URL: https://coldavathermvicour.com/29e3187faa6ac4c060988ea4872ab140/certified/
Submission: On August 10 via api from JP — Scanned from JP

Summary

This website contacted 25 IPs in 4 countries across 18 domains to perform 48 HTTP transactions. The main IP is 50.63.179.9, located in United States and belongs to GO-DADDY-COM-LLC, US. The main domain is coldavathermvicour.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on July 15th 2023. Valid for: 3 months.
This is the only time coldavathermvicour.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 50.63.179.9 398101 (GO-DADDY-...)
1 18.65.214.97 16509 (AMAZON-02)
7 2600:140b:1a0... 20940 (AKAMAI-ASN1)
4 2404:6800:400... 15169 (GOOGLE)
3 18.172.50.132 ()
3 18.65.199.133 16509 (AMAZON-02)
1 2404:6800:400... 15169 (GOOGLE)
2 34.120.78.44 396982 (GOOGLE-CL...)
2 2001:4860:480... 15169 (GOOGLE)
2 2a03:2880:f00... 32934 (FACEBOOK)
1 2600:140b:1a0... 20940 (AKAMAI-ASN1)
1 151.101.228.157 54113 (FASTLY)
1 2600:9000:26a... ()
4 4 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
1 2600:140b:1a0... 20940 (AKAMAI-ASN1)
2 2a03:2880:f10... 32934 (FACEBOOK)
1 104.244.42.197 13414 (TWITTER)
1 104.244.42.3 13414 (TWITTER)
2 4 172.217.31.166 15169 (GOOGLE)
2 2001:4860:480... 15169 (GOOGLE)
1 2404:6800:400... 15169 (GOOGLE)
2 2404:6800:400... 15169 (GOOGLE)
1 2404:6800:400... 15169 (GOOGLE)
4 2404:6800:400... 15169 (GOOGLE)
1 2404:6800:400... 15169 (GOOGLE)
48 25
Apex Domain
Subdomains
Transfer
8 typekit.net
use.typekit.net — Cisco Umbrella Rank: 541
p.typekit.net — Cisco Umbrella Rank: 664
127 KB
7 cloudfront.net
d3h5jhobc20ump.cloudfront.net
dl6fh5ptkejqa.cloudfront.net
d1ayxb9ooonjts.cloudfront.net
224 KB
6 doubleclick.net
12389169.fls.doubleclick.net — Cisco Umbrella Rank: 227576
stats.g.doubleclick.net — Cisco Umbrella Rank: 114
googleads.g.doubleclick.net — Cisco Umbrella Rank: 55
4 KB
5 google.com
analytics.google.com — Cisco Umbrella Rank: 180
adservice.google.com — Cisco Umbrella Rank: 116
www.google.com — Cisco Umbrella Rank: 3
2 KB
5 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 368
www.linkedin.com — Cisco Umbrella Rank: 543
px4.ads.linkedin.com — Cisco Umbrella Rank: 5984
5 KB
4 google.co.jp
www.google.co.jp — Cisco Umbrella Rank: 21955
adservice.google.co.jp — Cisco Umbrella Rank: 98171
1 KB
4 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 65
314 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 107
239 B
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 170
156 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 54
21 KB
2 bitly.com
sp.bitly.com — Cisco Umbrella Rank: 106661
19 B
1 twitter.com
analytics.twitter.com — Cisco Umbrella Rank: 710
395 B
1 t.co
t.co — Cisco Umbrella Rank: 536
377 B
1 oribi.io
cdn.linkedin.oribi.io — Cisco Umbrella Rank: 890
399 B
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 754
15 KB
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 819
5 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 392
31 KB
1 coldavathermvicour.com
coldavathermvicour.com
3 KB
48 18
Domain Requested by
7 use.typekit.net coldavathermvicour.com
4 12389169.fls.doubleclick.net 2 redirects www.googletagmanager.com
4 www.googletagmanager.com coldavathermvicour.com
www.googletagmanager.com
3 px.ads.linkedin.com 3 redirects
3 d1ayxb9ooonjts.cloudfront.net coldavathermvicour.com
d3h5jhobc20ump.cloudfront.net
3 dl6fh5ptkejqa.cloudfront.net coldavathermvicour.com
2 adservice.google.co.jp adservice.google.com
2 adservice.google.com 12389169.fls.doubleclick.net
2 www.google.co.jp coldavathermvicour.com
2 analytics.google.com www.googletagmanager.com
2 www.facebook.com coldavathermvicour.com
2 connect.facebook.net coldavathermvicour.com
connect.facebook.net
2 www.google-analytics.com coldavathermvicour.com
www.google-analytics.com
2 sp.bitly.com dl6fh5ptkejqa.cloudfront.net
1 www.google.com coldavathermvicour.com
1 googleads.g.doubleclick.net www.googletagmanager.com
1 stats.g.doubleclick.net www.googletagmanager.com
1 analytics.twitter.com coldavathermvicour.com
1 t.co coldavathermvicour.com
1 p.typekit.net coldavathermvicour.com
1 px4.ads.linkedin.com coldavathermvicour.com
1 www.linkedin.com 1 redirects
1 cdn.linkedin.oribi.io snap.licdn.com
1 static.ads-twitter.com coldavathermvicour.com
1 snap.licdn.com coldavathermvicour.com
1 ajax.googleapis.com coldavathermvicour.com
1 d3h5jhobc20ump.cloudfront.net coldavathermvicour.com
1 coldavathermvicour.com
48 28

This site contains no links.

Subject Issuer Validity Valid
www.coldavathermvicour.com
cPanel, Inc. Certification Authority
2023-07-15 -
2023-10-13
3 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01
2022-12-08 -
2023-12-07
a year crt.sh
use.typekit.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-09-14 -
2023-10-15
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2023-07-10 -
2023-10-02
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2023-07-10 -
2023-10-02
3 months crt.sh
*.bitly.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-04-27 -
2024-04-26
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2023-05-19 -
2023-08-17
3 months crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA
2023-02-01 -
2024-01-31
a year crt.sh
ads-twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-07-21 -
2024-07-19
a year crt.sh
linkedin.oribi.io
Amazon RSA 2048 M01
2023-06-08 -
2024-07-07
a year crt.sh
t.co
DigiCert TLS RSA SHA256 2020 CA1
2022-12-25 -
2023-12-25
a year crt.sh
*.twitter.com
DigiCert TLS RSA SHA256 2020 CA1
2022-12-25 -
2023-12-25
a year crt.sh
*.doubleclick.net
GTS CA 1C3
2023-07-10 -
2023-10-02
3 months crt.sh
*.google.com
GTS CA 1C3
2023-07-10 -
2023-10-02
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2023-07-17 -
2023-10-09
3 months crt.sh
*.google.co.jp
GTS CA 1C3
2023-07-10 -
2023-10-02
3 months crt.sh
www.google.com
GTS CA 1C3
2023-07-10 -
2023-10-02
3 months crt.sh

This page contains 7 frames:

Primary Page: https://coldavathermvicour.com/29e3187faa6ac4c060988ea4872ab140/certified/
Frame ID: 5272162C43F3EA60429B03030491601D
Requests: 41 HTTP requests in this frame

Frame: https://12389169.fls.doubleclick.net/activityi;dc_pre=CI3xi6CG0oADFY3LTAIdlUcOKw;src=12389169;type=conve0;cat=signu0;ord=1330349682510;auiddc=1444690488.1691669037;u1=%5BPlan%20Tier%5D;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F
Frame ID: 4C8F735C991DDB30C9738502E63D8CAD
Requests: 1 HTTP requests in this frame

