeJw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 10 Dec 2025 01:17:53 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjWsCoxSXF4KEhxdB68xzrZCDuWnSedQYQGypcYrUH4g_1l1l_AHGRxBXWBiD-VHWDVaD6BmsS-03WAiA287vNagfE1e5ebM1AbOvvw-YKxN-KfdlYSnzZ9v33ZTsGxHtz_NiOAnFmpx9bIRDrbPZjMwHi83v92K4D8eqbfmybgXiFlz_bBhD282fbAcRCPBwHpzw-ySbw4-uUK4xKGkn5hfHJ-XklRZlJpSX5RWnJaanFqUVlqUXxRgZGpoZGBhZ6BqbxBQYAKV1RNw"
content-security-policy: script-src 'report-sample' 'nonce-qUVReMtU0KQnCpjzTvIeJw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 162 KB
55 KB 201ms
199ms Script
text/javascript 142.250.196.34
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?fcd=true

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.zh_TW.Z_3AxSf5eRA.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMxUYaQlJjwCCEoe84n7Un5ZCZTJPg/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.196.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

maa03s45-in-f2.1e100.net

Software

cafe /

Resource Hash

2472377840c3896fca1b9ceb3fb8943b860af3d30950d660d9557718784daadc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: br
etag: 6635745500016954257
x-content-type-options: nosniff
expires: Wed, 10 Dec 2025 01:17:53 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Wed, 10 Dec 2025 01:17:53 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 55770
x-xss-protection: 0
server: cafe

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVSQ34WID80EkOpuEZq_yI4Va_zP_qrJrJKFjd6BcnrGAuregADXt1TI40qNsThDAqg0ePMA2u-GwBJ0YUO7WbcgAT_fWHg3tDadC6s458N_1wG2JzKdcVQoOMJDgg8ubCdkDnviA==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.194.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcnrta-bb-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-MIVB5Lb8OhMRS_oOnwCifg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://reurl.cc/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 10 Dec 2025 01:17:53 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjCtDikmII1JBi-FB_mfUHEJv53Wa1A-Jqdy-2ZiC29fdhcwXivTl-bEeBOLPTj60QiHU2-7GZAPH5vX5s14F49U0_ts1ALMTDcXDK45NsAhumfznPqOSSlF8Yn5yfV5KaV6KbmFKsC2IXZSaVluQXobBTy0AqcvLT0zPz0uONDIxMDY0MLPQMTOMLDAAGnzt9"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-MIVB5Lb8OhMRS_oOnwCifg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://reurl.cc
content-length: 0
x-xss-protection: 0
server: ESF

GET
H2 200 _04.jpg
cdn.holmesmind.com/z/39368/92b9fa070b2808643f4a132b2f45766b/320x480/images/ Frame 19DF 98 KB
98 KB 143ms
142ms Image
image/jpeg 3.164.121.96
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://cdn.holmesmind.com/z/39368/92b9fa070b2808643f4a132b2f45766b/320x480/images/_04.jpg?1764097388601
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-96.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6f4a53f5cbc31f7bbe676ce2c0b388fa32c1ec0fa7e4c257dfa78f393fa39ea8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/z/39368/92b9fa070b2808643f4a132b2f45766b/320x480/320x480.html

Response headers

vary: accept-encoding
x-amz-version-id: .5H8xVdQ9GD2095ylE8NLzkomPIQsqWD
etag: "066445858edf8b922f286a5245021db3"
age: 2457
via: 1.1 abddbf0eca39746a52a1389ec09fb216.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 100119
x-amz-cf-id: F2KxD0qeaMpcIIlzSqo53t32UABRQY6k1CTvS6Pd12zlTOdhlnXhng==
date: Wed, 10 Dec 2025 00:36:57 GMT
content-type: image/jpeg
last-modified: Fri, 28 Nov 2025 10:17:22 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 av Show response
ad.holmesmind.com/adserver/ Frame E217 0
139 B 123ms
122ms Script
text/html 18.176.230.233
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ad.holmesmind.com/adserver/av?p=14210:244087:299209:be74b08d3c637e8ceb6c0eba2cd4ee73:36478&type=1
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/drawV2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.176.230.233 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-176-230-233.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: gzip
date: Wed, 10 Dec 2025 01:17:53 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx

GET
H2 200 sodar2.js Show response
ep2.adtrafficquality.google/sodar/ 20 KB
7 KB 416ms
153ms Script
text/javascript 142.250.196.129
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://ep2.adtrafficquality.google/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202512040101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.196.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s36-in-f1.1e100.net

Software

sffe /

Resource Hash

a7f65c0446b6cac3175458f6388304d0c23e70d11fa0db20920a619f1bc18623

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: gzip
etag: "1747411493688989"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options: nosniff
expires: Wed, 10 Dec 2025 01:17:53 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 10 Dec 2025 01:17:53 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: private, max-age=3000
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 7188
x-xss-protection: 0
server: sffe

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVSQ34WID80EkOpuEZq_yI4Va_zP_qrJrJKFjd6BcnrGAuregADXt1TI40qNsThDAqg0ePMA2u-GwBJ0YUO7WbcgAT_fWHg3tDadC6s458N_1wG2JzKdcVQoOMJDgg8ubCdkDnviA==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.194.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcnrta-bb-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-E5JtAA4xSFz57EPjJObDnw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://reurl.cc/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 10 Dec 2025 01:17:53 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjCtDikmII1pBi-FB_mfUHEJv53Wa1A-Jqdy-2ZiC29fdhcwXivTl-bEeBOLPTj60QiHU2-7GZAPH5vX5s14F49U0_ts1ALMTDcXDK45NsAjcOblzApOSSlF8Yn5yfV5KaV6KbmFKsC2IXZSaVluQXobBTy0AqcvLT0zPz0uONDIxMDY0MLPQMTOMLDAD_oDtg"
content-security-policy: script-src 'report-sample' 'nonce-E5JtAA4xSFz57EPjJObDnw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://reurl.cc
content-length: 0
x-xss-protection: 0
server: ESF

GET
H2 200 _05.jpg
cdn.holmesmind.com/z/39368/92b9fa070b2808643f4a132b2f45766b/320x480/images/ Frame 19DF 20 KB
20 KB 143ms
143ms Image
image/jpeg 3.164.121.96
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://cdn.holmesmind.com/z/39368/92b9fa070b2808643f4a132b2f45766b/320x480/images/_05.jpg?1764097388601
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.164.121.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-164-121-96.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ab8045723213227290fb74ddf6ba2b2ad335bc0325a88348528235b8da5b7c05

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://cdn.holmesmind.com/z/39368/92b9fa070b2808643f4a132b2f45766b/320x480/320x480.html

