urlscan.io logo urlscan.io
SecurityTrails logo

nv37.duoqwe.com Open in urlscan Pro
154.17.4.64  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://nv37.duoqwe.com/
Effective URL: https://nv37.duoqwe.com/en
Submission: On September 04 via api from US — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 1 countries across 5 domains to perform 32 HTTP transactions. The main IP is 154.17.4.64, located in Los Angeles, United States and belongs to DMIT, US. The main domain is nv37.duoqwe.com.
TLS certificate: Issued by E5 on September 4th 2024. Valid for: 3 months.
This is the only time nv37.duoqwe.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

21    154.17.4.64 (Los Angeles, United States)

ASN906 (DMIT, US)
PTR: Host-By.DMIT.com
nv37.duoqwe.com
5    142.251.32.98 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s77-in-f2.1e100.net
pagead2.googlesyndication.com
googleads.g.doubleclick.net
2    2607:f8b0:4006:816::200e (United States)

ASN15169 (GOOGLE, US)
fundingchoicesmessages.google.com
1    142.250.81.238 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s74-in-f14.1e100.net
fundingchoicesmessages.google.com
1    142.250.72.98 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s32-in-f2.1e100.net
ep1.adtrafficquality.google
1    2607:f8b0:4006:81e::2001 (United States)

ASN15169 (GOOGLE, US)
ep2.adtrafficquality.google
1    2607:f8b0:4006:81c::2001 (United States)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
1    142.251.32.100 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s77-in-f4.1e100.net
www.google.com
Apex Domain
Subdomains		 Transfer
21 duoqwe.com
nv37.duoqwe.com
148 KB
4 google.com
fundingchoicesmessages.google.com — Cisco Umbrella Rank: 662
www.google.com — Cisco Umbrella Rank: 10
16 KB
3 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 77
3 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 157
tpc.googlesyndication.com — Cisco Umbrella Rank: 203
194 KB
2 adtrafficquality.google
ep1.adtrafficquality.google
ep2.adtrafficquality.google
19 KB
32 5
Domain Requested by
21 nv37.duoqwe.com 2 redirects nv37.duoqwe.com
3 googleads.g.doubleclick.net pagead2.googlesyndication.com
3 fundingchoicesmessages.google.com nv37.duoqwe.com
2 pagead2.googlesyndication.com nv37.duoqwe.com
pagead2.googlesyndication.com
1 www.google.com ep2.adtrafficquality.google
1 tpc.googlesyndication.com ep2.adtrafficquality.google
1 ep2.adtrafficquality.google pagead2.googlesyndication.com
1 ep1.adtrafficquality.google pagead2.googlesyndication.com
32 8

This site contains links to these domains. Also see Links.

Domain
stats.uptimerobot.com
api.mail.cx
Subject Issuer Validity Valid
nv37.duoqwe.com
E5		 2024-09-04 -
2024-12-03		 3 months crt.sh
*.g.doubleclick.net
WR2		 2024-08-05 -
2024-10-28		 3 months crt.sh
*.google.com
WR2		 2024-08-05 -
2024-10-28		 3 months crt.sh
adtrafficquality.google
WR2		 2024-08-05 -
2024-10-28		 3 months crt.sh
tpc.googlesyndication.com
WR2		 2024-08-05 -
2024-10-28		 3 months crt.sh

This page contains 7 frames:

Primary Page: https://nv37.duoqwe.com/en
Frame ID: 00374D1ADE991E54C17E1785982F765E
Requests: 25 HTTP requests in this frame

