3fwork.com Open in urlscan Pro
103.39.109.39  Public Scan

55 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

27 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set / Show response 3fwork.com/	51 KB 58 KB	846ms 211ms	Document text/html	103.39.109.39 CLOUDIE-AS-AP Clo...
General Check archive.org Show headers Download Go to Full URL http://3fwork.com/ Protocol HTTP/1.1 Server 103.39.109.39 Guangzhou, China, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK), Reverse DNS hkhdc.laws.ms Software Microsoft-IIS/6.0 / ASP.NET Resource Hash ccae79ef9177513e6dee1f04b4b4afa679ee8b67c41430a6a8445df925efa947 Request headers Host 3fwork.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 16 Apr 2019 08:04:46 GMT Server Microsoft-IIS/6.0 X-Powered-By ASP.NET Content-Type text/html Set-Cookie ASPSESSIONIDSCTTBBAD=PIMAIIDCJLEKBPDIGDENAGMC; path=/ Cache-control private Transfer-Encoding chunked
GET H/1.1	200 OK	log3f3.gif 3fwork.com/pic_v3/	13 KB 13 KB	287ms 212ms	Image image/gif	103.39.109.39 CLOUDIE-AS-AP Clo...
General Check archive.org Show headers Download Go to Show image Full URL http://3fwork.com/pic_v3/log3f3.gif Requested by Host: 3fwork.com URL: http://3fwork.com/ Protocol HTTP/1.1 Server 103.39.109.39 Guangzhou, China, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK), Reverse DNS hkhdc.laws.ms Software Microsoft-IIS/6.0 / ASP.NET Resource Hash 64944844baa488946e243b22fe14bd6ae9bdc396da509bb8eec8fc8941dccb53 Request headers Pragma no-cache Accept-Encoding gzip, deflate Host 3fwork.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/*,*/*;q=0.8 Referer http://3fwork.com/ Cookie ASPSESSIONIDSCTTBBAD=PIMAIIDCJLEKBPDIGDENAGMC Connection keep-alive Cache-Control no-cache Referer http://3fwork.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 16 Apr 2019 08:04:45 GMT Last-Modified Sat, 11 Aug 2018 16:06:29 GMT Server Microsoft-IIS/6.0 X-Powered-By ASP.NET ETag "4ec6e5438d31d41:1231" Content-Type image/gif Accept-Ranges bytes Content-Length 12809
GET H/1.1	200 OK	bd.gif 3fwork.com/pic3/	21 KB 21 KB	515ms 199ms	Image image/gif	103.39.109.39 CLOUDIE-AS-AP Clo...
General Check archive.org Show headers Download Go to Show image Full URL http://3fwork.com/pic3/bd.gif Requested by Host: 3fwork.com URL: http://3fwork.com/ Protocol HTTP/1.1 Server 103.39.109.39 Guangzhou, China, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK), Reverse DNS hkhdc.laws.ms Software Microsoft-IIS/6.0 / ASP.NET Resource Hash ce86678ffda617c421b1bcdd1dd9a54911ee0a477e74bbdb7ba108a8f1fd171e Request headers Pragma no-cache Accept-Encoding gzip, deflate Host 3fwork.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/*,*/*;q=0.8 Referer http://3fwork.com/ Cookie ASPSESSIONIDSCTTBBAD=PIMAIIDCJLEKBPDIGDENAGMC Connection keep-alive Cache-Control no-cache Referer http://3fwork.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 16 Apr 2019 08:04:47 GMT Last-Modified Thu, 04 Apr 2013 03:03:10 GMT Server Microsoft-IIS/6.0 X-Powered-By ASP.NET ETag "18b8b2f0e030ce1:1231" Content-Type image/gif Accept-Ranges bytes Content-Length 21305
GET H/1.1	200 OK	award2.gif 3fwork.com/picture/	20 KB 20 KB	538ms 214ms	Image image/gif	103.39.109.39 CLOUDIE-AS-AP Clo...
General Check archive.org Show headers Download Go to Show image Full URL http://3fwork.com/picture/award2.gif Requested by Host: 3fwork.com URL: http://3fwork.com/ Protocol HTTP/1.1 Server 103.39.109.39 Guangzhou, China, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK), Reverse DNS hkhdc.laws.ms Software Microsoft-IIS/6.0 / ASP.NET Resource Hash 1d05aae17aad17366a90fec32d55d50f62f5543b21b4ed05d19b1a57db5592f3 Request headers Pragma no-cache Accept-Encoding gzip, deflate Host 3fwork.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/*,*/*;q=0.8 Referer http://3fwork.com/ Cookie ASPSESSIONIDSCTTBBAD=PIMAIIDCJLEKBPDIGDENAGMC Connection keep-alive Cache-Control no-cache Referer http://3fwork.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 16 Apr 2019 08:04:47 GMT Last-Modified Sun, 09 Dec 2012 13:46:13 GMT Server Microsoft-IIS/6.0 X-Powered-By ASP.NET ETag "c08bc78d13d6cd1:1231" Content-Type image/gif Accept-Ranges bytes Content-Length 20188
GET H/1.1	200 OK	cce1.gif 3fwork.com/txtreader/	15 KB 16 KB	542ms 215ms	Image image/gif	103.39.109.39 CLOUDIE-AS-AP Clo...