Frame: https://12389169.fls.doubleclick.net/activityi;dc_pre=CPnhi6CG0oADFUwHewcdMj0Btg;src=12389169;type=conve0;cat=signu0;ord=6699500510557;auiddc=1444690488.1691669037;u1=free;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F
Frame ID: 01DF01C1A6988DD81EEB8153F82C5EC3
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CPnhi6CG0oADFUwHewcdMj0Btg;src=12389169;type=conve0;cat=signu0;ord=6699500510557;auiddc=1444690488.1691669037;u1=free;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F
Frame ID: 333810984342E9652AB6F2B415C4C484
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CI3xi6CG0oADFY3LTAIdlUcOKw;src=12389169;type=conve0;cat=signu0;ord=1330349682510;auiddc=1444690488.1691669037;u1=%5BPlan%20Tier%5D;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F
Frame ID: 12E0ADC170A3AE883DE8C65C61E8B23F
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.co.jp/ddm/fls/i/dc_pre=CPnhi6CG0oADFUwHewcdMj0Btg;src=12389169;type=conve0;cat=signu0;ord=6699500510557;auiddc=1444690488.1691669037;u1=free;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F
Frame ID: B45A25F7A76D5065F8D1945FEC53EE34
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.co.jp/ddm/fls/i/dc_pre=CI3xi6CG0oADFY3LTAIdlUcOKw;src=12389169;type=conve0;cat=signu0;ord=1330349682510;auiddc=1444690488.1691669037;u1=%5BPlan%20Tier%5D;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F
Frame ID: 6EF92FE4417A0324C809CA6D0BB709E5
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

The power of the link.

Detected technologies

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

48
Requests

98 %
HTTPS

62 %
IPv6

18
Domains

28
Subdomains

25
IPs

4
Countries

905 kB
Transfer

2113 kB
Size

18
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 24
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3409844&time=1691669036551&url=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3409844&time=1691669036551&url=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F&cookiesTest=true HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3409844%26time%3D1691669036551%26url%3Dhttps%253A%252F%252Fcoldavathermvicour.com%252F29e3187faa6ac4c060988ea4872ab140%252Fcertified%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3409844&time=1691669036551&url=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F&cookiesTest=true&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3409844&time=1691669036551&url=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F&cookiesTest=true&liSync=true&e_ipv6=AQIitx51FeCr_QAAAYnfVP-auI_MvVuD3rExXNbbyLMN9AmlNb6qwdRTuiVV4Flum165Kw
Request Chain 31
  • https://12389169.fls.doubleclick.net/activityi;src=12389169;type=conve0;cat=signu0;ord=1330349682510;auiddc=1444690488.1691669037;u1=%5BPlan%20Tier%5D;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F HTTP 302
  • https://12389169.fls.doubleclick.net/activityi;dc_pre=CI3xi6CG0oADFY3LTAIdlUcOKw;src=12389169;type=conve0;cat=signu0;ord=1330349682510;auiddc=1444690488.1691669037;u1=%5BPlan%20Tier%5D;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F
Request Chain 34
  • https://12389169.fls.doubleclick.net/activityi;src=12389169;type=conve0;cat=signu0;ord=6699500510557;auiddc=1444690488.1691669037;u1=free;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F HTTP 302
  • https://12389169.fls.doubleclick.net/activityi;dc_pre=CPnhi6CG0oADFUwHewcdMj0Btg;src=12389169;type=conve0;cat=signu0;ord=6699500510557;auiddc=1444690488.1691669037;u1=free;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F

48 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
coldavathermvicour.com/29e3187faa6ac4c060988ea4872ab140/certified/
9 KB
3 KB
Document
General
Full URL
https://coldavathermvicour.com/29e3187faa6ac4c060988ea4872ab140/certified/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
50.63.179.9 , United States, ASN398101 (GO-DADDY-COM-LLC, US),
Reverse DNS
9.179.63.50.host.secureserver.net
Software
Apache / PHP/7.4.33
Resource Hash
778537a9fa5ac10b1720902c827d2ce87560c2beba9b60dae061170f20aeec2e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

content-encoding
br
content-length
3153
content-type
text/html; charset=UTF-8
date
Thu, 10 Aug 2023 12:03:56 GMT
server
Apache
vary
Accept-Encoding
x-powered-by
PHP/7.4.33
0ac9d15122a8f6eb11fc74e009bacbec.css
d3h5jhobc20ump.cloudfront.net/
42 KB
28 KB
Stylesheet
General
Full URL
https://d3h5jhobc20ump.cloudfront.net/0ac9d15122a8f6eb11fc74e009bacbec.css
Requested by
Host: coldavathermvicour.com
URL: https://coldavathermvicour.com/29e3187faa6ac4c060988ea4872ab140/certified/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.214.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-214-97.nrt57.r.cloudfront.net
Software
nginx /
Resource Hash
ae765b03f37e883a3bc2a65c693c2ad1f264acb1a89a18c56f7e464ef8847f0e

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://coldavathermvicour.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Thu, 10 Aug 2023 01:59:31 GMT
content-encoding
gzip
via
1.1 f9832575e3821f4db473b935967c7aaa.cloudfront.net (CloudFront)
last-modified
Fri, 28 Apr 2023 14:34:34 GMT
server
nginx
x-amz-cf-pop
NRT57-P4
age
36265
etag
W/"bf636c31ca56084cb394191e76c05f20"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
cache-control
public, max-age=315360000
x-amz-cf-id
ldHfI5afMBrj753YCtWP7_RcndALNBcKPy5tDGX38VixNR0hziDSPg==
expires
Mon, 25 Apr 2033 14:34:33 GMT
mys2uzu.js
use.typekit.net/
18 KB
7 KB
Script
General
Full URL
https://use.typekit.net/mys2uzu.js
Requested by
Host: coldavathermvicour.com
URL: https://coldavathermvicour.com/29e3187faa6ac4c060988ea4872ab140/certified/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:140b:1a00:14::17dc:548b Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
fb54d4664a564135a46872a97a5e04b51a8d8900166da23826b771c432650b0a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://coldavathermvicour.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains;
content-encoding
gzip
date
Thu, 10 Aug 2023 12:03:56 GMT
server
nginx
vary
Accept-Encoding
content-type
text/javascript;charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
6744
js
www.googletagmanager.com/gtag/
169 KB
62 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-12389169
Requested by
Host: coldavathermvicour.com
URL: https://coldavathermvicour.com/29e3187faa6ac4c060988ea4872ab140/certified/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:826::2008 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ebb3f76c8902707ff7d91f2bf1110328f71e45d5941f2cb1851b821eb5ecb993
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://coldavathermvicour.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Thu, 10 Aug 2023 12:03:56 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
63842
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 10 Aug 2023 12:03:56 GMT
2b21cdf7bb0327252f60662d1fdfbc32.svg
dl6fh5ptkejqa.cloudfront.net/
522 B
905 B
Image
General
Full URL
https://dl6fh5ptkejqa.cloudfront.net/2b21cdf7bb0327252f60662d1fdfbc32.svg
Requested by
Host: coldavathermvicour.com
URL: https://coldavathermvicour.com/29e3187faa6ac4c060988ea4872ab140/certified/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.172.50.132 , United States, ASN (),
Reverse DNS
server-18-172-50-132.nrt20.r.cloudfront.net
Software
nginx /
Resource Hash
10ee4f83b50510af01b23073e2986287d083d07a28f94afc5aa2f56c91d0304b

