urlscan.io logo urlscan.io
SecurityTrails logo

nv44.duoqwe.com Open in urlscan Pro
154.17.4.64  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://nv44.duoqwe.com/
Effective URL: https://nv44.duoqwe.com/en
Submission: On September 05 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 1 countries across 5 domains to perform 32 HTTP transactions. The main IP is 154.17.4.64, located in Los Angeles, United States and belongs to DMIT, US. The main domain is nv44.duoqwe.com.
TLS certificate: Issued by E6 on September 4th 2024. Valid for: 3 months.
This is the only time nv44.duoqwe.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

21    154.17.4.64 (Los Angeles, United States)

ASN906 (DMIT, US)
PTR: Host-By.DMIT.com
nv44.duoqwe.com
2    142.250.176.194 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s37-in-f2.1e100.net
pagead2.googlesyndication.com
2    2607:f8b0:4006:80d::200e (United States)

ASN15169 (GOOGLE, US)
fundingchoicesmessages.google.com
1    142.251.40.142 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s80-in-f14.1e100.net
fundingchoicesmessages.google.com
3    142.250.80.66 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s35-in-f2.1e100.net
googleads.g.doubleclick.net
1    142.251.40.226 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s39-in-f2.1e100.net
ep1.adtrafficquality.google
2    2607:f8b0:4006:81e::2001 (United States)

ASN15169 (GOOGLE, US)
ep2.adtrafficquality.google
tpc.googlesyndication.com
1    142.251.32.100 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s77-in-f4.1e100.net
www.google.com
Apex Domain
Subdomains		 Transfer
21 duoqwe.com
nv44.duoqwe.com
148 KB
4 google.com
fundingchoicesmessages.google.com — Cisco Umbrella Rank: 662
www.google.com — Cisco Umbrella Rank: 10
16 KB
3 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 77
3 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 157
tpc.googlesyndication.com — Cisco Umbrella Rank: 203
194 KB
2 adtrafficquality.google
ep1.adtrafficquality.google
ep2.adtrafficquality.google
19 KB
32 5
Domain Requested by
21 nv44.duoqwe.com 2 redirects nv44.duoqwe.com
3 googleads.g.doubleclick.net pagead2.googlesyndication.com
3 fundingchoicesmessages.google.com nv44.duoqwe.com
2 pagead2.googlesyndication.com nv44.duoqwe.com
pagead2.googlesyndication.com
1 www.google.com ep2.adtrafficquality.google
1 tpc.googlesyndication.com ep2.adtrafficquality.google
1 ep2.adtrafficquality.google pagead2.googlesyndication.com
1 ep1.adtrafficquality.google pagead2.googlesyndication.com
32 8

This site contains links to these domains. Also see Links.

Domain
stats.uptimerobot.com
api.mail.cx
Subject Issuer Validity Valid
nv44.duoqwe.com
E6		 2024-09-04 -
2024-12-03		 3 months crt.sh
*.g.doubleclick.net
WR2		 2024-08-12 -
2024-11-04		 3 months crt.sh
*.google.com
WR2		 2024-08-12 -
2024-11-04		 3 months crt.sh
adtrafficquality.google
WR2		 2024-08-12 -
2024-11-04		 3 months crt.sh
tpc.googlesyndication.com
WR2		 2024-08-05 -
2024-10-28		 3 months crt.sh

This page contains 7 frames:

Primary Page: https://nv44.duoqwe.com/en
Frame ID: C7FCD1A1547348DFDEDF7DD9770449DB
Requests: 25 HTTP requests in this frame

