urlscan.io logo urlscan.io
SecurityTrails logo

pesc.pw Open in urlscan Pro
34.224.107.108  Public Scan

Go To Rescan Add Verdict Report
URL: http://pesc.pw/4ym8w9/
Submission Tags: gc
Submission: On May 30 via api from JP — Scanned from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 14 IPs in 5 countries across 12 domains to perform 36 HTTP transactions. The main IP is 34.224.107.108, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is pesc.pw.
This is the only time pesc.pw was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
5 34.224.107.108 14618 (AMAZON-AES)
3 2606:4700::68... 13335 (CLOUDFLAR...)
1 34.194.245.22 14618 (AMAZON-AES)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
2 2a03:2880:f00... 32934 (FACEBOOK)
7 52.163.200.170 8075 (MICROSOFT...)
1 211.21.190.218 3462 (HINET Dat...)
1 2 2404:6800:400... 15169 (GOOGLE)
3 2404:6800:400... 15169 (GOOGLE)
5 2404:6800:400... 15169 (GOOGLE)
1 2404:6800:400... 15169 (GOOGLE)
4 2404:6800:400... 15169 (GOOGLE)
1 2 2a03:2880:f10... 32934 (FACEBOOK)
1 2404:6800:400... 15169 (GOOGLE)
36 14
5    34.224.107.108 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-224-107-108.compute-1.amazonaws.com
pesc.pw
3    2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
1    34.194.245.22 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-194-245-22.compute-1.amazonaws.com
picsee.co
1    2606:4700:10::ac43:1755 (United States)

ASN13335 (CLOUDFLARENET, US)
tenmax-static.cacafly.net
2    2a03:2880:f00f:104:face:b00c:0:3 (Tokyo, Japan)

ASN32934 (FACEBOOK, US)
connect.facebook.net
7    52.163.200.170 (Singapore)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
ssp.tenmax.io
1    211.21.190.218 (Daan, Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)
PTR: 211-21-190-218.hinet-ip.hinet.net
dmp.tenmax.io
2    2404:6800:4004:827::2002 (Australia)

ASN15169 (GOOGLE, US)
www.googletagservices.com
3    2404:6800:400a:80a::2002 (Osaka, Japan)

ASN15169 (GOOGLE, US)
securepubads.g.doubleclick.net
5    2404:6800:4004:828::2002 (Australia)

ASN15169 (GOOGLE, US)
adservice.google.co.jp
pagead2.googlesyndication.com
1    2404:6800:4004:824::2002 (Australia)

ASN15169 (GOOGLE, US)
adservice.google.com
4    2404:6800:4004:80f::2001 (Australia)

ASN15169 (GOOGLE, US)
999fe1e7943762548f3af8e670332cd5.safeframe.googlesyndication.com
tpc.googlesyndication.com
2    2a03:2880:f10f:187:face:b00c:0:25de (Tokyo, Japan)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    2404:6800:4004:81e::2004 (Australia)

ASN15169 (GOOGLE, US)
www.google.com
Apex Domain
Subdomains		 Transfer
8 googlesyndication.com
999fe1e7943762548f3af8e670332cd5.safeframe.googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 93
tpc.googlesyndication.com — Cisco Umbrella Rank: 132
40 KB
8 tenmax.io
ssp.tenmax.io — Cisco Umbrella Rank: 128878
dmp.tenmax.io — Cisco Umbrella Rank: 146745
4 KB
5 pesc.pw
pesc.pw
4 KB
3 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 184
127 KB
3 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 817
103 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 102
2 KB
2 google.com
adservice.google.com — Cisco Umbrella Rank: 68
www.google.com — Cisco Umbrella Rank: 2
1 KB
2 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 181
26 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 157
89 KB
1 google.co.jp
adservice.google.co.jp — Cisco Umbrella Rank: 84358
531 B
1 cacafly.net
tenmax-static.cacafly.net — Cisco Umbrella Rank: 133329
42 KB
1 picsee.co
picsee.co
33 KB
36 12
Domain Requested by
7 ssp.tenmax.io tenmax-static.cacafly.net
pesc.pw
5 pesc.pw pesc.pw
4 pagead2.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
3 tpc.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
3 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
3 maxcdn.bootstrapcdn.com pesc.pw
maxcdn.bootstrapcdn.com
2 www.facebook.com 1 redirects connect.facebook.net
2 www.googletagservices.com 1 redirects pesc.pw
2 connect.facebook.net pesc.pw
connect.facebook.net
1 www.google.com tpc.googlesyndication.com
1 999fe1e7943762548f3af8e670332cd5.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 adservice.google.com securepubads.g.doubleclick.net
1 adservice.google.co.jp securepubads.g.doubleclick.net
1 dmp.tenmax.io pesc.pw
1 tenmax-static.cacafly.net pesc.pw
1 picsee.co pesc.pw
36 16

This site contains links to these domains. Also see Links.