Response headers

x-amz-version-id: l6kXEhsgBWG06LWzJbHnp8qFmVAe.4SV
etag: "3cc9dd7df2ca986fa38575816606d9b6"
age: 4511
via: 1.1 abddbf0eca39746a52a1389ec09fb216.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 20458
x-amz-cf-id: fVXa8rtJP7gmyi716B9FODtcEsuuR3atsrEWgwKpBMlAahPvwyzOaA==
date: Wed, 10 Dec 2025 00:02:43 GMT
content-type: image/jpeg
last-modified: Fri, 28 Nov 2025 10:17:22 GMT
server: AmazonS3
x-amz-cf-pop: NRT12-P3
x-amz-server-side-encryption: AES256

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVSQ34WID80EkOpuEZq_yI4Va_zP_qrJrJKFjd6BcnrGAuregADXt1TI40qNsThDAqg0ePMA2u-GwBJ0YUO7WbcgAT_fWHg3tDadC6s458N_1wG2JzKdcVQoOMJDgg8ubCdkDnviA==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.194.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcnrta-bb-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-yhIpCeEiB_-hnmyBsBjsqQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://reurl.cc/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 10 Dec 2025 01:17:53 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjCtDikmII0pBi-FB_mfUHEJv53Wa1A-Jqdy-2ZiC29fdhcwXivTl-bEeBOLPTj60QiHU2-7GZAPH5vX5s14F49U0_ts1ALMTDcXDK45NsAh_eLPnEpOSSlF8Yn5yfV5KaV6KbmFKsC2IXZSaVluQXobBTy0AqcvLT0zPz0uONDIxMDY0MLPQMTOMLDAAl4Dvn"
content-security-policy: script-src 'report-sample' 'nonce-yhIpCeEiB_-hnmyBsBjsqQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://reurl.cc
content-length: 0
x-xss-protection: 0
server: ESF

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVSQ34WID80EkOpuEZq_yI4Va_zP_qrJrJKFjd6BcnrGAuregADXt1TI40qNsThDAqg0ePMA2u-GwBJ0YUO7WbcgAT_fWHg3tDadC6s458N_1wG2JzKdcVQoOMJDgg8ubCdkDnviA==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.194.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcnrta-bb-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-mYwrprPEFmSo9s15kqNL7w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://reurl.cc/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 10 Dec 2025 01:17:53 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjCtDikmLw0JBi-FB_mfUHEJv53Wa1A-Jqdy-2ZiC29fdhcwXivTl-bEeBOLPTj60QiHU2-7GZAPH5vX5s14F49U0_ts1ALMTDcXDK45NsAhfm3PvEpOSSlF8Yn5yfV5KaV6KbmFKsC2IXZSaVluQXobBTy0AqcvLT0zPz0uONDIxMDY0MLPQMTOMLDAAPqjun"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-mYwrprPEFmSo9s15kqNL7w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://reurl.cc
content-length: 0
x-xss-protection: 0
server: ESF

GET
H3 200 AGSKWxVwXfWs3FoVY3ac0zv_BtZ45dEgk_Q4EOT2eEge9GT6H44TXmgNMHAA7ha1YxemitYIY5T8Ak6GaEEv2vUMciGhBPNV97ynuiJwZ46HV94-50legy647yqd488-Io8KOCVsxfBp_Q== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 165ms
164ms Script
application/javascript 142.250.194.78
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxVwXfWs3FoVY3ac0zv_BtZ45dEgk_Q4EOT2eEge9GT6H44TXmgNMHAA7ha1YxemitYIY5T8Ak6GaEEv2vUMciGhBPNV97ynuiJwZ46HV94-50legy647yqd488-Io8KOCVsxfBp_Q==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzY1MzI5NDczLDcwMDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly9yZXVybC5jYy9ZM2dLeGwiLG51bGwsW1s4LCJaXzNBeFNmNWVSQSJdLFs5LCJ6aC1UVyJdLFsxOSwiMiJdLFsxNywiWzBdIl0sWzI0LCIiXSxbMjksImZhbHNlIl1dXQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.194.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcnrta-bb-in-f14.1e100.net

Software

ESF /

Resource Hash

7b38d33d3f6b1fcb0cd0824296117d209f00c0f8ef7d2918188dcf7fc8cb4b83

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-IwE3v7itW_22316ZnkBr8g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 10 Dec 2025 01:17:53 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjWsCoxSXF4KghxXDi1m2mC0DcevMc62Qg7lp0nnUGEBsqXGK1B-IP9ZdZfwBxkcQV1gYg_lR1g1Wg-gZrEvtN1gIgNvO7zWoHxNXuXmzNQGzr78PmCsTfin3ZWEp82fb992U7BsR7c_zYjgJxZqcfWyEQ62z2YzMB4vN7_diuA_Hqm35sm4F4hZc_2wYgFuLhODjl8Uk2gR3rf3xjUtJIyi-MT87PKynKTCotyS9KS05LLU4tKkstijcyMDI1NDKw0DMwjS8wAADDg1OJ"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-IwE3v7itW_22316ZnkBr8g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

POST
H3 204 AGSKWxWtbqkPmZn1EELMIUkd4d27XDLyjcdKiVEugUZ7zWok5Fn1DhnDgprHoZAdBhJ_VhnLM053po3FnSDTgC0gRWVqISGfErZHACH_oQmHQ-ptO13_Kbiq3Sox41NoejFAvVB-eYkDhw== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 156ms
155ms XHR
text/html 142.250.194.78
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWtbqkPmZn1EELMIUkd4d27XDLyjcdKiVEugUZ7zWok5Fn1DhnDgprHoZAdBhJ_VhnLM053po3FnSDTgC0gRWVqISGfErZHACH_oQmHQ-ptO13_Kbiq3Sox41NoejFAvVB-eYkDhw==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.194.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcnrta-bb-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-kk2po5kpsh_I6UY-SqTXag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://reurl.cc/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 10 Dec 2025 01:17:53 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjCtDikmLw05Bi-FB_mfUHEJv53Wa1A-Jqdy-2ZiC29fdhcwXivTl-bEeBOLPTj60QiHU2-7GZAPH5vX5s14F49U0_ts1ALMTDcXDK45NsAjum7T3CrOSSlF8Yn5yfV5KaV6KbmFKsC2IXZSaVluQXobBTy0AqcvLT0zPz0uONDIxMDY0MLPQMTOMLDAD0hTtB"
content-security-policy: script-src 'report-sample' 'nonce-kk2po5kpsh_I6UY-SqTXag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://reurl.cc
content-length: 0
x-xss-protection: 0
server: ESF

