cdn.zhuyl.work Open in urlscan Pro
2620:1ec:46::45 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://is.gd/a6PnRr
Effective URL:
https://cdn.zhuyl.work/?key=ytrzvqkvmvyaebbm&pin=62546063&ag=c1412454&from=Email-3t
Submission: On May 17 via manual (May 17th 2021, 11:46:00 pm UTC) from US

Summary HTTP 75 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 12 IPs in 3 countries across 10 domains to perform 75 HTTP transactions. The main IP is 2620:1ec:46::45, located in United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is cdn.zhuyl.work.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on May 11th 2021. Valid for: a year.

This is the only time cdn.zhuyl.work was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:20:... 2606:4700:20::ac43:5384	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2620:1ec:46::45 2620:1ec:46::45	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
17	2a04:4e42:1b:... 2a04:4e42:1b::621	54113 (FASTLY) (FASTLY)
9	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
26	111.255.128.31 111.255.128.31	3462 (HINET Dat...) (HINET Data Communication Business Group)
1	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:803::2001	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:80e::2004	15169 (GOOGLE) (GOOGLE)
75	12

1 2606:4700:20::ac43:5384 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

is.gd	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:46::45 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

cdn.zhuyl.work	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a04:4e42:1b::621 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 111.255.128.31 (Tainan City, Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)
PTR: 111-255-128-31.dynamic-ip.hinet.net

oo.cdf.zcfr.work	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s42-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:803::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
26	zcfr.work oo.cdf.zcfr.work	687 KB
17	jsdelivr.net cdn.jsdelivr.net	260 KB
16	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	251 KB
6	doubleclick.net googleads.g.doubleclick.net	27 KB
4	zhuyl.work cdn.zhuyl.work	102 KB
2	googletagservices.com www.googletagservices.com	64 KB
2	google.com 1 redirects adservice.google.com www.google.com	413 B
1	google.de adservice.google.de	799 B
1	googleadservices.com partner.googleadservices.com	640 B
1	is.gd 1 redirects is.gd	524 B
75	10

	Domain	Requested by
26	oo.cdf.zcfr.work	cdn.zhuyl.work
17	cdn.jsdelivr.net	cdn.zhuyl.work
9	pagead2.googlesyndication.com	cdn.zhuyl.work pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
7	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net
6	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
4	cdn.zhuyl.work	cdn.jsdelivr.net
2	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
1	www.google.com	1 redirects
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	is.gd	1 redirects
75	12

This site contains links to these domains. Also see Links.

Domain
github.com
ogate.org
cdn.jsdelivr.net
testflight.apple.com

Subject Issuer	Validity	Valid
cdn.zhuyl.work DigiCert TLS RSA SHA256 2020 CA1	`2021-05-11` - `2022-05-11`	a year	crt.sh
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2021-05-11` - `2022-03-26`	10 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.cdf.zcfr.work R3	`2021-05-15` - `2021-08-13`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh

This page contains 7 frames:

Primary Page: https://cdn.zhuyl.work/?key=ytrzvqkvmvyaebbm&pin=62546063&ag=c1412454&from=Email-3t
Frame ID: 33809E4875F019A5B06824E0B1A9426C
Requests: 59 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210511/r20190131/zrt_lookup.html
Frame ID: 16BB2C4B8E7F04C5A614C94D7A4867E0
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9887006928691465&output=html&h=160&slotname=4887033834&adk=3443501744&adf=2916214056&pi=t.ma~as.4887033834&w=670&lmt=1621295144&rafmt=12&psa=0&format=670x160&url=https%3A%2F%2Fcdn.zhuyl.work%2F%3Fkey%3Dytrzvqkvmvyaebbm%26pin%3D62546063%26ag%3Dc1412454%26from%3DEmail-3t%23c1412454&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621295144351&bpp=3&bdt=1537&idt=106&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&correlator=6653616150862&frm=20&pv=2&ga_vid=880635197.1621295144&ga_sid=1621295144&ga_hid=1111226654&ga_fc=0&u_tz=120&u_his=3&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=300&ady=68&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C31061139%2C44743003&oid=3&pvsid=1806754547390803&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=256&bc=31&ifi=1&uci=a!1&fsb=1&xpc=yz81ZuMy7w&p=https%3A//cdn.zhuyl.work&dtd=119
Frame ID: 6570FCB2868DC8AFFE1C9DFDF61E37E4
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9887006928691465&output=html&adk=1812271804&adf=3025194257&lmt=1621295144&plat=1%3A16809992%2C2%3A16809992%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fcdn.zhuyl.work%2F%3Fkey%3Dytrzvqkvmvyaebbm%26pin%3D62546063%26ag%3Dc1412454%26from%3DEmail-3t%23c1412454&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621295144356&bpp=1&bdt=1542&idt=119&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=670x160&nras=1&correlator=6653616150862&frm=20&pv=1&ga_vid=880635197.1621295144&ga_sid=1621295144&ga_hid=1111226654&ga_fc=0&u_tz=120&u_his=3&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C31061139%2C44743003&oid=3&pvsid=1806754547390803&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=124
Frame ID: C25985B8463A0790B07ED35070B065C4
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: 728FC7BD1EA84097442C5CCE4B94D227
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: AB03BB73C7F88F7CE3455A38AEC75B23
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/nLZh5JKb4_vODtvfmJ49yJer_4HAQSIF0KjuUH5BuEE.js
Frame ID: FA163A65712A5572ABD7C8F9C7E68097
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://is.gd/a6PnRr HTTP 301
https://cdn.zhuyl.work/?key=ytrzvqkvmvyaebbm&pin=62546063&ag=c1412454&from=Email-3t Page URL

Detected technologies

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

75
Requests

99 %
HTTPS

85 %
IPv6

10
Domains

12
Subdomains

12
IPs

3
Countries

1392 kB
Transfer

2291 kB
Size

1
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://github.com/odoor3/oo/blob/master/README.md
Title: https://x.co/ogate

Search URL Search Domain Scan URL

URL: https://ogate.org/
Title: https://ogate.org

Search URL Search Domain Scan URL

URL: https://cdn.jsdelivr.net/gh/opipe/up/oGatea053.apk
Title: https://x.co/ogatea

Search URL Search Domain Scan URL

URL: https://testflight.apple.com/join/x1bytm91
Title: https://x.co/odisk

Search URL Search Domain Scan URL

URL: https://cdn.jsdelivr.net/gh/opipe/up/oGate.zip
Title: https://x.co/ogatew

Search URL Search Domain Scan URL

URL: https://cdn.jsdelivr.net/gh/opipe/up/oPipea006.apk
Title: https://x.co/ofile

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://is.gd/a6PnRr HTTP 301
https://cdn.zhuyl.work/?key=ytrzvqkvmvyaebbm&pin=62546063&ag=c1412454&from=Email-3t Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 71

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

75 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
cdn.zhuyl.work/
Redirect Chain

https://is.gd/a6PnRr
https://cdn.zhuyl.work/?key=ytrzvqkvmvyaebbm&pin=62546063&ag=c1412454&from=Email-3t

24 KB
24 KB

436ms
265ms

Document
text/html

2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.zhuyl.work/?key=ytrzvqkvmvyaebbm&pin=62546063&ag=c1412454&from=Email-3t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:46::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e33bbc0426a472795015d4f75ef1e6399c7347ee9b4f4448f709cda228c6972f

Request headers

:method: GET
:authority: cdn.zhuyl.work
:scheme: https
:path: /?key=ytrzvqkvmvyaebbm&pin=62546063&ag=c1412454&from=Email-3t
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cache-control: private
content-length: 24504
content-type: text/html; charset=utf-8
age: 0
set-cookie: ASP.NET_SessionId=snw53tq4yifn1s5ghsm0r10l; path=/; HttpOnly; SameSite=Lax
access-control-allow-methods: GET,POST
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
x-azure-ref: 0JgCjYAAAAACJiyF6loRWQ4rKVxO5y+43RlJBRURHRTEwMTEAZjBkMTg2MGMtZTg5NS00ZGMwLTk0NjItNDcyNTgxODhjZTE3
date: Mon, 17 May 2021 23:45:42 GMT

Redirect headers

date: Mon, 17 May 2021 23:45:42 GMT
content-type: text/html; charset=UTF-8
location: https://cdn.zhuyl.work/?key=ytrzvqkvmvyaebbm&pin=62546063&ag=c1412454&from=Email-3t
cf-cache-status: DYNAMIC
cf-request-id: 0a1e51ad7700002c4eb13d8000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=cDKzq6ueJUEHYaHtmvILLHKMJIU6THyFZ%2FRqhQ6OYspKHIS0evpb7wIr3A0zPs%2FozB%2F8l5AK6Edtz9jj7rduP7qtpLvUPEMnc58qYIkbHaiSog%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6510b88f2b562c4e-FRA

GET
H2 200 jquery.min.js Show response
cdn.jsdelivr.net/jquery/1.12.4/ 95 KB
33 KB 27ms
7ms Script
application/javascript 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/jquery/1.12.4/jquery.min.js

Requested by

Host: cdn.zhuyl.work
URL: https://cdn.zhuyl.work/?key=ytrzvqkvmvyaebbm&pin=62546063&ag=c1412454&from=Email-3t

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 3364026
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 33793
etag: W/"17b8b-Wp3PvvZVomaOeLrr6qjcb0HY2rs"
x-served-by: cache-fra19152-FRA, cache-hhn4038-HHN
date: Mon, 17 May 2021 23:45:42 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 141 KB
49 KB 47ms
25ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: cdn.zhuyl.work
URL: https://cdn.zhuyl.work/?key=ytrzvqkvmvyaebbm&pin=62546063&ag=c1412454&from=Email-3t

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

51347e5b4036f4ff0a92ba97e5daef833e73439c5a3ff34e530179da33082cc0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 23:45:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49781
x-xss-protection: 0
server: cafe
etag: 6222799596991222010
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 17 May 2021 23:45:42 GMT

GET
H2 200 video-js.min.css
cdn.jsdelivr.net/npm/video.js@7.5.4/dist/ 38 KB
10 KB 29ms
9ms Stylesheet
text/css 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/video.js@7.5.4/dist/video-js.min.css

Requested by

Host: cdn.zhuyl.work
URL: https://cdn.zhuyl.work/?key=ytrzvqkvmvyaebbm&pin=62546063&ag=c1412454&from=Email-3t

