urlscan.io logo urlscan.io
SecurityTrails logo

loan.medcpu.com Open in urlscan Pro
104.21.28.179  Public Scan

Go To Rescan Add Verdict Report
URL: http://loan.medcpu.com/
Submission: On December 22 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 2 countries across 8 domains to perform 63 HTTP transactions. The main IP is 104.21.28.179, located in and belongs to CLOUDFLARENET, US. The main domain is loan.medcpu.com.
This is the only time loan.medcpu.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 104.21.28.179 13335 (CLOUDFLAR...)
8 172.67.147.14 13335 (CLOUDFLAR...)
9 142.250.81.226 15169 (GOOGLE)
5 142.250.72.98 15169 (GOOGLE)
14 142.251.41.14 15169 (GOOGLE)
1 142.250.176.202 15169 (GOOGLE)
9 142.250.81.225 15169 (GOOGLE)
6 172.64.101.29 13335 (CLOUDFLAR...)
2 142.251.35.162 15169 (GOOGLE)
5 104.26.7.108 13335 (CLOUDFLAR...)
1 142.250.80.36 15169 (GOOGLE)
1 172.64.100.29 13335 (CLOUDFLAR...)
63 13
1    104.21.28.179 (None, )

ASN13335 (CLOUDFLARENET, US)
loan.medcpu.com
8    172.67.147.14 (United States)

ASN13335 (CLOUDFLARENET, US)
loan.medcpu.com
9    142.250.81.226 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s74-in-f2.1e100.net
pagead2.googlesyndication.com
5    142.250.72.98 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s32-in-f2.1e100.net
googleads.g.doubleclick.net
14    142.251.41.14 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s40-in-f14.1e100.net
fundingchoicesmessages.google.com
1    142.250.176.202 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s37-in-f10.1e100.net
fonts.googleapis.com
9    142.250.81.225 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s74-in-f1.1e100.net
tpc.googlesyndication.com
6    172.64.101.29 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.bidbrain.app
g.bidbrain.app
2    142.251.35.162 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s78-in-f2.1e100.net
www.googletagservices.com
5    104.26.7.108 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn.algbid.app
g.algbid.app
1    142.250.80.36 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s34-in-f4.1e100.net
www.google.com
1    172.64.100.29 (United States)

ASN13335 (CLOUDFLARENET, US)
g.bidbrain.app
Apex Domain
Subdomains		 Transfer
18 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 102
tpc.googlesyndication.com — Cisco Umbrella Rank: 148
314 KB
15 google.com
fundingchoicesmessages.google.com — Cisco Umbrella Rank: 1404
www.google.com — Cisco Umbrella Rank: 2
72 KB
9 medcpu.com
loan.medcpu.com
76 KB
7 bidbrain.app
cdn.bidbrain.app
g.bidbrain.app — Cisco Umbrella Rank: 23165
167 KB
5 algbid.app
cdn.algbid.app
g.algbid.app — Cisco Umbrella Rank: 36544
55 KB
5 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 33
48 KB
2 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 206
129 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 29
1 KB
63 8
Domain Requested by
14 fundingchoicesmessages.google.com pagead2.googlesyndication.com
9 tpc.googlesyndication.com googleads.g.doubleclick.net
pagead2.googlesyndication.com
tpc.googlesyndication.com
9 pagead2.googlesyndication.com loan.medcpu.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
www.googletagservices.com
9 loan.medcpu.com loan.medcpu.com
5 googleads.g.doubleclick.net pagead2.googlesyndication.com
loan.medcpu.com
4 cdn.bidbrain.app googleads.g.doubleclick.net
3 g.bidbrain.app loan.medcpu.com
cdn.bidbrain.app
3 cdn.algbid.app googleads.g.doubleclick.net
2 g.algbid.app cdn.algbid.app
2 www.googletagservices.com googleads.g.doubleclick.net
1 www.google.com tpc.googlesyndication.com
1 fonts.googleapis.com googleads.g.doubleclick.net
63 12

This site contains links to these domains. Also see Links.

Domain
www.kadencewp.com
Subject Issuer Validity Valid
medcpu.com
GTS CA 1P5		 2023-12-14 -
2024-03-13		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
bidbrain.app
E1		 2023-11-02 -
2024-01-31		 3 months crt.sh
algbid.app
Cloudflare Inc ECC CA-3		 2023-11-02 -
2024-11-01		 a year crt.sh
www.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh

This page contains 8 frames:

Primary Page: http://loan.medcpu.com/
Frame ID: 85A2E14D2BFF8A6771DAB9708BE7BF4F
Requests: 31 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20190131/zrt_lookup_fy2021.html
Frame ID: F89A17F542C57126A1B7FC786E8ADEB8
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6521635981818320&output=html&adk=1812271804&adf=3025194257&lmt=1703273906&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=140x945_l%7C140x945_r&format=0x0&url=http%3A%2F%2Floan.medcpu.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&dt=1703273905989&bpp=14&bdt=164&idt=239&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3894527276762&frm=20&pv=2&ga_vid=1564595509.1703273906&ga_sid=1703273906&ga_hid=852392127&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31080103%2C95320885&oid=2&pvsid=679867185556184&tmod=1816513612&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=294
Frame ID: 62CD2394B14510AE0779B7C57A28A794
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 40322C3B591D5C3FB88FB2CD8193F07D
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 68E963AD07E318242FDBC49F8029883D
Requests: 14 HTTP requests in this frame

Frame: https://cdn.algbid.app/ng-assets/creative/assets/index-24b8d61d.js
Frame ID: C6C212F07ED22833D0A89003545ABDD2
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 03E75BCB6EEAC07CE8FA038E5F5C5396
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: CF48A2D0643FDC14C2406641721D2C57
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

loan.medcpu.comToggle MenuContinueContinueContinueContinueContinueContinueContinueContinueContinueContinueNext

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/

Page Statistics

63
Requests

97 %
HTTPS

0 %
IPv6

8
Domains

12
Subdomains

13
IPs

2
Countries

862 kB
Transfer

2344 kB
Size

8
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

63 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
loan.medcpu.com/ 		59 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://loan.medcpu.com/
Protocol
HTTP/1.1
Server
104.21.28.179 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
787864ac9ee090215944545f2a79e6a9b2442cdb1b8edc590e78befe22cd9489

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

CF-Cache-Status
DYNAMIC
CF-RAY
839ad330ee49207b-IAD
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Fri, 22 Dec 2023 19:38:25 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fco%2Fu2u21eg2kJ3DJMIcYlEZWNOWqLpmb0SqN5pY%2BLb7j93PLKg%2B28%2FEcGzN7mnGcPkPESiXJ8PsCIUkuI9bbxDph3QPtfnGvghsOuj7QZ16YowibLkbwGWl%2BBbqrh6S4dw%3D"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
alt-svc
h3=":443"; ma=86400
link
<https://loan.medcpu.com/index.php/wp-json/>; rel="https://api.w.org/"
vary
Accept-Encoding
x-litespeed-cache
hit
style.min.css
loan.medcpu.com/wp-includes/css/dist/block-library/ 		107 KB
15 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://loan.medcpu.com/wp-includes/css/dist/block-library/style.min.css?ver=6.4.2
Requested by
Host: loan.medcpu.com
URL: http://loan.medcpu.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.147.14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
698b89c0da3d319754d6a837b5e6d4e6a42dc402d9ffd7559b8c4cb29c644340

Request headers

accept-language
en-US,en;q=0.9
Referer
http://loan.medcpu.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:38:26 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sun, 19 Nov 2023 14:03:35 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"1add3-655a15b7-4f18ad;gz"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ASnxeNitFoajXkazjv6So4hiXJ89uNfIqB2Cjdz6%2FF2JkZuxvvoWL5v7XI%2F7mlK1Gg4htomWqGTAR2xy9B3U0KvNNY2AqB3ncyZefwofyR8AJdLu7Xz5wi12NrDbPLgewV8%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=31536000
cf-ray
839ad337a8eb7fa6-IAD
alt-svc
h3=":443"; ma=86400
expires
Fri, 29 Dec 2023 19:38:26 GMT
global.min.css
loan.medcpu.com/wp-content/themes/kadence/assets/css/ 		22 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://loan.medcpu.com/wp-content/themes/kadence/assets/css/global.min.css?ver=1.1.49
Requested by
Host: loan.medcpu.com
URL: http://loan.medcpu.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.147.14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9d8ed4ca489c25f4e040740a80afd25ede9f9e6b56f4bf0fde73779599ac9791