GET
H2 200 runner.html Show response
ep2.adtrafficquality.google/sodar/sodar2/237/ Frame F774 13 KB
5 KB 371ms
112ms Document
text/html 142.250.196.129
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://ep2.adtrafficquality.google/sodar/sodar2/237/runner.html

Requested by

Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.196.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s36-in-f1.1e100.net

Software

sffe /

Resource Hash

14b660a511e14a9a481c6fe43c576f36c61b656cfd379728c54f1128e1855966

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 2462
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3000
content-encoding: gzip
content-length: 5044
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 10 Dec 2025 00:36:52 GMT
expires: Wed, 10 Dec 2025 01:26:52 GMT
last-modified: Tue, 13 May 2025 23:17:50 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 2027 829 B
568 B 374ms
151ms Document
text/html 142.250.194.68
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.194.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcnrta-bb-in-f4.1e100.net

Software

ESF /

Resource Hash

0178c5fddc20c893a378bde00185d5567764b178f596ed978bada46847c4bb65

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Bu5nfr-tFsJbLwxMGn_cIQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-Bu5nfr-tFsJbLwxMGn_cIQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
date: Wed, 10 Dec 2025 01:17:54 GMT
expires: Wed, 10 Dec 2025 01:17:54 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 vLDsncnjjUvkCS873e6CrGupfWSrrH_JBF3a9ZZIh28.js Show response
pagead2.googlesyndication.com/bg/ Frame F774 53 KB
20 KB 332ms
110ms Script
text/javascript 142.250.193.194
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/vLDsncnjjUvkCS873e6CrGupfWSrrH_JBF3a9ZZIh28.js

Requested by

Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2/237/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.193.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

del11s17-in-f2.1e100.net

Software

sffe /

Resource Hash

bcb0ec9dc9e38d4be4092f3bddee82ac6ba97d64abac7fc9045ddaf59648876f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://ep2.adtrafficquality.google/

Response headers

content-encoding: br
age: 76787
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
x-content-type-options: nosniff
expires: Wed, 09 Dec 2026 03:58:07 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 09 Dec 2025 03:58:07 GMT
last-modified: Mon, 01 Dec 2025 15:28:00 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
accept-ranges: bytes
content-length: 20702
x-xss-protection: 0
server: sffe

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 2027 0
17 B 370ms
151ms Image
image/ 142.250.193.194
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=237&li=gpt_m202512040101&jk=6451195994897883&rc=

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.193.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

del11s17-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://www.google.com/

Response headers

timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Wed, 10 Dec 2025 01:17:54 GMT
x-xss-protection: 0
content-type: image/
server: cafe

GET
H2 204 generate_204
ep2.adtrafficquality.google/ Frame F774 0
40 B 113ms
112ms Image
text/plain 142.250.196.129
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL: https://ep2.adtrafficquality.google/generate_204?M-piVw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.196.129 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: nrt12s36-in-f1.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://ep2.adtrafficquality.google/sodar/sodar2/237/runner.html

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Wed, 10 Dec 2025 01:17:54 GMT
cross-origin-resource-policy: cross-origin

GET
H3 204 sodar
ep1.adtrafficquality.google/pagead/ 0
17 B 256ms
255ms Image
image/ 142.250.196.34
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=237&t=2&li=gpt_m202512040101&jk=6451195994897883&bg=!2tml2ZbNAAZCJko1YiY7ADQBe5WfOM-53OJ8-ZL4m6CfZuWJEHPoagiJwOBEsJ2iETZqZ9iUC54W1tGjSFS-CKfV6LE0AgAAAIRSAAAABGgBB34AN2yAkDGWk69Uof1ukF51EVrzzinjXSHwr99p3rDbGd6QILW9V0QkXMnzbZWLuW6g_J35BTpJLGuZAmUbI1fnDQpIsLKeMhr2Is0xoir_Vg5z8UUSey09Uam7-XLLoaQ8PhAEgTJUWM9ClNvQgyavC4iFcG-bzLHywCIDXDGjJOvUiyUW8ntGH4qFTfy0V2t5nw-dzXZyKTCVa2jJOp1uSqqDNqknQNw5IWUSoRYpVeIGLOrMiZQMy6gXX-NMAwUPUf3EPfmoWDUpouT64gKSnGj-pDCwIAjzZQ2P1OHn5By8a-W97GOEO2LacWpxAvozPmpCHBVhewntGS3-1floZebEFcvzZzqDXCUzQirNnbBa7FBAb09Ma7o2AL5HT7eg-g0cAnOY2fqOAHLhxPZiiNUn9WJXzepupjHcp_AUTktVDQz3gz7202DdN7DTvHmFcRJMadfAAkAIx9pJUx7rz8RD7FQL-cv9D7tvZB2SjtUbyGYIq7-FA4cs9HiJqgAurkzaQIbK0rZFWAi6iQjkmJjD18tjkOKKU2itD2xcZ0ZVIB9F_K6DQjOOzN_GCtkmp3fnTqYf886ubIpg-bQnxBtA_Jicfl7sKtwqv1LWxOIQ7S8EAUKVHQXtqe4EnUo9eeztbNDTiosf_WGZDYeM-gcgL4RVsybie8N_iVoE8O9vY0CoiseobQiTdAEcveOhqfzquJQDZVUzjnopBs4dH8a-kLbejSp8PN8x3NpE5p2H0PHr33hFnKvKpAx-t83oenlKsZGQwN2jktlNrosBK_1RnB2Lr2z6jI6LfJMO7L0C8Abl-7cFnlppk44XIDCc_LfWHg9XvAmLKy-aHH9_UBquEqr3RVfIotloYRKmzJWMyBQUx24roFesXV2EARkD

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.196.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

maa03s45-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Wed, 10 Dec 2025 01:17:55 GMT
x-xss-protection: 0
content-type: image/
server: cafe

POST
H3 204 collect
analytics.google.com/g/ 0
0 78ms
77ms Fetch
text/plain 216.239.34.181
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-N394QBRGC0&gtm=45je5c90v897965293za200zd897965293&_p=1765329469745&gcd=13l3l3l3l1l1&npa=0&dma=0&cid=1890991025.1765329470&ul=zh-tw&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=gAAAAAQ&_s=2&tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391253~115583767~115938465~115938468~116184927~116184929~116217636~116217638~116251938~116251940&sid=1765329470&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2FY3gKxl&dt=word-PT0777&en=1&ep.event_category=pause&ep.event_label=MjMuMjQ4LjE3Ni4xNjM&epn.value=1&_et=6&tfd=7122
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.239.34.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:171:0
report-to: {"group":"ascnsrsggc:171:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:171:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://reurl.cc
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:171:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 10 Dec 2025 01:17:55 GMT
content-type: text/plain
server: Golfe2