Frame: https://nv37.duoqwe.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/a5b175b00260/main.js
Frame ID: F3BBDCD701794344F77B591D9F248104
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240829/r20110914/zrt_lookup_fy2021.html
Frame ID: DDF531CCD234F2D21BCAE07AD5B4B1BD
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1885816497771161&output=html&adk=1812271804&adf=3025194257&abgtt=6&lmt=1725454439&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fnv37.duoqwe.com%2Fen&pra=5&wgl=1&aihb=0&asro=0&ailel=32~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=32~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aifxl=32_24~29_18~30_19&aiixl=32_9~29_5~30_6&aslmct=0.7&asamct=0.7&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1725454438213&bpp=9&bdt=1814&idt=1118&shv=r20240829&mjsv=m202408290101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&nras=1&correlator=79936395703&frm=20&pv=2&u_tz=-420&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31086551%2C31086589%2C31086638%2C31086686%2C44795921%2C95331688%2C95331833%2C95338226%2C95341533%2C95341663%2C31086142%2C95340845%2C95341514&oid=2&pvsid=2617433150044726&tmod=415165720&uas=0&nvt=1&fsapi=1&fc=1920&brdim=1570%2C1170%2C1570%2C1170%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&td=1&tdf=2&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=1239
Frame ID: 6E5D0EF9EA3FCDAFE17336046C214B45
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1885816497771161&output=html&h=90&slotname=5854447399&adk=172914943&adf=3344760627&pi=t.ma~as.5854447399&w=728&abgtt=6&lmt=1725454439&channel=7806398678&format=728x90&url=https%3A%2F%2Fnv37.duoqwe.com%2Fen&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1725454438222&bpp=2&bdt=1822&idt=1300&shv=r20240829&mjsv=m202408290101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=0x0&nras=1&correlator=79936395703&frm=20&pv=1&u_tz=-420&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=540&ady=658&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31086551%2C31086589%2C31086638%2C31086686%2C44795921%2C95331688%2C95331833%2C95338226%2C95341533%2C95341663%2C31086142%2C95340845%2C95341514&oid=2&pvsid=2617433150044726&tmod=415165720&uas=0&nvt=1&fc=1920&brdim=1570%2C1170%2C1570%2C1170%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&td=1&tdf=2&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=2&uci=a!2&fsb=1&dtd=1338
Frame ID: F3A427948AFD27D082FD834E071BF764
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 425122C2CAD547EE881CE6499599DAAF
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: A58AA2BCDAA610A1E3231E7787F0BCE4
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Temp Mail - Free Disposable Email Service | Temporary Email Address

Page URL History Show full URLs

  1. https://nv37.duoqwe.com/ HTTP 307
    https://nv37.duoqwe.com/en Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/

Page Statistics

32
Requests

94 %
HTTPS

38 %
IPv6

5
Domains

8
Subdomains

9
IPs

1
Countries

377 kB
Transfer

1105 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://nv37.duoqwe.com/ HTTP 307
    https://nv37.duoqwe.com/en Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 17
  • https://nv37.duoqwe.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://nv37.duoqwe.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/a5b175b00260/main.js

32 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request en
nv37.duoqwe.com/
Redirect Chain
  • https://nv37.duoqwe.com/
  • https://nv37.duoqwe.com/en
47 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://nv37.duoqwe.com/en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy cloudflare /
Resource Hash
27818a53b1558c29e4f0f7a37eaf6eee1e7cc5d1070b6c813e4a3763a0fa36ec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000
cache-control
private, no-cache, no-store, max-age=0, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8bde2011894b52ad-LAX
content-encoding
br
content-type
text/html; charset=utf-8
date
Wed, 04 Sep 2024 12:53:56 GMT
server
Caddy cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block