Request headers

accept-language
en-US,en;q=0.9
Referer
http://loan.medcpu.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:38:26 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Mon, 20 Nov 2023 09:42:25 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"598d-655b2a01-4f5032;gz"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kKx6HfUupJ0yFMe9MieeKTjCMfqp3Sb2sn%2BQCe%2BhO%2F4wF6cjVUchr%2BvDBUg5c4ozFxf98XIxJ5CPbW2eKkVmeryW1nKhGLHejb7L4tLUgcU1p%2B6oXHT87LyLyyiYVRRz7HU%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=31536000
cf-ray
839ad337a8ef7fa6-IAD
alt-svc
h3=":443"; ma=86400
expires
Fri, 29 Dec 2023 19:38:26 GMT
header.min.css
loan.medcpu.com/wp-content/themes/kadence/assets/css/ 		26 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://loan.medcpu.com/wp-content/themes/kadence/assets/css/header.min.css?ver=1.1.49
Requested by
Host: loan.medcpu.com
URL: http://loan.medcpu.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.147.14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e776a7f761e5975d81c3d8a5ece5139fc9ac0dd13e3c494a941cf34c7a426ef8

Request headers

accept-language
en-US,en;q=0.9
Referer
http://loan.medcpu.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:38:26 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Mon, 20 Nov 2023 09:42:25 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"67ee-655b2a01-4f5033;gz"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TpYbUgxZlHGT8oZ896BrBViL%2FQU1PGEKunlkzr2b16EiwUDF8IDc2cxlyMdufDL3rWZLOzaofEa54obV1FbnFa9YyQmtyxk7mTiVFH6%2BUhviEBpOU2RqloDlcx1aqF5S8s8%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=31536000
cf-ray
839ad337a8ed7fa6-IAD
alt-svc
h3=":443"; ma=86400
expires
Fri, 29 Dec 2023 19:38:25 GMT
content.min.css
loan.medcpu.com/wp-content/themes/kadence/assets/css/ 		32 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://loan.medcpu.com/wp-content/themes/kadence/assets/css/content.min.css?ver=1.1.49
Requested by
Host: loan.medcpu.com
URL: http://loan.medcpu.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.147.14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
947db91f8ba025357890071b5f8df7e0cdb449fbd3e252729bbae2a771f82550

Request headers

accept-language
en-US,en;q=0.9
Referer
http://loan.medcpu.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:38:26 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 20 Nov 2023 09:42:25 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"81c7-655b2a01-4f502a;gz"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bZSBk0BNEAh1OqwSaob%2Fpfng087fOZQ12Mi%2FpOALDUXcyLa3Cfx7Rtwaraaednaul5gQg1xAcFksAAUJvvsCbJE4wMMRnbbxOSMphyClRjsQN9vm89b9yB1fOv912E5Edk0%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=31536000
cf-ray
839ad337a8f07fa6-IAD
alt-svc
h3=":443"; ma=86400
expires
Fri, 29 Dec 2023 07:06:34 GMT
footer.min.css
loan.medcpu.com/wp-content/themes/kadence/assets/css/ 		19 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://loan.medcpu.com/wp-content/themes/kadence/assets/css/footer.min.css?ver=1.1.49
Requested by
Host: loan.medcpu.com
URL: http://loan.medcpu.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.147.14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
09918137760470f6bf298eb17af0eafd0e43381dffd797a96c9ec044da00d3c7

Request headers

accept-language
en-US,en;q=0.9
Referer
http://loan.medcpu.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:38:26 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Mon, 20 Nov 2023 09:42:25 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"4a29-655b2a01-4f5030;gz"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pHwwFAbucAon5owy2EFihe45oEYVQLn%2BWQoRsQYFitlqS0ya8ZXtwQb2WZz5hiXX3nwh3CPEMqmTFqrohPEzW24iKXiRhbYd9q%2FsYtVaoGnR4yJ5TTXJNjnybyd7feMisvM%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=31536000
cf-ray
839ad337a8ee7fa6-IAD
alt-svc
h3=":443"; ma=86400
expires
Fri, 29 Dec 2023 19:38:26 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		145 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6521635981818320
Requested by
Host: loan.medcpu.com
URL: http://loan.medcpu.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.81.226 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f2.1e100.net
Software
cafe /
Resource Hash
e49dec6c46cee017f1d0a414cb861c1c0da9ad1f9af993e4a95ac928a17bb743
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://loan.medcpu.com/
Origin
http://loan.medcpu.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:38:25 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
51283
x-xss-protection
0
server
cafe
etag
166086446840901005
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Fri, 22 Dec 2023 19:38:25 GMT
provider.duhocnhat.org_.vn-24.png
loan.medcpu.com/wp-content/uploads/2023/11/ 		20 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://loan.medcpu.com/wp-content/uploads/2023/11/provider.duhocnhat.org_.vn-24.png
Requested by
Host: loan.medcpu.com
URL: http://loan.medcpu.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.147.14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3d36f277d74fd25c0145f60ea2cda5cbe92b9a299e05a1901c247966f4417a94

Request headers

accept-language
en-US,en;q=0.9
Referer
http://loan.medcpu.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:38:26 GMT
cf-cache-status
MISS
last-modified
Mon, 20 Nov 2023 09:50:29 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"51e9-655b2be5-4f50ac;;;"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EvgzxacCVBHHPMrePyon%2B4NhlG%2BpuM0gGCAPedZ49PJPxbfDWrAtaz%2FyvToxCSXYacPqZU4He250f6mYd3YaE2Nj%2BL4s7rZHOWw%2FDa1N4K6PtrUWSsnhczbHHINHzeoHfxg%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
839ad337a8f27fa6-IAD
alt-svc
h3=":443"; ma=86400
content-length
20969
expires
Fri, 29 Dec 2023 19:38:26 GMT
navigation.min.js
loan.medcpu.com/wp-content/themes/kadence/assets/js/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://loan.medcpu.com/wp-content/themes/kadence/assets/js/navigation.min.js?ver=1.1.49
Requested by
Host: loan.medcpu.com
URL: http://loan.medcpu.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.147.14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9f8691eb15e6a07541b285869962328b158921ff20c1cac2bbb2a7505b192c63

Request headers

accept-language
en-US,en;q=0.9
Referer
http://loan.medcpu.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:38:26 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Mon, 20 Nov 2023 09:42:25 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"4677-655b2a01-53525d;gz"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c6So98sI2nzbErTqD4fQd6OtcaWUTxWN8fGxGyOLLKhU2DTk3CqyXvwPEcoF4TP%2FOuF24JDFn32Stmfy2IDvLttzdYv5lLR6siE2rB9yTUTfDIFvvsm%2BqCOBXEMYCfDCvHk%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/x-javascript
cache-control
public, max-age=31536000
cf-ray
839ad337a8f37fa6-IAD
alt-svc
h3=":443"; ma=86400
expires
Fri, 29 Dec 2023 19:38:26 GMT
cc1533f8-71b0-4e1c-87e8-6cc62d422735
http://loan.medcpu.com/ 		1 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:http://loan.medcpu.com/cc1533f8-71b0-4e1c-87e8-6cc62d422735
Requested by
Host: loan.medcpu.com
URL: http://loan.medcpu.com/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22

Request headers

accept-language
en-US,en;q=0.9
Referer
http://loan.medcpu.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Length
1245
Content-Type
text/javascript
show_ads_impl_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/ 		399 KB
135 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_fy2021.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6521635981818320
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.81.226 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f2.1e100.net
Software
cafe /
Resource Hash
4dbfbc4df947352be7e5987096439bcc974fe97688c343396890499c6a0030a9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
http://loan.medcpu.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:38:26 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
137926
x-xss-protection
0
server
cafe
etag
7055451677535167983
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Fri, 22 Dec 2023 19:38:26 GMT
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20231207/r20190131/ Frame F89A 		9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20231207/r20190131/zrt_lookup_fy2021.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6521635981818320
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.72.98 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://loan.medcpu.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

age
11610
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4130
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 22 Dec 2023 16:24:56 GMT
etag
5585625838579639069
expires
Fri, 05 Jan 2024 16:24:56 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 62CD 		142 KB
35 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6521635981818320&output=html&adk=1812271804&adf=3025194257&lmt=1703273906&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=140x945_l%7C140x945_r&format=0x0&url=http%3A%2F%2Floan.medcpu.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&dt=1703273905989&bpp=14&bdt=164&idt=239&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3894527276762&frm=20&pv=2&ga_vid=1564595509.1703273906&ga_sid=1703273906&ga_hid=852392127&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31080103%2C95320885&oid=2&pvsid=679867185556184&tmod=1816513612&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=294
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.72.98 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
66c6706872184899cd452426814d1b917c260344da2ed2f64d8f071951f1292c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://loan.medcpu.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
35859
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 22 Dec 2023 19:38:26 GMT
expires
Fri, 22 Dec 2023 19:38:26 GMT
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
wp-emoji-release.min.js
loan.medcpu.com/wp-includes/js/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://loan.medcpu.com/wp-includes/js/wp-emoji-release.min.js?ver=6.4.2
Requested by
Host: loan.medcpu.com
URL: http://loan.medcpu.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.147.14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Request headers