Frame: https://nv44.duoqwe.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/a5b175b00260/main.js
Frame ID: E7B27FDBF2FBF2903475AF31BB33B464
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240903/r20110914/zrt_lookup_fy2021.html
Frame ID: 6B5535AF3F235B8C00E6A4949BFF6C21
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1885816497771161&output=html&adk=1812271804&adf=3025194257&abgtt=6&lmt=1725544410&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fnv44.duoqwe.com%2Fen&pra=5&wgl=1&aihb=0&asro=0&ailel=32~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=32~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aifxl=32_25~29_18~30_19&aiixl=32_9~29_5~30_6&aslmct=0.7&asamct=0.7&aiombap=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1725544409657&bpp=5&bdt=1194&idt=799&shv=r20240903&mjsv=m202408290101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&nras=1&correlator=2776836140538&frm=20&pv=2&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31086547%2C31086639%2C31086686%2C44795922%2C95338227%2C95341664%2C31086142%2C95340844%2C95341514&oid=2&pvsid=3805428765326122&tmod=24765760&uas=0&nvt=1&fsapi=1&fc=1920&brdim=290%2C290%2C290%2C290%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&td=1&tdf=2&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=843
Frame ID: 39BD97D5CF6DCD7A274D4CDECB286BA0
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1885816497771161&output=html&h=90&slotname=5854447399&adk=172914943&adf=3344760627&pi=t.ma~as.5854447399&w=728&abgtt=6&lmt=1725544410&channel=7806398678&format=728x90&url=https%3A%2F%2Fnv44.duoqwe.com%2Fen&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1725544409662&bpp=2&bdt=1199&idt=851&shv=r20240903&mjsv=m202408290101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=0x0&nras=1&correlator=2776836140538&frm=20&pv=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=540&ady=658&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31086547%2C31086639%2C31086686%2C44795922%2C95338227%2C95341664%2C31086142%2C95340844%2C95341514&oid=2&pvsid=3805428765326122&tmod=24765760&uas=0&nvt=1&fc=1920&brdim=290%2C290%2C290%2C290%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&td=1&tdf=2&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=2&uci=a!2&fsb=1&dtd=868
Frame ID: 636AB915D8ADDC13A8F68F0B238F45D4
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: BA54DC7C4E1E039C85A23BC9BCD99BE5
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 726D69088994A65E44AD5E6CC33667FE
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Temp Mail - Free Disposable Email Service | Temporary Email Address

Page URL History Show full URLs

  1. https://nv44.duoqwe.com/ HTTP 307
    https://nv44.duoqwe.com/en Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/

Page Statistics

32
Requests

94 %
HTTPS

25 %
IPv6

5
Domains

8
Subdomains

9
IPs

1
Countries

377 kB
Transfer

1104 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://nv44.duoqwe.com/ HTTP 307
    https://nv44.duoqwe.com/en Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 17
  • https://nv44.duoqwe.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://nv44.duoqwe.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/a5b175b00260/main.js

32 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request en
nv44.duoqwe.com/
Redirect Chain
  • https://nv44.duoqwe.com/
  • https://nv44.duoqwe.com/en
47 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://nv44.duoqwe.com/en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy cloudflare /
Resource Hash
a7c6edb7df1a08ad88da09904a71d764f2edb9d3dc241c1670cd4480aea863f9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000
cache-control
private, no-cache, no-store, max-age=0, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8be6b4a778397ec3-LAX
content-encoding
br
content-type
text/html; charset=utf-8
date
Thu, 05 Sep 2024 13:53:28 GMT
server
Caddy cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block