Domain
docs.google.com
pics.ee
www.facebook.com
picsee.io
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-12-30 -
2023-12-30		 a year crt.sh
pics.ee
Amazon RSA 2048 M01		 2023-02-23 -
2023-12-01		 9 months crt.sh
*.tenmax.io
Gandi Standard SSL CA 2		 2023-01-30 -
2024-02-05		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2023-03-08 -
2023-06-06		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-05-08 -
2023-07-31		 3 months crt.sh
*.google.co.jp
GTS CA 1C3		 2023-05-08 -
2023-07-31		 3 months crt.sh
*.google.com
GTS CA 1C3		 2023-05-08 -
2023-07-31		 3 months crt.sh
www.google.com
GTS CA 1C3		 2023-05-08 -
2023-07-31		 3 months crt.sh

This page contains 5 frames:

Primary Page: http://pesc.pw/4ym8w9/
Frame ID: 664A810CE78632FFDA336F9390CFBABA
Requests: 29 HTTP requests in this frame

Frame: https://999fe1e7943762548f3af8e670332cd5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: DCF595AE7510BB632D7487BAEE51AC5B
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D150378901782986%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df33696d9fb54678%2526domain%253Dpesc.pw%2526is_canvas%253Dfalse%2526origin%253Dhttp%25253A%25252F%25252Fpesc.pw%25252Ff17ce4a3f60fed4%2526relation%253Dparent.parent%26container_width%3D1600%26height%3D300%26hide_cover%3Dtrue%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fpicsee.co%26locale%3Dzh_TW%26sdk%3Djoey%26show_facepile%3Dfalse%26small_header%3Dtrue%26tabs%3Dmessages
Frame ID: EA966CD2F052184BB8535674098ED008
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: FE45D37B43BA2749A8FD0711BE4D8DC5
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 55FA5FA87F2E12C4658802080577D4CF
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Not Found | PicSee 皮克看見

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • googletagservices\.com/tag/js/gpt(?:_mobile)?\.js
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

36
Requests

69 %
HTTPS

71 %
IPv6

12
Domains

16
Subdomains

14
IPs

5
Countries

470 kB
Transfer

1342 kB
Size

10
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8
  • http://connect.facebook.net/zh_TW/sdk.js HTTP 307
  • https://connect.facebook.net/zh_TW/sdk.js
Request Chain 14
  • http://www.googletagservices.com/tag/js/gpt.js HTTP 302
  • https://www.googletagservices.com/tag/js/gpt.js
Request Chain 26
  • https://www.facebook.com/v2.6/plugins/page.php?adapt_container_width=true&app_id=150378901782986&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df33696d9fb54678%26domain%3Dpesc.pw%26is_canvas%3Dfalse%26origin%3Dhttp%253A%252F%252Fpesc.pw%252Ff17ce4a3f60fed4%26relation%3Dparent.parent&container_width=1600&height=300&hide_cover=true&href=https%3A%2F%2Fwww.facebook.com%2Fpicsee.co&locale=zh_TW&sdk=joey&show_facepile=false&small_header=true&tabs=messages HTTP 302
  • https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D150378901782986%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df33696d9fb54678%2526domain%253Dpesc.pw%2526is_canvas%253Dfalse%2526origin%253Dhttp%25253A%25252F%25252Fpesc.pw%25252Ff17ce4a3f60fed4%2526relation%253Dparent.parent%26container_width%3D1600%26height%3D300%26hide_cover%3Dtrue%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fpicsee.co%26locale%3Dzh_TW%26sdk%3Djoey%26show_facepile%3Dfalse%26small_header%3Dtrue%26tabs%3Dmessages

36 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
pesc.pw/4ym8w9/ 		10 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://pesc.pw/4ym8w9/
Protocol
HTTP/1.1
Server
34.224.107.108 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-224-107-108.compute-1.amazonaws.com
Software
Apache/2.4.7 (Ubuntu) /
Resource Hash
c9712ede169730c01a19406041eb675023e91f8c9168316633a74a84855a3ad3
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
ja-JP

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Length
3480
Content-Type
text/html; charset=UTF-8
Date
Tue, 30 May 2023 05:03:15 GMT
Server
Apache/2.4.7 (Ubuntu)
Vary
Accept-Encoding
X-Frame-Options
DENY
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/ 		115 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css
Requested by
Host: pesc.pw
URL: http://pesc.pw/4ym8w9/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
ja-JP
Referer
http://pesc.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 05:03:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
714, 617, 617
age
31102249
cdn-cachedat
2021-06-04 01:04:18
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:03:58 GMT
server
cloudflare
cdn-requestpullcode
200
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
ac1ee3286778756f985f21bc11578f39
timing-allow-origin
*
cdn-requestcountrycode
JP
cf-ray
7cf46dfcc89ef619-NRT
cdn-requestpullsuccess
True
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: pesc.pw
URL: http://pesc.pw/4ym8w9/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
ja-JP
Referer
http://pesc.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 05:03:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
637
age
3671685
cdn-cachedat
05/15/2022 09:31:57
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:55 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
server
cloudflare
etag
W/"269550530cc127b6aa5a35925a7de6ce"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
7b037083eda106239825636414d5921a
timing-allow-origin
*
cdn-requestcountrycode
BR
cdn-status
200
cf-ray
7cf46dfcc89ff619-NRT
cdn-requestpullsuccess
True
picsee.css
pesc.pw/4ym8w9/js/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://pesc.pw/4ym8w9/js/picsee.css
Requested by
Host: pesc.pw
URL: http://pesc.pw/4ym8w9/
Protocol
HTTP/1.1
Server
34.224.107.108 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-224-107-108.compute-1.amazonaws.com
Software
Apache/2.4.7 (Ubuntu) /
Resource Hash