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4c92903d5602f1c1419e9c647f0db022d425efaaa580d9849e9b6132cb1020f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 2038297
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 10058
etag: W/"99db-5b/8ZeREdPbiHQMNY2w/T2ZXIWQ"
x-served-by: cache-fra19173-FRA, cache-hhn4038-HHN
date: Mon, 17 May 2021 23:45:42 GMT
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 video.min.js Show response
cdn.jsdelivr.net/npm/video.js@7.5.4/dist/ 491 KB
136 KB 32ms
12ms Script
application/javascript 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/video.js@7.5.4/dist/video.min.js

Requested by

Host: cdn.zhuyl.work
URL: https://cdn.zhuyl.work/?key=ytrzvqkvmvyaebbm&pin=62546063&ag=c1412454&from=Email-3t

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

28f8caf26badf2274bd265900e35c16e0cff6866212749ec2e2c239d85607304

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 4664484
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 139327
etag: W/"7ab5d-gAq0PLBbzjkXClaioUD8OFynTd0"
x-served-by: cache-fra19148-FRA, cache-hhn4038-HHN
date: Mon, 17 May 2021 23:45:42 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 oo.aspx Show response
cdn.zhuyl.work/ 24 KB
24 KB 358ms
358ms XHR
text/html 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.zhuyl.work/oo.aspx?name=get_ooshow&ag=ogHead&road=&lang=&qqpqhceytdkiypej=dkfccmnpxnzldoqy&sign=d72dbb815306f840b5bb0a583eee98f2ab6cc1b6
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/jquery/1.12.4/jquery.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:46::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 1beb8b76fda55e56274d09d8245a94fe3d09457ccdf2c75c20794b6cbf85a150

Request headers

sec-fetch-mode: cors
accept-encoding: gzip, deflate, br
accept-language: en-US
x-requested-with: XMLHttpRequest
sec-fetch-dest: empty
cookie: ASP.NET_SessionId=snw53tq4yifn1s5ghsm0r10l
:path: /oo.aspx?name=get_ooshow&ag=ogHead&road=&lang=&qqpqhceytdkiypej=dkfccmnpxnzldoqy&sign=d72dbb815306f840b5bb0a583eee98f2ab6cc1b6
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/plain, */*; q=0.01
cache-control: no-cache
:authority: cdn.zhuyl.work
referer: https://cdn.zhuyl.work/?key=ytrzvqkvmvyaebbm&pin=62546063&ag=c1412454&from=Email-3t
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: text/plain, */*; q=0.01
Referer: https://cdn.zhuyl.work/?key=ytrzvqkvmvyaebbm&pin=62546063&ag=c1412454&from=Email-3t
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 23:45:42 GMT
age: 1
x-azure-ref: 0JgCjYAAAAADAfjUBPl+NTYd9/wnOAOFJRlJBRURHRTEwMTEAZjBkMTg2MGMtZTg5NS00ZGMwLTk0NjItNDcyNTgxODhjZTE3
access-control-allow-methods: GET,POST
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: private
x-cache: CONFIG_NOCACHE
content-length: 24468

GET
H2 206 ring.mp3
cdn.jsdelivr.net/gh/opipe/up/_/ 8 KB
8 KB 6ms
6ms Media
audio/mpeg 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/opipe/up/_/ring.mp3

Requested by

Host: cdn.zhuyl.work
URL: https://cdn.zhuyl.work/?key=ytrzvqkvmvyaebbm&pin=62546063&ag=c1412454&from=Email-3t

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

f3116c8beb53ebc033eca6ea375e888c61da0144f312cf2b3a9e1a3de6f3a132

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdn.zhuyl.work/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
age: 11347
x-cache: HIT, HIT
Content-Range: bytes 0-8492/8493
cross-origin-resource-policy: cross-origin
Content-Length: 8493
etag: W/"212d-15R2KdNJWUT9DbmH8XETKDLZcsY"
x-served-by: cache-fra19132-FRA, cache-hhn4038-HHN
date: Mon, 17 May 2021 23:45:42 GMT
vary: Accept-Encoding
content-type: audio/mpeg
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
BLOB 200
OK ad2c4c3e-305d-40d4-9f5b-65a9d7925b55
https://cdn.zhuyl.work/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://cdn.zhuyl.work/ad2c4c3e-305d-40d4-9f5b-65a9d7925b55
Requested by: Host: cdn.zhuyl.work
URL: https://cdn.zhuyl.work/?key=ytrzvqkvmvyaebbm&pin=62546063&ag=c1412454&from=Email-3t
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210511/r20190131/ Frame 16BB 10 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210511/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a5cb642ef22434a24612329870579fbb272cb9fa7475360035596ea56fb0431a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210511/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cdn.zhuyl.work/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cdn.zhuyl.work/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 17 May 2021 20:20:17 GMT
expires: Mon, 31 May 2021 20:20:17 GMT
content-type: text/html; charset=UTF-8
etag: 10446291943670460780
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4644
x-xss-protection: 0
age: 12325
cache-control: public, max-age=1209600
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 oo.aspx Show response
cdn.zhuyl.work/ 778 B
925 B 255ms
254ms XHR
text/html 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.zhuyl.work/oo.aspx?name=get_ooshow&ag=ogFoot&road=&lang=&qqpqhceytdkiypej=dkfccmnpxnzldoqy&from=Email-3t&sign=d72dbb815306f840b5bb0a583eee98f2ab6cc1b6
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/jquery/1.12.4/jquery.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:46::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 424d5b8343dbb0498c48e2f296ca1f1ea5eb325eaa35689e00b1d60ae717cb20

Request headers

sec-fetch-mode: cors
accept-encoding: gzip, deflate, br
accept-language: en-US
x-requested-with: XMLHttpRequest
sec-fetch-dest: empty
cookie: ASP.NET_SessionId=snw53tq4yifn1s5ghsm0r10l
:path: /oo.aspx?name=get_ooshow&ag=ogFoot&road=&lang=&qqpqhceytdkiypej=dkfccmnpxnzldoqy&from=Email-3t&sign=d72dbb815306f840b5bb0a583eee98f2ab6cc1b6
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/plain, */*; q=0.01
cache-control: no-cache
:authority: cdn.zhuyl.work
referer: https://cdn.zhuyl.work/?key=ytrzvqkvmvyaebbm&pin=62546063&ag=c1412454&from=Email-3t
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: text/plain, */*; q=0.01
Referer: https://cdn.zhuyl.work/?key=ytrzvqkvmvyaebbm&pin=62546063&ag=c1412454&from=Email-3t
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 23:45:43 GMT
age: 0
x-azure-ref: 0JwCjYAAAAADWcm9ESTmNT5cDml5U3VYKRlJBRURHRTEwMTEAZjBkMTg2MGMtZTg5NS00ZGMwLTk0NjItNDcyNTgxODhjZTE3
access-control-allow-methods: GET,POST
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: private
x-cache: CONFIG_NOCACHE
content-length: 778

GET
H/1.1 200
OK !ad!KI!jl!aj!jd!XC.png
oo.cdf.zcfr.work/hpolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverlllg.ge.wn.lMC/!ad!KI!jl!ad!XK!jj/!ad!KI!jl!aj!jd!XC/ 4 KB
5 KB 2704ms
296ms Image
image/png 111.255.128.31
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://oo.cdf.zcfr.work/hpolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverlllg.ge.wn.lMC/!ad!KI!jl!ad!XK!jj/!ad!KI!jl!aj!jd!XC/!ad!KI!jl!aj!jd!XC.png
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 111.255.128.31 Tainan City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 111-255-128-31.dynamic-ip.hinet.net
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 7e7d6987a68d87696fc83ffdf2af786f52f84ad77cb045ecf145072fa791404d

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 23:45:42 GMT
ETag: "2421ab832748d71:0"
Last-Modified: Thu, 13 May 2021 18:40:58 GMT
Server: Microsoft-IIS/7.5
Age: 3
X-Powered-By: ASP.NET
Access-Control-Allow-Methods: GET,POST
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4423

GET
H2 200 more.png
cdn.jsdelivr.net/gh/opipe/up/_/ 6 KB
6 KB 9ms
6ms Image
image/png 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.jsdelivr.net/gh/opipe/up/_/more.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

b277d061fc92f08321bf0f558a4c7ed879ba0da0969a813fa9fca51979be320a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
age: 17542
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 6325
etag: W/"18b5-oCvNFmF0198ncKgDnbivP0Wqhf0"
x-served-by: cache-fra19181-FRA, cache-hhn4038-HHN
date: Mon, 17 May 2021 23:45:43 GMT
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 find.png
cdn.jsdelivr.net/gh/opipe/up/_/ 4 KB
4 KB 9ms
6ms Image
image/png 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.jsdelivr.net/gh/opipe/up/_/find.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

9da0036ced33b7a0613d806d012aac4f7b1dbdc3887f0e746b1644b40bd3b711

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
age: 24915
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 4103
etag: W/"1007-2GgENIPzAlM/c3dw7/1cstH6JYg"
x-served-by: cache-fra19181-FRA, cache-hhn4038-HHN
date: Mon, 17 May 2021 23:45:43 GMT
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 time.png
cdn.jsdelivr.net/gh/opipe/up/_/ 14 KB
14 KB 11ms
8ms Image
image/png 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.jsdelivr.net/gh/opipe/up/_/time.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

7267e1b29354fc0261b3f0ab37193a2a0bcabe52fc54f0dc31fb39d5fa115254

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
age: 817
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 14155
etag: W/"374b-un/N1Fy1eMhfWM7lCo41OaTbH4E"
x-served-by: cache-fra19144-FRA, cache-hhn4038-HHN
date: Mon, 17 May 2021 23:45:43 GMT
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H/1.1 200
OK !SX!U3!U9!Su!Pk!Pu.png
oo.cdf.zcfr.work/hpolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhver96Qwh.63xga.6QI/!Su!U3!k9!Su!hU!kk/!Su!U3!k9!Sk!ku!hP/ 2 KB
2 KB 2722ms
282ms Image
image/png 111.255.128.31
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://oo.cdf.zcfr.work/hpolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhver96Qwh.63xga.6QI/!Su!U3!k9!Su!hU!kk/!Su!U3!k9!Sk!ku!hP/!SX!U3!U9!Su!Pk!Pu.png
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 111.255.128.31 Tainan City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 111-255-128-31.dynamic-ip.hinet.net
Software: Microsoft-IIS/7.5 /
Resource Hash: 56f2aff7b1c4034bb1e16bd7893bc69d97b7aaddae7393af2fdfc774033011e7