Redirect headers

alt-svc
h3=":443"; ma=2592000
cf-cache-status
DYNAMIC
cf-ray
8be6b4a3fcb37ec3-LAX
content-length
3
content-type
text/plain; charset=utf-8
date
Thu, 05 Sep 2024 13:53:28 GMT
location
/en
server
Caddy cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block
79282b6056e2e36a.css
nv44.duoqwe.com/_next/static/css/ 		341 B
428 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://nv44.duoqwe.com/_next/static/css/79282b6056e2e36a.css
Requested by
Host: nv44.duoqwe.com
URL: https://nv44.duoqwe.com/en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy, cloudflare /
Resource Hash
b61ecfb413fa23a792c1dda7b6af3abada682d4d97939d674e6bc05a3cc406cd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nv44.duoqwe.com/en
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 13:53:28 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-cache-status
HIT
server
Caddy, cloudflare
age
114174
etag
W/"155-1916ba2bcfe"
last-modified
Mon, 19 Aug 2024 17:15:13 GMT
x-frame-options
DENY
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public, max-age=31536000, immutable
cf-ray
8be6b4a94a197ec3-LAX
x-xss-protection
1; mode=block
080f76a34a8b8678.css
nv44.duoqwe.com/_next/static/css/ 		13 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://nv44.duoqwe.com/_next/static/css/080f76a34a8b8678.css
Requested by
Host: nv44.duoqwe.com
URL: https://nv44.duoqwe.com/en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy, cloudflare /
Resource Hash
36e4512026d599217ae52429a7ea64d527f69276ebb6ef724578234bdba862ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nv44.duoqwe.com/en
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 05 Sep 2024 13:53:28 GMT
last-modified
Mon, 19 Aug 2024 17:15:13 GMT
server
Caddy, cloudflare
cf-cache-status
HIT
age
114174
etag
W/"3529-1916ba2bcfe"
x-frame-options
DENY
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public, max-age=31536000, immutable
cf-ray
8be6b4a94a187ec3-LAX
x-xss-protection
1; mode=block
webpack-de5ccc76ade807b4.js
nv44.duoqwe.com/_next/static/chunks/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nv44.duoqwe.com/_next/static/chunks/webpack-de5ccc76ade807b4.js
Requested by
Host: nv44.duoqwe.com
URL: https://nv44.duoqwe.com/en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy, cloudflare /
Resource Hash
46421fda35fa81c4c9ab068a6fe59cde5ee08c5fa63fd30bcb88fcd7fde4400c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nv44.duoqwe.com/en
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 13:53:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Mon, 19 Aug 2024 17:15:13 GMT
server
Caddy, cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
75014
etag
W/"ed8-1916ba2bcfe"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
cf-ray
8be6b4aa0ace7ec3-LAX
x-xss-protection
1; mode=block
framework-7dc8a65f4a0cda33.js
nv44.duoqwe.com/_next/static/chunks/ 		138 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nv44.duoqwe.com/_next/static/chunks/framework-7dc8a65f4a0cda33.js
Requested by
Host: nv44.duoqwe.com
URL: https://nv44.duoqwe.com/en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy, cloudflare /
Resource Hash
fff1301f899454eccafcc9b12ed9365c96960a9d5290a57775e20c8b0e7327b3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nv44.duoqwe.com/en
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Mon, 19 Aug 2024 17:15:13 GMT
server
Caddy, cloudflare
date
Thu, 05 Sep 2024 13:53:28 GMT
age
114207
etag
W/"22675-1916ba2bcfe"
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
cf-ray
8be6b4aa0acb7ec3-LAX
x-xss-protection
1; mode=block
main-0abd3ec81f1cd104.js
nv44.duoqwe.com/_next/static/chunks/ 		108 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nv44.duoqwe.com/_next/static/chunks/main-0abd3ec81f1cd104.js
Requested by
Host: nv44.duoqwe.com
URL: https://nv44.duoqwe.com/en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy, cloudflare /
Resource Hash
733df482172f3abd941b493d3cbd674316cead6ad2c72839c1e9b0581d280db4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nv44.duoqwe.com/en
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 13:53:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Mon, 19 Aug 2024 17:15:13 GMT
server
Caddy, cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
114207
etag
W/"1b0d8-1916ba2bcfe"
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
cf-ray
8be6b4aa4b017ec3-LAX
x-xss-protection
1; mode=block
_app-9e397866f57e8a45.js
nv44.duoqwe.com/_next/static/chunks/pages/ 		56 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nv44.duoqwe.com/_next/static/chunks/pages/_app-9e397866f57e8a45.js
Requested by
Host: nv44.duoqwe.com
URL: https://nv44.duoqwe.com/en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy, cloudflare /
Resource Hash
3b9dcded87cb321be9cde9023f41f8771445e6c8ed4f38bb22829793ec92bd36
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nv44.duoqwe.com/en
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 13:53:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Mon, 19 Aug 2024 17:15:13 GMT
server
Caddy, cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
114207
etag
W/"dff0-1916ba2bcfe"