Request headers

accept-language
ja-JP
Referer
http://pesc.pw/4ym8w9/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date
Tue, 30 May 2023 05:03:16 GMT
Server
Apache/2.4.7 (Ubuntu)
Connection
keep-alive
Content-Length
290
Content-Type
text/html; charset=iso-8859-1
jquery-1.11.1.min.js
picsee.co/js/ 		94 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://picsee.co/js/jquery-1.11.1.min.js
Requested by
Host: pesc.pw
URL: http://pesc.pw/4ym8w9/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.194.245.22 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-194-245-22.compute-1.amazonaws.com
Software
Apache/2.4.7 (Ubuntu) /
Resource Hash
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

accept-language
ja-JP
Referer
http://pesc.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date
Tue, 30 May 2023 05:50:47 GMT
Content-Encoding
gzip
Last-Modified
Sat, 09 Jul 2016 10:24:02 GMT
Server
Apache/2.4.7 (Ubuntu)
ETag
"1762a-53731516dd7dc-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-control
no-cache="set-cookie"
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
33225
bootstrap.min.js
pesc.pw/4ym8w9/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://pesc.pw/4ym8w9/js/bootstrap.min.js
Requested by
Host: pesc.pw
URL: http://pesc.pw/4ym8w9/
Protocol
HTTP/1.1
Server
34.224.107.108 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-224-107-108.compute-1.amazonaws.com
Software
Apache/2.4.7 (Ubuntu) /
Resource Hash

Request headers

accept-language
ja-JP
Referer
http://pesc.pw/4ym8w9/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date
Tue, 30 May 2023 05:03:16 GMT
Server
Apache/2.4.7 (Ubuntu)
Connection
keep-alive
Content-Length
296
Content-Type
text/html; charset=iso-8859-1
utility.js
pesc.pw/4ym8w9/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://pesc.pw/4ym8w9/js/utility.js
Requested by
Host: pesc.pw
URL: http://pesc.pw/4ym8w9/
Protocol
HTTP/1.1
Server
34.224.107.108 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-224-107-108.compute-1.amazonaws.com
Software
Apache/2.4.7 (Ubuntu) /
Resource Hash

Request headers

accept-language
ja-JP
Referer
http://pesc.pw/4ym8w9/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date
Tue, 30 May 2023 05:03:16 GMT
Server
Apache/2.4.7 (Ubuntu)
Connection
keep-alive
Content-Length
290
Content-Type
text/html; charset=iso-8859-1
picsee_light_web.png
pesc.pw/4ym8w9/images/ 		304 B
304 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://pesc.pw/4ym8w9/images/picsee_light_web.png
Requested by
Host: pesc.pw
URL: http://pesc.pw/4ym8w9/
Protocol
HTTP/1.1
Server
34.224.107.108 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-224-107-108.compute-1.amazonaws.com
Software
Apache/2.4.7 (Ubuntu) /
Resource Hash
3a3c8b0f72b97645354eca37f7b3defb290c79e778912cfa1219dd6f8632995e

Request headers

accept-language
ja-JP
Referer
http://pesc.pw/4ym8w9/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date
Tue, 30 May 2023 05:03:16 GMT
Server
Apache/2.4.7 (Ubuntu)
Connection
keep-alive
Content-Length
304
Content-Type
text/html; charset=iso-8859-1
adsbytenmax.js
tenmax-static.cacafly.net/ssp/ 		138 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://tenmax-static.cacafly.net/ssp/adsbytenmax.js
Requested by
Host: pesc.pw
URL: http://pesc.pw/4ym8w9/
Protocol
HTTP/1.1
Server
2606:4700:10::ac43:1755 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a7b8ac9c3928d88b3ab41e6e3c220551da08e23fb224d8dd7337055e3f20d1bc

Request headers

accept-language
ja-JP
Referer
http://pesc.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
Date
Tue, 30 May 2023 05:03:16 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
X-Azure-Ref-OriginShield
0771ZZAAAAABXnMbm9OscTL1QgTTyzKMMT1NBMDJFREdFMTcxNgBiMTIxZTIxYy03YzI4LTQwOGItYmQwZi05M2NiNGU3ZGZlZGU=
Content-MD5
0pLg90lCZsGxvchxtxywPA==
Age
2802
Transfer-Encoding
chunked
X-Cache
TCP_MISS
Connection
keep-alive
x-ms-lease-status
unlocked
Last-Modified
Tue, 09 May 2023 01:26:17 GMT
Server
cloudflare
ETag
0x8DB502C6326F7F9
X-Azure-Ref
0771ZZAAAAAAgOF7V1wltQLWbiFfoDtkxT1NBMjIxMDMwMTE5MDQ3AGIxMjFlMjFjLTdjMjgtNDA4Yi1iZDBmLTkzY2I0ZTdkZmVkZQ==
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
x-ms-request-id
6a058ac1-901e-000d-1c26-820dfb000000
Access-Control-Expose-Headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
Cache-Control
max-age=1800
x-ms-version
2009-09-19
CF-RAY
7cf46dfff978f5ab-NRT
sdk.js
connect.facebook.net/zh_TW/
Redirect Chain
  • http://connect.facebook.net/zh_TW/sdk.js
  • https://connect.facebook.net/zh_TW/sdk.js
3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/zh_TW/sdk.js
Requested by
Host: pesc.pw
URL: http://pesc.pw/4ym8w9/
Protocol
H2
Server
2a03:2880:f00f:104:face:b00c:0:3 Tokyo, Japan, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
9b64fd2ea8af1a97c8a1251953543108459342db511357d7ab132796dca87a7d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
ja-JP
Referer
http://pesc.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 30 May 2023 05:03:17 GMT
content-md5
aQ8W5SPkMr7lk92Ra3TSaw==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
1686
x-fb-rlafr
0
x-fb-debug
OfCdTE2TaF0n95vAeYeVxvbodyhwzvaNqCObbACEGdbXhjcnpUo4yALyJQdJg/K/LrmFCphobTFBwb1+RONrrw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-trip-id
1679558926
x-fb-content-md5
6230fce9b2ac8d7d85f8fdb2b6f44230
cross-origin-opener-policy
same-origin-allow-popups
etag
"632554761894147ee9fe616a522da288"
vary
Accept-Encoding
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), screen-wake-lock=(), serial=(), usb=()
x-frame-options
DENY
timing-allow-origin
*
expires
Tue, 30 May 2023 05:18:30 GMT