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 23:41:45 GMT
Last-Modified: Sat, 06 Apr 2019 12:27:43 GMT
Server: Microsoft-IIS/7.5
Age: 240
ETag: "3c7d1f2274ecd41:0"
Access-Control-Allow-Methods: GET,POST
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1815

GET
H/1.1 200
OK !vh!8u!zu!vm!eL!8N.png
oo.cdf.zcfr.work/hpolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverNVGZ8.VLjdS.VG3/!vn!zL!eN!vn!8z!ee/!vn!zL!eN!ve!en!8s/ 2 KB
3 KB 2826ms
303ms Image
image/png 111.255.128.31
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://oo.cdf.zcfr.work/hpolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverNVGZ8.VLjdS.VG3/!vn!zL!eN!vn!8z!ee/!vn!zL!eN!ve!en!8s/!vh!8u!zu!vm!eL!8N.png
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 111.255.128.31 Tainan City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 111-255-128-31.dynamic-ip.hinet.net
Software: Microsoft-IIS/7.5 /
Resource Hash: 49d93b1815f356ac5f6de7320aca6e6bf231e4846a4d3cfdb3a054231b25ec7e

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 23:43:15 GMT
Last-Modified: Sat, 06 Apr 2019 12:11:14 GMT
Server: Microsoft-IIS/7.5
Age: 150
ETag: "7346c6d471ecd41:0"
Access-Control-Allow-Methods: GET,POST
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2202

GET
H2 200 full.png
cdn.jsdelivr.net/gh/opipe/up/_/ 4 KB
4 KB 9ms
6ms Image
image/png 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.jsdelivr.net/gh/opipe/up/_/full.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

b5f320a8115bf167e7aafc3cf2e11a65d20da3f489a7cadd02e5cf721ce4583e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
age: 13017
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 4076
etag: W/"fec-YnBX/3gZSARNlr4Wy3lDjhr7XW4"
x-served-by: cache-fra19179-FRA, cache-hhn4038-HHN
date: Mon, 17 May 2021 23:45:43 GMT
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H/1.1 200
OK !Cn!O4!OO!CX!H5!O8.png
oo.cdf.zcfr.work/hpolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhver5B1RH.BMkuv.B1L/!C0!OM!X5!C0!HO!XX/!C0!OM!X5!CX!X0!H4/ 1 KB
2 KB 2877ms
286ms Image
image/png 111.255.128.31
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://oo.cdf.zcfr.work/hpolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhver5B1RH.BMkuv.B1L/!C0!OM!X5!C0!HO!XX/!C0!OM!X5!CX!X0!H4/!Cn!O4!OO!CX!H5!O8.png
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 111.255.128.31 Tainan City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 111-255-128-31.dynamic-ip.hinet.net
Software: Microsoft-IIS/7.5 /
Resource Hash: 1192b774fa0b66c8ac25459a0f524d18d33996947356a442231d9b396a7fe2ba

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 23:13:40 GMT
Last-Modified: Mon, 29 Apr 2019 18:42:52 GMT
Server: Microsoft-IIS/7.5
Age: 1925
ETag: "f478f159bbfed41:0"
Access-Control-Allow-Methods: GET,POST
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1298

GET
H/1.1 200
OK !Pi!oH!7k!P7!t2!77.png
oo.cdf.zcfr.work/hpolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhveraQxyt.QwenC.QxM/!P2!ow!ha!P2!to!hh/!P2!ow!ha!Ph!h2!t7/ 576 B
937 B 2941ms
287ms Image
image/png 111.255.128.31
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://oo.cdf.zcfr.work/hpolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhveraQxyt.QwenC.QxM/!P2!ow!ha!P2!to!hh/!P2!ow!ha!Ph!h2!t7/!Pi!oH!7k!P7!t2!77.png
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 111.255.128.31 Tainan City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 111-255-128-31.dynamic-ip.hinet.net
Software: Microsoft-IIS/7.5 /
Resource Hash: 184dcb69f3d4227fedcf4b63adbe9d6430d05c0602c21e271ad86dbe10a2678d

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 23:13:40 GMT
Last-Modified: Mon, 29 Apr 2019 18:44:04 GMT
Server: Microsoft-IIS/7.5
Age: 1926
ETag: "141f3385bbfed41:0"
Access-Control-Allow-Methods: GET,POST
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 576

GET
H/1.1 200
OK !s8!IK!8F!s2!De!FS.png
oo.cdf.zcfr.work/hpolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverSGjKF.GZX0P.Gjw/!sW!DZ!8S!sW!FD!88/!sW!DZ!8S!s8!8W!FI/ 2 KB
3 KB 2941ms
285ms Image
image/png 111.255.128.31
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://oo.cdf.zcfr.work/hpolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverSGjKF.GZX0P.Gjw/!sW!DZ!8S!sW!FD!88/!sW!DZ!8S!s8!8W!FI/!s8!IK!8F!s2!De!FS.png
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 111.255.128.31 Tainan City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 111-255-128-31.dynamic-ip.hinet.net
Software: Microsoft-IIS/7.5 /
Resource Hash: 8e4df60233506a336416138fd60b230c33c97dbf3cc8988ea63184f8c64894e6

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 23:17:29 GMT
Last-Modified: Wed, 04 Mar 2020 00:50:58 GMT
Server: Microsoft-IIS/7.5
Age: 1697
ETag: "677ac6f7bef1d51:0"
Access-Control-Allow-Methods: GET,POST
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2523

GET
H/1.1 200
OK !4W!Y3!gg!4W!Yg!Yg.png
oo.cdf.zcfr.work/hpolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverv1kUg.1Rh2s.1kZ/!4c!YR!Hv!4c!gY!HH/!4c!YR!Hv!4H!Hc!g3/ 567 B
928 B 1441ms
283ms Image
image/png 111.255.128.31
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://oo.cdf.zcfr.work/hpolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverv1kUg.1Rh2s.1kZ/!4c!YR!Hv!4c!gY!HH/!4c!YR!Hv!4H!Hc!g3/!4W!Y3!gg!4W!Yg!Yg.png
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 111.255.128.31 Tainan City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 111-255-128-31.dynamic-ip.hinet.net
Software: Microsoft-IIS/7.5 /
Resource Hash: 963e832c204da498b2d498e2788ad9235da87aaffdd02e8bcda5d793f14a0521

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 23:13:40 GMT
Last-Modified: Mon, 29 Apr 2019 18:42:32 GMT
Server: Microsoft-IIS/7.5
Age: 1924
ETag: "f46b394ebbfed41:0"
Access-Control-Allow-Methods: GET,POST
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 567

GET
H/1.1 200
OK !6D!O9!gq!6N!QO!QN.png
oo.cdf.zcfr.work/hpolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverqMRhY.MkUlJ.MRj/!6N!gk!Oq!6N!Yg!OO/!6N!gk!Oq!6O!ON!YQ/ 29 KB
30 KB 1449ms
287ms Image
image/png 111.255.128.31
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://oo.cdf.zcfr.work/hpolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverqMRhY.MkUlJ.MRj/!6N!gk!Oq!6N!Yg!OO/!6N!gk!Oq!6O!ON!YQ/!6D!O9!gq!6N!QO!QN.png
Requested by: Host: cdn.zhuyl.work
URL: https://cdn.zhuyl.work/?key=ytrzvqkvmvyaebbm&pin=62546063&ag=c1412454&from=Email-3t
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 111.255.128.31 Tainan City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 111-255-128-31.dynamic-ip.hinet.net
Software: Microsoft-IIS/7.5 /
Resource Hash: f66abdc093a56214347f3f4d996753096798db9ae7a69971c712df903232d5f4

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 23:19:08 GMT
Last-Modified: Wed, 20 Feb 2019 00:13:21 GMT
Server: Microsoft-IIS/7.5
Age: 1596
ETag: "32f7ca16b1c8d41:0"
Access-Control-Allow-Methods: GET,POST
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 29977

GET
H/1.1 200
OK !Vc!oH!re!Vc!oN!dV.png
oo.cdf.zcfr.work/hpolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverpwy8r.wez96.wyk/!V5!de!op!V5!rd!oo/!V5!de!op!Vo!o5!rG/ 844 B
1 KB 1433ms
285ms Image
image/png 111.255.128.31
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://oo.cdf.zcfr.work/hpolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverpwy8r.wez96.wyk/!V5!de!op!V5!rd!oo/!V5!de!op!Vo!o5!rG/!Vc!oH!re!Vc!oN!dV.png
Requested by: Host: cdn.zhuyl.work
URL: https://cdn.zhuyl.work/?key=ytrzvqkvmvyaebbm&pin=62546063&ag=c1412454&from=Email-3t
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 111.255.128.31 Tainan City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 111-255-128-31.dynamic-ip.hinet.net
Software: Microsoft-IIS/7.5 /
Resource Hash: 59235e2ffea0288c34c7d208a63dad29e34210144fee438a01ea978bc0cde31c

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 23:19:08 GMT
Last-Modified: Tue, 19 Feb 2019 23:57:50 GMT
Server: Microsoft-IIS/7.5
Age: 1596
ETag: "2765f5ebaec8d41:0"
Access-Control-Allow-Methods: GET,POST
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 844

GET
H2 200 oo.aspx Show response
cdn.zhuyl.work/ 53 KB
53 KB 703ms
703ms XHR
text/html 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.zhuyl.work/oo.aspx?name=get_ooshow&ag=c1412454&road=&lang=&qqpqhceytdkiypej=dkfccmnpxnzldoqy&sign=d72dbb815306f840b5bb0a583eee98f2ab6cc1b6
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/jquery/1.12.4/jquery.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:46::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3e00e4eccbdd5395f653a82be6c208bbf01554a23c16699fd4c47cdc8398e43

Request headers

sec-fetch-mode: cors
accept-encoding: gzip, deflate, br
accept-language: en-US
x-requested-with: XMLHttpRequest
sec-fetch-dest: empty
cookie: ASP.NET_SessionId=snw53tq4yifn1s5ghsm0r10l
:path: /oo.aspx?name=get_ooshow&ag=c1412454&road=&lang=&qqpqhceytdkiypej=dkfccmnpxnzldoqy&sign=d72dbb815306f840b5bb0a583eee98f2ab6cc1b6
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/plain, */*; q=0.01
cache-control: no-cache
:authority: cdn.zhuyl.work
referer: https://cdn.zhuyl.work/?key=ytrzvqkvmvyaebbm&pin=62546063&ag=c1412454&from=Email-3t
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: text/plain, */*; q=0.01
Referer: https://cdn.zhuyl.work/?key=ytrzvqkvmvyaebbm&pin=62546063&ag=c1412454&from=Email-3t
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 23:45:43 GMT
age: 1
x-azure-ref: 0JwCjYAAAAACEl6OOF3i6SJQwuwyQeHKfRlJBRURHRTEwMTEAZjBkMTg2MGMtZTg5NS00ZGMwLTk0NjItNDcyNTgxODhjZTE3
access-control-allow-methods: GET,POST
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: private
x-cache: CONFIG_NOCACHE
content-length: 54032