Redirect headers

alt-svc
h3=":443"; ma=2592000
cf-cache-status
DYNAMIC
cf-ray
8bde200dfde252ad-LAX
content-length
3
content-type
text/plain; charset=utf-8
date
Wed, 04 Sep 2024 12:53:55 GMT
location
/en
server
Caddy cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block
79282b6056e2e36a.css
nv37.duoqwe.com/_next/static/css/ 		341 B
262 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://nv37.duoqwe.com/_next/static/css/79282b6056e2e36a.css
Requested by
Host: nv37.duoqwe.com
URL: https://nv37.duoqwe.com/en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy, cloudflare /
Resource Hash
b61ecfb413fa23a792c1dda7b6af3abada682d4d97939d674e6bc05a3cc406cd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nv37.duoqwe.com/en
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 12:53:56 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
24202
alt-svc
h3=":443"; ma=2592000
x-xss-protection
1; mode=block
last-modified
Mon, 19 Aug 2024 17:15:13 GMT
server
Caddy, cloudflare
etag
W/"155-1916ba2bcfe"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/css; charset=UTF-8
cache-control
public, max-age=31536000, immutable
cf-ray
8bde20146c0d52ad-LAX
080f76a34a8b8678.css
nv37.duoqwe.com/_next/static/css/ 		13 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://nv37.duoqwe.com/_next/static/css/080f76a34a8b8678.css
Requested by
Host: nv37.duoqwe.com
URL: https://nv37.duoqwe.com/en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy, cloudflare /
Resource Hash
36e4512026d599217ae52429a7ea64d527f69276ebb6ef724578234bdba862ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nv37.duoqwe.com/en
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 12:53:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
24202
alt-svc
h3=":443"; ma=2592000
x-xss-protection
1; mode=block
last-modified
Mon, 19 Aug 2024 17:15:13 GMT
server
Caddy, cloudflare
etag
W/"3529-1916ba2bcfe"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/css; charset=UTF-8
cache-control
public, max-age=31536000, immutable
cf-ray
8bde20146c0e52ad-LAX
webpack-de5ccc76ade807b4.js
nv37.duoqwe.com/_next/static/chunks/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nv37.duoqwe.com/_next/static/chunks/webpack-de5ccc76ade807b4.js
Requested by
Host: nv37.duoqwe.com
URL: https://nv37.duoqwe.com/en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy, cloudflare /
Resource Hash
46421fda35fa81c4c9ab068a6fe59cde5ee08c5fa63fd30bcb88fcd7fde4400c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nv37.duoqwe.com/en
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 12:53:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Mon, 19 Aug 2024 17:15:13 GMT
server
Caddy, cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
24202
etag
W/"ed8-1916ba2bcfe"
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
cf-ray
8bde20173ea952ad-LAX
x-xss-protection
1; mode=block
framework-7dc8a65f4a0cda33.js
nv37.duoqwe.com/_next/static/chunks/ 		138 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nv37.duoqwe.com/_next/static/chunks/framework-7dc8a65f4a0cda33.js
Requested by
Host: nv37.duoqwe.com
URL: https://nv37.duoqwe.com/en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy, cloudflare /
Resource Hash
fff1301f899454eccafcc9b12ed9365c96960a9d5290a57775e20c8b0e7327b3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nv37.duoqwe.com/en
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 12:53:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
server
Caddy, cloudflare
age
24202
etag
W/"22675-1916ba2bcfe"
last-modified
Mon, 19 Aug 2024 17:15:13 GMT
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
cf-ray
8bde20172ea852ad-LAX
x-xss-protection
1; mode=block
main-0abd3ec81f1cd104.js
nv37.duoqwe.com/_next/static/chunks/ 		108 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nv37.duoqwe.com/_next/static/chunks/main-0abd3ec81f1cd104.js
Requested by
Host: nv37.duoqwe.com
URL: https://nv37.duoqwe.com/en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy, cloudflare /
Resource Hash
733df482172f3abd941b493d3cbd674316cead6ad2c72839c1e9b0581d280db4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nv37.duoqwe.com/en
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 12:53:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Mon, 19 Aug 2024 17:15:13 GMT
server
Caddy, cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
24203
etag
W/"1b0d8-1916ba2bcfe"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
cf-ray
8bde20175ed152ad-LAX
x-xss-protection
1; mode=block
_app-9e397866f57e8a45.js
nv37.duoqwe.com/_next/static/chunks/pages/ 		56 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nv37.duoqwe.com/_next/static/chunks/pages/_app-9e397866f57e8a45.js
Requested by
Host: nv37.duoqwe.com
URL: https://nv37.duoqwe.com/en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy, cloudflare /
Resource Hash
3b9dcded87cb321be9cde9023f41f8771445e6c8ed4f38bb22829793ec92bd36
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nv37.duoqwe.com/en
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Mon, 19 Aug 2024 17:15:13 GMT