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://coldavathermvicour.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Thu, 06 Jul 2023 00:58:21 GMT
via
1.1 9d4ec6013bd4b3f7d0e3b64456e71412.cloudfront.net (CloudFront)
last-modified
Fri, 30 Aug 2019 16:24:32 GMT
server
nginx
x-amz-cf-pop
NRT20-P2
age
3063935
etag
"140772d577519d4737ce475f66b4dfc9"
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=315360000
accept-ranges
bytes
content-length
522
x-amz-cf-id
dkRIJFITOLV_MYGo2P7_d3PiKyF2kIglDMap2LSOmlMPrX1h9EgwRQ==
expires
Mon, 27 Aug 2029 16:24:31 GMT
518ec586a1814c0216f44b4844b86f5e.svg
d1ayxb9ooonjts.cloudfront.net/
509 B
891 B
Image
General
Full URL
https://d1ayxb9ooonjts.cloudfront.net/518ec586a1814c0216f44b4844b86f5e.svg
Requested by
Host: coldavathermvicour.com
URL: https://coldavathermvicour.com/29e3187faa6ac4c060988ea4872ab140/certified/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.199.133 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-199-133.nrt57.r.cloudfront.net
Software
nginx /
Resource Hash
50554df9b481511f6583a93a75ba8503564f4800a6291431f31055c8ec365371

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://coldavathermvicour.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 03:20:12 GMT
via
1.1 6bf7139ab1260e393b31dd78c4c70c42.cloudfront.net (CloudFront)
last-modified
Fri, 30 Aug 2019 16:24:31 GMT
server
nginx
x-amz-cf-pop
NRT57-P3
age
17138624
etag
"a16b3edeb71936cc23a430da41c8ce84"
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=315360000
accept-ranges
bytes
content-length
509
x-amz-cf-id
Px6RdQp99DHHDudD7LpN3hJzWvp2ijbZfGffpNEfdH6TM2ND_-rzGw==
expires
Mon, 27 Aug 2029 16:24:30 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/
87 KB
31 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Requested by
Host: coldavathermvicour.com
URL: https://coldavathermvicour.com/29e3187faa6ac4c060988ea4872ab140/certified/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:81d::200a , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://coldavathermvicour.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Sun, 06 Aug 2023 15:01:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
334956
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31021
x-xss-protection
0
last-modified
Fri, 08 May 2020 07:05:03 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 05 Aug 2024 15:01:20 GMT
0b259cffe5ac15bfe1b9d94c1beb06e9.js
dl6fh5ptkejqa.cloudfront.net/
71 KB
71 KB
Script
General
Full URL
https://dl6fh5ptkejqa.cloudfront.net/0b259cffe5ac15bfe1b9d94c1beb06e9.js
Requested by
Host: coldavathermvicour.com
URL: https://coldavathermvicour.com/29e3187faa6ac4c060988ea4872ab140/certified/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.172.50.132 , United States, ASN (),
Reverse DNS
server-18-172-50-132.nrt20.r.cloudfront.net
Software
nginx /
Resource Hash
584c7859f5ee97ddc73d0647d6dc3de7ca98c8b154e391908bf95abd88a382c0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://coldavathermvicour.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Thu, 10 Aug 2023 01:59:31 GMT
via
1.1 9d4ec6013bd4b3f7d0e3b64456e71412.cloudfront.net (CloudFront)
last-modified
Tue, 24 Jan 2023 15:17:34 GMT
server
nginx
x-amz-cf-pop
NRT20-P2
age
36265
etag
"4af9bc69054c987593a4ee69d65da26a"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=315360000
accept-ranges
bytes
content-length
72193
x-amz-cf-id
Wgs_0uJ8NLx7nkZ4SVT2503JZLHVIP8xGuaYdCwwonuf9yMOjs-w5w==
expires
Fri, 21 Jan 2033 15:17:32 GMT
js
www.googletagmanager.com/gtag/
277 KB
91 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-567GCTL9BB
Requested by
Host: coldavathermvicour.com
URL: https://coldavathermvicour.com/29e3187faa6ac4c060988ea4872ab140/certified/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:826::2008 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c8a1fe3aadad680373ee07232cb19f89611127c82530e81e5cab718d6e6f364b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://coldavathermvicour.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Thu, 10 Aug 2023 12:03:56 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
92599
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 10 Aug 2023 12:03:56 GMT
b1eaafb48b055f33a360d6e77586bc0f.js
dl6fh5ptkejqa.cloudfront.net/
40 KB
41 KB
Script
General
Full URL
https://dl6fh5ptkejqa.cloudfront.net/b1eaafb48b055f33a360d6e77586bc0f.js
Requested by
Host: coldavathermvicour.com
URL: https://coldavathermvicour.com/29e3187faa6ac4c060988ea4872ab140/certified/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.172.50.132 , United States, ASN (),
Reverse DNS
server-18-172-50-132.nrt20.r.cloudfront.net
Software
nginx /
Resource Hash
83c6a1e1d15f07e1e647f1c5a648b2f2dfad61f2dd9ca3dd9cf1ef381e4d1879

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://coldavathermvicour.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Thu, 06 Jul 2023 00:58:21 GMT
via
1.1 9d4ec6013bd4b3f7d0e3b64456e71412.cloudfront.net (CloudFront)
last-modified
Tue, 13 Sep 2022 13:45:40 GMT
server
nginx
x-amz-cf-pop
NRT20-P2
age
3063935
etag
"a8630206831ed8119fd8b402a3d51bd0"
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=315360000
accept-ranges
bytes
content-length
41239
x-amz-cf-id
vM2ywsPZiC6cmBdNsuQkAg4koDCjXYKZTuz2ifRzpiGSIdJ_MHytUw==
03885108b01f0b92601b9be97af3aa9a.otf
d1ayxb9ooonjts.cloudfront.net/
61 KB
41 KB
Font
General
Full URL
https://d1ayxb9ooonjts.cloudfront.net/03885108b01f0b92601b9be97af3aa9a.otf
Requested by
Host: d3h5jhobc20ump.cloudfront.net
URL: https://d3h5jhobc20ump.cloudfront.net/0ac9d15122a8f6eb11fc74e009bacbec.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.199.133 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-199-133.nrt57.r.cloudfront.net
Software
nginx /
Resource Hash
2b80fbe521e07e4e84eb52e707b364c3e6c05c57e483276dc4b3be93a9794ba9

Request headers

Referer
https://d3h5jhobc20ump.cloudfront.net/
Origin
https://coldavathermvicour.com
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Sat, 31 Dec 2022 20:31:41 GMT
content-encoding
gzip
via
1.1 e849eb4ec7c297538f549eb24e5ebafa.cloudfront.net (CloudFront)
last-modified
Thu, 23 Apr 2015 20:49:14 GMT
server
nginx
x-amz-cf-pop
NRT57-P3
age
19150335
etag
W/"bf9f5d50c1b928ff21436517a1a95ad9"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
font/opentype
access-control-allow-origin
*
cache-control
public, max-age=315360000
x-amz-cf-id
tMQi9CSArMWnBbqPQdX7OJ7f_J4lwh4X4YIAYzYrtE7LnhGxM3FJlw==
expires
Sun, 20 Apr 2025 20:49:13 GMT
3e574ee721bb592fd3e6aab4a3780dbc.otf
d1ayxb9ooonjts.cloudfront.net/
62 KB
41 KB
Font
General
Full URL
https://d1ayxb9ooonjts.cloudfront.net/3e574ee721bb592fd3e6aab4a3780dbc.otf
Requested by
Host: d3h5jhobc20ump.cloudfront.net
URL: https://d3h5jhobc20ump.cloudfront.net/0ac9d15122a8f6eb11fc74e009bacbec.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.199.133 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-199-133.nrt57.r.cloudfront.net
Software
nginx /
Resource Hash
9e7ff2f279f8c497d687d1248d17e7a8c19784d945698c4bc8f9168fe9e351cb