Redirect headers

Location
https://connect.facebook.net/zh_TW/sdk.js#xfbml=1&version=v2.6&appId=150378901782986
Non-Authoritative-Reason
HSTS
Cross-Origin-Resource-Policy
Cross-Origin
fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: maxcdn.bootstrapcdn.com
URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Origin
http://pesc.pw
accept-language
ja-JP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 05:03:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
912
age
962783
cdn-cachedat
12/11/2022 18:06:44
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
77160
last-modified
Mon, 25 Jan 2021 22:04:55 GMT
cdn-proxyver
1.03
cdn-requestpullcode
200
server
cloudflare
etag
"af7ae505a9eed503f8b8e6982036873e"
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
e7fbfdb1ddd8f7dedfeb862f42bd7073
accept-ranges
bytes
timing-allow-origin
*
cdn-requestcountrycode
US
cdn-status
200
cf-ray
7cf46e047bae2601-NRT
cdn-requestpullsuccess
True
spaceSetting
ssp.tenmax.io/supply/v3/universal/ 		156 B
506 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://ssp.tenmax.io/supply/v3/universal/spaceSetting?rmaxSpaceId=0cf0b05622074fba&referer=http%3A%2F%2Fpesc.pw%2F4ym8w9%2F&bodyWidth=1600&bodyHeight=1200&cacheBuster=b42306aa-f827-4f27-908d-1048e64eb2ac
Requested by
Host: tenmax-static.cacafly.net
URL: http://tenmax-static.cacafly.net/ssp/adsbytenmax.js
Protocol
HTTP/1.1
Server
52.163.200.170 , Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
bfa69b9affb75cc52bdb07af8c55639f8c152edab68c7263a3af59ee6b6225e2

Request headers

accept-language
ja-JP
Referer
http://pesc.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date
Tue, 30 May 2023 05:03:18 GMT
Server
nginx
Vary
Origin
Content-Type
application/json
Access-Control-Allow-Origin
http://pesc.pw
P3P
CP="CUR ADM OUR NOR STA NID"
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
156
X-Application-Context
application:prod,aggregator,build-ext:58070
b734323b-0532-40a6-8d4e-782e1c96bd3a
dmp.tenmax.io/p/ 		43 B
528 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dmp.tenmax.io/p/b734323b-0532-40a6-8d4e-782e1c96bd3a?random=358414103
Requested by
Host: pesc.pw
URL: http://pesc.pw/4ym8w9/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
211.21.190.218 Daan, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
211-21-190-218.hinet-ip.hinet.net
Software
nginx /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
ja-JP
Referer
http://pesc.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type
image/gif
Date
Tue, 30 May 2023 05:03:19 GMT
Content-Encoding
gzip
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
P3P
CP="CUR ADM OUR NOR STA NID"
sdk.js
connect.facebook.net/zh_TW/ 		307 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/zh_TW/sdk.js?hash=508c67b9fafe6134a7ecfafbda649963
Requested by
Host: connect.facebook.net
URL: http://connect.facebook.net/zh_TW/sdk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f00f:104:face:b00c:0:3 Tokyo, Japan, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
351a6a11a1b3f3fbc7a198b5b2d4c8aa05e089945a29f4014b8d175dcbefeac9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
http://pesc.pw/
Origin
http://pesc.pw
accept-language
ja-JP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 30 May 2023 05:03:17 GMT
content-md5
UIxakdd1hpwfyxjiXzPPbA==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
88799
x-fb-rlafr
0
x-fb-debug
bVpxctIhU9Mrcl2HO/6Z4NBsq2PSNSomNdUjv7hXMGg5cFmT0GwD7uJ9sAoRjvXfJX7b7dUh6EvX9gYOsOdSqQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-content-md5
2ad56f049e2e78a5b9213b92c07f3fd1
cross-origin-opener-policy
same-origin-allow-popups
etag
"b4f10acfda2d481d8843cd340ad0dbb4"
vary
Accept-Encoding
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?0
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), screen-wake-lock=(), serial=(), usb=()
x-frame-options
DENY
timing-allow-origin
*
priority
u=3,i
expires
Wed, 29 May 2024 04:58:29 GMT
plan
ssp.tenmax.io/supply/v3/universal/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
http://ssp.tenmax.io/supply/v3/universal/plan?rmaxSpaceId=0cf0b05622074fba&sessionId=4aa90da0-fea7-11ed-a0d2-3dbea4e6f96c&referer=http%3A%2F%2Fpesc.pw%2F4ym8w9%2F&bodyWidth=1600&bodyHeight=1200&cacheBuster=16bf043e-6014-4a35-8e8c-b26dbf793631
Requested by
Host: tenmax-static.cacafly.net
URL: http://tenmax-static.cacafly.net/ssp/adsbytenmax.js
Protocol
HTTP/1.1
Server
52.163.200.170 , Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
48f64fd88224b55c01a04c649f6c296e6814e63c8e175d34b0405b84eca1db38