server
Caddy, cloudflare
date
Wed, 04 Sep 2024 12:53:57 GMT
age
24203
etag
W/"dff0-1916ba2bcfe"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
cf-ray
8bde20176edc52ad-LAX
x-xss-protection
1; mode=block
413-d26082c03c4ae053.js
nv37.duoqwe.com/_next/static/chunks/ 		30 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nv37.duoqwe.com/_next/static/chunks/413-d26082c03c4ae053.js
Requested by
Host: nv37.duoqwe.com
URL: https://nv37.duoqwe.com/en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy, cloudflare /
Resource Hash
1e1dcf640791d68beb63aa1a6db356e4728ddb35dd761161426c5bf8e46fcb0d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nv37.duoqwe.com/en
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Mon, 19 Aug 2024 17:15:13 GMT
server
Caddy, cloudflare
date
Wed, 04 Sep 2024 12:53:57 GMT
age
24203
etag
W/"76bc-1916ba2bcfe"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
cf-ray
8bde20177ee352ad-LAX
x-xss-protection
1; mode=block
357-9c17c26c70f73404.js
nv37.duoqwe.com/_next/static/chunks/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nv37.duoqwe.com/_next/static/chunks/357-9c17c26c70f73404.js
Requested by
Host: nv37.duoqwe.com
URL: https://nv37.duoqwe.com/en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy, cloudflare /
Resource Hash
0ca8f99320fc9a9cfb2f6a6a6d230c6c32ada4bc1bff7b1c529bc2a261570c93
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nv37.duoqwe.com/en
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 12:53:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Mon, 19 Aug 2024 17:15:13 GMT
server
Caddy, cloudflare
content-encoding
gzip
age
24203
etag
W/"30e4-1916ba2bcfe"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
cf-ray
8bde20177ee452ad-LAX
x-xss-protection
1; mode=block
786-c6e8272b95b3a2ca.js
nv37.duoqwe.com/_next/static/chunks/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nv37.duoqwe.com/_next/static/chunks/786-c6e8272b95b3a2ca.js
Requested by
Host: nv37.duoqwe.com
URL: https://nv37.duoqwe.com/en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy, cloudflare /
Resource Hash
a337a72a59ea96865d16d9dd0ae71af25d98650fcf4999003b63f52ff3555fbd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nv37.duoqwe.com/en
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 04 Sep 2024 12:53:57 GMT
last-modified
Mon, 19 Aug 2024 17:15:13 GMT
server
Caddy, cloudflare
cf-cache-status
HIT
etag
W/"4b8b-1916ba2bcfe"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
cf-ray
8bde20177ee552ad-LAX
x-xss-protection
1; mode=block
641-ea73fac4f93b3ddb.js
nv37.duoqwe.com/_next/static/chunks/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nv37.duoqwe.com/_next/static/chunks/641-ea73fac4f93b3ddb.js
Requested by
Host: nv37.duoqwe.com
URL: https://nv37.duoqwe.com/en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy, cloudflare /
Resource Hash
22890dc1747ee4df17ad0eb45b1bec2b6c7f9c5262ead61a724c603df95dc05d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nv37.duoqwe.com/en
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 12:53:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Mon, 19 Aug 2024 17:15:13 GMT
server
Caddy, cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
7293
etag
W/"2a1b-1916ba2bcfe"
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
cf-ray
8bde20177ee652ad-LAX
x-xss-protection
1; mode=block
index-accc31ea4096c2ac.js
nv37.duoqwe.com/_next/static/chunks/pages/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nv37.duoqwe.com/_next/static/chunks/pages/index-accc31ea4096c2ac.js
Requested by
Host: nv37.duoqwe.com
URL: https://nv37.duoqwe.com/en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy, cloudflare /
Resource Hash
5861aa9dd182d1243f1287efd53f6ea113d7a21a63e0dd7957f3ca97dec65d9d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nv37.duoqwe.com/en
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 04 Sep 2024 12:53:57 GMT
cf-cache-status
HIT
server
Caddy, cloudflare
age
24203
etag
W/"1bc8-1916ba2bcfe"
last-modified
Mon, 19 Aug 2024 17:15:13 GMT
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
cf-ray
8bde20177ee852ad-LAX
x-xss-protection
1; mode=block
_buildManifest.js
nv37.duoqwe.com/_next/static/Vo6ilNCStMVNBJtfMWiXR/ 		950 B
696 B 		Script
General
Check archive.org
Download Go to
Full URL
https://nv37.duoqwe.com/_next/static/Vo6ilNCStMVNBJtfMWiXR/_buildManifest.js
Requested by
Host: nv37.duoqwe.com
URL: https://nv37.duoqwe.com/en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy, cloudflare /
Resource Hash
8854cb4b7ab3d80a0f8c8e13af1e6ec920c5b2e2e2a5a637a09dd1598f370d55
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nv37.duoqwe.com/en
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Mon, 19 Aug 2024 17:15:13 GMT
server
Caddy, cloudflare
date
Wed, 04 Sep 2024 12:53:57 GMT
age
24203
etag
W/"3b6-1916ba2bcfe"
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
cf-ray
8bde20177ee952ad-LAX
x-xss-protection
1; mode=block
_ssgManifest.js
nv37.duoqwe.com/_next/static/Vo6ilNCStMVNBJtfMWiXR/ 		77 B
303 B 		Script
General
Check archive.org
Download Go to