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
cf-ray
8be6b4aa4afb7ec3-LAX
x-xss-protection
1; mode=block
413-d26082c03c4ae053.js
nv44.duoqwe.com/_next/static/chunks/ 		30 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nv44.duoqwe.com/_next/static/chunks/413-d26082c03c4ae053.js
Requested by
Host: nv44.duoqwe.com
URL: https://nv44.duoqwe.com/en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy, cloudflare /
Resource Hash
1e1dcf640791d68beb63aa1a6db356e4728ddb35dd761161426c5bf8e46fcb0d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nv44.duoqwe.com/en
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 13:53:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Mon, 19 Aug 2024 17:15:13 GMT
server
Caddy, cloudflare
cf-cache-status
HIT
age
114207
etag
W/"76bc-1916ba2bcfe"
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
cf-ray
8be6b4aa4aff7ec3-LAX
x-xss-protection
1; mode=block
357-9c17c26c70f73404.js
nv44.duoqwe.com/_next/static/chunks/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nv44.duoqwe.com/_next/static/chunks/357-9c17c26c70f73404.js
Requested by
Host: nv44.duoqwe.com
URL: https://nv44.duoqwe.com/en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy, cloudflare /
Resource Hash
0ca8f99320fc9a9cfb2f6a6a6d230c6c32ada4bc1bff7b1c529bc2a261570c93
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nv44.duoqwe.com/en
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 13:53:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Mon, 19 Aug 2024 17:15:13 GMT
server
Caddy, cloudflare
age
114207
etag
W/"30e4-1916ba2bcfe"
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
content-encoding
gzip
cache-control
public, max-age=31536000, immutable
cf-ray
8be6b4aa4af67ec3-LAX
x-xss-protection
1; mode=block
786-c6e8272b95b3a2ca.js
nv44.duoqwe.com/_next/static/chunks/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nv44.duoqwe.com/_next/static/chunks/786-c6e8272b95b3a2ca.js
Requested by
Host: nv44.duoqwe.com
URL: https://nv44.duoqwe.com/en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy, cloudflare /
Resource Hash
a337a72a59ea96865d16d9dd0ae71af25d98650fcf4999003b63f52ff3555fbd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nv44.duoqwe.com/en
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Mon, 19 Aug 2024 17:15:13 GMT
server
Caddy, cloudflare
date
Thu, 05 Sep 2024 13:53:28 GMT
age
114207
etag
W/"4b8b-1916ba2bcfe"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
cf-ray
8be6b4aa4b057ec3-LAX
x-xss-protection
1; mode=block
641-ea73fac4f93b3ddb.js
nv44.duoqwe.com/_next/static/chunks/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nv44.duoqwe.com/_next/static/chunks/641-ea73fac4f93b3ddb.js
Requested by
Host: nv44.duoqwe.com
URL: https://nv44.duoqwe.com/en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy, cloudflare /
Resource Hash
22890dc1747ee4df17ad0eb45b1bec2b6c7f9c5262ead61a724c603df95dc05d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nv44.duoqwe.com/en
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 13:53:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Mon, 19 Aug 2024 17:15:13 GMT
server
Caddy, cloudflare
cf-cache-status
HIT
etag
W/"2a1b-1916ba2bcfe"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
cf-ray
8be6b4aa4b097ec3-LAX
x-xss-protection
1; mode=block
index-accc31ea4096c2ac.js
nv44.duoqwe.com/_next/static/chunks/pages/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nv44.duoqwe.com/_next/static/chunks/pages/index-accc31ea4096c2ac.js
Requested by
Host: nv44.duoqwe.com
URL: https://nv44.duoqwe.com/en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy, cloudflare /
Resource Hash
5861aa9dd182d1243f1287efd53f6ea113d7a21a63e0dd7957f3ca97dec65d9d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nv44.duoqwe.com/en
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 13:53:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Mon, 19 Aug 2024 17:15:13 GMT
server
Caddy, cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
114207
etag
W/"1bc8-1916ba2bcfe"
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
cf-ray
8be6b4aa4b037ec3-LAX
x-xss-protection
1; mode=block
_buildManifest.js
nv44.duoqwe.com/_next/static/Vo6ilNCStMVNBJtfMWiXR/ 		950 B
696 B 		Script
General
Check archive.org
Download Go to
Full URL
https://nv44.duoqwe.com/_next/static/Vo6ilNCStMVNBJtfMWiXR/_buildManifest.js
Requested by
Host: nv44.duoqwe.com
URL: https://nv44.duoqwe.com/en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy, cloudflare /
Resource Hash
8854cb4b7ab3d80a0f8c8e13af1e6ec920c5b2e2e2a5a637a09dd1598f370d55
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nv44.duoqwe.com/en
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 13:53:28 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Mon, 19 Aug 2024 17:15:13 GMT
server
Caddy, cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
114207
etag
W/"3b6-1916ba2bcfe"
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
cf-ray
8be6b4aa4b0a7ec3-LAX
x-xss-protection
1; mode=block
_ssgManifest.js
nv44.duoqwe.com/_next/static/Vo6ilNCStMVNBJtfMWiXR/ 		77 B
303 B 		Script
General
Check archive.org
Download Go to
Full URL