GET
H2 200 more.png
cdn.jsdelivr.net/gh/opipe/up/_/ 6 KB
6 KB 6ms
5ms Image
image/png 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.jsdelivr.net/gh/opipe/up/_/more.png

Requested by

Host: cdn.zhuyl.work
URL: https://cdn.zhuyl.work/?key=ytrzvqkvmvyaebbm&pin=62546063&ag=c1412454&from=Email-3t

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

b277d061fc92f08321bf0f558a4c7ed879ba0da0969a813fa9fca51979be320a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
age: 17543
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 6325
etag: W/"18b5-oCvNFmF0198ncKgDnbivP0Wqhf0"
x-served-by: cache-fra19181-FRA, cache-hhn4038-HHN
date: Mon, 17 May 2021 23:45:44 GMT
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 find.png
cdn.jsdelivr.net/gh/opipe/up/_/ 4 KB
4 KB 8ms
7ms Image
image/png 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.jsdelivr.net/gh/opipe/up/_/find.png

Requested by

Host: cdn.zhuyl.work
URL: https://cdn.zhuyl.work/?key=ytrzvqkvmvyaebbm&pin=62546063&ag=c1412454&from=Email-3t

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

9da0036ced33b7a0613d806d012aac4f7b1dbdc3887f0e746b1644b40bd3b711

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
age: 24916
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 4103
etag: W/"1007-2GgENIPzAlM/c3dw7/1cstH6JYg"
x-served-by: cache-fra19181-FRA, cache-hhn4038-HHN
date: Mon, 17 May 2021 23:45:44 GMT
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 time.png
cdn.jsdelivr.net/gh/opipe/up/_/ 14 KB
14 KB 7ms
6ms Image
image/png 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.jsdelivr.net/gh/opipe/up/_/time.png

Requested by

Host: cdn.zhuyl.work
URL: https://cdn.zhuyl.work/?key=ytrzvqkvmvyaebbm&pin=62546063&ag=c1412454&from=Email-3t

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

7267e1b29354fc0261b3f0ab37193a2a0bcabe52fc54f0dc31fb39d5fa115254

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
age: 818
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 14155
etag: W/"374b-un/N1Fy1eMhfWM7lCo41OaTbH4E"
x-served-by: cache-fra19144-FRA, cache-hhn4038-HHN
date: Mon, 17 May 2021 23:45:44 GMT
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 full.png
cdn.jsdelivr.net/gh/opipe/up/_/ 4 KB
4 KB 8ms
7ms Image
image/png 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.jsdelivr.net/gh/opipe/up/_/full.png

Requested by

Host: cdn.zhuyl.work
URL: https://cdn.zhuyl.work/?key=ytrzvqkvmvyaebbm&pin=62546063&ag=c1412454&from=Email-3t

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

b5f320a8115bf167e7aafc3cf2e11a65d20da3f489a7cadd02e5cf721ce4583e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
age: 13018
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 4076
etag: W/"fec-YnBX/3gZSARNlr4Wy3lDjhr7XW4"
x-served-by: cache-fra19179-FRA, cache-hhn4038-HHN
date: Mon, 17 May 2021 23:45:44 GMT
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210511/r20190131/ 223 KB
82 KB 80ms
64ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210511/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9887006928691465&plah=cdn.zhuyl.work&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

66f661926ae6c1e13c6b2169733476eb03b9be46e333e5f81eab69a5b0d27ace

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 23:45:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 84097
x-xss-protection: 0
server: cafe
etag: 12558658968377452156
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 17 May 2021 23:45:44 GMT

GET
H/1.1 200
OK !7T!ry!tC!7t!tT!dL.png
oo.cdf.zcfr.work/hpolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverCCCc.cg.OA.CzL/!7T!ry!tC!7T!dr!tt/!7T!ry!tC!7t!tT!dL/ 4 KB
5 KB 1561ms
297ms Image
image/png 111.255.128.31
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://oo.cdf.zcfr.work/hpolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverCCCc.cg.OA.CzL/!7T!ry!tC!7T!dr!tt/!7T!ry!tC!7t!tT!dL/!7T!ry!tC!7t!tT!dL.png
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 111.255.128.31 Tainan City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 111-255-128-31.dynamic-ip.hinet.net
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 7e7d6987a68d87696fc83ffdf2af786f52f84ad77cb045ecf145072fa791404d

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 23:45:42 GMT
ETag: "2421ab832748d71:0"
Last-Modified: Thu, 13 May 2021 18:40:58 GMT
Server: Microsoft-IIS/7.5
Age: 3
X-Powered-By: ASP.NET
Access-Control-Allow-Methods: GET,POST
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4423

GET
H/1.1 200
OK !Id!mK!mP!Ib!MF!Mb.png
oo.cdf.zcfr.work/hpolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverPjXOu.jKHc7.jXy/!Ib!mK!FP!Ib!um!FF/!Ib!mK!FP!IF!Fb!uM/ 2 KB
2 KB 1565ms
285ms Image
image/png 111.255.128.31
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://oo.cdf.zcfr.work/hpolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverPjXOu.jKHc7.jXy/!Ib!mK!FP!Ib!um!FF/!Ib!mK!FP!IF!Fb!uM/!Id!mK!mP!Ib!MF!Mb.png
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 111.255.128.31 Tainan City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 111-255-128-31.dynamic-ip.hinet.net
Software: Microsoft-IIS/7.5 /
Resource Hash: 56f2aff7b1c4034bb1e16bd7893bc69d97b7aaddae7393af2fdfc774033011e7

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 23:41:45 GMT
Last-Modified: Sat, 06 Apr 2019 12:27:43 GMT
Server: Microsoft-IIS/7.5
Age: 240
ETag: "3c7d1f2274ecd41:0"
Access-Control-Allow-Methods: GET,POST
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1815

GET
H/1.1 200
OK !3u!nb!fb!3a!gU!ns.png
oo.cdf.zcfr.work/hpolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverskhon.kUtTI.khK/!3A!fU!gs!3A!nf!gg/!3A!fU!gs!3g!gA!nw/ 2 KB
3 KB 1429ms
303ms Image
image/png 111.255.128.31
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://oo.cdf.zcfr.work/hpolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverskhon.kUtTI.khK/!3A!fU!gs!3A!nf!gg/!3A!fU!gs!3g!gA!nw/!3u!nb!fb!3a!gU!ns.png
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 111.255.128.31 Tainan City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 111-255-128-31.dynamic-ip.hinet.net
Software: Microsoft-IIS/7.5 /
Resource Hash: 49d93b1815f356ac5f6de7320aca6e6bf231e4846a4d3cfdb3a054231b25ec7e

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 23:43:15 GMT
Last-Modified: Sat, 06 Apr 2019 12:11:14 GMT
Server: Microsoft-IIS/7.5
Age: 150
ETag: "7346c6d471ecd41:0"
Access-Control-Allow-Methods: GET,POST
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2202

GET
H/1.1 200
OK _.g.jpg
oo.cdf.zcfr.work/hpolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverSGjKF.GZX0P.Gjw/!sW!DZ!8S!sW!FD!88/ 7 KB
7 KB 1480ms
286ms Image
image/jpeg 111.255.128.31
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://oo.cdf.zcfr.work/hpolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverSGjKF.GZX0P.Gjw/!sW!DZ!8S!sW!FD!88/_.g.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 111.255.128.31 Tainan City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 111-255-128-31.dynamic-ip.hinet.net
Software: Microsoft-IIS/7.5 /
Resource Hash: 83d7d65a62d74268d9d983729ae5a1b8d48ab6362bf268933bb01970c827e4f7

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 23:21:01 GMT
Last-Modified: Mon, 28 Dec 2020 19:43:44 GMT
Server: Microsoft-IIS/7.5
Age: 1484
ETag: "becd81c051ddd61:0"
Access-Control-Allow-Methods: GET,POST
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7178

GET
H2 200 kick.png
cdn.jsdelivr.net/gh/opipe/up/_/ 4 KB
4 KB 10ms
5ms Image
image/png 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.jsdelivr.net/gh/opipe/up/_/kick.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

8d81e71a6609af03be4b6de4fdf7ce5557ad659b955e049fccb498e6545ce591

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
age: 5404
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 4029
etag: W/"fbd-87XW3YK6tws2rDSDbp/c3raWh50"
x-served-by: cache-fra19160-FRA, cache-hhn4038-HHN
date: Mon, 17 May 2021 23:45:44 GMT
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 hold.png
cdn.jsdelivr.net/gh/opipe/up/_/ 4 KB
4 KB 12ms
7ms Image
image/png 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.jsdelivr.net/gh/opipe/up/_/hold.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

93a17979420b9be60d82ff17c2834106b32a847d1048153f658eca0d104a1183

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
age: 18755
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 3880
etag: W/"f28-1usq7+kb8eKC7SCYiHsxU+Lucmg"
x-served-by: cache-fra19164-FRA, cache-hhn4038-HHN
date: Mon, 17 May 2021 23:45:44 GMT
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 like.png
cdn.jsdelivr.net/gh/opipe/up/_/ 3 KB
3 KB 11ms
7ms Image
image/png 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.jsdelivr.net/gh/opipe/up/_/like.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

b0b8e5104f543c2fc6033cb0fb4f5fedba5e30abf2a0bb4b75b2dcce751a0794

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
age: 33716
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 2675
etag: W/"a73-itpvwP+imds/r0AILRL6ayHqvv0"
x-served-by: cache-fra19142-FRA, cache-hhn4038-HHN
date: Mon, 17 May 2021 23:45:44 GMT
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 view.png
cdn.jsdelivr.net/gh/opipe/up/_/ 1 KB
2 KB 12ms
8ms Image
image/png 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.jsdelivr.net/gh/opipe/up/_/view.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