Request headers

accept-language
ja-JP
Referer
http://pesc.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date
Tue, 30 May 2023 05:03:18 GMT
Server
nginx
Vary
Origin
Content-Type
application/json
Access-Control-Allow-Origin
http://pesc.pw
P3P
CP="CUR ADM OUR NOR STA NID"
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
1964
X-Application-Context
application:prod,aggregator,build-ext:58070
gpt.js
www.googletagservices.com/tag/js/
Redirect Chain
  • http://www.googletagservices.com/tag/js/gpt.js
  • https://www.googletagservices.com/tag/js/gpt.js
75 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: pesc.pw
URL: http://pesc.pw/4ym8w9/
Protocol
H2
Server
2404:6800:4004:827::2002 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
011cc2a8c972d37a31826c6469a77fae1da1c59dedeb0808012286364103c71b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
ja-JP
Referer
http://pesc.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 05:03:18 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
25146
x-xss-protection
0
server
cafe
etag
121 / 19507 / 31074919 / config-hash: 5517893993639430185
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Tue, 30 May 2023 05:03:18 GMT

Redirect headers

Date
Tue, 30 May 2023 05:03:18 GMT
X-Content-Type-Options
nosniff
Server
cafe
Vary
Accept-Encoding
P3P
policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Location
https://www.googletagservices.com/tag/js/gpt.js
Content-Type
text/html; charset=UTF-8
Cache-Control
private, max-age=900, stale-while-revalidate=3600
Cross-Origin-Resource-Policy
cross-origin
Timing-Allow-Origin
*
Content-Length
0
X-XSS-Protection
0
Expires
Tue, 30 May 2023 05:03:18 GMT
request
ssp.tenmax.io/supply/tracking/ 		0
206 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssp.tenmax.io/supply/tracking/request?bid=4aa90da0-fea7-11ed-a0d2-3dbea4e6f96c&chid=a1ebcf323fa54a53&sid=0cf0b05622074fba
Requested by
Host: pesc.pw
URL: http://pesc.pw/4ym8w9/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.163.200.170 , Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
ja-JP
Referer
http://pesc.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date
Tue, 30 May 2023 05:03:18 GMT
Server
nginx
Connection
keep-alive
X-Application-Context
application:prod,aggregator,build-ext:58070
P3P
CP="CUR ADM OUR NOR STA NID"
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305240101/ 		405 KB
125 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305240101/pubads_impl.js?cb=31074919
Requested by
Host: www.googletagservices.com
URL: http://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:400a:80a::2002 Osaka, Japan, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
64844f8925b251163ea6b1ce7684859a3c1cc2fd394e68b5406214fb8dc53750
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
ja-JP
Referer
http://pesc.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Mon, 29 May 2023 18:36:54 GMT
content-encoding
br
x-content-type-options
nosniff
age
37584
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
127947
x-xss-protection
0
server
cafe
etag
6651312291549162462
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Tue, 28 May 2024 18:36:54 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		57 B
591 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=pesc.pw
Requested by
Host: www.googletagservices.com
URL: http://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:400a:80a::2002 Osaka, Japan, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6c359951abc2828f7de4f05b48bd81d93f4cf15e2f0d8fa199b39204c8192cfd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
ja-JP
Referer
http://pesc.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 05:03:18 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
49
x-xss-protection
0
expires
Tue, 30 May 2023 05:03:18 GMT
integrator.js
adservice.google.co.jp/adsid/ 		107 B
531 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.co.jp/adsid/integrator.js?domain=pesc.pw
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305240101/pubads_impl.js?cb=31074919
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:828::2002 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
ja-JP
Referer
http://pesc.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 05:03:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
456 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=pesc.pw
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305240101/pubads_impl.js?cb=31074919
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:824::2002 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
ja-JP
Referer
http://pesc.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 05:03:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		684 B
711 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2001329945430775&correlator=3500408598528967&eid=31074919%2C31068826&output=ldjh&gdfp_req=1&vrg=202305240101&ptt=17&impl=fifs&iu_parts=37275962%2Crmaxspace%2C0cf0b05622074fba&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50&ifi=1&adks=3807299522&sfv=1-0-40&prev_scp=adx_region%3DTWN%26line_item_type%3DadExchange%252CadSense&eri=4&sc=0&cookie_enabled=1&abxe=1&dt=1685422998873&lmt=1685422998&dlt=1685422995960&idt=2887&adxs=640&adys=1200&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&bc=23&nvt=1&url=http%3A%2F%2Fpesc.pw%2F4ym8w9%2F&frm=20&vis=1&psz=0x-1&msz=1600x-1&fws=512&ohw=0&ga_vid=1979886362.1685422999&ga_sid=1685422999&ga_hid=854181924&ga_fc=false
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305240101/pubads_impl.js?cb=31074919
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:400a:80a::2002 Osaka, Japan, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e00cecca9acd9b73e0131ddfb91b13891d185d67293e0e13818d9ec8d264e3f4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
ja-JP
Referer
http://pesc.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 05:03:18 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
345
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
http://pesc.pw
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
999fe1e7943762548f3af8e670332cd5.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame DCF5 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://999fe1e7943762548f3af8e670332cd5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305240101/pubads_impl.js?cb=31074919
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:80f::2001 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://pesc.pw/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
ja-JP