https://nv44.duoqwe.com/_next/static/Vo6ilNCStMVNBJtfMWiXR/_ssgManifest.js
Requested by
Host: nv44.duoqwe.com
URL: https://nv44.duoqwe.com/en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy, cloudflare /
Resource Hash
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nv44.duoqwe.com/en
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 05 Sep 2024 13:53:28 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
server
Caddy, cloudflare
age
114207
etag
W/"4d-1916ba2bcfe"
last-modified
Mon, 19 Aug 2024 17:15:13 GMT
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
cf-ray
8be6b4aa4b0d7ec3-LAX
x-xss-protection
1; mode=block
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		152 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1885816497771161
Requested by
Host: nv44.duoqwe.com
URL: https://nv44.duoqwe.com/en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.176.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s37-in-f2.1e100.net
Software
cafe /
Resource Hash
52f3476f34301eca31c850a3413cef4a44b265275439f95649a26b74f2bd4938
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nv44.duoqwe.com/
Origin
https://nv44.duoqwe.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 13:53:29 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
52120
x-xss-protection
0
server
cafe
etag
15957189704195331255
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
link
<https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires
Thu, 05 Sep 2024 13:53:29 GMT
pub-1885816497771161
fundingchoicesmessages.google.com/i/ 		25 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/i/pub-1885816497771161?ers=1
Requested by
Host: nv44.duoqwe.com
URL: https://nv44.duoqwe.com/en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80d::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
89e7666945848030222238f48fb667c1c7cef477d7c3eac9fe4a5e118d1aa7ea
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-UKf20deTKeV9Q92s2uD_Iw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://nv44.duoqwe.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 13:53:29 GMT
content-security-policy
script-src 'report-sample' 'nonce-UKf20deTKeV9Q92s2uD_Iw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjStDikmII0pBiOO90h-k6EEt8fcmkBcRO6TNYQ4DYp34GaxwQt948xzodiJP-nWctAWJ3rYus_kC8JOIi65HEi6yGCpdYnYH4_rpLrM-BeO_HS6xHgViIm-Pm-2fb2AQuNCz3UNJIyi-MT87PKynKTCotyS9KS05LLU4tKkstijcyMDIxsDQw1jMwjC8wAADjij56"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Mon, 01 Jan 1990 00:00:00 GMT
logo.png
nv44.duoqwe.com/ 		913 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nv44.duoqwe.com/logo.png
Requested by
Host: nv44.duoqwe.com
URL: https://nv44.duoqwe.com/en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy, cloudflare /
Resource Hash
0cae12c4bedf94f2c4af81dbc93815c6e7491b81febb3e2d484801719f686877
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nv44.duoqwe.com/en
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 05 Sep 2024 13:53:28 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
114174
content-length
913
x-xss-protection
1; mode=block
last-modified
Sun, 25 Sep 2022 17:29:47 GMT
server
Caddy, cloudflare
etag
W/"391-18375b2acd0"
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
8be6b4aa4b0c7ec3-LAX
pub-1885816497771161
fundingchoicesmessages.google.com/b/ 		11 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/b/pub-1885816497771161
Requested by
Host: nv44.duoqwe.com
URL: https://nv44.duoqwe.com/en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80d::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7c2900424b1bc10256005d7e33ac5a24a1d81464ae08e86e63c35e27d0a99c47
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-S766sPyd7Yt6MmUAON3kFg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://nv44.duoqwe.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 13:53:29 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-S766sPyd7Yt6MmUAON3kFg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjytHikmLw1JBiWMS_i-nErdtMF4D4vNMdputALPH1JZMWEDulz2ANAWKf-hmscUDcevMc63QgTvp3nrUEiN21LrL6A_GSiIusRxIvshoqXGJ1BuL76y6xPgfivR8vsR4FYiFujpvvn21jE2iYt9xZSSMpvzA-OT-vpCgzqbQkvygtOS21OLWoLLUo3sjAyMTA0sBYz8AwvsAAAK5CRLk"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Mon, 01 Jan 1990 00:00:00 GMT
main.js
nv44.duoqwe.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/a5b175b00260/ Frame E7B2
Redirect Chain
  • https://nv44.duoqwe.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://nv44.duoqwe.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/a5b175b00260/main.js?
8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nv44.duoqwe.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/a5b175b00260/main.js?
Requested by
Host: nv44.duoqwe.com
URL: https://nv44.duoqwe.com/en
Protocol
H3
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy, cloudflare /
Resource Hash
dd85e794b1856f825295a2d904746691a7c641d3771bbd8d52dfe58974e710ee
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 05 Sep 2024 13:53:29 GMT
x-content-type-options
nosniff
content-encoding
br
server
Caddy, cloudflare
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
cf-ray
8be6b4accdd47ec3-LAX