accept-language
en-US,en;q=0.9
Referer
http://loan.medcpu.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:38:27 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sun, 19 Nov 2023 14:03:35 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"4904-655a15b7-4f19b8;gz"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IzZ9FFlZDgnjq%2FBTxkaaYtB6LYa6S2xHtYwbuPhMFNMaTBw%2BJHQpQ4ItDdxL53oscpj9cI5YYbb5RgldyL2wXa6ESVnGYyplpfRSihfAh%2F2pP93JqyRvOtzZGZtr2VVbZ80%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/x-javascript
cache-control
public, max-age=31536000
cf-ray
839ad33dbf2a7fa6-IAD
alt-svc
h3=":443"; ma=86400
expires
Fri, 29 Dec 2023 19:38:26 GMT
reactive_library_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/ 		160 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/reactive_library_fy2021.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.81.226 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f2.1e100.net
Software
cafe /
Resource Hash
94ba7a5dc1b9ef7f00ff51157a06e9c75f52da9bdf04d114c3263c3f98bcc367
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
http://loan.medcpu.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:38:27 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
55995
x-xss-protection
0
server
cafe
etag
15090547293979274280
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Fri, 22 Dec 2023 19:38:27 GMT
ca-pub-6521635981818320
fundingchoicesmessages.google.com/i/ 		182 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/i/ca-pub-6521635981818320?ers=2
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.41.14 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f14.1e100.net
Software
ESF /
Resource Hash
4eb52bccc5133cd3053ced1c819ede085a00f2ee3f983ff6b7f6147543ef6ab0
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-ZQi05ZG8fWqXkrNqflT-hg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
http://loan.medcpu.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:38:27 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-ZQi05ZG8fWqXkrNqflT-hg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/ Frame 4032 		9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://loan.medcpu.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

age
56230
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4130
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 22 Dec 2023 04:01:17 GMT
etag
5585625838579639069
expires
Fri, 05 Jan 2024 04:01:17 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/ Frame 68E9 		9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://loan.medcpu.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

age
56230
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4130
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 22 Dec 2023 04:01:17 GMT
etag
5585625838579639069
expires
Fri, 05 Jan 2024 04:01:17 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
AGSKWxVHv3yeTGsVZvkjheiTL0eyvpA8zlDYgNH2gx3wNIrijUjZJw7IghCqRg1Aj2jU0-3feN0gCkLvu-xPcueszzf4ZEkgsYpyqUhmLrT2QqV_3Xq-TiLDBGH84SkKA5pgCrL4uSIbEw==
fundingchoicesmessages.google.com/f/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxVHv3yeTGsVZvkjheiTL0eyvpA8zlDYgNH2gx3wNIrijUjZJw7IghCqRg1Aj2jU0-3feN0gCkLvu-xPcueszzf4ZEkgsYpyqUhmLrT2QqV_3Xq-TiLDBGH84SkKA5pgCrL4uSIbEw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzAzMjczOTA3LDI2NzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cDovL2xvYW4ubWVkY3B1LmNvbS8iLG51bGwsW1s4LCJVdkZCUVIzNFM1VSJdLFs5LCJlbi1VUyJdLFsxOCwiW1tbMF1dXSJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.UvFBQR34S5U.es5.O/am=wA/d=1/rs=AJlcJMxTgAzZgX7fv5x3yC2FM5A7d8L4hw/m=kernel_loader,loader_js_executable
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.41.14 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f14.1e100.net
Software
ESF /
Resource Hash
e7b23855c579adaac823a6d774426389c129197890227c7e0abd8b68c1bb24e0
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-1xhYOe8Nj3CfQ6e6CoF_Qw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
http://loan.medcpu.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:38:27 GMT
content-security-policy
script-src 'report-sample' 'nonce-1xhYOe8Nj3CfQ6e6CoF_Qw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
css2
fonts.googleapis.com/ Frame 4032 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.176.202 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s37-in-f10.1e100.net
Software
ESF /
Resource Hash
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 22 Dec 2023 19:38:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 22 Dec 2023 19:23:04 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 22 Dec 2023 19:38:27 GMT
fullscreen_api_adapter_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/ Frame 4032 		16 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/fullscreen_api_adapter_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.81.225 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f1.1e100.net
Software
cafe /
Resource Hash
41b43f64c3e5d7f9eca80634429adb1b8e0a1c5e1fe67ad71ec651a991ebfe68
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 12:15:45 GMT
content-encoding
br
x-content-type-options
nosniff
age
26562
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6766
x-xss-protection
0
server
cafe
etag
14924840246271906451
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 05 Jan 2024 12:15:45 GMT
interstitial_ad_frame_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/ Frame 4032 		22 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/interstitial_ad_frame_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.81.225 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f1.1e100.net
Software
cafe /
Resource Hash
db2bdaad0dc9232fadb3de900bf039a0f356521698f213df1edf601e02a5870d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 07:20:59 GMT
content-encoding
br
x-content-type-options
nosniff
age
44248
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9210
x-xss-protection
0
server
cafe
etag
13914886398874665762
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 05 Jan 2024 07:20:59 GMT
index-24b8d61d.js
cdn.bidbrain.app/ng-assets/creative/assets/ Frame 68E9 		105 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.bidbrain.app/ng-assets/creative/assets/index-24b8d61d.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.101.29 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
df2a945799d19ea82c421f3fbbb555f48c6cf84874519bbe3f3baaf643913779

Request headers

Referer
https://googleads.g.doubleclick.net/
Origin
https://googleads.g.doubleclick.net
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:38:27 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1147
x-guploader-uploadid
ABPtcPo2crNpsVHhmIjXxADMPHOD8nt5k0qTww5Z7APQQWz6emguzG2esfvWIJddsRRf3Ohvx2orhDxO8ivT_LSFlRctTA
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 21 Dec 2023 14:14:45 GMT
server
cloudflare
etag
W/"207f1b2513d364136f0f5c57fa0560a6"
vary
Accept-Encoding
x-goog-hash
crc32c=gU9maA==, md5=IH8bJRPTZBNvD1xX+gVgpg==
x-goog-generation
1703168085787720
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=14400
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hAISjd%2Fe5eTh7LSFhGOvQzALiH8UObAavuIu5kw%2BkB5oNDMTdwJdj1EeNmbVdgETF6ZKNUu0fUO9KrafzIA5mYAWwKpo809Zo3PBNCS05VjbWFk6CJ61CM5BFdUpg1BEVi8p"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length
107547
cf-ray
839ad3411855c445-EWR
expires
Fri, 22 Dec 2023 20:00:26 GMT
index-af5b3122.css
cdn.bidbrain.app/ng-assets/creative/assets/ Frame 68E9 		13 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.bidbrain.app/ng-assets/creative/assets/index-af5b3122.css
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.101.29 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
af5b3122532645b03bf84f88ca6c239a9ca9ddd18f20835a080d87f910bd2a87