Request headers

Referer
https://d3h5jhobc20ump.cloudfront.net/
Origin
https://coldavathermvicour.com
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Wed, 11 Jan 2023 00:40:06 GMT
content-encoding
gzip
via
1.1 e849eb4ec7c297538f549eb24e5ebafa.cloudfront.net (CloudFront)
last-modified
Thu, 23 Apr 2015 20:49:14 GMT
server
nginx
x-amz-cf-pop
NRT57-P3
age
18271430
etag
W/"f14eee643541cf03a10f26c944cc29f5"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
font/opentype
access-control-allow-origin
*
cache-control
public, max-age=315360000
x-amz-cf-id
KbkcNOyYXKSj9Qg4JICzSwO8Ln-V71xM3wuQ4ZtlIem9jSyhWjs_hw==
expires
Sun, 20 Apr 2025 20:49:13 GMT
tp2
sp.bitly.com/com.snowplowanalytics.snowplow/ Frame
0
0
Preflight
General
Full URL
https://sp.bitly.com/com.snowplowanalytics.snowplow/tp2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.78.44 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
44.78.120.34.bc.googleusercontent.com
Software
akka-http /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://coldavathermvicour.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type, SP-Anonymous
access-control-allow-origin
https://coldavathermvicour.com
access-control-max-age
5
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Thu, 10 Aug 2023 12:03:55 GMT
server
akka-http
via
1.1 google
tp2
sp.bitly.com/com.snowplowanalytics.snowplow/
2 B
19 B
XHR
General
Full URL
https://sp.bitly.com/com.snowplowanalytics.snowplow/tp2
Requested by
Host: dl6fh5ptkejqa.cloudfront.net
URL: https://dl6fh5ptkejqa.cloudfront.net/b1eaafb48b055f33a360d6e77586bc0f.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.78.44 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
44.78.120.34.bc.googleusercontent.com
Software
akka-http /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
https://coldavathermvicour.com/
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type
application/json; charset=UTF-8

Response headers

date
Thu, 10 Aug 2023 12:03:56 GMT
via
1.1 google
server
akka-http
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://coldavathermvicour.com
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
analytics.js
www.google-analytics.com/
52 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: coldavathermvicour.com
URL: https://coldavathermvicour.com/29e3187faa6ac4c060988ea4872ab140/certified/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://coldavathermvicour.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 10 Aug 2023 11:30:44 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
1992
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Thu, 10 Aug 2023 13:30:44 GMT
fbevents.js
connect.facebook.net/en_US/
172 KB
47 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: coldavathermvicour.com
URL: https://coldavathermvicour.com/29e3187faa6ac4c060988ea4872ab140/certified/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f00f:8:face:b00c:0:1 Tokyo, Japan, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
9b78354357bc04de9fa52562968bad64ef1311b665cc6ea927d2ec08bcc82cd8
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://coldavathermvicour.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 10 Aug 2023 12:03:56 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
47151
x-xss-protection
0
pragma
public
x-fb-debug
KHTMiSjng4x0gBsSjZsw4idSb8cXPnZ4J0SCSrHbx/aBczWpodSuKyPYaKHcx4U8NP7ce6VwN1i1WffHkxKvtw==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires
Sat, 01 Jan 2000 00:00:00 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/
13 KB
5 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: coldavathermvicour.com
URL: https://coldavathermvicour.com/29e3187faa6ac4c060988ea4872ab140/certified/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:140b:1a00:14::17dc:5499 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://coldavathermvicour.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Thu, 10 Aug 2023 12:03:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 24 Jul 2023 09:07:54 GMT
x-cdn
AKAM
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/x-javascript;charset=utf-8
cache-control
max-age=85691
accept-ranges
bytes
content-length
4862
uwt.js
static.ads-twitter.com/
56 KB
15 KB
Script
General
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: coldavathermvicour.com
URL: https://coldavathermvicour.com/29e3187faa6ac4c060988ea4872ab140/certified/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.228.157 Tokyo, Japan, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://coldavathermvicour.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Thu, 10 Aug 2023 12:03:56 GMT
content-encoding
gzip
last-modified
Thu, 27 Oct 2022 18:30:18 GMT
etag
"32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary
Accept-Encoding,Host
x-cache
HIT, HIT
content-type
application/javascript; charset=utf-8
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn
FT
cache-control
no-cache
accept-ranges
bytes
content-length
15375
x-served-by
cache-iad-kcgs7200123-IAD, cache-hnd18750-HND
l
use.typekit.net/af/0e8ca9/0000000000000000000148a6/21/
17 KB
17 KB
Font
General
Full URL
https://use.typekit.net/af/0e8ca9/0000000000000000000148a6/21/l?subset_id=2&fvd=n6&v=3
Requested by
Host: coldavathermvicour.com
URL: https://coldavathermvicour.com/29e3187faa6ac4c060988ea4872ab140/certified/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:140b:1a00:14::17dc:548b Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
31fe8e1afce2f1487c323de595df41cd61a0a780e938fcfa219c00d0d8700a22

Request headers

Referer
https://coldavathermvicour.com/
Origin
https://coldavathermvicour.com
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Thu, 10 Aug 2023 12:03:56 GMT
server
nginx
etag
"fa69ba7a0541237d29d5d63ab89ddf5c0ddcc122"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
17180
l
use.typekit.net/af/651407/0000000000000000000148a4/21/
17 KB
17 KB
Font
General
Full URL
https://use.typekit.net/af/651407/0000000000000000000148a4/21/l?subset_id=2&fvd=n4&v=3
Requested by
Host: coldavathermvicour.com
URL: https://coldavathermvicour.com/29e3187faa6ac4c060988ea4872ab140/certified/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:140b:1a00:14::17dc:548b Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
c2a3051b111255a7bb60f2c2f880119a34b9badd3094fe5da0809e9867189be9

Request headers

Referer
https://coldavathermvicour.com/
Origin
https://coldavathermvicour.com
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Thu, 10 Aug 2023 12:03:56 GMT
server
nginx
etag
"1e687793ce64d9cbb865b34e0184a5d7d0d615aa"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
17144
l
use.typekit.net/af/04aaaa/0000000000000000000148a2/21/
17 KB
17 KB
Font
General
Full URL
https://use.typekit.net/af/04aaaa/0000000000000000000148a2/21/l?subset_id=2&fvd=n3&v=3
Requested by
Host: coldavathermvicour.com
URL: https://coldavathermvicour.com/29e3187faa6ac4c060988ea4872ab140/certified/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:140b:1a00:14::17dc:548b Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
739d05993fb4c31c049518fb52a5784df194db6fd16bc428dcc16baf679aeca3