5749adf386d0afc1beec052bfb4b1419b8d40dfdc0a8715652140a29b0e2dfd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
age: 15177
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 1531
etag: W/"5fb-Jk1OSzHRhofb5aau0X69S0hdHkw"
x-served-by: cache-fra19166-FRA, cache-hhn4038-HHN
date: Mon, 17 May 2021 23:45:44 GMT
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 page.png
cdn.jsdelivr.net/gh/opipe/up/_/ 3 KB
3 KB 12ms
8ms Image
image/png 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.jsdelivr.net/gh/opipe/up/_/page.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a3ec0227f9833e488baa31e46871b883ef1c5ece5df1c0057b24e6e6b27658ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
age: 16141
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 2745
etag: W/"ab9-IWSY9L8OJlepIkM6GCplUIMxwp8"
x-served-by: cache-fra19173-FRA, cache-hhn4038-HHN
date: Mon, 17 May 2021 23:45:44 GMT
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H/1.1 200
OK 5N5RNqRGNRxbNqGx3.jpg
oo.cdf.zcfr.work/hsolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverR2R.pCdTldep9f.Sd2/l4TdpiWcTz/5N5R/NqRG/ 145 KB
146 KB 386ms
286ms Image
image/jpeg 111.255.128.31
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://oo.cdf.zcfr.work/hsolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverR2R.pCdTldep9f.Sd2/l4TdpiWcTz/5N5R/NqRG/5N5RNqRGNRxbNqGx3.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 111.255.128.31 Tainan City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 111-255-128-31.dynamic-ip.hinet.net
Software: cloudflare /
Resource Hash: 45842613190fa886f96aa0b59c139718fbc7fbbb47a9a7477242e13c10edea60

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 23:29:37 GMT
CF-Cache-Status: HIT
NEL: {"report_to":"cf-nel","max_age":604800}
Age: 63747
Cf-Polished: origSize=153798, status=webp_bigger
Connection: keep-alive
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 148567
cf-request-id: 0a1e42f41f0000367851bf6000000001
Last-Modified: Mon, 17 May 2021 05:39:05 GMT
Server: cloudflare
ETag: "60a20179-258c6"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=esuncEPpt1eihDVfI0hiqNjxBwR0D9wxIpF69WS3a%2B4SHqsg%2FoOPpc00ywyJz%2FVn5e3Fyf4kk%2Bw9nuv4ne99xV5z7eAyOMLoRQ%2FkCl%2B%2FUdT7zg%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
CF-RAY: 6510a1002c7c3678-LAX
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK wMwMlwweOW9aJKQX13II.A.jpg
oo.cdf.zcfr.work/hpolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverlJBjR.J7Xsa.WJB5/qO3/ 4 KB
4 KB 1119ms
303ms Image
image/jpeg 111.255.128.31
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://oo.cdf.zcfr.work/hpolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverlJBjR.J7Xsa.WJB5/qO3/wMwMlwweOW9aJKQX13II.A.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 111.255.128.31 Tainan City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 111-255-128-31.dynamic-ip.hinet.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: abc9b57f9d8a704106a539748cb5e821c4c873f09992c1626035ae353a47a6fd

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 23:15:05 GMT
ETag: "dec460f640dad61:0"
Last-Modified: Thu, 24 Dec 2020 22:06:00 GMT
Server: Microsoft-IIS/10.0
Age: 1840
X-Powered-By: ASP.NET
Access-Control-Allow-Methods: GET,POST
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3946

GET
H/1.1 200
OK 7yAGYpLaEy51LGp1aY-QQ-yLayayjy1GGyY.jpeg
oo.cdf.zcfr.work/hsolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhveryTWi.Qu9NlucDu7O.u2i/a5ay-5p/ 9 KB
10 KB 1163ms
447ms Image
image/webp 111.255.128.31
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://oo.cdf.zcfr.work/hsolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhveryTWi.Qu9NlucDu7O.u2i/a5ay-5p/7yAGYpLaEy51LGp1aY-QQ-yLayayjy1GGyY.jpeg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 111.255.128.31 Tainan City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 111-255-128-31.dynamic-ip.hinet.net
Software: cloudflare /
Resource Hash: 5e587b2192e4cb60a4fc181853efb47452da7e22f81677efc66acdf644804b47

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 23:45:45 GMT
CF-Cache-Status: HIT
Age: 81766
Cf-Polished: qual=85, origFmt=jpeg, origSize=16059
Content-Disposition: inline; filename="p1948562a107645728-ss-1621213174418.webp"
Connection: keep-alive
Content-Length: 9102
cf-request-id: 0a1e51b947000042bdeb037000000001
Last-Modified: Mon, 17 May 2021 00:59:54 GMT
Server: cloudflare
ETag: "60a1c00a-3ebb"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept
Content-Type: image/webp
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=259200
Accept-Ranges: bytes
CF-RAY: 6510b8a2088d42bd-LAX
Cf-Bgj: imgq:85,h2pri

GET
H/1.1 200
OK wMwMlwwe8x51OWNzB3NK.A.jpg
oo.cdf.zcfr.work/hpolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverlJBjR.J7Xsa.WJB5/qO3/ 3 KB
4 KB 1309ms
283ms Image
image/jpeg 111.255.128.31
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://oo.cdf.zcfr.work/hpolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverlJBjR.J7Xsa.WJB5/qO3/wMwMlwwe8x51OWNzB3NK.A.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 111.255.128.31 Tainan City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 111-255-128-31.dynamic-ip.hinet.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: a3638e145c0dd12d424ee8009bdfa0285b3b924aed87a4ff2ec422442225eb2a

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 23:15:05 GMT
ETag: "f4b889a43adad61:0"
Last-Modified: Thu, 24 Dec 2020 21:20:45 GMT
Server: Microsoft-IIS/10.0
Age: 1840
X-Powered-By: ASP.NET
Access-Control-Allow-Methods: GET,POST
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3573

GET
H/1.1 200
OK SaSKaEKxKaEaKEqqM.jpg
oo.cdf.zcfr.work/hsolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverKcK.JsnANnhJ5l.Cnc/NIAnJ9TbAo/SaSK/aEKx/ 36 KB
37 KB 419ms
304ms Image
image/jpeg 111.255.128.31
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://oo.cdf.zcfr.work/hsolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverKcK.JsnANnhJ5l.Cnc/NIAnJ9TbAo/SaSK/aEKx/SaSKaEKxKaEaKEqqM.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 111.255.128.31 Tainan City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 111-255-128-31.dynamic-ip.hinet.net
Software: cloudflare /
Resource Hash: 9e8559fccb1c2caeeba360b0f3bf2a41174b3a3f06e66707b841786dcf0e18d7

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 23:32:33 GMT
CF-Cache-Status: HIT
NEL: {"report_to":"cf-nel","max_age":604800}
Age: 30877
Cf-Polished: origSize=38138, status=webp_bigger
Connection: keep-alive
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 36675
cf-request-id: 0a1e45a43f00003678a13e9000000001
Last-Modified: Mon, 17 May 2021 14:50:15 GMT
Server: cloudflare
ETag: "60a282a7-94fa"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=JsFGwuwduhbebXiwt5f8mB1gX8wyOQIxn0owNrLrhkFHZW%2FLho6bUhS9lfvkvWTBkNUpIw1BELRBR5d5JpwJDxRYEABXjJjmwLlTOxauhWHEjg%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
CF-RAY: 6510a54d2c9d3678-LAX
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK KDiiFkT69D1-UveveUmxpU-mSSzxJS.jpg
oo.cdf.zcfr.work/hsolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverUA.aiNiB.P0T/611Di1/53q06N1/vSvU/Sx/ 35 KB
36 KB 648ms
285ms Image
image/jpeg 111.255.128.31
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://oo.cdf.zcfr.work/hsolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverUA.aiNiB.P0T/611Di1/53q06N1/vSvU/Sx/KDiiFkT69D1-UveveUmxpU-mSSzxJS.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 111.255.128.31 Tainan City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 111-255-128-31.dynamic-ip.hinet.net
Software: LiteSpeed /
Resource Hash: ebca03350dca4761676d7bfd3230f1d98a1d1f75ef23da1571a96afebcef7e64

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 23:09:24 GMT
Last-Modified: Thu, 22 Apr 2021 10:45:52 GMT
Server: LiteSpeed
Age: 2180
Etag: "8d42-608153e0-0;;;"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Alt-Svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
Content-Length: 36162
Expires: Wed, 16 Jun 2021 23:09:24 GMT

GET
H/1.1 200
OK wMwMlwweL95vOvKzLFz5.A.jpg
oo.cdf.zcfr.work/hpolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverlJBjR.J7Xsa.WJB5/qO3/ 2 KB
3 KB 1279ms
290ms Image
image/jpeg 111.255.128.31
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://oo.cdf.zcfr.work/hpolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverlJBjR.J7Xsa.WJB5/qO3/wMwMlwweL95vOvKzLFz5.A.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 111.255.128.31 Tainan City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 111-255-128-31.dynamic-ip.hinet.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e31aa1e94e7b49d9ff681095a0a0d294eba3e6cb9b0104c34fa62e21386e5c20

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 23:22:17 GMT
ETag: "a5f9e35d36dad61:0"
Last-Modified: Thu, 24 Dec 2020 20:50:09 GMT
Server: Microsoft-IIS/10.0
Age: 1408
X-Powered-By: ASP.NET
Access-Control-Allow-Methods: GET,POST
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2223

GET
H/1.1 200
OK CvCzv6zkzvjzXvfXj.jpg
oo.cdf.zcfr.work/hsolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverzbz.V72pa2HVSN.s2b/aLp2V5AqpY/CvCz/v6zk/ 183 KB
184 KB 375ms
283ms Image
image/jpeg 111.255.128.31
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://oo.cdf.zcfr.work/hsolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverzbz.V72pa2HVSN.s2b/aLp2V5AqpY/CvCz/v6zk/CvCzv6zkzvjzXvfXj.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 111.255.128.31 Tainan City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 111-255-128-31.dynamic-ip.hinet.net
Software: cloudflare /
Resource Hash: 3d49cce194aa030207e69324db44306169f9e6e9b1c39df77b2c4c4c6f250de0