Request headers

accept-language
en-US,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:38:27 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2237
x-guploader-uploadid
ABPtcPpLlnUzq3eWG3vr8xiuyYDQOKpLKdj9lLQEUx50c-PAY_1ml6wJIdqheP1QN0Zdyp1xxWWTBwMMvcU9lRt-iF9mzw
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 11 Dec 2023 09:35:44 GMT
server
cloudflare
etag
W/"e698b92f41bf324999730858bf1a8adb"
vary
Accept-Encoding
x-goog-hash
crc32c=jBuSJw==, md5=5pi5L0G/MkmZcwhYvxqK2w==
x-goog-generation
1701355216717373
content-type
text/css
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public, max-age=14400
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zYUP3tCeGDvWveTez3PMVFvUtvAXJ4bTrJpk28DxYkL2dE%2FIq5mGv%2FtBXKxBiLrj5%2FwvBPj6vKFgc%2BWxAvP8lGpeOC67ZKLBk0IV0lhoR8%2FbfyYHP7GcymZjteN2hNeJQaTY"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length
12801
cf-ray
839ad3411e948c7e-EWR
expires
Fri, 22 Dec 2023 19:59:42 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 68E9 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.81.225 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f1.1e100.net
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 22:08:43 GMT
content-encoding
br
x-content-type-options
nosniff
age
77384
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 04 Jan 2024 22:08:43 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 68E9 		20 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.81.225 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f1.1e100.net
Software
cafe /
Resource Hash
8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 22:08:44 GMT
content-encoding
br
x-content-type-options
nosniff
age
77383
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8571
x-xss-protection
0
server
cafe
etag
5853369240893788875
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 04 Jan 2024 22:08:44 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame 68E9 		203 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.35.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s78-in-f2.1e100.net
Software
sffe /
Resource Hash
566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:38:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65731
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1702472459035717"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 22 Dec 2023 19:38:27 GMT
AGSKWxXgFvW7jqsPN17QNbS0XDkw1yigOon1-XzVHkCR0BAHxTG0wrVayac_yqs6qhUw5PhR4kACG-PNzv-jROep5ZbeUwMZEcqOtzPcQgCKiYXaByYLBtiNXUkGyCi7uQMXfW2uiWFOYw==
fundingchoicesmessages.google.com/f/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxXgFvW7jqsPN17QNbS0XDkw1yigOon1-XzVHkCR0BAHxTG0wrVayac_yqs6qhUw5PhR4kACG-PNzv-jROep5ZbeUwMZEcqOtzPcQgCKiYXaByYLBtiNXUkGyCi7uQMXfW2uiWFOYw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzAzMjczOTA3LDMyNzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVuIl0sImh0dHA6Ly9sb2FuLm1lZGNwdS5jb20vIixudWxsLFtbOCwiVXZGQlFSMzRTNVUiXSxbOSwiZW4tVVMiXSxbMTgsIltbWzBdXV0iXSxbMTksIjIiXSxbMTcsIlswXSJdXV0
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.UvFBQR34S5U.es5.O/am=wA/d=1/rs=AJlcJMxTgAzZgX7fv5x3yC2FM5A7d8L4hw/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.14 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f14.1e100.net
Software
ESF /
Resource Hash
489d4a0fe1f8ab1563f5b727d22895f23d4ad8484a955a67b6bff2102045eeed
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-DzlrahRr6Rgruop18GDyXQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
http://loan.medcpu.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:38:27 GMT
content-security-policy
script-src 'report-sample' 'nonce-DzlrahRr6Rgruop18GDyXQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
index-24b8d61d.js
cdn.algbid.app/ng-assets/creative/assets/ Frame C6C2 		105 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.algbid.app/ng-assets/creative/assets/index-24b8d61d.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.7.108 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
df2a945799d19ea82c421f3fbbb555f48c6cf84874519bbe3f3baaf643913779

Request headers

Referer
https://googleads.g.doubleclick.net/
Origin
https://googleads.g.doubleclick.net
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:38:27 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1136
x-guploader-uploadid
ABPtcPp5ynoH0LiC49dUKdBaB3OgZTCtZ1P9LrgOos_TncuTHLZCggsbV466X_i05C26lFs9mwvOE7sgFIxvYIJLeyp5WaV0BSqR
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
last-modified
Thu, 21 Dec 2023 14:14:45 GMT
server
cloudflare
etag
W/"207f1b2513d364136f0f5c57fa0560a6"
vary
Accept-Encoding
x-goog-hash
crc32c=gU9maA==, md5=IH8bJRPTZBNvD1xX+gVgpg==
x-goog-generation
1703168085787720
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=14400
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gkZjQKGb3IiApm9TwSGgY5SdGOpRpLM637KGGqLXEmh1eO3sp%2BoD8Oz2ZBRpRQgrL77vvxsAHphXkLn6cy1EyegtEwU4Lj1l%2FEjFMf%2FOdV63uizr%2Fv5gl6BeypHeP2Zy"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length
107547
cf-ray
839ad34189c95796-IAD
expires
Fri, 22 Dec 2023 20:19:17 GMT
index-af5b3122.css
cdn.algbid.app/ng-assets/creative/assets/ Frame C6C2 		13 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.algbid.app/ng-assets/creative/assets/index-af5b3122.css
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.7.108 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
af5b3122532645b03bf84f88ca6c239a9ca9ddd18f20835a080d87f910bd2a87

Request headers

accept-language
en-US,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:38:27 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2467
x-guploader-uploadid
ABPtcPpQkzMUvXKcK-HUOLsOTsHiHCtzdXWgKbiK2Rv1QTFT7RSiBGIPVoVTi6UHVMJqcsa6H1M-sITzLwYF1GpEnJg6dht5NNVb
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
last-modified
Mon, 11 Dec 2023 09:35:44 GMT
server
cloudflare
etag
W/"e698b92f41bf324999730858bf1a8adb"
vary
Accept-Encoding
x-goog-hash
crc32c=jBuSJw==, md5=5pi5L0G/MkmZcwhYvxqK2w==
x-goog-generation
1701958560303205
content-type
text/css
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public, max-age=14400
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FzCrUjVnOQKpycpYZt7A8g8wtJLPNuaqBKfFE4yKoiC7fXvqG3WL14MFkodOXNeY9vshzB%2F97pgO01davf32FqpCfor%2BaZzV25Y8DzyzBfRK50xVUmTFaOBvONs6LnhG"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length
12801
cf-ray
839ad34189eb0837-IAD
expires
Fri, 22 Dec 2023 19:00:27 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame C6C2 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.81.225 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f1.1e100.net
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 22:08:43 GMT
content-encoding
br
x-content-type-options
nosniff
age
77384
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 04 Jan 2024 22:08:43 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame C6C2 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.81.225 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f1.1e100.net
Software
cafe /
Resource Hash
8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 22:08:44 GMT
content-encoding
br
x-content-type-options
nosniff
age
77383
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8571
x-xss-protection
0
server
cafe
etag
5853369240893788875
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 04 Jan 2024 22:08:44 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame C6C2 		203 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.35.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s78-in-f2.1e100.net
Software
sffe /
Resource Hash
566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:38:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65731
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1702472459035717"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 22 Dec 2023 19:38:27 GMT
truncated
/ Frame 68E9 		220 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ea0cb288c959390e9693c90c95f54ad15e3b8a321303dc9f09af9959a449820f

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type
image/png
adview
googleads.g.doubleclick.net/pagead/ Frame 68E9 		0
23 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CUgalsuWFZbSQFc214_UP6smciA-Lv4iuZvG66fX_DsCNtwEQASAAYMmumY3spIAQggEXY2EtcHViLTY1MjE2MzU5ODE4MTgzMjDIAQmoAwHIAwKqBNsBT9CJXc7GC-AsaXRIn3XP8KDXPUBg4p88J4NeZk78cC9CQcgR5El0QFByIabWO_be_O4_MCFaul60GgcjPGeFeZKsH7hGsjETd2SS0Q-AFR1rDfX4Mlye-mKq2IV3EaYEOs5_4H5dAcMnzVHpJHMYVT2WUy-GHUuCDW4GmhSV9Z9oSyddgBmposTOOTgSCU3dnWV4SwqP_963CEvq9zKLOrLLTqifkTY-uKbbILMIKdcoyLdFis3xWJMZU7uA8BGB3ugy3pu8W0PsPZqiz5V6LhfTNw3Xoz-kNikjgAb4g4Gz1viZ1IcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiAYRABMgKKAjoEgECAQEi9_cE6WNynkOHlo4MDgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTY1MjE2MzU5ODE4MTgzMjAYAA&sigh=yBfzKWvnc10&uach_m=%5BUACH%5D&cid=CAQSTgAvHhf_GQ36exltpYp5NKF_QWFiAcXnqadCrbCtKlY-IbA-LYDlU6Z8MjX7GQNwhnCV4SZm07quqON4HACq4Dkiq8uyo1h5bTwR4Gw7EBgB&cbvp=2&vis=1
Requested by
Host: loan.medcpu.com
URL: http://loan.medcpu.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Fri, 22 Dec 2023 19:38:27 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 22 Dec 2023 19:38:27 GMT
rtimp
g.bidbrain.app/ Frame 68E9 		0
926 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://g.bidbrain.app/rtimp?sid=ad087588-a101-11ee-9ed9-32b4b09b97d4&d=loan.medcpu.com&cr=ext_ng_start_fires7&a=imp&p=ZYXlsgAFSDQIuNrNAAck6pkYccpt6kYsmDMz3w&im=GT5KxkKMREUbLG8EhGe7ILEjOdIkQb5YOjr1X0gr0Aaqn_DTG-yjURuCeCXV_-HciPtZYliKADHCsTUaYueAQYr6hdLVpMhxLY4rCFzM5QdPPU5w2P7enyC9GFZTFYj-j-FbZTi-0TGWDekWMW40nK1Jr0-YY4DnDGqusX_Lp8_QHc_rsvmAAeYfexmwqklBns4UhC9AvBH_DSJcOCBIZgQFuZITYVJUOGVqTDnYwZI3H8uVC-lw8jF2WZ6MpqDwX9E4C04qj0xXv3CAkGYMrJtPehPHc7cLQwxBdgswB0EZ_u0f_mB1VnzIPS1FYAPx&cbvp=2
Requested by
Host: loan.medcpu.com
URL: http://loan.medcpu.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.101.29 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:38:27 GMT
via
1.1 google
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
0
pragma
no-cache
server
cloudflare
access-control-allow-methods
GET,HEAD,OPTIONS,POST,PUT
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DGb92UO%2F8a50teCZb41xjTsER%2BXrYbaDu%2BqJ1nD1TzGiu1d7%2F1Wyg7Cik75UKAgsf0%2FniBS%2F2QpfOc%2FXqX1HPtN8yg03erifVLhfP6U1%2FPwBMjXNYrhrfpmBOFYL35Tbsg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cf-ray
839ad3424fcc8c7e-EWR
access-control-allow-headers
Access-Control-Allow-Headers, Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, X-Forwarded-For, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Configs-Guid, X-Service-Auth, X-Client-Version
expires
0
RobotoRegular.woff2
cdn.bidbrain.app/compressedFonts/ Frame 68E9 		60 KB
61 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.bidbrain.app/compressedFonts/RobotoRegular.woff2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.101.29 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
02f1dcc0c722e24cba9be4b720831a79489e766d5edf8b77f582e0869312d86e