Request headers

Referer
https://coldavathermvicour.com/
Origin
https://coldavathermvicour.com
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Thu, 10 Aug 2023 12:03:56 GMT
server
nginx
etag
"84a5a8f3c03b24dbec4386ecc1405d47828de8e4"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
17524
l
use.typekit.net/af/c6d995/0000000000000000000132df/21/
22 KB
22 KB
Font
General
Full URL
https://use.typekit.net/af/c6d995/0000000000000000000132df/21/l?subset_id=2&fvd=n4&v=3
Requested by
Host: coldavathermvicour.com
URL: https://coldavathermvicour.com/29e3187faa6ac4c060988ea4872ab140/certified/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:140b:1a00:14::17dc:548b Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
ce7a0e2e92f9b02f744009e39e82163283f4b6f648de2c513351b909ef7400d4

Request headers

Referer
https://coldavathermvicour.com/
Origin
https://coldavathermvicour.com
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Thu, 10 Aug 2023 12:03:56 GMT
server
nginx
etag
"55559d7f4efc3f7fb33e7b9699ee2047fb65f3de"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
22436
l
use.typekit.net/af/a5fac4/0000000000000000000132e3/21/
23 KB
23 KB
Font
General
Full URL
https://use.typekit.net/af/a5fac4/0000000000000000000132e3/21/l?subset_id=2&fvd=n7&v=3
Requested by
Host: coldavathermvicour.com
URL: https://coldavathermvicour.com/29e3187faa6ac4c060988ea4872ab140/certified/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:140b:1a00:14::17dc:548b Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
449ad51e04f90d09cd5d6d1df91f8b69cf888ca97c7d2318e1e30b35d2b403d4

Request headers

Referer
https://coldavathermvicour.com/
Origin
https://coldavathermvicour.com
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Thu, 10 Aug 2023 12:03:56 GMT
server
nginx
etag
"672c8850fd84c3f8278b634e73850f7f7b605f9a"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
23268
l
use.typekit.net/af/ed8887/0000000000000000000132e1/21/
24 KB
24 KB
Font
General
Full URL
https://use.typekit.net/af/ed8887/0000000000000000000132e1/21/l?subset_id=2&fvd=n5&v=3
Requested by
Host: coldavathermvicour.com
URL: https://coldavathermvicour.com/29e3187faa6ac4c060988ea4872ab140/certified/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:140b:1a00:14::17dc:548b Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
b46f010dcef0a7bf6dd266a0d2c899a08517b282e9b899b08a4d9e33609def23

Request headers

Referer
https://coldavathermvicour.com/
Origin
https://coldavathermvicour.com
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Thu, 10 Aug 2023 12:03:56 GMT
server
nginx
etag
"816b6b90e41be7dcaac2711c46c41dfaf0935c86"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
24388
token
cdn.linkedin.oribi.io/partner/3409844/domain/coldavathermvicour.com/
36 B
399 B
XHR
General
Full URL
https://cdn.linkedin.oribi.io/partner/3409844/domain/coldavathermvicour.com/token
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26a6:1a00:2:53b2:240:93a1 , United States, ASN (),
Reverse DNS
Software
/
Resource Hash
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept
*
Referer
https://coldavathermvicour.com/
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Thu, 10 Aug 2023 11:33:23 GMT
content-encoding
gzip
via
1.1 187c00aa0bd9b6b4702d3ceb94c6952c.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT20-P1
age
1833
vary
accept-encoding
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=3600
x-amz-cf-id
OaFtCeiWfn8PenbIxK9koW3bcFXa5PuJ0c0xygjtAWenciU5YzE89Q==
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3409844&time=1691669036551&url=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3409844&time=1691669036551&url=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F&cookiesTest=true
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3409844%26time%3D1691669036551%26url%3Dhttps%253A%252F%252Fcoldavathermvicour.com...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3409844&time=1691669036551&url=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F&cookiesTest=true&liSync=true
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3409844&time=1691669036551&url=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F&cookiesTest=true&liSync=tru...
0
487 B
Image
General
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3409844&time=1691669036551&url=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F&cookiesTest=true&liSync=true&e_ipv6=AQIitx51FeCr_QAAAYnfVP-auI_MvVuD3rExXNbbyLMN9AmlNb6qwdRTuiVV4Flum165Kw
Requested by
Host: coldavathermvicour.com
URL: https://coldavathermvicour.com/29e3187faa6ac4c060988ea4872ab140/certified/
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://coldavathermvicour.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Thu, 10 Aug 2023 12:03:56 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 12187C2B826B4087AB72B5DAF6479BC4 Ref B: TYAEDGE1119 Ref C: 2023-08-10T12:03:57Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-fabric
prod-lor1
x-li-proto
http/2
content-length
0
x-li-uuid
AAYCkGQIcsgaj2H5z6fO0g==

Redirect headers

date
Thu, 10 Aug 2023 12:03:56 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 48021C0A9E7C4A1FA9C047D8DBC65719 Ref B: TYO01EDGE2010 Ref C: 2023-08-10T12:03:56Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3409844&time=1691669036551&url=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F&cookiesTest=true&liSync=true&e_ipv6=AQIitx51FeCr_QAAAYnfVP-auI_MvVuD3rExXNbbyLMN9AmlNb6qwdRTuiVV4Flum165Kw
x-li-proto
http/2
content-length
0
x-li-uuid
AAYCkGQGWKBNuiCQ0m9DoQ==
575684804151769
connect.facebook.net/signals/config/
382 KB
109 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/575684804151769?v=2.9.121&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f00f:8:face:b00c:0:1 Tokyo, Japan, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
748da16c031d26288953c306823663e995fa83b82f51c63ed1ae5b2018f16a41
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://coldavathermvicour.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 10 Aug 2023 12:03:56 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
111417
x-xss-protection
0
pragma
public
x-fb-debug
qDphGgb/zxgre3T6nBHK2Xy5PlvpbFZNcaI4xNewVU4Wiyb+pSOOamOZ118xDCOUJrIrOP8fO1E1QzhEkXrGYg==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires
Sat, 01 Jan 2000 00:00:00 GMT
p.gif
p.typekit.net/
35 B
218 B
Image
General
Full URL
https://p.typekit.net/p.gif?s=1&k=mys2uzu&ht=tk&h=coldavathermvicour.com&f=173.175.5474.10294.10296.10302&a=549976&js=1.21.0&app=typekit&e=js&_=1691669036571
Requested by
Host: coldavathermvicour.com
URL: https://coldavathermvicour.com/29e3187faa6ac4c060988ea4872ab140/certified/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:140b:1a00:14::17dc:5494 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://coldavathermvicour.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