POST
H3 204 collect
analytics.google.com/g/ 0
0 77ms
77ms Fetch
text/plain 216.239.34.181
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-ZDFZCDVDK1&gtm=45je5c90v9181474282za200zb897965293zd897965293&_p=1765329469745&gcd=13l3l3l3l1l1&npa=0&dma=0&cid=1890991025.1765329470&ecid=1160555381&ul=zh-tw&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=gAAAAAQ&_s=2&tag_exp=103116026~103200004~104527907~104528500~104684208~104684211~105391252~115583767~115938465~115938469~116184927~116184929~116217636~116217638~116251938~116251940&sid=1765329470&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2FY3gKxl&dt=word-PT0777&en=1&ep.event_category=pause&ep.event_label=MjMuMjQ4LjE3Ni4xNjM&epn.value=1&_et=9&tfd=7227
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZDFZCDVDK1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.239.34.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer: https://reurl.cc/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:171:0
report-to: {"group":"ascnsrsggc:171:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:171:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://reurl.cc
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:171:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 10 Dec 2025 01:17:55 GMT
content-type: text/plain
server: Golfe2

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/image/creative/20240802/guild/DFHeiStd-W9.woff

Domain: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/cm?app=91app&P=658067-KdrG3zXqFCG4fVyQhLLLDOj8a3tchz81&uid=6e657a9a-16d7-4687-b812-16f404bf6c66

Domain: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/cm?app=91app&P=658067-KdrG3zXqFCG4fVyQhLLLDOj8a3tchz81&uid=b1629fea-ce74-4230-a320-e02e44f91c0e

Domain: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/cm?app=91app&P=658067-KdrG3zXqFCG4fVyQhLLLDOj8a3tchz81&uid=51c9b93f-aefb-460c-99ea-cd28a80aa0c4

Domain: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/cm?app=91app&P=658067-KdrG3zXqFCG4fVyQhLLLDOj8a3tchz81&uid=b1629fea-ce74-4230-a320-e02e44f91c0e

Domain: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/cm?app=91app&P=658067-KdrG3zXqFCG4fVyQhLLLDOj8a3tchz81&uid=b1629fea-ce74-4230-a320-e02e44f91c0e

Domain: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/cm?app=91app&P=658067-KdrG3zXqFCG4fVyQhLLLDOj8a3tchz81&uid=51c9b93f-aefb-460c-99ea-cd28a80aa0c4