Request headers

Referer
https://googleads.g.doubleclick.net/
Origin
https://googleads.g.doubleclick.net
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:38:27 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2374
x-guploader-uploadid
ABPtcPowellt02fCpS0WWv4-9RtxzTuHBKrNmTc5kOwvgepDCI8hMBlYPSGwERKDVtuIC6PHK18OcVHAKf4CICraz8_-W9at_uM6
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400
content-length
61736
last-modified
Wed, 29 Nov 2023 10:07:40 GMT
server
cloudflare
etag
"ede84d96808c486e3de74cbd8f2a2c80"
vary
Accept-Encoding
x-goog-generation
1701252459996546
content-type
application/octet-stream
access-control-allow-origin
*
x-goog-hash
crc32c=fte1vA==, md5=7ehNloCMSG4950y9jyosgA==
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=14400
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B3TyLTbaw5%2FVkvu%2FTatPJlJhDi7u3QtFJ7S9Nz3RmJAx6BQP7yfaGPcH6mljDDM7AoAcKGSpAqOCZO2MM24IDMjtMayoZQCzB%2BbS5FGvq5aKwsgR1Nn8AzbPTL%2FODHZogrxw"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length
61736
accept-ranges
bytes
cf-ray
839ad34259f7c445-EWR
expires
Fri, 22 Dec 2023 19:51:37 GMT
RobotoBold.woff2
cdn.bidbrain.app/compressedFonts/ Frame 68E9 		60 KB
61 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.bidbrain.app/compressedFonts/RobotoBold.woff2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.101.29 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
61c412fbdbbf1417355373a80125c8cf7e5cbaab4218bae0316fe6ef917bf798

Request headers

Referer
https://googleads.g.doubleclick.net/
Origin
https://googleads.g.doubleclick.net
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:38:27 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2375
x-guploader-uploadid
ABPtcPp0jfARjUPF2FOJE0kYghbmMCN_hKyau5iAFoEBwhg_ISMJu2ad9fa6Z7dLDZkIzrwkhUpdturf40ghieU81T_e9gFeNTCO
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400
content-length
61628
last-modified
Wed, 29 Nov 2023 10:09:00 GMT
server
cloudflare
etag
"1033a47731e45f7bd46a1962359e96b4"
vary
Accept-Encoding
x-goog-generation
1701252540208192
content-type
application/octet-stream
access-control-allow-origin
*
x-goog-hash
crc32c=8QCKtg==, md5=EDOkdzHkX3vUahliNZ6WtA==
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=14400
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tdghSPGd7zLrBzebANF5mEnrQ5TUK0WqIdGlG1dAvNj%2BLHzuhFK5N2I8xEoMNEpZKBXbumMxiAX%2Bzxc9j8nqZTbvAgx7zx3gGnQVZ1HYt4tubdLWtv%2FuMmbVX0JIwBtXQT0d"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length
61628
accept-ranges
bytes
cf-ray
839ad34259f8c445-EWR
expires
Fri, 22 Dec 2023 19:29:58 GMT
sodar
pagead2.googlesyndication.com/getconfig/ 		16 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231207&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.81.226 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f2.1e100.net
Software
cafe /
Resource Hash
09bbce6c13a2afdf30799dd4caaeda15854e768c6ffaea3c4e58830c7ae4947c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
http://loan.medcpu.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:38:27 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12186
x-xss-protection
0
rtimp
g.bidbrain.app/ Frame 68E9 		0
283 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://g.bidbrain.app/rtimp
Requested by
Host: cdn.bidbrain.app
URL: https://cdn.bidbrain.app/ng-assets/creative/assets/index-24b8d61d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.101.29 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://googleads.g.doubleclick.net/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 22 Dec 2023 19:38:27 GMT
via
1.1 google
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
0
pragma
no-cache
server
cloudflare
access-control-allow-methods
GET,HEAD,OPTIONS,POST,PUT
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=STW0jVb16YGfUa5R1LKijC6UIu9EohExazxNOrHyRb7pIjyS%2BPi3wLUfLhkQteuZU1M%2F07qjKJL2hzTaU0zieflsvz16%2BAuADPWUwMDDyyvwYhZMOqNzCuTBlNHFUr0WNA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://googleads.g.doubleclick.net
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cf-ray
839ad342d8778c7e-EWR
access-control-allow-headers
Access-Control-Allow-Headers, Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, X-Forwarded-For, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Configs-Guid, X-Service-Auth, X-Client-Version
expires
0
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.81.225 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f1.1e100.net
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
http://loan.medcpu.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:38:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 22 Dec 2023 19:38:27 GMT
SecularOne-Regular.woff2
cdn.algbid.app/compressedFonts/ Frame C6C2 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.algbid.app/compressedFonts/SecularOne-Regular.woff2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.7.108 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0dc7dce977f59400faff7e273b7a8d692c65151f0bf48fcd1b22dcf2a82ad47e