unused62
8096267
date
Thu, 10 Aug 2023 12:03:56 GMT
last-modified
Sat, 09 Oct 2021 02:10:38 GMT
server
nginx
etag
"6160fa1e-23"
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
35
collect
www.google-analytics.com/j/
3 B
213 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1099402090&t=pageview&_s=1&dl=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F&ul=en-us&de=UTF-8&dt=The%20power%20of%20the%20link.&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=519859838&gjid=113057204&cid=80159069.1691669037&tid=UA-25224921-3&_gid=1881651150.1691669037&_r=1&_slc=1&cd2=user&z=242854132
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://coldavathermvicour.com/
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 10 Aug 2023 12:03:56 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://coldavathermvicour.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/
0
185 B
Image
General
Full URL
https://www.facebook.com/tr/?id=575684804151769&ev=PageView&dl=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F&rl=&if=false&ts=1691669036591&sw=1600&sh=1200&v=2.9.121&r=stable&ec=0&o=30&fbp=fb.1.1691669036590.1172499462&cs_est=true&it=1691669036562&coo=false&exp=a1&rqm=GET
Requested by
Host: coldavathermvicour.com
URL: https://coldavathermvicour.com/29e3187faa6ac4c060988ea4872ab140/certified/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f10f:83:face:b00c:0:25de Tokyo, Japan, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://coldavathermvicour.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 10 Aug 2023 12:03:56 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
adsct
t.co/i/
43 B
377 B
Image
General
Full URL
https://t.co/i/adsct?bci=3&eci=2&event_id=d4e005c5-b538-4e48-b1f0-75f44768c8ad&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=152980c4-a8c4-4942-a308-b92c98a8fb67&tw_document_href=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o2pdk&type=javascript&version=2.3.29
Requested by
Host: coldavathermvicour.com
URL: https://coldavathermvicour.com/29e3187faa6ac4c060988ea4872ab140/certified/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.197 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_m /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://coldavathermvicour.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-response-time
96
date
Thu, 10 Aug 2023 12:03:56 GMT
strict-transport-security
max-age=0
server
tsa_m
content-type
image/gif;charset=utf-8
x-transaction-id
ee2a878c0641ccd3
cache-control
no-cache, no-store, max-age=0
perf
7626143928
x-connection-hash
8c84724e21f66ead9f8274834e8897b692ec6e091b24a543a2cb55d2f8733d76
content-length
43
adsct
analytics.twitter.com/i/
43 B
395 B
Image
General
Full URL
https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=d4e005c5-b538-4e48-b1f0-75f44768c8ad&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=152980c4-a8c4-4942-a308-b92c98a8fb67&tw_document_href=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o2pdk&type=javascript&version=2.3.29
Requested by
Host: coldavathermvicour.com
URL: https://coldavathermvicour.com/29e3187faa6ac4c060988ea4872ab140/certified/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.3 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_m /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://coldavathermvicour.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-response-time
164
date
Thu, 10 Aug 2023 12:03:55 GMT
strict-transport-security
max-age=631138519
server
tsa_m
content-type
image/gif;charset=utf-8
x-transaction-id
f18d8b807805c58d
cache-control
no-cache, no-store, max-age=0
perf
7626143928
x-connection-hash
bb912d0e21a532256e853c0c70b76fc39ba08f9f44770285bc80078286109f0b
content-length
43
activityi;dc_pre=CI3xi6CG0oADFY3LTAIdlUcOKw;src=12389169;type=conve0;cat=signu0;ord=1330349682510;auiddc=1444690488.1691669037;u1=%5BPlan%20Tier%5D;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;ua...
12389169.fls.doubleclick.net/ Frame 4C8F
Redirect Chain
  • https://12389169.fls.doubleclick.net/activityi;src=12389169;type=conve0;cat=signu0;ord=1330349682510;auiddc=1444690488.1691669037;u1=%5BPlan%20Tier%5D;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=...
  • https://12389169.fls.doubleclick.net/activityi;dc_pre=CI3xi6CG0oADFY3LTAIdlUcOKw;src=12389169;type=conve0;cat=signu0;ord=1330349682510;auiddc=1444690488.1691669037;u1=%5BPlan%20Tier%5D;gtm=45fe3890...
612 B
525 B
Document
General
Full URL
https://12389169.fls.doubleclick.net/activityi;dc_pre=CI3xi6CG0oADFY3LTAIdlUcOKw;src=12389169;type=conve0;cat=signu0;ord=1330349682510;auiddc=1444690488.1691669037;u1=%5BPlan%20Tier%5D;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-12389169
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.31.166 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
nrt12s22-in-f6.1e100.net
Software
cafe /
Resource Hash
d618e7c5585a2a24e4e741958ed7b4672c71740c49582c1f759563b13d7fd3e8
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://coldavathermvicour.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
352
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 10 Aug 2023 12:03:56 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 10 Aug 2023 12:03:56 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://12389169.fls.doubleclick.net/activityi;dc_pre=CI3xi6CG0oADFY3LTAIdlUcOKw;src=12389169;type=conve0;cat=signu0;ord=1330349682510;auiddc=1444690488.1691669037;u1=%5BPlan%20Tier%5D;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
js
www.googletagmanager.com/gtag/
277 KB
91 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-567GCTL9BB&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-12389169
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:826::2008 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
4ea4a8c6ad6c08fd76fe0f6c76ed705e489e1bace5cc1f89cbecdebedee121ea
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://coldavathermvicour.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Thu, 10 Aug 2023 12:03:56 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
92603
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 10 Aug 2023 12:03:56 GMT
js
www.googletagmanager.com/gtag/
199 KB
71 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-768371374&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-12389169
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:826::2008 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c663d3fffd036f6b52a90b1085e159edc6e37ba62f2f8223d89f79a4c24eb0dd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://coldavathermvicour.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Thu, 10 Aug 2023 12:03:56 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
72257
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 10 Aug 2023 12:03:56 GMT
activityi;dc_pre=CPnhi6CG0oADFUwHewcdMj0Btg;src=12389169;type=conve0;cat=signu0;ord=6699500510557;auiddc=1444690488.1691669037;u1=free;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epv...
12389169.fls.doubleclick.net/ Frame 01DF
Redirect Chain
  • https://12389169.fls.doubleclick.net/activityi;src=12389169;type=conve0;cat=signu0;ord=6699500510557;auiddc=1444690488.1691669037;u1=free;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;...
  • https://12389169.fls.doubleclick.net/activityi;dc_pre=CPnhi6CG0oADFUwHewcdMj0Btg;src=12389169;type=conve0;cat=signu0;ord=6699500510557;auiddc=1444690488.1691669037;u1=free;gtm=45fe3890;uaa=;uab=;ua...
599 B
515 B
Document
General
Full URL
https://12389169.fls.doubleclick.net/activityi;dc_pre=CPnhi6CG0oADFUwHewcdMj0Btg;src=12389169;type=conve0;cat=signu0;ord=6699500510557;auiddc=1444690488.1691669037;u1=free;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-12389169
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.31.166 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
nrt12s22-in-f6.1e100.net
Software
cafe /
Resource Hash
eef3b215b08d1f90131ebee71f3e10566d735c02a8f041b61a6ddfd3932693f3
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://coldavathermvicour.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
339
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 10 Aug 2023 12:03:56 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 10 Aug 2023 12:03:56 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://12389169.fls.doubleclick.net/activityi;dc_pre=CPnhi6CG0oADFUwHewcdMj0Btg;src=12389169;type=conve0;cat=signu0;ord=6699500510557;auiddc=1444690488.1691669037;u1=free;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
collect
analytics.google.com/g/
0
250 B
Ping
General
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-567GCTL9BB&gtm=45je3890&_p=1099402090&_gaz=1&cid=80159069.1691669037&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1691669036&sct=1&seg=0&dl=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F&dt=The%20power%20of%20the%20link.&en=page_view&_fv=1&_ss=1&_ee=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-567GCTL9BB
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://coldavathermvicour.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 10 Aug 2023 12:03:56 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://coldavathermvicour.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/
0
259 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-567GCTL9BB&cid=80159069.1691669037&gtm=45je3890&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-567GCTL9BB