Verdicts & Comments Add Verdict or Comment

223 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

52 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
onead.onevision.com.tw/	1970-01-21 19:07:45	Name: onevision_guid Value: 0b3614ae-d566-11f0-9788-42010a000007
onead.onevision.com.tw/	1970-01-21 19:07:45	Name: oid Value: 0b3614a1-d566-11f0-9788-42010a000007
reurl.cc/	1970-01-21 19:07:45	Name: oid Value: %257B%2522oid%2522%253A%25220b3614ae-d566-11f0-9788-42010a000007%2522%252C%2522ts%2522%253A-62135596800%252C%2522v%2522%253A%252220201117%2522%257D
.reurl.cc/	1970-01-21 10:23:35	Name: _gid Value: GA1.2.86906129.1765329470
.reurl.cc/	1970-01-21 10:22:09	Name: _gat Value: 1
.adsrvr.org/	1970-01-21 19:07:45	Name: TDID Value: 654e7ffb-9b4a-4965-b494-aae185ca9ba9
.eyeota.net/	1970-01-21 19:07:45	Name: mako_uid Value: 19b05d60475-41810000010e5d9f
.eyeota.net/	1970-01-21 10:22:10	Name: SERVERID Value: 23967~DM
.taboola.com/	1970-01-21 19:07:45	Name: t_gid Value: 00068cad-bb58-4aeb-8fbe-9ea4efc0d502-tuct10324fbe
.taboola.com/	1970-01-21 19:07:45	Name: t_pt_gid Value: 00068cad-bb58-4aeb-8fbe-9ea4efc0d502-tuct10324fbe
.adsrvr.org/	1970-01-21 19:07:45	Name: TDCPM Value: CAEYBSABKAIyCwik0-msleXbPhAFOAE.
.prnasia.com/	1970-01-21 10:22:11	Name: __cf_bm Value: 7GQmsi7LBCMvdebeVTovW9XzrRT1vqI08tZT9VxAPKY-1765329470-1.0.1.1-59c4wWuW4uz1EMx7IJUfZfvmx.Vd4qY5s6jABV.r8fikvG6msODU4UB1p.NLsXHF9S9mVi.Y_OpuYe2Ov3el3thYx95WUrFYcv01hPrgPEM
.reurl.cc/	1970-01-21 11:05:21	Name: ISMD5VERSION Value: 1
.reurl.cc/	1970-01-21 19:58:09	Name: _ga Value: GA1.1.1890991025.1765329470
.reurl.cc/	1970-01-21 19:58:09	Name: _ga_N394QBRGC0 Value: GS2.1.s1765329470$o1$g0$t1765329470$j60$l0$h0
.reurl.cc/	1970-01-21 19:58:09	Name: _ga_S9B9ZLEX4D Value: GS2.1.s1765329470$o1$g0$t1765329470$j60$l0$h0
.reurl.cc/	1970-01-21 19:58:09	Name: _ga_ZDFZCDVDK1 Value: GS2.1.s1765329470$o1$g0$t1765329470$j60$l0$h1160555381
.reurl.cc/	1970-01-21 12:31:45	Name: _fbp Value: fb.1.1765329470992.592461067981808392
.reurl.cc/	1970-01-21 11:05:21	Name: CFFPCKUUID Value: 1447-kEwizvgvNq48nKeQX6f28mj85hLQiUTM
.reurl.cc/	1970-01-21 11:05:21	Name: CFFPCKUUIDMAIN Value: 8658-reQdZAdzZIQNADjILGPq0SAik0IKuidN
.reurl.cc/	1970-01-21 11:05:21	Name: FPUUID Value: 8658-0ddf25b156dc4736a45ffdeb192d2dc0
.hinet.net/	1970-01-21 19:58:09	Name: uuid Value: a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b
.holmesmind.com/	1970-01-21 10:23:35	Name: fcm Value: 1
.doubleclick.net/	1970-01-21 19:58:09	Name: IDE Value: AHWqTUn3DYnLUv_D-JixuXXO-yuCkt8aWeWrLhk-_phoTrB64-EzZB_bMFFFuaZcNoQ
.holmesmind.com/	1970-01-21 10:43:16	Name: Vision Value: 20251210-23:59,20251210-12,20251210-12,20251210-23:59
.holmesmind.com/	1970-01-21 10:43:16	Name: C Value: null
.holmesmind.com/	1970-01-21 12:47:07	Name: RK Value: null
.doubleclick.net/	1970-01-21 10:22:10	Name: test_cookie Value: CheckForPermission
.lndata.com/	1970-01-21 19:08:14	Name: admckid Value: 2512100917501623107
.holmesmind.com/	1970-01-21 19:58:09	Name: P Value: 658067-KdrG3zXqFCG4fVyQhLLLDOj8a3tchz81
.reurl.cc/	1970-01-21 19:07:45	Name: __htid Value: a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b
.reurl.cc/	1970-01-21 10:22:13	Name: _ht_em Value: 1
.holmesmind.com/	1970-01-21 10:23:07	Name: test_cookie Value: CheckForPermission
.c.appier.net/	1970-01-21 19:07:45	Name: _auid Value: wRdhLt_7BuauiXaqP8o4aQ
.reurl.cc/	1970-01-21 10:23:35	Name: _ht_50ef57 Value: 1
.reurl.cc/	1970-01-21 19:43:45	Name: FCCDCF Value: %5Bnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2C%5B%5B32%2C%22%5B%5C%2286f867d6-b4ed-45a3-a156-259d5c3ec90f%5C%22%2C%5B1765329471%2C789000000%5D%5D%22%5D%5D%5D
.criteo.com/	1970-01-21 19:43:45	Name: uid Value: 91da2e60-8f42-4a94-a6aa-7430f1b7c93a
.reurl.cc/	1970-01-21 19:43:45	Name: __gads Value: ID=0b5de15f8a22ddb0:T=1765329471:RT=1765329471:S=ALNI_MaLK-aIGvGpMeNoklzvLUL-diGXag
.reurl.cc/	1970-01-21 19:43:45	Name: __gpi Value: UID=000011c6b04e20db:T=1765329471:RT=1765329471:S=ALNI_Ma5eGLkYyTCuTCSEkHGWev8o7DGDQ
.reurl.cc/	1970-01-21 14:41:21	Name: __eoi Value: ID=d417c9b44b6d1e97:T=1765329471:RT=1765329471:S=AA-AfjYHJoV7guOvrUe1lUJF2vhD
track.91app.io/	1970-01-21 19:58:09	Name: deviceid Value: 51c9b93f-aefb-460c-99ea-cd28a80aa0c4
.reurl.cc/	1970-01-21 19:58:09	Name: _ga_F6EJJH79R2 Value: GS2.1.s1765329472$o1$g0$t1765329472$j60$l0$h0
.reurl.cc/	1970-01-21 19:58:09	Name: _ga_M4J67EDHV2 Value: GS2.1.s1765329472$o1$g0$t1765329472$j60$l0$h0
.crwdcntrl.net/	1970-01-21 16:50:56	Name: _cc_dc Value: 2
.crwdcntrl.net/	1970-01-21 16:50:56	Name: _cc_id Value: b0cb5b18ab19df14ecc8277b0916ce6a
.reurl.cc/	1970-01-21 16:50:57	Name: _cc_id Value: b0cb5b18ab19df14ecc8277b0916ce6a
.reurl.cc/	1970-01-21 10:32:14	Name: panoramaId_expiry Value: 1765934272833
.reurl.cc/	1970-01-21 10:32:14	Name: panoramaId Value: b4d39943919f9a7673e9e8488f6a185ca02cba974e9e2ca8ff901a804fbf00b5
.reurl.cc/	1970-01-21 10:32:14	Name: panoramaIdType Value: panoDevice
.criteo.com/	1970-01-21 19:43:45	Name: cto_bundle Value: S8ZY3l9OenVpc0tiUVV1amQxYVZwczRYVWw3cExqTU9sUlhXJTJCNXFqbEUlMkZWYnZCZ0hFZTBGNWRZd3glMkJoeERJUFhFSjUyTWVYaTF1ZCUyQlZDam90WmkzTU40QUFkWXFUajJqRGtJTzFlRENVZHMwbVg3ZSUyQmR3VGRvYk9JaHA0RlRtZjU3QXoyVmVsQ1U3OW5zN09IJTJGaWtpVGZ4Q2clM0QlM0Q
.reurl.cc/	1970-01-21 19:43:45	Name: cto_bundle Value: xBJDlV9CeWtuUmNpJTJGUDlkd1FjUzJQbmhydzdhWXlBRm1aZUxqYXpobTBNc0g5bUd2JTJGeUpiclZhWk5mZWNFOWRvV3VyN2xKdjFmMlNXNFclMkJxWVNmeSUyRmliU2xuNThYOXpZSGhmV2VWbUdqTVJIUDA2OTRRWm51JTJCM3JuNmpVUXhacWpyOWhVZXJ0elVaeXBWMnZscHA4SUZ3SnhnJTNEJTNE
.reurl.cc/	1970-01-21 19:07:45	Name: FCNEC Value: %5B%5B%22AKsRol_4MeZesDw9NH7Ee8GprqmUKC0eXc_8hfSpul5laLUBz3mZE7Yo0yG7mzY17a7fFnmElbPFpyMqlU_xYOrRPv978GDvvAehSyjMGMRSC4OaZgb3TlIGPb7kFLIBvqt2Xv05TRD9VJwNnjTMDkF1OGJiyBUsmA%3D%3D%22%5D%5D