Full URL
https://nv37.duoqwe.com/_next/static/Vo6ilNCStMVNBJtfMWiXR/_ssgManifest.js
Requested by
Host: nv37.duoqwe.com
URL: https://nv37.duoqwe.com/en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy, cloudflare /
Resource Hash
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nv37.duoqwe.com/en
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 12:53:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Mon, 19 Aug 2024 17:15:13 GMT
server
Caddy, cloudflare
age
24203
etag
W/"4d-1916ba2bcfe"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript; charset=UTF-8
content-encoding
br
cache-control
public, max-age=31536000, immutable
cf-ray
8bde20177ee152ad-LAX
x-xss-protection
1; mode=block
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		152 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1885816497771161
Requested by
Host: nv37.duoqwe.com
URL: https://nv37.duoqwe.com/en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.32.98 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f2.1e100.net
Software
cafe /
Resource Hash
4e601af08e9fa98ee6a262fc995d7dd0d301cb33f1a916ebd07c0a18f42c7f5e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nv37.duoqwe.com/
Origin
https://nv37.duoqwe.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 12:53:57 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
52207
x-xss-protection
0
server
cafe
etag
8071500393246344136
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
link
<https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires
Wed, 04 Sep 2024 12:53:57 GMT
pub-1885816497771161
fundingchoicesmessages.google.com/i/ 		25 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/i/pub-1885816497771161?ers=1
Requested by
Host: nv37.duoqwe.com
URL: https://nv37.duoqwe.com/en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
89e7666945848030222238f48fb667c1c7cef477d7c3eac9fe4a5e118d1aa7ea
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-T5gs7lbNEH0KbH-_sgrthA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://nv37.duoqwe.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 12:53:57 GMT
content-security-policy
script-src 'report-sample' 'nonce-T5gs7lbNEH0KbH-_sgrthA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjStDikmLw1pBiOO90h-k6EEt8fcmkBcRO6TNYQ4DYp34GaxwQt948xzodiJP-nWctAWJ3rYus_kC8JOIi65HEi6yGCpdYnYH4_rpLrM-BeO_HS6xHgViIh-Pphofb2AQ6Oo_vZFLSSMovjE_OzyspykwqLckvSktOSy1OLSpLLYo3MjAyMbA0MNIzMI0vMAAAEm4-kw"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Mon, 01 Jan 1990 00:00:00 GMT
pub-1885816497771161
fundingchoicesmessages.google.com/b/ 		11 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/b/pub-1885816497771161
Requested by
Host: nv37.duoqwe.com
URL: https://nv37.duoqwe.com/en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7c2900424b1bc10256005d7e33ac5a24a1d81464ae08e86e63c35e27d0a99c47
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-crDZWvamewWJjs6jn6SVwg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://nv37.duoqwe.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 12:53:57 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-crDZWvamewWJjs6jn6SVwg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjStDikmLw05BiOO90h-k6EEt8fcmkBcRO6TNYQ4DYp34GaxwQt948xzodiJP-nWctAWJ3rYus_kC8JOIi65HEi6yGCpdYnYH4_rpLrM-BeO_HS6xHgViIh-Pphofb2AR2HPi7lklJIym_MD45P6-kKDOptCS_KC05LbU4tagstSjeyMDIxMDSwEjPwDS-wAAALko_Jw"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Mon, 01 Jan 1990 00:00:00 GMT
logo.png
nv37.duoqwe.com/ 		913 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nv37.duoqwe.com/logo.png
Requested by
Host: nv37.duoqwe.com
URL: https://nv37.duoqwe.com/en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy, cloudflare /
Resource Hash
0cae12c4bedf94f2c4af81dbc93815c6e7491b81febb3e2d484801719f686877
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nv37.duoqwe.com/en
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 04 Sep 2024 12:53:57 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
24203
content-length
913
x-xss-protection
1; mode=block
last-modified
Sun, 25 Sep 2022 17:29:47 GMT
server
Caddy, cloudflare
etag
W/"391-18375b2acd0"
x-frame-options
DENY
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
8bde20183f7c52ad-LAX
main.js
nv37.duoqwe.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/a5b175b00260/ Frame F3BB
Redirect Chain
  • https://nv37.duoqwe.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://nv37.duoqwe.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/a5b175b00260/main.js?
8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nv37.duoqwe.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/a5b175b00260/main.js?
Requested by
Host: nv37.duoqwe.com
URL: https://nv37.duoqwe.com/en
Protocol
H3
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy, cloudflare /
Resource Hash
91ecde474751af922a1397e96f46dfe8457c0834dfb2b900d28e14944b6fe293
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Wed, 04 Sep 2024 12:53:58 GMT
server
Caddy, cloudflare
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
cf-ray
8bde20205ea752ad-LAX