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 30 May 2023 05:03:19 GMT
expires
Wed, 29 May 2024 05:03:19 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
noFill
ssp.tenmax.io/supply/tracking/ 		0
206 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssp.tenmax.io/supply/tracking/noFill?bid=4aa90da0-fea7-11ed-a0d2-3dbea4e6f96c&chid=a1ebcf323fa54a53&sid=0cf0b05622074fba
Requested by
Host: pesc.pw
URL: http://pesc.pw/4ym8w9/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.163.200.170 , Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
ja-JP
Referer
http://pesc.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date
Tue, 30 May 2023 05:03:19 GMT
Server
nginx
Connection
keep-alive
X-Application-Context
application:prod,aggregator,build-ext:58070
P3P
CP="CUR ADM OUR NOR STA NID"
ad
ssp.tenmax.io/supply/v3/universal/ 		2 B
350 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://ssp.tenmax.io/supply/v3/universal/ad?rmaxSpaceId=0cf0b05622074fba&sessionId=4aa90da0-fea7-11ed-a0d2-3dbea4e6f96c&ts=1685422998394&id=e43da42c47f0425a&referer=http%3A%2F%2Fpesc.pw%2F4ym8w9%2F&bodyWidth=1600&bodyHeight=1200&cacheBuster=4ab972c8-c982-4bcd-b352-079d201bbab4
Requested by
Host: tenmax-static.cacafly.net
URL: http://tenmax-static.cacafly.net/ssp/adsbytenmax.js
Protocol
HTTP/1.1
Server
52.163.200.170 , Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language
ja-JP
Referer
http://pesc.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date
Tue, 30 May 2023 05:03:19 GMT
Server
nginx
Vary
Origin
Content-Type
application/json
Access-Control-Allow-Origin
http://pesc.pw
P3P
CP="CUR ADM OUR NOR STA NID"
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
2
X-Application-Context
application:prod,aggregator,build-ext:58070
request
ssp.tenmax.io/supply/tracking/ 		0
206 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssp.tenmax.io/supply/tracking/request?bid=4aa90da0-fea7-11ed-a0d2-3dbea4e6f96c&chid=e43da42c47f0425a&sid=0cf0b05622074fba
Requested by
Host: pesc.pw
URL: http://pesc.pw/4ym8w9/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.163.200.170 , Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
ja-JP
Referer
http://pesc.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date
Tue, 30 May 2023 05:03:19 GMT
Server
nginx
Connection
keep-alive
X-Application-Context
application:prod,aggregator,build-ext:58070
P3P
CP="CUR ADM OUR NOR STA NID"
done
ssp.tenmax.io/supply/tracking/ 		0
206 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssp.tenmax.io/supply/tracking/done?bid=4aa90da0-fea7-11ed-a0d2-3dbea4e6f96c
Requested by
Host: pesc.pw
URL: http://pesc.pw/4ym8w9/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.163.200.170 , Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
ja-JP
Referer
http://pesc.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date
Tue, 30 May 2023 05:03:19 GMT
Server
nginx
Connection
keep-alive
X-Application-Context
application:prod,aggregator,build-ext:58070
P3P
CP="CUR ADM OUR NOR STA NID"
/
www.facebook.com/login/ Frame EA96
Redirect Chain
  • https://www.facebook.com/v2.6/plugins/page.php?adapt_container_width=true&app_id=150378901782986&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df336...
  • https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D150378901782986%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook....
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D150378901782986%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df33696d9fb54678%2526domain%253Dpesc.pw%2526is_canvas%253Dfalse%2526origin%253Dhttp%25253A%25252F%25252Fpesc.pw%25252Ff17ce4a3f60fed4%2526relation%253Dparent.parent%26container_width%3D1600%26height%3D300%26hide_cover%3Dtrue%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fpicsee.co%26locale%3Dzh_TW%26sdk%3Djoey%26show_facepile%3Dfalse%26small_header%3Dtrue%26tabs%3Dmessages
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/zh_TW/sdk.js?hash=508c67b9fafe6134a7ecfafbda649963
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f10f:187:face:b00c:0:25de Tokyo, Japan, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
http://pesc.pw/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
ja-JP