12 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://reurl.cc/Y3gKxl(Line 220) Message: [GroupMarkerNotSet(crbug.com/242999)!:A0A01800F4180000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'bluetooth'.
network	error	URL: https://bcp.crwdcntrl.net/map/c=15135/tp=ONEA/lac=y?https://onead.onevision.com.tw/v2/pixel/ltm?id=${profile_id} Message: Failed to load resource: the server responded with a status of 422 ()
javascript	error	URL: https://reurl.cc/Y3gKxl Message: Access to font at 'https://cdn.holmesmind.com/image/creative/20240802/guild/DFHeiStd-W9.woff' from origin 'https://reurl.cc' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://cdn.holmesmind.com/image/creative/20240802/guild/DFHeiStd-W9.woff Message: Failed to load resource: net::ERR_FAILED
rendering	warning	URL: https://cdn.holmesmind.com/js/capmapping.htm Message: [GroupMarkerNotSet(crbug.com/242999)!:A0A01800F4180000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.
rendering	warning	URL: https://cdn.holmesmind.com/js/capmapping.htm Message: [GroupMarkerNotSet(crbug.com/242999)!:A050BD00F4180000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.
rendering	warning	URL: https://cdn.holmesmind.com/js/capmapping.htm Message: [GroupMarkerNotSet(crbug.com/242999)!:A020BD00F4180000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.
rendering	warning	URL: https://cdn.holmesmind.com/js/capmapping.htm Message: [GroupMarkerNotSet(crbug.com/242999)!:A0C0BC00F4180000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.
rendering	warning	URL: https://cdn.holmesmind.com/js/capmapping.htm Message: [GroupMarkerNotSet(crbug.com/242999)!:A0F0BC00F4180000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.
rendering	warning	URL: https://cdn.holmesmind.com/js/capmapping.htm Message: [GroupMarkerNotSet(crbug.com/242999)!:A0C0B900F4180000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.
rendering	warning	URL: https://ep2.adtrafficquality.google/sodar/sodar2/237/runner.html Message: [GroupMarkerNotSet(crbug.com/242999)!:A0F0B900F4180000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3075a318ad54e9b9674229a6a530ae19.safeframe.googlesyndication.com
a8b5e0fe-7b22-4c2c-a3f9-14c976deaf1b.t.ssp.hinet.net
ad-specs.guoshipartners.com
ad.holmesmind.com
ad2.apx.appier.net
analytics.google.com
anymind360.com
apis.google.com
bcp.crwdcntrl.net
bidder.criteo.com
c.holmesmind.com
cdn.holmesmind.com
cdn.jsdelivr.net
cm-dev-poc.holmesmind.com
cm.g.doubleclick.net
cm.lndata.com
code.createjs.com
connect.facebook.net
creditcards.com.tw
ep1.adtrafficquality.google
ep2.adtrafficquality.google
fcm.holmesmind.com
fcm2.holmesmind.com
fundingchoicesmessages.google.com
gocm.c.appier.net
gum.criteo.com
img.gbyhn.com.tw
img.racingcharger.tw
invstatic101.creativecdn.com
m.holmesmind.com
match.adsrvr.org
mma.prnasia.com
nearbymed.com
oa.openxcdn.net
onead-v6.onevision.com.tw
onead.onevision.com.tw
pagead2.googlesyndication.com
prebid-asia.creativecdn.com
prebid.scupio.com
ps.eyeota.net
re-news.tw
reurl.cc
scontent-hkg1-1.xx.fbcdn.net
scontent-hkg4-1.xx.fbcdn.net
securepubads.g.doubleclick.net
static.criteo.net
static.wixstatic.com
static.xx.fbcdn.net
stats.g.doubleclick.net
t.ssp.hinet.net
tags.crwdcntrl.net
tpe-stock.s3.ap-northeast-1.amazonaws.com
track.91app.io
tracking-client.91app.com
trc.taboola.com
word-pt0777.blogspot.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.com.tw
www.googletagmanager.com
ad.holmesmind.com
cdn.holmesmind.com
103.132.192.30
104.18.96.225
104.21.25.44
104.21.96.9
107.178.241.176
116.50.36.71
13.213.216.213
142.250.193.194
142.250.194.130
142.250.194.194
142.250.194.206
142.250.194.68
142.250.194.78
142.250.196.104
142.250.196.129
142.250.196.34
142.251.42.129
142.251.42.163
142.251.42.193
142.251.8.157
151.101.193.55
151.101.65.229
151.101.65.44
157.240.199.15
163.70.158.11
172.104.105.5
172.67.178.125
18.176.230.233
18.177.116.10
18.178.75.163
182.161.74.19
182.161.74.26
182.161.74.47
184.27.185.92
192.0.78.25
203.66.32.198
203.75.214.136
210.59.219.34
216.239.34.181
3.114.255.95
3.164.121.106
3.164.121.96
3.164.143.54
3.173.197.77
3.175.227.74
3.5.157.81
31.13.82.36
31.13.82.7
34.102.146.192
34.95.67.231
34.96.70.87
35.185.136.122
35.190.36.98
35.201.76.198
35.201.76.93
35.227.249.156
35.229.143.32
35.71.131.137
57.144.44.128
0178c5fddc20c893a378bde00185d5567764b178f596ed978bada46847c4bb65
04cae14f53d2ac4fb3c0b19b7fc7cbf69943f9b64c9feaebd2b17565c1513ce0
07e03452d83bc61a7e173fad3355f9053a3def6b011b26071f4acf48c6ca3f69
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0d33b7573956208fd53e36b885e26d39f07399c53dcf30760f3ad3dda8525677
0e7c280c5b77abf1794c7fecca6cf54ad87bad46a00952bdaa7e37baede883b0
0e83a8ffdd161a80e179732ca1f514ee08dcc3c4a128baa9c92bcffebc2a7c52
0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2
0ffe084304e632a45ca9c1f57ab42ee62d75c393b0182eb5ff7b71115655f0e4
1005edce901738f3e7db638eb15c2aab780b0eb6980371a743f826e9edf02aa1