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 23:32:39 GMT
CF-Cache-Status: HIT
NEL: {"report_to":"cf-nel","max_age":604800}
Age: 32548
Cf-Polished: origSize=212803, status=webp_bigger
Connection: keep-alive
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 187569
cf-request-id: 0a1e45bd77000004ffab24b000000001
Last-Modified: Mon, 17 May 2021 14:41:30 GMT
Server: cloudflare
ETag: "60a2809a-33f43"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=W%2FRhXn8dyXFlLgiWT3gt990jzBsbRqjRgEYbGSwBOrkczLVN1hPOr50pj3Yr5hbEzgzJqjcRLDbiAxESxUKgm45T4ieQpdoa82qovrDD7cGVPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
CF-RAY: 6510a5758dcd04ff-LAX
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK iRPeOIkkRPRCaqBVRCIIhBCekPBa4ViJ-iCCokVC.jpg
oo.cdf.zcfr.work/hsolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverOp.v9a9G.4WA/Bjjr9j/SMEWBaj/PCPO/CV/ 40 KB
40 KB 655ms
283ms Image
image/jpeg 111.255.128.31
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://oo.cdf.zcfr.work/hsolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverOp.v9a9G.4WA/Bjjr9j/SMEWBaj/PCPO/CV/iRPeOIkkRPRCaqBVRCIIhBCekPBa4ViJ-iCCokVC.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 111.255.128.31 Tainan City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 111-255-128-31.dynamic-ip.hinet.net
Software: LiteSpeed /
Resource Hash: 76f8a50383c0fa2297895c95e9778c25e20b9280f9d3aa282ab04fc2d56401f7

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 23:22:18 GMT
Last-Modified: Mon, 17 May 2021 15:49:50 GMT
Server: LiteSpeed
Age: 1407
Etag: "9ec6-60a2909e-0;;;"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Alt-Svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
Content-Length: 40646
Expires: Wed, 16 Jun 2021 23:22:18 GMT

GET
H/1.1 200
OK sPso-PB-oy_sselBo-lPPDeBP.jpg
oo.cdf.zcfr.work/hsolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhveroE.CNSN1.7cq/QkkmNk/vwJcQSk/sPso/PB/ 39 KB
39 KB 1183ms
284ms Image
image/jpeg 111.255.128.31
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://oo.cdf.zcfr.work/hsolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhveroE.CNSN1.7cq/QkkmNk/vwJcQSk/sPso/PB/sPso-PB-oy_sselBo-lPPDeBP.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 111.255.128.31 Tainan City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 111-255-128-31.dynamic-ip.hinet.net
Software: LiteSpeed /
Resource Hash: b0f9691c89860c3dfa2e73c6119997badbdb422b68b90c30216122f2f7f36b48

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 23:36:23 GMT
Last-Modified: Sun, 16 May 2021 15:50:50 GMT
Server: LiteSpeed
Age: 564
Etag: "9a18-60a13f5a-0;;;"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Alt-Svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
Content-Length: 39448
Expires: Wed, 16 Jun 2021 23:36:23 GMT

GET
H/1.1 200
OK 4s4DsQDhDDsXss4DH.jpg
oo.cdf.zcfr.work/hsolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverDpD.GLT6CTgGPS.ITp/CZ6TGvEJ6f/4s4D/sQDh/ 23 KB
24 KB 1323ms
304ms Image
image/jpeg 111.255.128.31
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://oo.cdf.zcfr.work/hsolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverDpD.GLT6CTgGPS.ITp/CZ6TGvEJ6f/4s4D/sQDh/4s4DsQDhDDsXss4DH.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 111.255.128.31 Tainan City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 111-255-128-31.dynamic-ip.hinet.net
Software: cloudflare /
Resource Hash: 03d2aad91ba193123ca5ffd1273bcd24823170451ffdef4b643c28db41212e4c

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 23:32:31 GMT
CF-Cache-Status: HIT
NEL: {"report_to":"cf-nel","max_age":604800}
Age: 30912
Cf-Polished: origSize=24627, status=webp_bigger
Connection: keep-alive
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 23539
cf-request-id: 0a1e459c00000004ff6a8cd000000001
Last-Modified: Mon, 17 May 2021 15:04:00 GMT
Server: cloudflare
ETag: "60a285e0-6033"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dcmQfhQOFuvhBNN6OgEF6vA7kpmjiuHGlvvFyNy5pS4jqp0r21QtJ2ofhiobLeB54RouPLcMb7yiRxtl%2BSRvbhqehfnMGWHNBE%2Fr9HiHLFQ3kw%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
CF-RAY: 6510a5400b3e04ff-LAX
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK 747Y4GY8Y4GBtGYGG.jpg
oo.cdf.zcfr.work/hsolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverYEY.1MbVPbd1sv.3bE/PRVb1CJ6Vi/747Y/4GY8/ 52 KB
53 KB 1197ms
282ms Image
image/jpeg 111.255.128.31
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://oo.cdf.zcfr.work/hsolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverYEY.1MbVPbd1sv.3bE/PRVb1CJ6Vi/747Y/4GY8/747Y4GY8Y4GBtGYGG.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 111.255.128.31 Tainan City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 111-255-128-31.dynamic-ip.hinet.net
Software: cloudflare /
Resource Hash: de14dbc09daec261d86cd1a510556a6e761537ba1cb782658558193c816a1aa6

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 23:32:39 GMT
CF-Cache-Status: HIT
NEL: {"report_to":"cf-nel","max_age":604800}
Age: 30879
Cf-Polished: origSize=56351, status=webp_bigger
Connection: keep-alive
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 53462
cf-request-id: 0a1e45baf20000367858ad7000000001
Last-Modified: Mon, 17 May 2021 14:59:35 GMT
Server: cloudflare
ETag: "60a284d7-dc1f"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Cj1tWqsgIpPr36puX4XfozD6nvVydFuOU6rL%2BoUC6Xbr9C1mZWx%2BP22pJ2QBB%2Bg3TxuOcNZ6ZX6QSbqRiVm7ML4BohQ22610vCMGetOzI9Hi8A%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
CF-RAY: 6510a5718d353678-LAX
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK wVxA-r-577m817.jpg
oo.cdf.zcfr.work/hsolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverrV.4SPSk.LAJ/xhhlSh/syBAxPh/I7Ir/71/ 45 KB
45 KB 1357ms
286ms Image
image/jpeg 111.255.128.31
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://oo.cdf.zcfr.work/hsolzikhiyfjhrkgglyrjmcoqtwsbfhceazvohhverrV.4SPSk.LAJ/xhhlSh/syBAxPh/I7Ir/71/wVxA-r-577m817.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 111.255.128.31 Tainan City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 111-255-128-31.dynamic-ip.hinet.net
Software: LiteSpeed /
Resource Hash: 35084004ac1aa18d31706989915dda650783d29d8a69c135ad4c1178dc1e46a6

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 23:22:18 GMT
Last-Modified: Mon, 17 May 2021 14:34:36 GMT
Server: LiteSpeed
Age: 1409
Etag: "b208-60a27efc-0;;;"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Alt-Svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
Content-Length: 45576
Expires: Wed, 16 Jun 2021 23:22:18 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 200 B
640 B 88ms
36ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=cdn.zhuyl.work&callback=_gfp_s_&client=ca-pub-9887006928691465

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210511/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9887006928691465&plah=cdn.zhuyl.work&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

a594cf2cb2ae817f3b9e3edc015ed43b8f0a1569f0899ad8ac32170fa140132e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 23:45:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 192
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
799 B 34ms
14ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=cdn.zhuyl.work

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 May 2021 23:45:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
317 B 14ms
13ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=cdn.zhuyl.work

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 May 2021 23:45:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6570 57 KB
22 KB 551ms
550ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9887006928691465&output=html&h=160&slotname=4887033834&adk=3443501744&adf=2916214056&pi=t.ma~as.4887033834&w=670&lmt=1621295144&rafmt=12&psa=0&format=670x160&url=https%3A%2F%2Fcdn.zhuyl.work%2F%3Fkey%3Dytrzvqkvmvyaebbm%26pin%3D62546063%26ag%3Dc1412454%26from%3DEmail-3t%23c1412454&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621295144351&bpp=3&bdt=1537&idt=106&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&correlator=6653616150862&frm=20&pv=2&ga_vid=880635197.1621295144&ga_sid=1621295144&ga_hid=1111226654&ga_fc=0&u_tz=120&u_his=3&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=300&ady=68&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C31061139%2C44743003&oid=3&pvsid=1806754547390803&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=256&bc=31&ifi=1&uci=a!1&fsb=1&xpc=yz81ZuMy7w&p=https%3A//cdn.zhuyl.work&dtd=119

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8364c702bf475b9f6ee6a159bd9f33d0ede601c1dd0ec8b2e02279589e91a102

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-9887006928691465&output=html&h=160&slotname=4887033834&adk=3443501744&adf=2916214056&pi=t.ma~as.4887033834&w=670&lmt=1621295144&rafmt=12&psa=0&format=670x160&url=https%3A%2F%2Fcdn.zhuyl.work%2F%3Fkey%3Dytrzvqkvmvyaebbm%26pin%3D62546063%26ag%3Dc1412454%26from%3DEmail-3t%23c1412454&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621295144351&bpp=3&bdt=1537&idt=106&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&correlator=6653616150862&frm=20&pv=2&ga_vid=880635197.1621295144&ga_sid=1621295144&ga_hid=1111226654&ga_fc=0&u_tz=120&u_his=3&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=300&ady=68&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C31061139%2C44743003&oid=3&pvsid=1806754547390803&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=256&bc=31&ifi=1&uci=a!1&fsb=1&xpc=yz81ZuMy7w&p=https%3A//cdn.zhuyl.work&dtd=119
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cdn.zhuyl.work/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cdn.zhuyl.work/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 17 May 2021 23:45:45 GMT
server: cafe
content-length: 22296
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 18-May-2021 00:00:44 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 17 May 2021 23:45:45 GMT
cache-control: private

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 10 KB
7 KB 33ms
18ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210511&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8576762befcaa7c02bc8a8f7ad8b1e100c0a9045b60e95c4cc80a734680d195a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 May 2021 23:45:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7519
x-xss-protection: 0

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 34ms
14ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2a138f5a790f47f9c8e1b3b6c88ea4fecb1abd1b1011a7d842b721d2fa943ed3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 23:45:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1621251140663589"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27994
x-xss-protection: 0
expires: Mon, 17 May 2021 23:45:44 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 40ms
39ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fcdn.zhuyl.work%2F%3Fkey%3Dytrzvqkvmvyaebbm%26pin%3D62546063%26ag%3Dc1412454%26from%3DEmail-3t%23c1412454&tn=DIV&id=ooShow&cls=tail&ign=false