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 05 Sep 2024 13:53:28 GMT
server
Caddy, cloudflare
vary
Accept-Encoding
access-control-allow-origin
*
location
/cdn-cgi/challenge-platform/h/b/scripts/jsd/a5b175b00260/main.js?
cache-control
max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
cf-ray
8be6b4abed0d7ec3-LAX
content-length
0
vars
nv44.duoqwe.com/api/api/v1/ 		29 B
207 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://nv44.duoqwe.com/api/api/v1/vars
Requested by
Host: nv44.duoqwe.com
URL: https://nv44.duoqwe.com/_next/static/chunks/pages/index-accc31ea4096c2ac.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy, cloudflare /
Resource Hash
b2e3fd2fac79deda9718b6b7d59fb5db4114f9c52e538a370202b71b142c1801
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nv44.duoqwe.com/en
Authorization
bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE3MjU1NDQ0MDgsImV4cCI6MTcyNTU0NDcwOH0.gaL9yLmPWUTqOYnQ4x_Vhnk278qtjKcuzilFwPpdUKQ
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
Caddy, cloudflare
date
Thu, 05 Sep 2024 13:53:29 GMT
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/json; charset=utf-8
cf-ray
8be6b4ac2d5e7ec3-LAX
x-xss-protection
1; mode=block
8be6b4a778397ec3
nv44.duoqwe.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame E7B2 		0
659 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://nv44.duoqwe.com/cdn-cgi/challenge-platform/h/b/jsd/r/8be6b4a778397ec3
Requested by
Host: nv44.duoqwe.com
URL: https://nv44.duoqwe.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy, cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 05 Sep 2024 13:53:29 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
server
Caddy, cloudflare
cf-ray
8be6b4afe82c7ec3-LAX
content-length
0
content-type
text/plain; charset=UTF-8
AGSKWxXKDo2tYV5OQtpEs7bQ4mftWZ6QoGjeD8n2aiXTB2xfaN374zYC3mighPCAGDhDaQxZMCqVNcEL1YmlQ4ZALBIxMw==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxXKDo2tYV5OQtpEs7bQ4mftWZ6QoGjeD8n2aiXTB2xfaN374zYC3mighPCAGDhDaQxZMCqVNcEL1YmlQ4ZALBIxMw==
Requested by
Host: nv44.duoqwe.com
URL: https://nv44.duoqwe.com/en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.142 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s80-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-FtrvXw0O_bdjQO9MGfZRhg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://nv44.duoqwe.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 13:53:30 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-FtrvXw0O_bdjQO9MGfZRhg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzj0tDikmLw15BicEqfwRoCxO5aF1n9gXhJxEXWI4kXWfd-vMR6FIiFuDluvX-2jU1gQe8maSWXpPzC-OT8vJLUvBLdxJRiXRC7KDOptCS_CIWdWgZSkZOfnp6Zlx5vZGBkYmBpYKxnYB5fYAAAOjQt4A"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
https://nv44.duoqwe.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
show_ads_impl_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202408290101/ 		428 KB
143 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202408290101/show_ads_impl_fy2021.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1885816497771161
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.176.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s37-in-f2.1e100.net
Software
cafe /
Resource Hash
5c6015e7550477ff32b5bfa1c4b429376a9cfd93f9f1588d32e352acfbc716d3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nv44.duoqwe.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 13:53:30 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
146320
x-xss-protection
0
server
cafe
etag
6700061632946723985
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Thu, 05 Sep 2024 13:53:30 GMT
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20240903/r20110914/ Frame 6B55 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20240903/r20110914/zrt_lookup_fy2021.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202408290101/show_ads_impl_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.66 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s35-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nv44.duoqwe.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