100d72a28123bcee974e8642b8bf1c0865bf1034c9b59f59597d53809e192fdc
10ce9b3c5545fc3da53d8b996c68090c2e89dd375d3ace4ce0cc348a26ec9235
111eaf414e95313afc251a7eea0d5eec5d771b8f49f9c8856ba859e796d8773d
120a67e10b39b6b70dc52c65c77d016cba6e33b0ecc86d3fd49dda8f9efc2657
14b660a511e14a9a481c6fe43c576f36c61b656cfd379728c54f1128e1855966
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1ff40d4951bdd1a0b6edeb873bc5855a9ce130101cc7e17b67d3a1aa5dc402c1
21353156752d264231430470d9e89e4ce2568c16bd7df7f2e3845ac03bcbc333
2169961a409937d5510ab4533a3eb9468bfaf08524f84d71372ac9516ce65190
2472377840c3896fca1b9ceb3fb8943b860af3d30950d660d9557718784daadc
25355805f44af99037c6b951f9afd762f5fd74eb126aba4b2f82cafa563c0f90
2650f0bf9347561322354447171981c0a052401f826695fec1281e29fa16c840
26b386296dbe8cdb2a87240868b54301c2338b678b132ddeed3d667a728d0762
2895791e627956b7990bf4b7a81e3dac486947b3cc999091708052be9c7c39e7
28ae84511e3b105c273ef15ec49e6c1735b692a4404bd16ffbef4878f87b7570
2a4c7b96514bcf9e8548de41d1fd7b0fa727ae09136bcb61273bf298c7ed67e6
2e5f5cb912c0619933ea6c3ad8ac1466a005f792e3338d96a8432d144c63520f
2e8da6f5db33e948148605021f536387b59c2a358306ebaf6e4292e8d7e9f3f4
31044e22660bf72b12776b4cfd362a81040f63a8cfd316098c986ddef16c7e7c
31b4d2ac4928b0129a5a969594be92783dbbb13112dd350f128de1b8d7215f30
351966dece7214af3b43d9a94f07c1c936176ad5dd81f0bbe1f6b319b4cd96d1
352d0915216b13b935f1abedea04d4a039802faaf69153ae71c377410990e322
365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60
3733ce04a5c4dbb8b07b847650fd68e82f93ab8abf6b35ca294d6d40130f06c0
3774a7ce325859b32b6b0b01bde2879c75b81131fafe4a584b18b744711bd75d
37b2a05bd0a69613b8e5b988ef5789b6e4904393f70477c82132d165026edd26
37cd16af9680e2eac2b065fe88fbc0ca6d80583c67a9d8c69969e5dcbe27b14d
38a936bb3ef60e388edbed99554f9fa93ffafcd1669777d0e4e00a6b0e23f1da
3bba534c8179e27624cc162e1521f5ef25b5296e8417c2e7e6562ef10649fafd
41324bf1d673a22b9f8632386858df7cb21341adb6aa9368b75762ff9bca5ccb
448f38b4de0f77c110bc4523bc7e1e5ddfc5657d8a63e2ebe8584d9aca084b0a
45444d590a67d30e8b2fde01bb6482f829383b64bf14a4b19b86e22fdc319fbb
484e1b0d45ee110fb8e45337e56374b6f54f671c0e0fde8efa4ea10635a69ea3
4903aa530b66d97f297f458a51a822a039d57a2da5df6bf464ec3632faaf50b5
4994e93b25eb50f313e0d660e38f6062e966358a87e46d973ec4cc5048b16f29
4aea26b1170e0cd139f74e869c8cea235f082a74177409c00e932914b3e9907d
4da2dc78cc23591a9ee3285ba8f3891fa57b506b7902fbdd35fa5a2172566c55
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5191041582e8314aaaf06091d46eb703b2a32ff8ae59c38146d221a960b324db
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
546b0698973f44ccb63dc101f6aec8734015981d1f48facb304114e24ae92fea
55d72e6c27809e3d9fcee9bfacc5e736e6c8c0f032004a22ca1f1ff2f4594af3
56215d229ed36047aadeee570259e970b1e62987173c5e39cd0d1a260fa7ff4a
5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd
5ccb6c69b900610a41f5056880f80d1d0b9cc982957e9b8b47f0d3308e15f4f0
5e6b0fcd41bdb8173bd00bd9234767246098090f2cddaa5ce75b21fcc7780dfc
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
620a382665ff035abb643a19e12f088aef2bc27b55398d4ae3f131b773be6355
6215cea030001547475bd19ec624e50c85af367309e115d7813ae4eaff664d32
625a22961ac05120669ecd0e7a9a8a644cf2f71e1e8502f27ff589253aa8fd69
64e72c7f19b2a5dbebb44d8380f5fd858b0d0ca1fbc82557f9f834e287a2abb9
651219c93cab2078fb7f9f5f3d091d56009b1108ff95b312d5b518a8639fbf2a
66ff4ad29ec9611c45b2a36c657f7637f3b993dd6a1b2c011d2f63059e1a1ed4
67bbd68b1adecd28d34e0c8bcab5c94e8c26bbd8a14efc89d539a7f1df2042d4
6bf05736dc22123bfa066f27b5e5b109277ace95dabbc565d185631e1c4404d0
6d4c444108925dc2ec8fe761f55a6760241c123740591e1348f0f94a653a3985
6e9ab8ab1d57a0695a66577e348ae4343e1a92f70cb4835a52c4863f11114037
6f10c38220b1bc16b1b899eab0e20e9509cbb5dd0d35182155248593c3a04493
6f4a53f5cbc31f7bbe676ce2c0b388fa32c1ec0fa7e4c257dfa78f393fa39ea8
6fb04bf962208df81def881d4eb39e5f263c8f79e4c9425bbe79042eb36938c5
6ffe0c47c82257f343c8bc82ba189e8205fecd7e78235513a44c17cf0aa635a3
70560513600f410d3620c5e3319e76f0d5e3db0569e23a4aff479c4ef7a0be47
72b1fa87a30ed1e60fd3dd2ebfec5d4efc7d3d8c73d160d2b3a4254454a68fd6
72e9ecb7db91e5a334caa4e36a70071de2851fe7c5a6e4b1028cc80c5be0fa84
730b0155c953fb939df04b102b4a3028c6affd25cbaa7fb2fc9d298eea213c35
73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c
763f093a0d2dcde080edc79357783ab2a54ca65ced78b2cd5c4150d3bfeb2138
76e0fe9b59aa81409567a77b7f5cfaebcbe6d1a5586d4979c5a83a327f68d517
771174ef9483d0ae9e294a23d66f372ed9ce4538d8a7e94adfeb4630162a3598
7ab261e572155915a8e6ef0476abedf3620a0a65af8fa91c057921344ceef112
7b38d33d3f6b1fcb0cd0824296117d209f00c0f8ef7d2918188dcf7fc8cb4b83
7f7a536dddeaf9021bb9ceddbdd35ec99076de33df95e24a6c90ab18040ae8fa
80adf5127a510debc25364ed4ecde412ad218c210ea9a4685e055403475a1b65
82317953fe7553cdf39da44b49137b1bc1811af5ceb00580feaeb63e0b9912b7
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83b7d2afe243941c2527b2d875836ad2cb864290690dd1b253389de3f7bc7da4
84a9f0eb893e8dc76f14c3234afc86e300c22cd9de5c2fa9574f896180f7df14
8536a980185040ec91e6e85b5211f8ca03c6cb337203989a37c722199792ed33