Request headers

Referer
https://googleads.g.doubleclick.net/
Origin
https://googleads.g.doubleclick.net
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:38:27 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1174
x-guploader-uploadid
ABPtcPpPF7510M1yRpuKhJdBtTpSMdbqdP9OtWiCoSTI0qVP9iWdgFbFJrzwya3Rmp1eeulnHrT-HQKirKPQVCmvBfwyVA
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-length
10940
last-modified
Wed, 29 Nov 2023 09:57:53 GMT
server
cloudflare
etag
"d8e1da2cfc1b90675464b327065f29c7"
vary
Accept-Encoding
x-goog-generation
1701251873117491
content-type
application/octet-stream
access-control-allow-origin
*
x-goog-hash
crc32c=Qk9Bcw==, md5=2OHaLPwbkGdUZLMnBl8pxw==
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=14400
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XlVue5cdxP23fpN8u2%2F46RhBurLNQ4eSQGRm6qofmxEPJ1dSFq1xAjwsVvLHty1vdnOAKGnM2SvHHwMSO6hO6JjzeUTaHJXrFdCI6m5OK7wSsCCir2fGuc7vjsth%2FtGk"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length
10940
accept-ranges
bytes
cf-ray
839ad3435abc5796-IAD
expires
Fri, 22 Dec 2023 20:12:59 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 03E7 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.81.225 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f1.1e100.net
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://loan.medcpu.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
age
84674
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 21 Dec 2023 20:07:13 GMT
expires
Fri, 20 Dec 2024 20:07:13 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame CF48 		829 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.80.36 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f4.1e100.net
Software
GSE /
Resource Hash
858ffe039dcae8035353b9ed3a4e3cf890fcaf349be70d94ef8a5838f7391f2a
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-4g53nQEHq62W89R0T7uOpA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://loan.medcpu.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-4g53nQEHq62W89R0T7uOpA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Fri, 22 Dec 2023 19:38:27 GMT
expires
Fri, 22 Dec 2023 19:38:27 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
pagead2.googlesyndication.com/bg/ Frame 03E7 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.81.226 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f2.1e100.net
Software
sffe /
Resource Hash
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 20:07:14 GMT
content-encoding
br
x-content-type-options
nosniff
age
84673
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15165
x-xss-protection
0
last-modified
Tue, 28 Nov 2023 18:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 20 Dec 2024 20:07:14 GMT
rtimp
g.algbid.app/ Frame C6C2 		0
935 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://g.algbid.app/rtimp
Requested by
Host: cdn.algbid.app
URL: https://cdn.algbid.app/ng-assets/creative/assets/index-24b8d61d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.7.108 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://googleads.g.doubleclick.net/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Fri, 22 Dec 2023 19:38:27 GMT
via
1.1 google
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
access-control-allow-methods
GET,HEAD,OPTIONS,POST,PUT
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ejDGsrLOj0jOKSPBkVb7AyKkRX64ALul6gzuqr4HfA%2FODsM8SCYYwRsHO2y848ueOGPr8SmR9wiNqx06IMt4dLhxJATw3xjBIcMqUILVr1yHeC5IBQhpHta5852HjA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://googleads.g.doubleclick.net
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cf-ray
839ad3440c9b0837-IAD
access-control-allow-headers
Access-Control-Allow-Headers, Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, X-Forwarded-For, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Configs-Guid, X-Service-Auth, X-Client-Version
content-length
0
expires
0
sodar
pagead2.googlesyndication.com/pagead/ Frame CF48 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231207&jk=679867185556184&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.81.226 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers
generate_204
tpc.googlesyndication.com/ Frame 03E7 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?dljw1Q
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.81.225 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f1.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:38:27 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
rtimp
g.bidbrain.app/ Frame 68E9 		0
807 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://g.bidbrain.app/rtimp
Requested by
Host: cdn.bidbrain.app
URL: https://cdn.bidbrain.app/ng-assets/creative/assets/index-24b8d61d.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.100.29 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://googleads.g.doubleclick.net/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 22 Dec 2023 19:38:28 GMT
via
1.1 google
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
0
pragma
no-cache
server
cloudflare
access-control-allow-methods
GET,HEAD,OPTIONS,POST,PUT
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NdD5jxGacHXyk7IDHGdYr8%2F3Nkg5iZBc8onkI3eaFis4%2BFDYO6g5Ae6%2FBV7%2Bvyu5H31C%2Fgs9LRX7BKFbk%2B9fLakYeDvWhE87lJ%2Bj3WyyVSQt9Gw9yeWSMPwWUJQXHBRLrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://googleads.g.doubleclick.net
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cf-ray
839ad3465eb5c475-EWR
access-control-allow-headers
Access-Control-Allow-Headers, Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, X-Forwarded-For, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Configs-Guid, X-Service-Auth, X-Client-Version
expires
0
rtimp
g.algbid.app/ Frame C6C2 		0
278 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://g.algbid.app/rtimp
Requested by
Host: cdn.algbid.app
URL: https://cdn.algbid.app/ng-assets/creative/assets/index-24b8d61d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.7.108 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://googleads.g.doubleclick.net/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Fri, 22 Dec 2023 19:38:28 GMT
via
1.1 google
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
access-control-allow-methods
GET,HEAD,OPTIONS,POST,PUT
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6eVya9s8LhHYcs03Zh5SDwgTqRlsNM9Jonwf8HKCZOHks2QIGWkc%2FKypRgh0%2Fqwo%2BKxKXBTEMBR7pVZ4UzbK8TexhbMiHjzTyTwJuT908D2zO6clQgE%2F27harDE5%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://googleads.g.doubleclick.net
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cf-ray
839ad3465f410837-IAD
access-control-allow-headers
Access-Control-Allow-Headers, Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, X-Forwarded-For, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Configs-Guid, X-Service-Auth, X-Client-Version
content-length
0
expires
0
px.gif
fundingchoicesmessages.google.com/img/ 		43 B
68 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fundingchoicesmessages.google.com/img/px.gif?ch=1&rn=1.471473598413212
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.14 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f14.1e100.net
Software
ESF /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport, script-src 'report-sample' 'nonce-iJAB733SeR-vVUpqkrqsbg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
http://loan.medcpu.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:38:28 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport, script-src 'report-sample' 'nonce-iJAB733SeR-vVUpqkrqsbg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
image/gif
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Mon, 01 Jan 1990 00:00:00 GMT
px.gif
fundingchoicesmessages.google.com/img/ 		43 B
68 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fundingchoicesmessages.google.com/img/px.gif?ch=2&rn=9.681124943127744
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.14 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f14.1e100.net
Software
ESF /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport, script-src 'report-sample' 'nonce-iPxFjTf5blhHypY2kghh6Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
http://loan.medcpu.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:38:28 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport, script-src 'report-sample' 'nonce-iPxFjTf5blhHypY2kghh6Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
image/gif
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxUMwwj8bHXGPkjTz7WQSlm09oRpkPxJMJBRyMSvkwdEsIszJ5M8cxTuMX3rXNU0sPQJGrqirq0VWv0sJIUUpqcO5lVrBEcVYM8idaWV8W1Y4ig_JlrJZn7YMMAWH3rxXXX73Zz7GQ==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxUMwwj8bHXGPkjTz7WQSlm09oRpkPxJMJBRyMSvkwdEsIszJ5M8cxTuMX3rXNU0sPQJGrqirq0VWv0sJIUUpqcO5lVrBEcVYM8idaWV8W1Y4ig_JlrJZn7YMMAWH3rxXXX73Zz7GQ==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.UvFBQR34S5U.es5.O/am=wA/d=1/rs=AJlcJMxTgAzZgX7fv5x3yC2FM5A7d8L4hw/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.14 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-4QTMS1P46KMkUZUL5e8vBQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
http://loan.medcpu.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 22 Dec 2023 19:38:28 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-4QTMS1P46KMkUZUL5e8vBQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
http://loan.medcpu.com
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231207&jk=679867185556184&bg=!KCulK2TNAAY3kmNgF5I7ADQBe5WfOPFnmNTSOJ4yIdIoLrLicOUynFvRSLqDZ1x4QWtsih7D5VyzNE648Q5n1F0gUxtBAgAAAM5SAAAABGgBB5kC7kXtvGvTo_nCnYRvAHyPLherz-22x_6sPDdfQNuttJx8gxqh1e31Svms-VUPV_PHNo_KRYRIQY6WpExqfNaCEAvZuGbCDexBRPtnEYgO5Ptu0ImvNgtM8Twwtj2n8kd65D8dxwGZIxCnxE2udwvPr2-Otcy_IIEL7PaAbebYP20VqxPp1W3AWIO1VGneDNRM4GGiEhcDkT12cz7u5FcJxQp1DKJtx6KQDHnFetTZUoDGKXuEs9woyWMNk5TV3lQig7yOiHo5bc30378pPSIl8OBW1jo21veJVs9XUVVyvR4bFz9PV6wb5CPhUMOBBaogypmms2Fi22fQCFyJAoFAQnGV_-HkMZz4XlFrGHJQgkzlJl7AsqPpFOMB8kaemX05aaJKJkZWlfzTfngc2o3uz72jRlCOtO7DI9u4dKx2ccdCObJcFXZyyPhjzajoO29Bd2mnXk0vGzvxvJzJVUdxxziNk8Z2GYp8su-LbLjHm3nrGKFtu9ZlZaaJGrMrbtlxDcWUJYjRcmgt5TOqBxJ692PFC_jrR4Lj3zpatIlp6bQhELl2bpcB_uEqGcQDnGPuLuePO8M0jXcYL9c05IXcfVPcOv4fQgZIqdMIue63QUM4OmJf5oXzvPtkZOtl64JHZiIys_LjBRHP6wt5mNJjvzgBavHp-eBDCxler2uw8Zzzmy4Y67-8Ym4qTaOLo9kcfXibut5xcmxc74ZjkJgPBki_PTCAoshL5u5buPPOaKaE_tnuhPqhYKSV2UStY5gkDX55RLFP_q_1OQrWux8g_sC6UhWI77AHuFWfvDW5X4Jzc_zprrP7MNotDO6s7fbyahwZMgk_XKNg037haIwuWFAJUq1e34l5YVVWkiywa2TQCyutohOO_ZPjcWEMqfk_wU-XyXVIS3Vt3HMFJnbIM2URQft8SHFEgZIM5OaYz8GQzz2iTVTyFE-g9oHOp9I1ZGc77FUcVUcXWvOheqwlnuzPeMu-MSvyWWLS_gbItA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.81.226 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
http://loan.medcpu.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers
teamplayer-ads.
fundingchoicesmessages.google.com/f/AGSKWxUmUhgOni9L2-dhdFFuWAdlZ07eoy8y_so2cdYs_S2xOb7PG1AfldxVjZ_otohq7k-xzfufl2uoyr4G2Ur61dvJ4uSpFdGxWEJt9DeLUTNmaci5mmNBOIFJOL6rspr8mCR0L53CeIEPizLO17YzvZsbMMj6C... 		54 B
109 B 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxUmUhgOni9L2-dhdFFuWAdlZ07eoy8y_so2cdYs_S2xOb7PG1AfldxVjZ_otohq7k-xzfufl2uoyr4G2Ur61dvJ4uSpFdGxWEJt9DeLUTNmaci5mmNBOIFJOL6rspr8mCR0L53CeIEPizLO17YzvZsbMMj6C2fxbVasmImb_sg6q69m-xfhANHajV27/_/advertisementmapping.-ads-530x85./iqadcontroller..info/ads-/teamplayer-ads.
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.UvFBQR34S5U.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMz3yAw6EdmQsjd3aj68pMJW_AFq6g/m=ad_blocking_detection_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.14 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f14.1e100.net
Software
ESF /
Resource Hash
2eb11b0dea558c115ea1324a99bac9781f8261037a6833bf5e43e29c082890d3
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-K_02Q2dJuKxDUF8Ov_rL3g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
http://loan.medcpu.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:38:29 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-K_02Q2dJuKxDUF8Ov_rL3g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Mon, 01 Jan 1990 00:00:00 GMT
google_top_exp.js
pagead2.googlesyndication.com/pagead/js/ 		47 B
67 B 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/google_top_exp.js?fcd=true
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.UvFBQR34S5U.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMz3yAw6EdmQsjd3aj68pMJW_AFq6g/m=ad_blocking_detection_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.81.226 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f2.1e100.net
Software
cafe /
Resource Hash
ccecd185ac16ba0a538840f37701053fbb861f7fbbdd86039c7415fcd924d1f2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
http://loan.medcpu.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 22:35:48 GMT
content-encoding
br
x-content-type-options
nosniff
age
75761
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
server
cafe
etag
13036835877489095579
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 04 Jan 2024 22:35:48 GMT
AGSKWxUMwwj8bHXGPkjTz7WQSlm09oRpkPxJMJBRyMSvkwdEsIszJ5M8cxTuMX3rXNU0sPQJGrqirq0VWv0sJIUUpqcO5lVrBEcVYM8idaWV8W1Y4ig_JlrJZn7YMMAWH3rxXXX73Zz7GQ==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxUMwwj8bHXGPkjTz7WQSlm09oRpkPxJMJBRyMSvkwdEsIszJ5M8cxTuMX3rXNU0sPQJGrqirq0VWv0sJIUUpqcO5lVrBEcVYM8idaWV8W1Y4ig_JlrJZn7YMMAWH3rxXXX73Zz7GQ==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.UvFBQR34S5U.es5.O/am=wA/d=1/rs=AJlcJMxTgAzZgX7fv5x3yC2FM5A7d8L4hw/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.14 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-7JOadb9O-ejPhUrjSPuing' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
http://loan.medcpu.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 22 Dec 2023 19:38:29 GMT
content-security-policy
script-src 'report-sample' 'nonce-7JOadb9O-ejPhUrjSPuing' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
http://loan.medcpu.com
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxUMwwj8bHXGPkjTz7WQSlm09oRpkPxJMJBRyMSvkwdEsIszJ5M8cxTuMX3rXNU0sPQJGrqirq0VWv0sJIUUpqcO5lVrBEcVYM8idaWV8W1Y4ig_JlrJZn7YMMAWH3rxXXX73Zz7GQ==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxUMwwj8bHXGPkjTz7WQSlm09oRpkPxJMJBRyMSvkwdEsIszJ5M8cxTuMX3rXNU0sPQJGrqirq0VWv0sJIUUpqcO5lVrBEcVYM8idaWV8W1Y4ig_JlrJZn7YMMAWH3rxXXX73Zz7GQ==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.UvFBQR34S5U.es5.O/am=wA/d=1/rs=AJlcJMxTgAzZgX7fv5x3yC2FM5A7d8L4hw/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.14 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-YOECNn1uBHPp6Y0JkxoX6w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
http://loan.medcpu.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 22 Dec 2023 19:38:29 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-YOECNn1uBHPp6Y0JkxoX6w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
http://loan.medcpu.com
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 68E9 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssnbuCV4OIvM-qC6gglxoKa7aVhjPOxewls9bK7pjeXKN4Tc3HrTLgV328V2KLZ3Pt4qbab-ST-OTb7P3Wl02gSelpauigVKptHWkhP4lHTHyimIpVGrhcH&sig=Cg0ArKJSzNy1XUAHC32VEAE&id=lidar2&mcvt=1000&p=0,0,124,1005&mtos=0,465,1000,1000,1000&tos=0,465,535,0,0&v=20231213&bin=7&avms=nio&bs=0,0&mc=0.98&if=1&vu=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&vs=4&r=v&rst=1703273907246&rpt=290&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.81.226 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 22 Dec 2023 19:38:29 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
AGSKWxUMwwj8bHXGPkjTz7WQSlm09oRpkPxJMJBRyMSvkwdEsIszJ5M8cxTuMX3rXNU0sPQJGrqirq0VWv0sJIUUpqcO5lVrBEcVYM8idaWV8W1Y4ig_JlrJZn7YMMAWH3rxXXX73Zz7GQ==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxUMwwj8bHXGPkjTz7WQSlm09oRpkPxJMJBRyMSvkwdEsIszJ5M8cxTuMX3rXNU0sPQJGrqirq0VWv0sJIUUpqcO5lVrBEcVYM8idaWV8W1Y4ig_JlrJZn7YMMAWH3rxXXX73Zz7GQ==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.UvFBQR34S5U.es5.O/am=wA/d=1/rs=AJlcJMxTgAzZgX7fv5x3yC2FM5A7d8L4hw/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.14 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-tFa742Pr7FXxQHvuuGKsvQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
http://loan.medcpu.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 22 Dec 2023 19:38:29 GMT
content-security-policy
script-src 'report-sample' 'nonce-tFa742Pr7FXxQHvuuGKsvQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
http://loan.medcpu.com
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxUMwwj8bHXGPkjTz7WQSlm09oRpkPxJMJBRyMSvkwdEsIszJ5M8cxTuMX3rXNU0sPQJGrqirq0VWv0sJIUUpqcO5lVrBEcVYM8idaWV8W1Y4ig_JlrJZn7YMMAWH3rxXXX73Zz7GQ==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxUMwwj8bHXGPkjTz7WQSlm09oRpkPxJMJBRyMSvkwdEsIszJ5M8cxTuMX3rXNU0sPQJGrqirq0VWv0sJIUUpqcO5lVrBEcVYM8idaWV8W1Y4ig_JlrJZn7YMMAWH3rxXXX73Zz7GQ==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.UvFBQR34S5U.es5.O/am=wA/d=1/rs=AJlcJMxTgAzZgX7fv5x3yC2FM5A7d8L4hw/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.14 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-zIJmYtsKETbXxQKXOEsmbQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
http://loan.medcpu.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 22 Dec 2023 19:38:29 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-zIJmYtsKETbXxQKXOEsmbQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
access-control-max-age
86400
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type
text/html; charset=utf-8
access-control-allow-origin
http://loan.medcpu.com
access-control-allow-methods
POST, GET, OPTIONS
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxWKEg7Vntkqbd8bOBqFTyH5hkhBYocbEHHjFMqkpkpXyVZsZvATnidax6pc9WhH0xtTWiZNsG0krmg6kFn6qye7RuQQnJ0e3Aa76fwscYiGREnMHTs913r8mcCZ7TveeN5BrrDmjg==
fundingchoicesmessages.google.com/f/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxWKEg7Vntkqbd8bOBqFTyH5hkhBYocbEHHjFMqkpkpXyVZsZvATnidax6pc9WhH0xtTWiZNsG0krmg6kFn6qye7RuQQnJ0e3Aa76fwscYiGREnMHTs913r8mcCZ7TveeN5BrrDmjg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzAzMjczOTA5LDE2NzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cDovL2xvYW4ubWVkY3B1LmNvbS8iLG51bGwsW1s4LCJVdkZCUVIzNFM1VSJdLFs5LCJlbi1VUyJdLFsxOCwiW1tbMF1dXSJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.UvFBQR34S5U.es5.O/am=wA/d=1/rs=AJlcJMxTgAzZgX7fv5x3yC2FM5A7d8L4hw/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.14 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f14.1e100.net
Software
ESF /
Resource Hash
5c9637056715dc37a8793fed526698860181b5e8350bdc94c3391d0e7005151f
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-SmLYkhAzbgUERRobrHnTSw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
http://loan.medcpu.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:38:29 GMT
content-security-policy
script-src 'report-sample' 'nonce-SmLYkhAzbgUERRobrHnTSw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxWUZMAH3fl9wdaRDm3V7ZuSh-G2oU7mZTtBsU8FapSMa84H0EKSl0Aw6oKHEuV6scAYiPLAfhXbBdYgMNMrxX_rHW8Fk3L0kdteHrBciLG6SfAY6LjvGh-WNHvkXVnbe5dA4x_kOw==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxWUZMAH3fl9wdaRDm3V7ZuSh-G2oU7mZTtBsU8FapSMa84H0EKSl0Aw6oKHEuV6scAYiPLAfhXbBdYgMNMrxX_rHW8Fk3L0kdteHrBciLG6SfAY6LjvGh-WNHvkXVnbe5dA4x_kOw==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.UvFBQR34S5U.es5.O/am=wA/d=1/rs=AJlcJMxTgAzZgX7fv5x3yC2FM5A7d8L4hw/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.14 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-6mMggnoap9SyApAJja_2Bg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
http://loan.medcpu.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 22 Dec 2023 19:38:29 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-6mMggnoap9SyApAJja_2Bg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
http://loan.medcpu.com
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxUMwwj8bHXGPkjTz7WQSlm09oRpkPxJMJBRyMSvkwdEsIszJ5M8cxTuMX3rXNU0sPQJGrqirq0VWv0sJIUUpqcO5lVrBEcVYM8idaWV8W1Y4ig_JlrJZn7YMMAWH3rxXXX73Zz7GQ==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxUMwwj8bHXGPkjTz7WQSlm09oRpkPxJMJBRyMSvkwdEsIszJ5M8cxTuMX3rXNU0sPQJGrqirq0VWv0sJIUUpqcO5lVrBEcVYM8idaWV8W1Y4ig_JlrJZn7YMMAWH3rxXXX73Zz7GQ==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.UvFBQR34S5U.es5.O/am=wA/d=1/rs=AJlcJMxTgAzZgX7fv5x3yC2FM5A7d8L4hw/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.14 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-AcBBTY9hCVK3n6xKLgZmlg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
http://loan.medcpu.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 22 Dec 2023 19:38:29 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-AcBBTY9hCVK3n6xKLgZmlg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
http://loan.medcpu.com
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