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 23:45:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 73ms
72ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 23:45:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C259 0
19 B 16ms
15ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9887006928691465&output=html&adk=1812271804&adf=3025194257&lmt=1621295144&plat=1%3A16809992%2C2%3A16809992%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fcdn.zhuyl.work%2F%3Fkey%3Dytrzvqkvmvyaebbm%26pin%3D62546063%26ag%3Dc1412454%26from%3DEmail-3t%23c1412454&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621295144356&bpp=1&bdt=1542&idt=119&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=670x160&nras=1&correlator=6653616150862&frm=20&pv=1&ga_vid=880635197.1621295144&ga_sid=1621295144&ga_hid=1111226654&ga_fc=0&u_tz=120&u_his=3&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C31061139%2C44743003&oid=3&pvsid=1806754547390803&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=124

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-9887006928691465&output=html&adk=1812271804&adf=3025194257&lmt=1621295144&plat=1%3A16809992%2C2%3A16809992%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fcdn.zhuyl.work%2F%3Fkey%3Dytrzvqkvmvyaebbm%26pin%3D62546063%26ag%3Dc1412454%26from%3DEmail-3t%23c1412454&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621295144356&bpp=1&bdt=1542&idt=119&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=670x160&nras=1&correlator=6653616150862&frm=20&pv=1&ga_vid=880635197.1621295144&ga_sid=1621295144&ga_hid=1111226654&ga_fc=0&u_tz=120&u_his=3&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C31061139%2C44743003&oid=3&pvsid=1806754547390803&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=124
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cdn.zhuyl.work/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cdn.zhuyl.work/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 17 May 2021 23:45:44 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 18-May-2021 00:00:44 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 17 May 2021 23:45:44 GMT
cache-control: private

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 34ms
14ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 23:45:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Mon, 17 May 2021 23:45:44 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame 728F 12 KB
5 KB 21ms
6ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cdn.zhuyl.work/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cdn.zhuyl.work/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Mon, 17 May 2021 23:36:05 GMT
expires: Tue, 17 May 2022 23:36:05 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 579
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 nLZh5JKb4_vODtvfmJ49yJer_4HAQSIF0KjuUH5BuEE.js Show response
pagead2.googlesyndication.com/bg/ Frame 728F 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/nLZh5JKb4_vODtvfmJ49yJer_4HAQSIF0KjuUH5BuEE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9cb661e4929be3fbce0edbdf989e3dc897abff81c0412205d0a8ee507e41b841

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 17:45:47 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 06 May 2021 09:28:00 GMT
server: sffe
age: 194397
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5628
x-xss-protection: 0
expires: Sun, 15 May 2022 17:45:47 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 40ms
40ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gda_r20210511&jk=1806754547390803&bg=!2Nul25_NAAY59bwoOfU7ACkAdvg8WljtmmtnfCG-TSxjpjtymHF75-ufxQtW0Wd22QKayLMzdkBjAwIAAABEUgAAAAloAQcKAMXHFJF1IqIQoNAxPgy43am2dhmN3GIwnDHw8UAsexRgUkRB1YM5OeSnGYTlLTsZAVOd_lXMGC_p8fK5iBksS7gHBYnWZtbNeqmyMxpo6joTBBZgH4k7LGFiU8tvXTPKGfjM_tWW5CAIWDwFgud23UnKwYL9f7hxMK7hCL4Ludo8r20826hIqyBMj1YG3g6hqcNiQIs5dmWZkumFCEWpxEcpveuBbWipLbKfkbVe4sAYlLf8qL4btaImiNuUqxOwlIpyndEYFpkCQ-XmxzC-myCZpvUiybvWi0yTvlSJhCxysCO1Ol1wfbYiI-4H2nyFFVtc0GAHHrt0wc72OUpcy7nmYEJFHtbyJgNRThnjgTQq-hESlRWkhgHXlTK1ew2j97ihS5K3jCeDYmsKwpYEmGXaltobctdy00bRf4yH9vCVUAgmXDh6rM3V-Rlkn2a81zi1OQ8nUTXupP9-3pkzWjHPjNE6bYtf1SAOwHXNGNdX_GhAEaC_m6ac7MlRwgpaL9BvLIlDZN3RlAcAAEQxRiarZy9FtaBm27ut-sDIO3slsPWDnNcHhN5IPA33AUWkIDAA-yPoYushmBp1kpNsUkr16shRtjyhi0ZkKqmRSKDfGRgZ79saLWo4XWYx8fodARVJBeVGIWmBnzfsZXg0q1HR3G7EHHcpPzf6evJQh9KtdvDx13SliRFZO1cCuBKvOxdKUFZXXMyv4-1QPxhyGSYtMuSNXzppy4QRYwOUF1I3KjE11WArR6J2HcX70ez9JZJYNJjHIYH94qojGYO-jFNlytC6Ghzb2l1v2Bbxfm2lMDX6mLwfiLkboZk0twzbYWFE1iqNPAe6Clzzs77XdYK2OX9LrlrsQARduCrRvNlgtFgstsesiAk5wxwK9iU5EXI4CulxqWvDMo-SQHOF9gXnPRryjOaYwtsIXH5jWA9_qlTUj-2wgIrUlz2qD5E8UOi6wNBzT1b-1uP57qZBqmiCBvlOSm1LcySs7MHL19zXyrqzyC0ohgRznE8w5nJJoirHJO4oM6PL4A6QqQ

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.zhuyl.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 23:45:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 6619030602617590127
tpc.googlesyndication.com/simgad/ Frame 6570 66 KB
66 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6619030602617590127?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qldxBBoO8yHHjG-nrRF6nZsBNdT3Q

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9887006928691465&output=html&h=160&slotname=4887033834&adk=3443501744&adf=2916214056&pi=t.ma~as.4887033834&w=670&lmt=1621295144&rafmt=12&psa=0&format=670x160&url=https%3A%2F%2Fcdn.zhuyl.work%2F%3Fkey%3Dytrzvqkvmvyaebbm%26pin%3D62546063%26ag%3Dc1412454%26from%3DEmail-3t%23c1412454&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621295144351&bpp=3&bdt=1537&idt=106&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&correlator=6653616150862&frm=20&pv=2&ga_vid=880635197.1621295144&ga_sid=1621295144&ga_hid=1111226654&ga_fc=0&u_tz=120&u_his=3&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=300&ady=68&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C31061139%2C44743003&oid=3&pvsid=1806754547390803&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=256&bc=31&ifi=1&uci=a!1&fsb=1&xpc=yz81ZuMy7w&p=https%3A//cdn.zhuyl.work&dtd=119

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f2e1dbc24e33638378f392f75afcf0058a6693d96b16399c0885fcf3da03c7a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 14 May 2021 01:03:31 GMT
x-content-type-options: nosniff
last-modified: Mon, 01 Mar 2021 07:36:37 GMT
server: sffe
age: 340934
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67085
x-xss-protection: 0
expires: Sat, 14 May 2022 01:03:31 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210511/r20110914/ Frame 6570 17 KB
7 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210511/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

85e3697fdb65077432d19ff2953a9384b12c6971b9187fd719ac2cf0f1f472d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 23:35:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 601
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7042
x-xss-protection: 0
server: cafe
etag: 2725110100707361309
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 May 2021 23:35:44 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/ Frame 6570 2 KB
1 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 23:26:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1174
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 May 2021 23:26:11 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6570 118 KB
36 KB 29ms
14ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f4f2e8ffc67a3c2544f8be9672125a0c5a5f0035fa6bfc6d75ee297e30461e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 23:45:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1621251134821955"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36689
x-xss-protection: 0
expires: Mon, 17 May 2021 23:45:45 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/ Frame 6570 13 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 23:30:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 915
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 May 2021 23:30:30 GMT

GET
H3-29 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/ Frame 6570 25 KB
10 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05e695a8f4bd26c3a3092afbd08d40b873b39599d47ce15c281b1b526e934258

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 16:21:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26667
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10380
x-xss-protection: 0
server: cafe
etag: 16922886349488815302
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 May 2021 16:21:18 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 6570 0
0 43ms
43ms Fetch
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C7Q3EKACjYMDLHZ_J7_UPsYC3kA6OnbXmYumttKzTDb_hHhABIP6D7DNglQKgAb_L5oUCyAECqAMByAPJBKoE_wFP0Hndhw04j84Q4RqdA4Vi8IAgUo8tNmrpJG0IBit37vS2_b-GdfuwxjyHdjTWTEQOuyouFBPu764mkwmPJ8QyqT__ObDL0aUBv0iMrQU2G68_g0sywWg4WoQnTtQuZbaScbRxdHOOXUbYUyJ3seFCCkJt27NWZ6jxOK0BMzf8vzrSz-XDO-mdMghWcprSlVQdqVIzNn_JhwXeVi10tv6vYiLijB1F8IwRgeRe_XxBMthaDMYz2pUc-p7W9EpSv_SdU9EaGPYkrROUbj4ceWN2B63dqmmZx-ItVkxLmyIp3x8XgtcQPYuRPekkbhOhj_2irN9z6pwgdq9yg7KL9N_ABOPusK-_A5IFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYCgAeButSDAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBCTvQLSCAkIgOGAEBABGB-ACgHICwHYEwzQFQGAFwGyFxoKGAgAEhRwdWItOTg4NzAwNjkyODY5MTQ2NQ&sigh=I1uIKMs9_2g

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9887006928691465&output=html&h=160&slotname=4887033834&adk=3443501744&adf=2916214056&pi=t.ma~as.4887033834&w=670&lmt=1621295144&rafmt=12&psa=0&format=670x160&url=https%3A%2F%2Fcdn.zhuyl.work%2F%3Fkey%3Dytrzvqkvmvyaebbm%26pin%3D62546063%26ag%3Dc1412454%26from%3DEmail-3t%23c1412454&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621295144351&bpp=3&bdt=1537&idt=106&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&correlator=6653616150862&frm=20&pv=2&ga_vid=880635197.1621295144&ga_sid=1621295144&ga_hid=1111226654&ga_fc=0&u_tz=120&u_his=3&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=300&ady=68&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C31061139%2C44743003&oid=3&pvsid=1806754547390803&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=256&bc=31&ifi=1&uci=a!1&fsb=1&xpc=yz81ZuMy7w&p=https%3A//cdn.zhuyl.work&dtd=119
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Mon, 17 May 2021 23:45:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 17 May 2021 23:45:45 GMT