86103a4ec9737f571df1f46c6cc28af14f5730e949bf078f74ea3a8c8254ed66
8679a1ef5fcaef4155d4e0829668276e2e8545ba209b3befc58b0e88246c8720
873b90cdbff7dcb26e9ea34c647a5d15e83daecca768a816619dd38a503c09b5
8ad1742a817bc3af99a4b2fe0d34a60308bfd9469921e66856c957afd0c70b9d
8ca4070843ebf59dce3feef85f251b379ac12e07e4674463bb7fe43a421fbaff
8d23693251d0923a21dba7083e1e3a58a18123b146cebbcefb828e1caa7c3aa3
8e803d4b8efec9b2d014c7dbc70da8a099b6ae4e20c590c3db7b0599d8c0e557
8f73a10773dae7dadd7ca1e735ae7da6028aca748f9d01cff8aeebb462767c6e
8f7636a0b0dd99d49730dd0dd8f91db5bc76ead8b17b834c2071fdeac92ce0f4
95196aeb3751322b9c441a1e006131e5d9110f336feaf37c41567a976f0ead07
96e3e8dfde6b1042514824bac1b44282d4a76bac028f2d767f6534dce2cf3db0
9722a06b170a87794da6a4cf27efd1997b9616d64f1ab14cfbfb7d4738480cc4
97526e5a5802eee45d0f67427c48dddd0eb0c90a24b22d33f509203c56c1a156
979da208bbb4e7e775544f9ea351afe3cae32b74ca9b980e05762c5b0533fe17
9aa92a9a076fd2e55f339cd82c8b540e96ea0a4e4c7c12da6602edfadf2a0819
9bc6fdda00d959fd4830840d08aa15eec00a127e8f8cedb60d059ae16ab125db
9d6d7342264129047aedc4df11db9bdf238eec8fed367c7289ab11ca6ef6ccbe
a1495da3cf3db37bf105a12658636ff628fee7b73975b9200049af7747e60b1f
a1e47f32ec9b20c860e074d65f03528f0d9b2fc91db97259f45fbe99898f4758
a7c26694861bbd926c7d903f707b406aa8eaa6a5065a3acb6c8e0028e8eaee6e
a7f65c0446b6cac3175458f6388304d0c23e70d11fa0db20920a619f1bc18623
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ab187b70940d331c60646d5731fa8e86d6958ba69dfa241361e39d30d81c2d31
ab8045723213227290fb74ddf6ba2b2ad335bc0325a88348528235b8da5b7c05
b45d91018a85c28e98ab4ee52c7808eaa665862fa8b75d28e7a02cba11f362da
b731f6f512bd9443dcddcf78cebc120726288d861fb81d87e5ffd45155a180a5
b97b6a79b734e9323aa8c3847d0b2a1bb5db32fc6a7df92ac69653d1c8ba13c5
b98a75a919a1526769b4222026c612ec01c34abfbed384e3bec3eeaacae11959
bca7ee31fc622c935a1ba3d3d012111f3aab926dc898ed011513fc7a9145f90e
bcb0ec9dc9e38d4be4092f3bddee82ac6ba97d64abac7fc9045ddaf59648876f
bde4aaa41e8f51d32ec0684f649d12438b4b299ae8024e94f7c614868164e76b
c205c874491530a4288b8f643e5da8fbcf7c54bee71bb787f4444e77de90e821
c2bfe20d9d58935828e75bc753e2655f240621077408ae64f9b40a20f5125487
c3235675553f0ec3e775d8a5bacc269077d31e76d49d3115bdc282005e735f64
cd6ca974844aaa5b66056d35a60b6bfade3126636a014a5c1840d7fd970542b9
cd80937d0e779c545c7969e749a75728012ca7d2b5a857f03ec52adaa947a1c7
ce3b1280318eb4a27c7c3281c4c677eeebf7425c1dffdff8f19a6d281c9c1b7d
cef005a7925817203365e696b47631a1bb7741d6b22f19399f5b958069a09eda
d2986d922842fcae8dd193d6d389060cc5ccd1f0d3ea67652c35a83ee9db4d24
d29fa03e123c1fe5926f78c91f58fe07cdd16bbac1dd25247bda0c19066b1b4b
d51ae4a1096fac36fe9055d5c3f4daa85de0120b567636c89327b544a2a6a795
d6ced52e99589cf0f1c6fbecf2f7a50dca6f826039ae17e5f9b2a962b41f6d9d
d6ec7ee4f9b0e5adb14f515f434ffb4435146cda8608be1be1cc5214371de429
d9faa5b8b8c8286c2e343007840c80e8aacb1244250e3f47befacc84a44b5c90
db6d7de3de5d08d7cfa6bb65f4551b1e9fe3d459344be873e7bf4564964d4409
e22fbfd22ad6713b1af70a2b6b8e1b1d2c20d04df17253cf61bf0956e963db4f
e261cec667bd64cba650fe9a2fdb2617f09d3899271b80256f10662f0365c97a
e27d2490ee7ad3751399de5b580592b6a86be6c670af8a4cf47816539beb72f4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5
e63ee22e8f66aa5275025936b0fd0194597040691beeec06f3b6cc2a68ff1ae2
e77acc18e876190207af5099bdef42b75975e932cd70a86a643fcf7708f82b6b
e7da962fe0c25952958483c5fac8e52b19244e63525d58cce0125af7375e2bd4
e833908a75795c0298daa9b7a6befd14009ef6e14eb285984eaeee77f0ddcf42
e90b4b5d6fc1c240954b944baa831b5e8ae464fd568fcab3cb360ac86a27be77
e9b96bc538ceb220fc5caff0d0a67916b74cf07b2bada0b3296a17b1b99c9990
eeca7deee8321a978d32697228bf627d7d8f9265cfee1c84dc5de42b44aa4311
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef8e92bc69e8abe2ac6875a06ad69f0a27f423a7e0e8aab6d2e78a4b8827570c
f0e781854d3e6e3faddedeff33e774667ceec5864261c41bff5499ea8e420b77
f1a61277e3f902f50ab42015d8b07218db9b7601bb0967e54a52bfdcb4fa7e81
f1a68bf826c55985468304f4284a09cb8a68e82503d764166e611a7c58a85a4b
f1c56a198201b67b6ccb53824985f9c142b0a1600c3696a13879b17b06050197
f31502bd8b58a334acc32b695f096fde6dd136fa1106f2d2d9fb4825d41b1abb
f3c5e5a0064eec4419f514718f35b3eb4ff163a77ebf16445041f5498a84638b
f8bcd058a4fbee6f8b68a5ff2930470c1890fc714914c226cf950b4e11ffdcdb
f90c386029a40c52eb807fefb6064c3db2022bb489ec916052ab674e15b0d11f
fa4737f35024386f5448fabd53d531f869ab5bc08b741de444bc88363c36c06e

reurl.cc Open in urlscan Pro 35.229.143.32 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

343 Requests

93 %HTTPS

0 %IPv6

40 Domains

61 Subdomains

56 IPs

6 Countries

5658 kBTransfer

13580 kBSize

52 Cookies

25 Outgoing links

Redirected requests

343 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

reurl.cc Open in urlscan Pro
35.229.143.32 Public Scan

Screenshot
Live screenshot

Full Image

343
Requests

93 %
HTTPS

0 %
IPv6

40
Domains

61
Subdomains

56
IPs

6
Countries

5658 kB
Transfer

13580 kB
Size

52
Cookies

343 HTTP transactions
3 data transactions