57 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| _wpemojiSettings object| google_js_reporting_queue number| google_srt object| google_persistent_state_async object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac boolean| google_measure_js_timing object| google_reactive_ads_global_state object| adsbygoogle object| google_sa_queue function| google_process_slots function| google_spfd number| google_unique_id object| google_sv_map number| google_rum_task_id_counter function| google_sa_impl number| google_global_correlator object| google_prev_clients object| gaGlobal object| ampInaboxIframes object| ampInaboxPendingMessages object| kadenceConfig object| kadence object| google_llp object| googlefc boolean| adsbygoogle_ama_fc_has_run object| twemoji object| wp object| default_ContributorServingResponseClientJs object| _F_toggles object| __googlefc string| __fcInvoked string| __fcexpdef string| OTEzMDUzOTc1MjE0NDljY2xvYWRlcl9qcw== string| OTEzMDUzOTc1MjE0NDljY2NhY2hlZF9qcw== object| __fcInternalApiManager boolean| __fcInternalApiPostMessageReady object| __tcfapiEventListeners function| __tcfapi object| __tcfapiManager boolean| __tcfapiPostMessageReady object| googletag object| GoogleGcLKhOms object| google_image_requests boolean| google_empty_script_included boolean| 9b7018ed-d723-424b-a4c5-0758de996c1b