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 04 Sep 2024 12:53:57 GMT
server
Caddy, cloudflare
vary
Accept-Encoding
access-control-allow-origin
*
location
/cdn-cgi/challenge-platform/h/b/scripts/jsd/a5b175b00260/main.js?
cache-control
max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
cf-ray
8bde201b6a7c52ad-LAX
content-length
0
vars
nv37.duoqwe.com/api/api/v1/ 		29 B
207 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://nv37.duoqwe.com/api/api/v1/vars
Requested by
Host: nv37.duoqwe.com
URL: https://nv37.duoqwe.com/_next/static/chunks/pages/index-accc31ea4096c2ac.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy, cloudflare /
Resource Hash
c47305fb998f96aaa92d2a45acee5a22743e1e134b11535e7c28d0166f1b072b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nv37.duoqwe.com/en
Authorization
bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE3MjU0NTQ0MzYsImV4cCI6MTcyNTQ1NDczNn0.7ozHGL0t8pkaO1bLR7YxaE8zjhIN0mtoa15RX4q_B24
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 12:53:58 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
Caddy, cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/json; charset=utf-8
cf-ray
8bde201d1bd452ad-LAX
x-xss-protection
1; mode=block
AGSKWxXKDo2tYV5OQtpEs7bQ4mftWZ6QoGjeD8n2aiXTB2xfaN374zYC3mighPCAGDhDaQxZMCqVNcEL1YmlQ4ZALBIxMw==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxXKDo2tYV5OQtpEs7bQ4mftWZ6QoGjeD8n2aiXTB2xfaN374zYC3mighPCAGDhDaQxZMCqVNcEL1YmlQ4ZALBIxMw==
Requested by
Host: nv37.duoqwe.com
URL: https://nv37.duoqwe.com/en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.81.238 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-CZfmq-aaKF8C87eb0IZ15Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://nv37.duoqwe.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 12:53:58 GMT
content-security-policy
script-src 'report-sample' 'nonce-CZfmq-aaKF8C87eb0IZ15Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzj0tDikmII0pBicEqfwRoCxO5aF1n9gXhJxEXWI4kXWfd-vMR6FIiFuDmebXi4jU3gxNcf-UouSfmF8cn5eSWpeSW6iSnFuiB2UWZSaUl-EQo7tQykIic_PT0zLz3eyMDIxMDSwEjPwDy-wAAAfo8u1A"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
https://nv37.duoqwe.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
show_ads_impl_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202408290101/ 		428 KB
143 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202408290101/show_ads_impl_fy2021.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1885816497771161
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.32.98 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f2.1e100.net
Software
cafe /
Resource Hash
b79cae285882da509d599405f8f4bf1546257df20b336de9a9cdef653a55e6a9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nv37.duoqwe.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 12:53:58 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
146331
x-xss-protection
0
server
cafe
etag
5973660450153001391
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Wed, 04 Sep 2024 12:53:58 GMT
8bde2011894b52ad
nv37.duoqwe.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame F3BB 		0
656 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://nv37.duoqwe.com/cdn-cgi/challenge-platform/h/b/jsd/r/8bde2011894b52ad
Requested by
Host: nv37.duoqwe.com
URL: https://nv37.duoqwe.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy, cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 04 Sep 2024 12:53:59 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
server
Caddy, cloudflare
cf-ray
8bde2025bb3252ad-LAX
content-length
0
content-type
text/plain; charset=UTF-8
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20240829/r20110914/ Frame DDF5 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20240829/r20110914/zrt_lookup_fy2021.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202408290101/show_ads_impl_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.32.98 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nv37.duoqwe.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