age
1077
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4111
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 05 Sep 2024 13:35:33 GMT
etag
5947459844715414650
expires
Thu, 19 Sep 2024 13:35:33 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 39BD 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1885816497771161&output=html&adk=1812271804&adf=3025194257&abgtt=6&lmt=1725544410&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fnv44.duoqwe.com%2Fen&pra=5&wgl=1&aihb=0&asro=0&ailel=32~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=32~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aifxl=32_25~29_18~30_19&aiixl=32_9~29_5~30_6&aslmct=0.7&asamct=0.7&aiombap=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1725544409657&bpp=5&bdt=1194&idt=799&shv=r20240903&mjsv=m202408290101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&nras=1&correlator=2776836140538&frm=20&pv=2&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31086547%2C31086639%2C31086686%2C44795922%2C95338227%2C95341664%2C31086142%2C95340844%2C95341514&oid=2&pvsid=3805428765326122&tmod=24765760&uas=0&nvt=1&fsapi=1&fc=1920&brdim=290%2C290%2C290%2C290%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&td=1&tdf=2&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=843
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202408290101/show_ads_impl_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.66 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s35-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nv44.duoqwe.com/
Sec-Browsing-Topics
();p=P0000000000000000000000000000000
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
46
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 05 Sep 2024 13:53:30 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 636A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1885816497771161&output=html&h=90&slotname=5854447399&adk=172914943&adf=3344760627&pi=t.ma~as.5854447399&w=728&abgtt=6&lmt=1725544410&channel=7806398678&format=728x90&url=https%3A%2F%2Fnv44.duoqwe.com%2Fen&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1725544409662&bpp=2&bdt=1199&idt=851&shv=r20240903&mjsv=m202408290101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=0x0&nras=1&correlator=2776836140538&frm=20&pv=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=540&ady=658&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31086547%2C31086639%2C31086686%2C44795922%2C95338227%2C95341664%2C31086142%2C95340844%2C95341514&oid=2&pvsid=3805428765326122&tmod=24765760&uas=0&nvt=1&fc=1920&brdim=290%2C290%2C290%2C290%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&td=1&tdf=2&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=2&uci=a!2&fsb=1&dtd=868
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202408290101/show_ads_impl_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.66 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s35-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nv44.duoqwe.com/
Sec-Browsing-Topics
();p=P0000000000000000000000000000000
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
46
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 05 Sep 2024 13:53:30 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
sodar
ep1.adtrafficquality.google/getconfig/ 		17 KB
13 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gda&tv=r20240903&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202408290101/show_ads_impl_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s39-in-f2.1e100.net
Software
cafe /
Resource Hash
86f8fe1a289632372fea853555c491c74ced6360a5735ca4e8c85304e6440b4d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nv44.duoqwe.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 13:53:31 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12841
x-xss-protection
0
favicon.png
nv44.duoqwe.com/ 		480 B
681 B 		Other
General
Check archive.org
Download Go to
Full URL
https://nv44.duoqwe.com/favicon.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
154.17.4.64 Los Angeles, United States, ASN906 (DMIT, US),
Reverse DNS
Host-By.DMIT.com
Software
Caddy, cloudflare /
Resource Hash
afd48784ff1f24820db315b053e339a5b8f0c5fca76ada598c7264ce4fb7dbf7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nv44.duoqwe.com/en
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 13:53:31 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
age
10990
content-length
480
x-xss-protection
1; mode=block
last-modified
Sun, 25 Sep 2022 17:29:29 GMT
server
Caddy, cloudflare
etag
W/"1e0-18375b26764"
x-frame-options
DENY
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
8be6b4b9b8307ec3-LAX
sodar2.js
ep2.adtrafficquality.google/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202408290101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nv44.duoqwe.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 13:53:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 05 Sep 2024 13:53:31 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame BA54 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nv44.duoqwe.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
1066
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 05 Sep 2024 13:35:46 GMT
expires
Fri, 05 Sep 2025 13:35:46 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 726D 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.32.100 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f4.1e100.net
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Y9QSbeExUBM_sNsoNtjxGw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nv44.duoqwe.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-Y9QSbeExUBM_sNsoNtjxGw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Thu, 05 Sep 2024 13:53:32 GMT
expires
Thu, 05 Sep 2024 13:53:32 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
sodar
pagead2.googlesyndication.com/pagead/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
pagead2.googlesyndication.com
URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240903&jk=3805428765326122&bg=!n5ylnNPNAAY2Tt88Fk47ADQBe5WfOJ3IgNt9G_YWowvvBgpQKloMB6td6FFdemonasR_AQYX9n8FzzgnM5zndZmrWxjPAgAAAMpSAAAABGgBB34ANs0_Iay0OwCw9OmHaSnHLFG4wVXg4Cufsq24zDFdontQ62pfbTtma-AxRzTkFpO_lBIJhcY0LQoALIpwcyi-OgG2L3HUniTidmLPwfQZbRjqrpZO3m3PClM7e-cfixMh7vXG9y07mQKtKi8hVgfrInWEJ6286kafkQyRwehRgEWpHQv6ZsLgTQMLbELCb0LgcN2FFx0a2hwuJaKnTTwn06clCyyu2W0vFD0IQXFL2WVXR5kHUw5MZjaiczfybTxZA9jC0lMQqjQ3POwcsRQ3flBjlLk9uXxqRtZbiPH9avD3-71WyoXRPCQhcjqL67xL3Y7TCXeD9yFJ47FeI9PSBxGKgmLdjzDT78cwfqwamXqUujrQNBGk041zErKg2tFCM5axgU94aIYNMIIIEKKXdwYoipB_2cs0ntm3XGV5IBIblUB8XSC-6Fv_wL0FNXhhY_2Z2my0X6hqlEQPFCNpGq-iABf84QAQOADtuDvz427HlWl2WyBJveechHLtQ3kReLnUoZuHd7I8xuEK7j3rKpLvPZobIfeojgW1VS4ZjFB_fr2sLhaTNzWMkHNzG01QKGPYO4LJ6WV_wP24tSa9WUhOxdd--gyW0z9et6t_EpbzlMaHTsNo2kEbbDRvwDyXY-griEBxAh51bbn4ziK7laCl5nXwSaI3PeJhqSl4HtuLwUaxtodnf7kY4-Vz7efw4yPgQveM6F17ZzpQ7ksKzZm4_byvJKG5LgOOVvvu2hz1UIIi3dKEDsCNwySPZpcwSbiGCuz9EBwgwXiwnTx1JDvbDwDSvKjYLviu143ajtPEWqee2M1G8F33biEmc36y3B1L7tTU-76EkX3CuOG0l8Akn01LgwC8lIzUJLK9-Qq_c8TO9RtdMPTDvB8WWiqp5pjq4FgeLPWgs-V_6ecVpOMLlEcmaJXkGiRb9LrVBVjlboEx2EsTqL-nnyhlFtBGdWFA1KnEsiq44wTnJjWPLEzZ7DWB8h1iecdYQYwHRNOPU2cO45H5J6x-OlMAigwUl7c3Na6j8SdTO-fZAWSFHisz4b_bAA