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-encoding
br
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type
text/html; charset="utf-8"
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 30 May 2023 05:03:19 GMT
expires
Sat, 01 Jan 2000 00:00:00 GMT
origin-agent-cluster
?0
pragma
no-cache
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security
max-age=15552000; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-fb-debug
jzEWUcIF0LKIZLRCPjDzIL4HSO6+/1QXwoFeTOpuR3prKuYVG9Z8+RXp14IBZA+7ZWam4zJKhCEeEmY7yrLmAg==
x-frame-options
DENY
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-length
0
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type
text/html; charset="utf-8"
cross-origin-opener-policy
unsafe-none
cross-origin-resource-policy
cross-origin
date
Tue, 30 May 2023 05:03:19 GMT
document-policy
force-load-at-top
expires
Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version
v10.0
location
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D150378901782986%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df33696d9fb54678%2526domain%253Dpesc.pw%2526is_canvas%253Dfalse%2526origin%253Dhttp%25253A%25252F%25252Fpesc.pw%25252Ff17ce4a3f60fed4%2526relation%253Dparent.parent%26container_width%3D1600%26height%3D300%26hide_cover%3Dtrue%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fpicsee.co%26locale%3Dzh_TW%26sdk%3Djoey%26show_facepile%3Dfalse%26small_header%3Dtrue%26tabs%3Dmessages
origin-agent-cluster
?0
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
pragma
no-cache
strict-transport-security
max-age=15552000; preload
x-content-type-options
nosniff
x-fb-debug
GCULNGOCG9SRiyjE1B0GZeddzM8lycxNzd2p3NJx+YxZxh6vaS4gdkuJBkHGgRrLzrwjPRFhbojod7OOmq+fdA==
x-fb-rlafr
0
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/ 		14 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202305240101&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305240101/pubads_impl.js?cb=31074919
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:828::2002 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
681454b4a197d4fcd13ecd266357ca1bd1cb982191ef27fd95e7646a4bab0507
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
ja-JP
Referer
http://pesc.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 05:03:19 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
10994
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305240101/pubads_impl.js?cb=31074919
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:80f::2001 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
ja-JP
Referer
http://pesc.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 05:03:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 30 May 2023 05:03:19 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame FE45 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:80f::2001 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://pesc.pw/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
ja-JP

Response headers

accept-ranges
bytes
age
311154
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 26 May 2023 14:37:25 GMT
expires
Sat, 25 May 2024 14:37:25 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 55FA 		783 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:81e::2004 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
4126df9b75cf652da7cb7ece21393b92ea6405e849925e032d4da9f60b3e0008
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-nTogfJiP5fqO-mj-QEbydQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://pesc.pw/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
ja-JP

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-length
511
content-security-policy
script-src 'report-sample' 'nonce-nTogfJiP5fqO-mj-QEbydQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Tue, 30 May 2023 05:03:19 GMT
expires
Tue, 30 May 2023 05:03:19 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
PgBC2f7uHk75qvgedgDQJ2LGmE-oWuLtehAbI8jUKVY.js
pagead2.googlesyndication.com/bg/ Frame FE45 		38 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/PgBC2f7uHk75qvgedgDQJ2LGmE-oWuLtehAbI8jUKVY.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2404:6800:4004:828::2002 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e0042d9feee1e4ef9aaf81e7600d02762c6984fa85ae2ed7a101b23c8d42956
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
ja-JP
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 23 May 2023 17:09:26 GMT
content-encoding
br
x-content-type-options
nosniff
age
561233
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14781
x-xss-protection
0
last-modified
Mon, 22 May 2023 09:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 22 May 2024 17:09:26 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 55FA 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202305240101&jk=2001329945430775&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2404:6800:4004:828::2002 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
ja-JP
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers
generate_204
tpc.googlesyndication.com/ Frame FE45 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?jTjXdg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2404:6800:4004:80f::2001 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
ja-JP
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 05:03:19 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202305240101&jk=2001329945430775&bg=!5eal5rLNAAZu7ficTu07ADkAdvg8WtyoRJYLp1CKIkA3rTW8l_bP40i-1Q7EFlZlcPhB1JwykCZCthAP4_24UB-aTMrY5bDQH4ECAAAAXVIAAAADaAEHCgA9ihKB6Wr80BAFiNfV8tEDkDvmqU0-VudXQd8XeFP63-Ba1oa-vhnihVFSNTkmHN4MzvYFSrJn30NLWwghvZkClMnQ5BMSHaxs8ZImphftFJ4_Qmr6q0C1SSsLN8rchdgHc0jn_Ft9UiW0cF7vwNRGFWjH-LHHfA8fIAW6W-KTyrErfx7SFRN8XwNT0GvI5-fGTRpvupx9_JJjorklL15wYmvpZRsR9DLyL8MUOcwlTO6UdXMNKXMNGd7ave9-znSPPmwLEc-77-Mw5YGlkOQbnJTr8GYefch3aDFcF6ZTaOPb16hJQva9q075mySCUcEFr3mZ9GbXWrB81TX211z8jRrUabPI3DXwyp0_jG-ryK40nnjvCK15V63bxYA69XoRthpnb0WSZG6l8it_t33WC7QkJHIkhv5Oma0hvFhmgzYEgI1crIeheVAeDYeFjRlcNBI-TAu1dhcvXXqpy2XNZW7FcfG68OoDTO9Blqb2oXKqnC6PW5jC3Jqb5zspn9CGbrWTpX4IlxkI565oU0LxgcmgpDINRYOvu9TE959OerNB7bglw-J34qNz-2EatSUpOaHREqlBlKwvZiEZaBG7KtpOxJ42y0vxDLzwNbsfagXAhagQP1ibYr3uA_ifvJcnOLL9D69gnbNH6y77koVIBIeex1tYOL1iQKAVZyovCBWgnk0ACtONGz2pFoHPejQdrwm6i5KpC4t78vxcrA9hjHZUcsySVYiLckm78rEm4ItHcKRUm0OvJapUax_3HYieUDA0cH-pWouhszVHcT6F3BrAmneLQpXAWIUYrlrtt4-0WChOgsV3ikoH0vRbbATqGeM5cklVWJQF2ZCn1J8ckBbwTBD0rZluLpKQMTET0SyNmlreEAW0tgFJTha4Mi4tQsC5T8DmbZuiM8QPg5glIWFFa4t8a7Br_tnq8q8Tu7L-eTlFNKiVjct8kpYEJ30Ulle85w
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2404:6800:4004:828::2002 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
ja-JP
Referer
http://pesc.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 boolean| credentialless function| $ function| jQuery function| showHideHTML object| _rmaxStyles$ object| _rmaxInlineStyles object| _rmaxScripts$ object| rmaxads object| googletag object| FB object| __buffer object| ggeac object| google_js_reporting_queue undefined| google_measure_js_timing object| googleToken object| googleIMState function| processGoogleToken number| google_unique_id object| gaGlobal object| GoogleGcLKhOms object| google_image_requests