age
678
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4111
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 04 Sep 2024 12:42:42 GMT
etag
5947459844715414650
expires
Wed, 18 Sep 2024 12:42:42 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 6E5D 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1885816497771161&output=html&adk=1812271804&adf=3025194257&abgtt=6&lmt=1725454439&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fnv37.duoqwe.com%2Fen&pra=5&wgl=1&aihb=0&asro=0&ailel=32~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=32~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aifxl=32_24~29_18~30_19&aiixl=32_9~29_5~30_6&aslmct=0.7&asamct=0.7&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1725454438213&bpp=9&bdt=1814&idt=1118&shv=r20240829&mjsv=m202408290101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&nras=1&correlator=79936395703&frm=20&pv=2&u_tz=-420&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31086551%2C31086589%2C31086638%2C31086686%2C44795921%2C95331688%2C95331833%2C95338226%2C95341533%2C95341663%2C31086142%2C95340845%2C95341514&oid=2&pvsid=2617433150044726&tmod=415165720&uas=0&nvt=1&fsapi=1&fc=1920&brdim=1570%2C1170%2C1570%2C1170%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&td=1&tdf=2&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=1239
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202408290101/show_ads_impl_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.32.98 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nv37.duoqwe.com/
Sec-Browsing-Topics
();p=P0000000000000000000000000000000
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
46
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 04 Sep 2024 12:54:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame F3A4 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1885816497771161&output=html&h=90&slotname=5854447399&adk=172914943&adf=3344760627&pi=t.ma~as.5854447399&w=728&abgtt=6&lmt=1725454439&channel=7806398678&format=728x90&url=https%3A%2F%2Fnv37.duoqwe.com%2Fen&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1725454438222&bpp=2&bdt=1822&idt=1300&shv=r20240829&mjsv=m202408290101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=0x0&nras=1&correlator=79936395703&frm=20&pv=1&u_tz=-420&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=540&ady=658&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31086551%2C31086589%2C31086638%2C31086686%2C44795921%2C95331688%2C95331833%2C95338226%2C95341533%2C95341663%2C31086142%2C95340845%2C95341514&oid=2&pvsid=2617433150044726&tmod=415165720&uas=0&nvt=1&fc=1920&brdim=1570%2C1170%2C1570%2C1170%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&td=1&tdf=2&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=2&uci=a!2&fsb=1&dtd=1338
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202408290101/show_ads_impl_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.32.98 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nv37.duoqwe.com/
Sec-Browsing-Topics
();p=P0000000000000000000000000000000
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
46
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 04 Sep 2024 12:54:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
sodar
ep1.adtrafficquality.google/getconfig/ 		17 KB
13 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gda&tv=r20240829&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202408290101/show_ads_impl_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
78bc08b652562e151dbbbd64c00a5e86322df5ceb9787d7567d1744350b768c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nv37.duoqwe.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 12:54:00 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12935
x-xss-protection
0
favicon.png
nv37.duoqwe.com/ 		480 B
681 B 		Other
General
Check archive.org
Download Go to
Full URL
https://nv37.duoqwe.com/favicon.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy, cloudflare /
Resource Hash
afd48784ff1f24820db315b053e339a5b8f0c5fca76ada598c7264ce4fb7dbf7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nv37.duoqwe.com/en
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 12:54:00 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
age
24042
content-length
480
x-xss-protection
1; mode=block
last-modified
Sun, 25 Sep 2022 17:29:29 GMT
server
Caddy, cloudflare
etag
W/"1e0-18375b26764"
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
8bde202f2b8452ad-LAX
sodar2.js
ep2.adtrafficquality.google/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202408290101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nv37.duoqwe.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 12:54:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 04 Sep 2024 12:54:01 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 4251 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nv37.duoqwe.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
546
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 04 Sep 2024 12:44:56 GMT
expires
Thu, 04 Sep 2025 12:44:56 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame A58A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.32.100 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f4.1e100.net
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-kkq0eY596I9TW0P0ORfzMQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nv37.duoqwe.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-kkq0eY596I9TW0P0ORfzMQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Wed, 04 Sep 2024 12:54:02 GMT
expires
Wed, 04 Sep 2024 12:54:02 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
sodar
pagead2.googlesyndication.com/pagead/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
pagead2.googlesyndication.com
URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240829&jk=2617433150044726&bg=!t7SltPvNAAakh3bWhIc7ADQBe5WfOMpI3u8LJbwBj2aHinGX6vkFIHvVjXolHvHRsj7AAZ0a66F9OxudEGE18mUXA1zbAgAAAdtSAAAABGgBB34ANvKtprMaMHkuXvCbqY5lxQfAtER1YfnYVNVzicqT-DKBCTR_COtHKn4HbwrJCjj7QuDehl32FgoAkU1WqGp9Dw2r28hJmzUgbeMvHq5C9FhCyyj0k_i5e8McXfl95A95C98W5PWxvHyykedCE1NGtAupVvMZBeLyjm0X6oEwg1QNoV2_tHzPNvZTfBoDVe4nQucCT_Iil1zA2PNIkuYIeSfw-5vZv-AOdt3DiuvHrKZZH2FHJgzvhv3bvyqJBsjMTs5ZtRManzcxJVCZArwMue3vidgVKCEgqiuh0c9L1iPDkLK6tQfzOle1lTI7RRKbTCPrDR6ThTCShFGSjj74xBWzxtAfBv-dqBPFkT1wtceYp8YSrE9OpRWpkL12fjhLTpYCjQDQJBJ9AHtFuT_2JbVZSl11PzHGmS8Rz8pWRfnZglIRJw4ut4x9s6c8XOcjgyndhISy_jzB10mxHNDyFPU3ZGhCN6Ihz-n69LWtx4nTAHOqRrw_59A5ZquK1rGb8LokIJtusMarD4pk7VIaBWZUCiGfmqxBKdmwiliqEa7nb4HbjHA_k0OpTKbChIauq7qyyJQ1fcfYg4Oj-Lz40hJV6zd7cNRHqaikuRX8vzc7NvOmr0ac54-FxGgWlQeEFsmTH9zGx-mEmU9PaxKICOmXVuq1h1nfZH6E-fICgwjHjWF9_MoOeXw1Pf7ggjoQ0tixKIHVi7q3mhJnkiZ9t7uZy0lPW08VKrT2RSLCz1f6DJDJCKjM69630Mv0P_fsTwy_21CQZaDyxZfQFMIh13Vh8L-q8JcAkTnGh681ErotidmJeWdgCMlw74w7Y4LofDV0bAlT4p_db86JeHc1d8BTfr6jCCViU_azSkw3eLkRrOAObnqkaYVLHEjradhEdd8pcoZDcQBWEKHDEEYUqPht4N_pyiio-NTbrV2M-eybRGIPV81aZGtfJCVdCbX_IeWTzWdu_p6KJEeIf66ZzlkSMN_muKTBjeayuiMN0o8ZiOtsRVaXziPvW2xhIgS02EsRoG-1qzJWorJnHLggh2QBHCZMtIxnIv5NDZ7-ZQqRyUwiiSwyrg7rTNhiuNbDYq_o6XTD-LX2jX24h1WGJS0z6gFnwVITAyaKJjtdIikkQ5u38zf_MisxZaVXr46OIJTQ7_PXLslW2a_bJsYSCY0hy9hEHGbhLsxmY13dm6qq9cwEvA9eKDUr