Verdicts & Comments Add Verdict or Comment

52 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 function| __h82AlnkH6D91__ object| webpackChunk_N_E object| regeneratorRuntime function| __next_require__ object| next object| __NEXT_DATA__ function| __SSG_MANIFEST_CB object| __NEXT_P object| _N_E object| __MIDDLEWARE_MANIFEST object| __BUILD_MANIFEST object| __SSG_MANIFEST object| adsbygoogle function| __p4qa8r1lb17__ string| cHViLTE4ODU4MTY0OTc3NzExNjE= function| __an6na521li18__ string| bG9hZGVyX2pz string| Y2FjaGVkX2pz object| googlefc object| __fcInternalApiManager boolean| __fcInternalApiPostMessageReady object| google_js_reporting_queue number| google_srt object| google_persistent_state_async object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac object| google_tag_data object| google_reactive_ads_global_state object| google_sa_queue function| google_process_slots function| google_spfd number| google_unique_id object| google_sv_map number| google_rum_task_id_counter string| google_user_agent_client_hint function| google_sa_impl number| google_global_correlator object| google_prev_clients object| ampInaboxIframes object| ampInaboxPendingMessages object| GoogleGcLKhOms

2 Cookies

Domain/Path Name / Value
nv44.duoqwe.com/ Name: auth_token
Value: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE3MjU1NDQ0MDgsImV4cCI6MTcyNTU0NDcwOH0.gaL9yLmPWUTqOYnQ4x_Vhnk278qtjKcuzilFwPpdUKQ
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ep1.adtrafficquality.google
ep2.adtrafficquality.google
fundingchoicesmessages.google.com
googleads.g.doubleclick.net
nv44.duoqwe.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
www.google.com
pagead2.googlesyndication.com
142.250.176.194
142.250.80.66
142.251.32.100
142.251.40.142
142.251.40.226
154.17.4.64
2607:f8b0:4006:80d::200e
2607:f8b0:4006:81e::2001
0ca8f99320fc9a9cfb2f6a6a6d230c6c32ada4bc1bff7b1c529bc2a261570c93
0cae12c4bedf94f2c4af81dbc93815c6e7491b81febb3e2d484801719f686877
1e1dcf640791d68beb63aa1a6db356e4728ddb35dd761161426c5bf8e46fcb0d
22890dc1747ee4df17ad0eb45b1bec2b6c7f9c5262ead61a724c603df95dc05d
36e4512026d599217ae52429a7ea64d527f69276ebb6ef724578234bdba862ba
3b9dcded87cb321be9cde9023f41f8771445e6c8ed4f38bb22829793ec92bd36
46421fda35fa81c4c9ab068a6fe59cde5ee08c5fa63fd30bcb88fcd7fde4400c
52f3476f34301eca31c850a3413cef4a44b265275439f95649a26b74f2bd4938
5861aa9dd182d1243f1287efd53f6ea113d7a21a63e0dd7957f3ca97dec65d9d
5c6015e7550477ff32b5bfa1c4b429376a9cfd93f9f1588d32e352acfbc716d3
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
733df482172f3abd941b493d3cbd674316cead6ad2c72839c1e9b0581d280db4
7c2900424b1bc10256005d7e33ac5a24a1d81464ae08e86e63c35e27d0a99c47
86f8fe1a289632372fea853555c491c74ced6360a5735ca4e8c85304e6440b4d
8854cb4b7ab3d80a0f8c8e13af1e6ec920c5b2e2e2a5a637a09dd1598f370d55
89e7666945848030222238f48fb667c1c7cef477d7c3eac9fe4a5e118d1aa7ea
a337a72a59ea96865d16d9dd0ae71af25d98650fcf4999003b63f52ff3555fbd
a7c6edb7df1a08ad88da09904a71d764f2edb9d3dc241c1670cd4480aea863f9
afd48784ff1f24820db315b053e339a5b8f0c5fca76ada598c7264ce4fb7dbf7
b2e3fd2fac79deda9718b6b7d59fb5db4114f9c52e538a370202b71b142c1801
b61ecfb413fa23a792c1dda7b6af3abada682d4d97939d674e6bc05a3cc406cd
dd85e794b1856f825295a2d904746691a7c641d3771bbd8d52dfe58974e710ee
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fff1301f899454eccafcc9b12ed9365c96960a9d5290a57775e20c8b0e7327b3