8 Cookies

Domain/Path Name / Value
.medcpu.com/ Name: __gads
Value: ID=4ec17d618d81210c:T=1703273906:RT=1703273906:S=ALNI_MbXL4qIEHbHKE2lVlOxNN2ckip5ug
.medcpu.com/ Name: __gpi
Value: UID=00000dac56a093b4:T=1703273906:RT=1703273906:S=ALNI_MYHQkX0h0pxNcuXf12WFMDbBZNPqQ
.doubleclick.net/ Name: IDE
Value: AHWqTUnpxM1YrXzcZts__tX1q1XPQ50F1WGyNmhvil8BQPqfhQHLYasWHCtEv7vmyaw
.bidbrain.app/ Name: uid_cross
Value: adacee24-a101-11ee-9c4f-ee61c2fb73f1
.bidbrain.app/ Name: sid_cross
Value: ad087588-a101-11ee-9ed9-32b4b09b97d4
.algbid.app/ Name: uid_cross
Value: add87abc-a101-11ee-8d5e-8ec0c89644b9
.algbid.app/ Name: sid_cross
Value: ad0bf1a5-a101-11ee-9532-eeef01861fc5
.medcpu.com/ Name: FCNEC
Value: %5B%5B%22AKsRol-FgXSSqrrceHR7jIAWaOFTUCCfOOl-L9x7KuQg1yZfgKxB2gvDM0pHpJvhy3ti6MN-aprTdcMyddnEasZefQNRmPp2FnSfk5AXKq_D2x2t1CX1DNlRpBEJ-cbJxpkkcMM__pD1ppz-KDPAQI-wM2r-IRiK-A%3D%3D%22%5D%5D

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.algbid.app
cdn.bidbrain.app
fonts.googleapis.com
fundingchoicesmessages.google.com
g.algbid.app
g.bidbrain.app
googleads.g.doubleclick.net
loan.medcpu.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
www.google.com
www.googletagservices.com
104.21.28.179
104.26.7.108
142.250.176.202
142.250.72.98
142.250.80.36
142.250.81.225
142.250.81.226
142.251.35.162
142.251.41.14
172.64.100.29
172.64.101.29
172.67.147.14
02f1dcc0c722e24cba9be4b720831a79489e766d5edf8b77f582e0869312d86e
09918137760470f6bf298eb17af0eafd0e43381dffd797a96c9ec044da00d3c7
09bbce6c13a2afdf30799dd4caaeda15854e768c6ffaea3c4e58830c7ae4947c
0dc7dce977f59400faff7e273b7a8d692c65151f0bf48fcd1b22dcf2a82ad47e
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2eb11b0dea558c115ea1324a99bac9781f8261037a6833bf5e43e29c082890d3
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3d36f277d74fd25c0145f60ea2cda5cbe92b9a299e05a1901c247966f4417a94
41b43f64c3e5d7f9eca80634429adb1b8e0a1c5e1fe67ad71ec651a991ebfe68
453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22
489d4a0fe1f8ab1563f5b727d22895f23d4ad8484a955a67b6bff2102045eeed
4dbfbc4df947352be7e5987096439bcc974fe97688c343396890499c6a0030a9
4eb52bccc5133cd3053ced1c819ede085a00f2ee3f983ff6b7f6147543ef6ab0
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a
5c9637056715dc37a8793fed526698860181b5e8350bdc94c3391d0e7005151f
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61c412fbdbbf1417355373a80125c8cf7e5cbaab4218bae0316fe6ef917bf798
66c6706872184899cd452426814d1b917c260344da2ed2f64d8f071951f1292c
698b89c0da3d319754d6a837b5e6d4e6a42dc402d9ffd7559b8c4cb29c644340
787864ac9ee090215944545f2a79e6a9b2442cdb1b8edc590e78befe22cd9489
858ffe039dcae8035353b9ed3a4e3cf890fcaf349be70d94ef8a5838f7391f2a
8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579
947db91f8ba025357890071b5f8df7e0cdb449fbd3e252729bbae2a771f82550
94ba7a5dc1b9ef7f00ff51157a06e9c75f52da9bdf04d114c3263c3f98bcc367
9d8ed4ca489c25f4e040740a80afd25ede9f9e6b56f4bf0fde73779599ac9791
9f8691eb15e6a07541b285869962328b158921ff20c1cac2bbb2a7505b192c63
af5b3122532645b03bf84f88ca6c239a9ca9ddd18f20835a080d87f910bd2a87
ccecd185ac16ba0a538840f37701053fbb861f7fbbdd86039c7415fcd924d1f2
db2bdaad0dc9232fadb3de900bf039a0f356521698f213df1edf601e02a5870d
df2a945799d19ea82c421f3fbbb555f48c6cf84874519bbe3f3baaf643913779
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e49dec6c46cee017f1d0a414cb861c1c0da9ad1f9af993e4a95ac928a17bb743
e776a7f761e5975d81c3d8a5ece5139fc9ac0dd13e3c494a941cf34c7a426ef8
e7b23855c579adaac823a6d774426389c129197890227c7e0abd8b68c1bb24e0
ea0cb288c959390e9693c90c95f54ad15e3b8a321303dc9f09af9959a449820f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629