Verdicts & Comments Add Verdict or Comment

52 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 function| __h82AlnkH6D91__ object| webpackChunk_N_E object| regeneratorRuntime function| __next_require__ object| next object| __NEXT_DATA__ function| __SSG_MANIFEST_CB object| __NEXT_P object| _N_E object| __MIDDLEWARE_MANIFEST object| __BUILD_MANIFEST object| __SSG_MANIFEST object| adsbygoogle function| __p4qa8r1lb17__ string| cHViLTE4ODU4MTY0OTc3NzExNjE= function| __an6na521li18__ string| bG9hZGVyX2pz string| Y2FjaGVkX2pz object| googlefc object| __fcInternalApiManager boolean| __fcInternalApiPostMessageReady object| google_js_reporting_queue number| google_srt object| google_persistent_state_async object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac object| google_tag_data object| google_reactive_ads_global_state object| google_sa_queue function| google_process_slots function| google_spfd number| google_unique_id object| google_sv_map number| google_rum_task_id_counter string| google_user_agent_client_hint function| google_sa_impl number| google_global_correlator object| google_prev_clients object| ampInaboxIframes object| ampInaboxPendingMessages object| GoogleGcLKhOms object| google_image_requests

2 Cookies

Domain/Path Name / Value
nv37.duoqwe.com/ Name: auth_token
Value: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE3MjU0NTQ0MzYsImV4cCI6MTcyNTQ1NDczNn0.7ozHGL0t8pkaO1bLR7YxaE8zjhIN0mtoa15RX4q_B24
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ep1.adtrafficquality.google
ep2.adtrafficquality.google
fundingchoicesmessages.google.com
googleads.g.doubleclick.net
nv37.duoqwe.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
www.google.com
pagead2.googlesyndication.com
142.250.72.98
142.250.81.238
142.251.32.100
142.251.32.98
154.17.4.64
2607:f8b0:4006:816::200e
2607:f8b0:4006:81c::2001
2607:f8b0:4006:81e::2001
0ca8f99320fc9a9cfb2f6a6a6d230c6c32ada4bc1bff7b1c529bc2a261570c93
0cae12c4bedf94f2c4af81dbc93815c6e7491b81febb3e2d484801719f686877
1e1dcf640791d68beb63aa1a6db356e4728ddb35dd761161426c5bf8e46fcb0d
22890dc1747ee4df17ad0eb45b1bec2b6c7f9c5262ead61a724c603df95dc05d
27818a53b1558c29e4f0f7a37eaf6eee1e7cc5d1070b6c813e4a3763a0fa36ec
36e4512026d599217ae52429a7ea64d527f69276ebb6ef724578234bdba862ba
3b9dcded87cb321be9cde9023f41f8771445e6c8ed4f38bb22829793ec92bd36
46421fda35fa81c4c9ab068a6fe59cde5ee08c5fa63fd30bcb88fcd7fde4400c
4e601af08e9fa98ee6a262fc995d7dd0d301cb33f1a916ebd07c0a18f42c7f5e
5861aa9dd182d1243f1287efd53f6ea113d7a21a63e0dd7957f3ca97dec65d9d
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
733df482172f3abd941b493d3cbd674316cead6ad2c72839c1e9b0581d280db4
78bc08b652562e151dbbbd64c00a5e86322df5ceb9787d7567d1744350b768c8
7c2900424b1bc10256005d7e33ac5a24a1d81464ae08e86e63c35e27d0a99c47
8854cb4b7ab3d80a0f8c8e13af1e6ec920c5b2e2e2a5a637a09dd1598f370d55
89e7666945848030222238f48fb667c1c7cef477d7c3eac9fe4a5e118d1aa7ea
91ecde474751af922a1397e96f46dfe8457c0834dfb2b900d28e14944b6fe293
a337a72a59ea96865d16d9dd0ae71af25d98650fcf4999003b63f52ff3555fbd
afd48784ff1f24820db315b053e339a5b8f0c5fca76ada598c7264ce4fb7dbf7
b61ecfb413fa23a792c1dda7b6af3abada682d4d97939d674e6bc05a3cc406cd
b79cae285882da509d599405f8f4bf1546257df20b336de9a9cdef653a55e6a9
c47305fb998f96aaa92d2a45acee5a22743e1e134b11535e7c28d0166f1b072b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fff1301f899454eccafcc9b12ed9365c96960a9d5290a57775e20c8b0e7327b3