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame AB03 143 B
163 B 8ms
6ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9887006928691465&output=html&h=160&slotname=4887033834&adk=3443501744&adf=2916214056&pi=t.ma~as.4887033834&w=670&lmt=1621295144&rafmt=12&psa=0&format=670x160&url=https%3A%2F%2Fcdn.zhuyl.work%2F%3Fkey%3Dytrzvqkvmvyaebbm%26pin%3D62546063%26ag%3Dc1412454%26from%3DEmail-3t%23c1412454&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621295144351&bpp=3&bdt=1537&idt=106&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&correlator=6653616150862&frm=20&pv=2&ga_vid=880635197.1621295144&ga_sid=1621295144&ga_hid=1111226654&ga_fc=0&u_tz=120&u_his=3&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=300&ady=68&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C31061139%2C44743003&oid=3&pvsid=1806754547390803&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=256&bc=31&ifi=1&uci=a!1&fsb=1&xpc=yz81ZuMy7w&p=https%3A//cdn.zhuyl.work&dtd=119
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9887006928691465&output=html&h=160&slotname=4887033834&adk=3443501744&adf=2916214056&pi=t.ma~as.4887033834&w=670&lmt=1621295144&rafmt=12&psa=0&format=670x160&url=https%3A%2F%2Fcdn.zhuyl.work%2F%3Fkey%3Dytrzvqkvmvyaebbm%26pin%3D62546063%26ag%3Dc1412454%26from%3DEmail-3t%23c1412454&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621295144351&bpp=3&bdt=1537&idt=106&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&correlator=6653616150862&frm=20&pv=2&ga_vid=880635197.1621295144&ga_sid=1621295144&ga_hid=1111226654&ga_fc=0&u_tz=120&u_his=3&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=300&ady=68&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C31061139%2C44743003&oid=3&pvsid=1806754547390803&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=256&bc=31&ifi=1&uci=a!1&fsb=1&xpc=yz81ZuMy7w&p=https%3A//cdn.zhuyl.work&dtd=119

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 17 May 2021 23:29:19 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 986
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame AB03
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

15ms
14ms

Document
text/html

2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 17 May 2021 23:45:45 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Tue, 18-May-2021 00:45:45 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 17 May 2021 23:45:45 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 17 May 2021 23:45:45 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 6570 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb98215fa091f3ff5b46e9b75d8a62375c93256d320e7d38e3ec915c1e2f9b00

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 nLZh5JKb4_vODtvfmJ49yJer_4HAQSIF0KjuUH5BuEE.js Show response
pagead2.googlesyndication.com/bg/ Frame FA16 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/nLZh5JKb4_vODtvfmJ49yJer_4HAQSIF0KjuUH5BuEE.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9cb661e4929be3fbce0edbdf989e3dc897abff81c0412205d0a8ee507e41b841

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 17:45:47 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 06 May 2021 09:28:00 GMT
server: sffe
age: 194398
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5628
x-xss-protection: 0
expires: Sun, 15 May 2022 17:45:47 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6570 42 B
64 B 41ms
41ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuXs2Dk7J_0Zk8ZBj8It_WDVzwrswMD4jE8-bTMrp41b-pcm6K5USm-n2vmX-ixgvYHTG-1NaYwO_y_T_mZAk4KB5zYpdDuSWih6FIzwkKfrY0JdEmTFbLYSoeqGQ&sai=AMfl-YQIT-cxuijlOSB4AJdV3id48_tx44wwNF3nWPEHq-qj_nl71Pxr-4XKH6ssinWuLGwq-Bk9AIKIyeJF&sig=Cg0ArKJSzLGki0BDTYLWEAE&id=lidar2&mcvt=1000&p=68,325,228,946&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210517&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=4&adk=3443501744&rs=2&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&rst=1621295144472&dlt=554&rpt=67&isd=0&msd=0&r=v&fum=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 23:45:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

90 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			cdn.zhuyl.work/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: snw53tq4yifn1s5ghsm0r10l

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
cdn.jsdelivr.net
cdn.zhuyl.work
googleads.g.doubleclick.net
is.gd
oo.cdf.zcfr.work
pagead2.googlesyndication.com
partner.googleadservices.com
tpc.googlesyndication.com
www.google.com
www.googletagservices.com
111.255.128.31
172.217.18.98
2606:4700:20::ac43:5384
2620:1ec:46::45
2a00:1450:4001:800::2002
2a00:1450:4001:803::2001
2a00:1450:4001:80e::2004
2a00:1450:4001:810::2002
2a00:1450:4001:811::2002
2a00:1450:4001:828::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82f::2002
2a04:4e42:1b::621
03d2aad91ba193123ca5ffd1273bcd24823170451ffdef4b643c28db41212e4c
05e695a8f4bd26c3a3092afbd08d40b873b39599d47ce15c281b1b526e934258
1192b774fa0b66c8ac25459a0f524d18d33996947356a442231d9b396a7fe2ba
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
184dcb69f3d4227fedcf4b63adbe9d6430d05c0602c21e271ad86dbe10a2678d
1beb8b76fda55e56274d09d8245a94fe3d09457ccdf2c75c20794b6cbf85a150
28f8caf26badf2274bd265900e35c16e0cff6866212749ec2e2c239d85607304
2a138f5a790f47f9c8e1b3b6c88ea4fecb1abd1b1011a7d842b721d2fa943ed3
35084004ac1aa18d31706989915dda650783d29d8a69c135ad4c1178dc1e46a6
3d49cce194aa030207e69324db44306169f9e6e9b1c39df77b2c4c4c6f250de0
424d5b8343dbb0498c48e2f296ca1f1ea5eb325eaa35689e00b1d60ae717cb20
45842613190fa886f96aa0b59c139718fbc7fbbb47a9a7477242e13c10edea60
4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf
49d93b1815f356ac5f6de7320aca6e6bf231e4846a4d3cfdb3a054231b25ec7e
4c92903d5602f1c1419e9c647f0db022d425efaaa580d9849e9b6132cb1020f6
51347e5b4036f4ff0a92ba97e5daef833e73439c5a3ff34e530179da33082cc0
56f2aff7b1c4034bb1e16bd7893bc69d97b7aaddae7393af2fdfc774033011e7
5749adf386d0afc1beec052bfb4b1419b8d40dfdc0a8715652140a29b0e2dfd7
59235e2ffea0288c34c7d208a63dad29e34210144fee438a01ea978bc0cde31c
5e587b2192e4cb60a4fc181853efb47452da7e22f81677efc66acdf644804b47
5f4f2e8ffc67a3c2544f8be9672125a0c5a5f0035fa6bfc6d75ee297e30461e5
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
66f661926ae6c1e13c6b2169733476eb03b9be46e333e5f81eab69a5b0d27ace
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
7267e1b29354fc0261b3f0ab37193a2a0bcabe52fc54f0dc31fb39d5fa115254
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
76f8a50383c0fa2297895c95e9778c25e20b9280f9d3aa282ab04fc2d56401f7
7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d
7e7d6987a68d87696fc83ffdf2af786f52f84ad77cb045ecf145072fa791404d
8364c702bf475b9f6ee6a159bd9f33d0ede601c1dd0ec8b2e02279589e91a102
83d7d65a62d74268d9d983729ae5a1b8d48ab6362bf268933bb01970c827e4f7
8576762befcaa7c02bc8a8f7ad8b1e100c0a9045b60e95c4cc80a734680d195a
85e3697fdb65077432d19ff2953a9384b12c6971b9187fd719ac2cf0f1f472d5
8d81e71a6609af03be4b6de4fdf7ce5557ad659b955e049fccb498e6545ce591
8e4df60233506a336416138fd60b230c33c97dbf3cc8988ea63184f8c64894e6
93a17979420b9be60d82ff17c2834106b32a847d1048153f658eca0d104a1183
963e832c204da498b2d498e2788ad9235da87aaffdd02e8bcda5d793f14a0521
9cb661e4929be3fbce0edbdf989e3dc897abff81c0412205d0a8ee507e41b841
9da0036ced33b7a0613d806d012aac4f7b1dbdc3887f0e746b1644b40bd3b711
9e8559fccb1c2caeeba360b0f3bf2a41174b3a3f06e66707b841786dcf0e18d7
a3638e145c0dd12d424ee8009bdfa0285b3b924aed87a4ff2ec422442225eb2a
a3ec0227f9833e488baa31e46871b883ef1c5ece5df1c0057b24e6e6b27658ff
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a594cf2cb2ae817f3b9e3edc015ed43b8f0a1569f0899ad8ac32170fa140132e
a5cb642ef22434a24612329870579fbb272cb9fa7475360035596ea56fb0431a
abc9b57f9d8a704106a539748cb5e821c4c873f09992c1626035ae353a47a6fd
b0b8e5104f543c2fc6033cb0fb4f5fedba5e30abf2a0bb4b75b2dcce751a0794
b0f9691c89860c3dfa2e73c6119997badbdb422b68b90c30216122f2f7f36b48
b277d061fc92f08321bf0f558a4c7ed879ba0da0969a813fa9fca51979be320a
b5f320a8115bf167e7aafc3cf2e11a65d20da3f489a7cadd02e5cf721ce4583e
bb98215fa091f3ff5b46e9b75d8a62375c93256d320e7d38e3ec915c1e2f9b00
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
de14dbc09daec261d86cd1a510556a6e761537ba1cb782658558193c816a1aa6
e31aa1e94e7b49d9ff681095a0a0d294eba3e6cb9b0104c34fa62e21386e5c20
e33bbc0426a472795015d4f75ef1e6399c7347ee9b4f4448f709cda228c6972f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3e00e4eccbdd5395f653a82be6c208bbf01554a23c16699fd4c47cdc8398e43
ebca03350dca4761676d7bfd3230f1d98a1d1f75ef23da1571a96afebcef7e64
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2e1dbc24e33638378f392f75afcf0058a6693d96b16399c0885fcf3da03c7a1
f3116c8beb53ebc033eca6ea375e888c61da0144f312cf2b3a9e1a3de6f3a132
f66abdc093a56214347f3f4d996753096798db9ae7a69971c712df903232d5f4

cdn.zhuyl.work Open in urlscan Pro 2620:1ec:46::45 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

75 Requests

99 %HTTPS

85 %IPv6

10 Domains

12 Subdomains

12 IPs

3 Countries

1392 kBTransfer

2291 kBSize

1 Cookies

6 Outgoing links

Page URL History

Redirected requests

75 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

cdn.zhuyl.work Open in urlscan Pro
2620:1ec:46::45 Public Scan

Screenshot
Live screenshot

Full Image

75
Requests

99 %
HTTPS

85 %
IPv6

10
Domains

12
Subdomains

12
IPs

3
Countries

1392 kB
Transfer

2291 kB
Size

1
Cookies

75 HTTP transactions
1 data transactions