10 Cookies

Domain/Path Name / Value
.pesc.pw/4ym8w9/ Name: /4ym8w9/
Value: 1
pesc.pw/4ym8w9 Name: browser_uuid
Value: 3E8400F1-4C5A-4D1A-63D2-D167341DD624
.pesc.pw/4ym8w9 Name: 4ym8w9
Value: 1
pesc.pw/ Name: lang
Value: ja-jp
picsee.co/ Name: AWSELBCORS
Value: 857901F90A8FB9EC38D630240291ED2961407CD978F71C05F171F480C5C1D4D63320BF85663A101BE9B478501C0672C8301E6CDE8C50289021AC2F8D694AA0E6D7E922729A
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.pesc.pw/ Name: __gads
Value: ID=e6962b7db52e3567:T=1685422998:RT=1685422998:S=ALNI_MaoGvv7vWtwmP-QVoAKGl9_GmxZAA
.pesc.pw/ Name: __gpi
Value: UID=00000c0cfa5ed7ae:T=1685422998:RT=1685422998:S=ALNI_Max2ornsH2HQMkO9im0nWEQeGYZWA
.tenmax.io/ Name: uid
Value: 4b291310-fea7-11ed-9af1-bf03c8826d43
.tenmax.io/ Name: wt
Value: 1

5 Console Messages

Source Level URL
Text
network error URL: http://pesc.pw/4ym8w9/js/picsee.css
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: http://pesc.pw/4ym8w9/js/bootstrap.min.js
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: http://pesc.pw/4ym8w9/js/utility.js
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: http://pesc.pw/4ym8w9/images/picsee_light_web.png
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
other error URL: chrome-error://chromewebdata/
Message:
Refused to display 'https://www.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

999fe1e7943762548f3af8e670332cd5.safeframe.googlesyndication.com
adservice.google.co.jp
adservice.google.com
connect.facebook.net
dmp.tenmax.io
maxcdn.bootstrapcdn.com
pagead2.googlesyndication.com
pesc.pw
picsee.co
securepubads.g.doubleclick.net
ssp.tenmax.io
tenmax-static.cacafly.net
tpc.googlesyndication.com
www.facebook.com
www.google.com
www.googletagservices.com
211.21.190.218
2404:6800:4004:80f::2001
2404:6800:4004:81e::2004
2404:6800:4004:824::2002
2404:6800:4004:827::2002
2404:6800:4004:828::2002
2404:6800:400a:80a::2002
2606:4700:10::ac43:1755
2606:4700::6812:acf
2a03:2880:f00f:104:face:b00c:0:3
2a03:2880:f10f:187:face:b00c:0:25de
34.194.245.22
34.224.107.108
52.163.200.170
011cc2a8c972d37a31826c6469a77fae1da1c59dedeb0808012286364103c71b
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
351a6a11a1b3f3fbc7a198b5b2d4c8aa05e089945a29f4014b8d175dcbefeac9
3a3c8b0f72b97645354eca37f7b3defb290c79e778912cfa1219dd6f8632995e
3e0042d9feee1e4ef9aaf81e7600d02762c6984fa85ae2ed7a101b23c8d42956
4126df9b75cf652da7cb7ece21393b92ea6405e849925e032d4da9f60b3e0008
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
48f64fd88224b55c01a04c649f6c296e6814e63c8e175d34b0405b84eca1db38
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
64844f8925b251163ea6b1ce7684859a3c1cc2fd394e68b5406214fb8dc53750
681454b4a197d4fcd13ecd266357ca1bd1cb982191ef27fd95e7646a4bab0507
6c359951abc2828f7de4f05b48bd81d93f4cf15e2f0d8fa199b39204c8192cfd
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
9b64fd2ea8af1a97c8a1251953543108459342db511357d7ab132796dca87a7d
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a7b8ac9c3928d88b3ab41e6e3c220551da08e23fb224d8dd7337055e3f20d1bc
bfa69b9affb75cc52bdb07af8c55639f8c152edab68c7263a3af59ee6b6225e2
c9712ede169730c01a19406041eb675023e91f8c9168316633a74a84855a3ad3
e00cecca9acd9b73e0131ddfb91b13891d185d67293e0e13818d9ec8d264e3f4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5