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4008:c15::9b Taipei, Taiwan, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://coldavathermvicour.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 10 Aug 2023 12:03:56 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://coldavathermvicour.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.co.jp/ads/
42 B
408 B
Image
General
Full URL
https://www.google.co.jp/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-567GCTL9BB&cid=80159069.1691669037&gtm=45je3890&aip=1&z=712404461
Requested by
Host: coldavathermvicour.com
URL: https://coldavathermvicour.com/29e3187faa6ac4c060988ea4872ab140/certified/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:813::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://coldavathermvicour.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 10 Aug 2023 12:03:56 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/768371374/
3 KB
2 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/768371374/?random=1691669036722&cv=11&fst=1691669036722&bg=ffffff&guid=ON&async=1&gtm=45be3890&u_w=1600&u_h=1200&url=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F&hn=www.googleadservices.com&frm=0&tiba=The%20power%20of%20the%20link.&auid=1444690488.1691669037&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-768371374&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:824::2002 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
cd07ea8546c60a29cbb7a489a69f4a92cad7a886433687a63847646105c782f9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://coldavathermvicour.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 10 Aug 2023 12:03:56 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1363
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dc_pre=CPnhi6CG0oADFUwHewcdMj0Btg;src=12389169;type=conve0;cat=signu0;ord=6699500510557;auiddc=1444690488.1691669037;u1=free;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref...
adservice.google.com/ddm/fls/i/ Frame 3338
601 B
715 B
Document
General
Full URL
https://adservice.google.com/ddm/fls/i/dc_pre=CPnhi6CG0oADFUwHewcdMj0Btg;src=12389169;type=conve0;cat=signu0;ord=6699500510557;auiddc=1444690488.1691669037;u1=free;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F
Requested by
Host: 12389169.fls.doubleclick.net
URL: https://12389169.fls.doubleclick.net/activityi;dc_pre=CPnhi6CG0oADFUwHewcdMj0Btg;src=12389169;type=conve0;cat=signu0;ord=6699500510557;auiddc=1444690488.1691669037;u1=free;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:826::2002 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4952d7cfa5422926ef72e7b7631bbef6b3b3a6885a59a794e39b513d8a34cb8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://12389169.fls.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
340
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 10 Aug 2023 12:03:56 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dc_pre=CI3xi6CG0oADFY3LTAIdlUcOKw;src=12389169;type=conve0;cat=signu0;ord=1330349682510;auiddc=1444690488.1691669037;u1=%5BPlan%20Tier%5D;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;...
adservice.google.com/ddm/fls/i/ Frame 12E0
614 B
426 B
Document
General
Full URL
https://adservice.google.com/ddm/fls/i/dc_pre=CI3xi6CG0oADFY3LTAIdlUcOKw;src=12389169;type=conve0;cat=signu0;ord=1330349682510;auiddc=1444690488.1691669037;u1=%5BPlan%20Tier%5D;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F
Requested by
Host: 12389169.fls.doubleclick.net
URL: https://12389169.fls.doubleclick.net/activityi;dc_pre=CI3xi6CG0oADFY3LTAIdlUcOKw;src=12389169;type=conve0;cat=signu0;ord=1330349682510;auiddc=1444690488.1691669037;u1=%5BPlan%20Tier%5D;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:826::2002 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c1f68e9c78ee68a576526fad4b8a5068b71b6e4e298b20db5e644f8125bf2720
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://12389169.fls.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
356
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 10 Aug 2023 12:03:56 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
www.google.com/pagead/1p-user-list/768371374/
42 B
455 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/768371374/?random=1691669036722&cv=11&fst=1691668800000&bg=ffffff&guid=ON&async=1&gtm=45be3890&u_w=1600&u_h=1200&url=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F&frm=0&tiba=The%20power%20of%20the%20link.&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=690760466&rmt_tld=0&ipr=y
Requested by
Host: coldavathermvicour.com
URL: https://coldavathermvicour.com/29e3187faa6ac4c060988ea4872ab140/certified/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:828::2004 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://coldavathermvicour.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 10 Aug 2023 12:03:56 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.co.jp/pagead/1p-user-list/768371374/
42 B
154 B
Image
General
Full URL
https://www.google.co.jp/pagead/1p-user-list/768371374/?random=1691669036722&cv=11&fst=1691668800000&bg=ffffff&guid=ON&async=1&gtm=45be3890&u_w=1600&u_h=1200&url=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F&frm=0&tiba=The%20power%20of%20the%20link.&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=690760466&rmt_tld=1&ipr=y
Requested by
Host: coldavathermvicour.com
URL: https://coldavathermvicour.com/29e3187faa6ac4c060988ea4872ab140/certified/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:813::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://coldavathermvicour.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 10 Aug 2023 12:03:56 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dc_pre=CPnhi6CG0oADFUwHewcdMj0Btg;src=12389169;type=conve0;cat=signu0;ord=6699500510557;auiddc=1444690488.1691669037;u1=free;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref...
adservice.google.co.jp/ddm/fls/i/ Frame B45A
194 B
173 B
Document
General
Full URL
https://adservice.google.co.jp/ddm/fls/i/dc_pre=CPnhi6CG0oADFUwHewcdMj0Btg;src=12389169;type=conve0;cat=signu0;ord=6699500510557;auiddc=1444690488.1691669037;u1=free;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F
Requested by
Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CPnhi6CG0oADFUwHewcdMj0Btg;src=12389169;type=conve0;cat=signu0;ord=6699500510557;auiddc=1444690488.1691669037;u1=free;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:826::2002 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://adservice.google.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
85
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 10 Aug 2023 12:03:57 GMT
expires
Thu, 10 Aug 2023 12:03:57 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dc_pre=CI3xi6CG0oADFY3LTAIdlUcOKw;src=12389169;type=conve0;cat=signu0;ord=1330349682510;auiddc=1444690488.1691669037;u1=%5BPlan%20Tier%5D;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;...
adservice.google.co.jp/ddm/fls/i/ Frame 6EF9
194 B
303 B
Document
General
Full URL
https://adservice.google.co.jp/ddm/fls/i/dc_pre=CI3xi6CG0oADFY3LTAIdlUcOKw;src=12389169;type=conve0;cat=signu0;ord=1330349682510;auiddc=1444690488.1691669037;u1=%5BPlan%20Tier%5D;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F
Requested by
Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CI3xi6CG0oADFY3LTAIdlUcOKw;src=12389169;type=conve0;cat=signu0;ord=1330349682510;auiddc=1444690488.1691669037;u1=%5BPlan%20Tier%5D;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:826::2002 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://adservice.google.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
85
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 10 Aug 2023 12:03:56 GMT
expires
Thu, 10 Aug 2023 12:03:56 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
www.facebook.com/tr/
0
54 B
Image
General
Full URL
https://www.facebook.com/tr/?id=575684804151769&ev=Microdata&dl=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F&rl=&if=false&ts=1691669038097&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%20The%20power%20of%20the%20link.%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.121&r=stable&ec=1&o=30&fbp=fb.1.1691669036590.1172499462&it=1691669036562&coo=false&es=automatic&tm=3&exp=a1&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f10f:83:face:b00c:0:25de Tokyo, Japan, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://coldavathermvicour.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 10 Aug 2023 12:03:58 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
collect
analytics.google.com/g/
0
54 B
Ping
General
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-567GCTL9BB&gtm=45je3890&_p=1099402090&cid=80159069.1691669037&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=2&sid=1691669036&sct=1&seg=0&dl=https%3A%2F%2Fcoldavathermvicour.com%2F29e3187faa6ac4c060988ea4872ab140%2Fcertified%2F&dt=The%20power%20of%20the%20link.&en=scroll&epn.percent_scrolled=90&_et=5
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-567GCTL9BB
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://coldavathermvicour.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 10 Aug 2023 12:04:01 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://coldavathermvicour.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

32 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| BITLY object| Typekit object| GlobalSnowplowNamespace function| snowplow function| gtag object| dataLayer function| $ function| jQuery function| reqAnimFrame function| _ object| Backbone object| App string| GoogleAnalyticsObject function| ga function| fbq function| _fbq string| _linkedin_partner_id object| _linkedin_data_partner_ids function| lintrk function| twq boolean| _already_called_lintrk object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| regeneratorRuntime object| twttr object| google_tag_manager function| onYouTubeIframeAPIReady object| GooglebQhCsO

18 Cookies

Domain/Path Name / Value
.coldavathermvicour.com/ Name: _sp_ses.b627
Value: *
.coldavathermvicour.com/ Name: _sp_id.b627
Value: 2966a095-02dd-4b30-81da-73e91c7d3fa8.1691669037.1.1691669037..44fb58dd-0243-4974-9558-6bf53ed7a464..f2ce2081-b634-4cd0-89d4-d28345a45f1a.1691669036501.1
.coldavathermvicour.com/ Name: _gid
Value: GA1.2.1881651150.1691669037
.coldavathermvicour.com/ Name: _gat
Value: 1
.coldavathermvicour.com/ Name: _fbp
Value: fb.1.1691669036590.1172499462
coldavathermvicour.com/ Name: ln_or
Value: eyIzNDA5ODQ0IjoiZCJ9
.coldavathermvicour.com/ Name: _gcl_au
Value: 1.1.1444690488.1691669037
.coldavathermvicour.com/ Name: _ga
Value: GA1.1.80159069.1691669037
.coldavathermvicour.com/ Name: _ga_567GCTL9BB
Value: GS1.1.1691669036.1.0.1691669036.60.0.0
.linkedin.com/ Name: li_sugr
Value: ea361529-170e-4974-a0b3-961aa3a38585
.linkedin.com/ Name: bcookie
Value: "v=2&4d9202a1-fa83-44c1-875b-5fbe443cabdc"
.linkedin.com/ Name: lidc
Value: "b=OGST02:s=O:r=O:a=O:p=O:g=2978:u=1:x=1:i=1691669036:t=1691755436:v=2:sig=AQETAmzmxnXUaB9nnWehTAzvTsDyqyGo"
.t.co/ Name: muc_ads
Value: e4eef4b7-7ad8-45dd-a8b6-72762ccf63e1
.linkedin.com/ Name: UserMatchHistory
Value: AQKLLTNmGgsXdAAAAYnfVP67uLQ4t3-FCPK4edOyYTDBPsZIIOombhP1RYmHaybkjWVUrB93QOpcUQ
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQKyBkRLCXPOrQAAAYnfVP67Qoz3MiKdHtWRuX_OgS2sSUEViCoSuNcke_h3tTEUOll8Ol5la0NSVKmKWueJfw
.twitter.com/ Name: personalization_id
Value: "v1_2RhtNAzWgxJlj8Yp8pjkJA=="
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.www.linkedin.com/ Name: bscookie
Value: "v=1&2023081012035614a73e98-0d20-4713-8929-b35ff6366bebAQH5Kjj2RxYuZdic2-OS1yCFseIQjjyk"

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

12389169.fls.doubleclick.net
adservice.google.co.jp
adservice.google.com
ajax.googleapis.com
analytics.google.com
analytics.twitter.com
cdn.linkedin.oribi.io
coldavathermvicour.com
connect.facebook.net
d1ayxb9ooonjts.cloudfront.net
d3h5jhobc20ump.cloudfront.net
dl6fh5ptkejqa.cloudfront.net
googleads.g.doubleclick.net
p.typekit.net
px.ads.linkedin.com
px4.ads.linkedin.com
snap.licdn.com
sp.bitly.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
use.typekit.net
www.facebook.com
www.google-analytics.com
www.google.co.jp
www.google.com
www.googletagmanager.com
www.linkedin.com
104.244.42.197
104.244.42.3
13.107.42.14
151.101.228.157
172.217.31.166
18.172.50.132
18.65.199.133
18.65.214.97
2001:4860:4802:34::181
2001:4860:4802:38::178
2404:6800:4004:813::2003
2404:6800:4004:81d::200a
2404:6800:4004:824::2002
2404:6800:4004:826::2002
2404:6800:4004:826::2008
2404:6800:4004:828::2004
2404:6800:4008:c15::9b
2600:140b:1a00:14::17dc:548b
2600:140b:1a00:14::17dc:5494
2600:140b:1a00:14::17dc:5499
2600:9000:26a6:1a00:2:53b2:240:93a1
2620:1ec:21::14
2a03:2880:f00f:8:face:b00c:0:1
2a03:2880:f10f:83:face:b00c:0:25de
34.120.78.44
50.63.179.9
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
10ee4f83b50510af01b23073e2986287d083d07a28f94afc5aa2f56c91d0304b
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2b80fbe521e07e4e84eb52e707b364c3e6c05c57e483276dc4b3be93a9794ba9
31fe8e1afce2f1487c323de595df41cd61a0a780e938fcfa219c00d0d8700a22
449ad51e04f90d09cd5d6d1df91f8b69cf888ca97c7d2318e1e30b35d2b403d4
4952d7cfa5422926ef72e7b7631bbef6b3b3a6885a59a794e39b513d8a34cb8e
4ea4a8c6ad6c08fd76fe0f6c76ed705e489e1bace5cc1f89cbecdebedee121ea
50554df9b481511f6583a93a75ba8503564f4800a6291431f31055c8ec365371
584c7859f5ee97ddc73d0647d6dc3de7ca98c8b154e391908bf95abd88a382c0
739d05993fb4c31c049518fb52a5784df194db6fd16bc428dcc16baf679aeca3
748da16c031d26288953c306823663e995fa83b82f51c63ed1ae5b2018f16a41
778537a9fa5ac10b1720902c827d2ce87560c2beba9b60dae061170f20aeec2e
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
83c6a1e1d15f07e1e647f1c5a648b2f2dfad61f2dd9ca3dd9cf1ef381e4d1879
9b78354357bc04de9fa52562968bad64ef1311b665cc6ea927d2ec08bcc82cd8
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
9e7ff2f279f8c497d687d1248d17e7a8c19784d945698c4bc8f9168fe9e351cb
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae765b03f37e883a3bc2a65c693c2ad1f264acb1a89a18c56f7e464ef8847f0e
b46f010dcef0a7bf6dd266a0d2c899a08517b282e9b899b08a4d9e33609def23
c1f68e9c78ee68a576526fad4b8a5068b71b6e4e298b20db5e644f8125bf2720
c2a3051b111255a7bb60f2c2f880119a34b9badd3094fe5da0809e9867189be9
c663d3fffd036f6b52a90b1085e159edc6e37ba62f2f8223d89f79a4c24eb0dd
c8a1fe3aadad680373ee07232cb19f89611127c82530e81e5cab718d6e6f364b
cd07ea8546c60a29cbb7a489a69f4a92cad7a886433687a63847646105c782f9
ce7a0e2e92f9b02f744009e39e82163283f4b6f648de2c513351b909ef7400d4
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d618e7c5585a2a24e4e741958ed7b4672c71740c49582c1f759563b13d7fd3e8
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ebb3f76c8902707ff7d91f2bf1110328f71e45d5941f2cb1851b821eb5ecb993
eef3b215b08d1f90131ebee71f3e10566d735c02a8f041b61a6ddfd3932693f3
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25
fb54d4664a564135a46872a97a5e04b51a8d8900166da23826b771c432650b0a