General Check archive.org Show headers Download Go to Show image Full URL http://3fwork.com/txtreader/cce1.gif Requested by Host: 3fwork.com URL: http://3fwork.com/ Protocol HTTP/1.1 Server 103.39.109.39 Guangzhou, China, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK), Reverse DNS hkhdc.laws.ms Software Microsoft-IIS/6.0 / ASP.NET Resource Hash 9a9ca147ddc3000d906ef58ca015692aa5ea3354d493e9dacc996abf334d45b7 Request headers Pragma no-cache Accept-Encoding gzip, deflate Host 3fwork.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/*,*/*;q=0.8 Referer http://3fwork.com/ Cookie ASPSESSIONIDSCTTBBAD=PIMAIIDCJLEKBPDIGDENAGMC Connection keep-alive Cache-Control no-cache Referer http://3fwork.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 16 Apr 2019 08:04:47 GMT Last-Modified Sun, 09 Dec 2012 13:45:00 GMT Server Microsoft-IIS/6.0 X-Powered-By ASP.NET ETag "c00856213d6cd1:1231" Content-Type image/gif Accept-Ranges bytes Content-Length 15847
GET H/1.1	200 OK	dot2.gif u.3fwork.com/pic3/	106 B 355 B	724ms 198ms	Image image/gif	103.39.108.27 CLOUDIE-AS-AP Clo...
General Check archive.org Show headers Download Go to Show image Full URL http://u.3fwork.com/pic3/dot2.gif Requested by Host: 3fwork.com URL: http://3fwork.com/ Protocol HTTP/1.1 Server 103.39.108.27 Guangzhou, China, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK), Reverse DNS ctst.gzroyal.cn Software Microsoft-IIS/6.0 / ASP.NET Resource Hash 443f0283555a395bfb09324f1f3432c68bf6c8a796df93e1ae42600c03168c6e Request headers Pragma no-cache Accept-Encoding gzip, deflate Host u.3fwork.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/*,*/*;q=0.8 Referer http://3fwork.com/ Connection keep-alive Cache-Control no-cache Referer http://3fwork.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 16 Apr 2019 08:04:33 GMT Last-Modified Wed, 28 Mar 2012 10:56:15 GMT Server Microsoft-IIS/6.0 X-Powered-By ASP.NET ETag "6062b265d1ccd1:3c05" Content-Type image/gif Accept-Ranges bytes Content-Length 106
GET H/1.1	404 Not Found	dot.gif u.3fwork.com/picture/	0 1 KB	779ms 226ms	Image text/html	103.39.108.27 CLOUDIE-AS-AP Clo...
General Check archive.org Show headers Download Go to Show image Full URL http://u.3fwork.com/picture/dot.gif Requested by Host: 3fwork.com URL: http://3fwork.com/ Protocol HTTP/1.1 Server 103.39.108.27 Guangzhou, China, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK), Reverse DNS ctst.gzroyal.cn Software Microsoft-IIS/6.0 / ASP.NET Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Pragma no-cache Accept-Encoding gzip, deflate Host u.3fwork.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/*,*/*;q=0.8 Referer http://3fwork.com/ Connection keep-alive Cache-Control no-cache Referer http://3fwork.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 16 Apr 2019 08:04:33 GMT Server Microsoft-IIS/6.0 X-Powered-By ASP.NET Content-Length 1308 Content-Type text/html
GET H/1.1	200 OK	adsbygoogle.js Show response pagead2.googlesyndication.com/pagead/js/	83 KB 32 KB	34ms 33ms	Script text/javascript	2a00:1450:4016:80d::2002 Google LLC
General Check archive.org Show headers Download Go to Full URL http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js Requested by Host: 3fwork.com URL: http://3fwork.com/ Protocol HTTP/1.1 Server 2a00:1450:4016:80d::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software cafe / Resource Hash 97207da9f88101e6c8b37bffd544492499cb138db458027a7f2c023d409eee90 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer http://3fwork.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 16 Apr 2019 08:04:43 GMT Content-Encoding gzip X-Content-Type-Options nosniff Content-Type text/javascript; charset=UTF-8 Server cafe ETag 3390909224266072865 Vary Accept-Encoding P3P policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" Cache-Control private, max-age=3600 Content-Disposition attachment; filename="f.txt" Timing-Allow-Origin * Content-Length 31912 X-XSS-Protection 0 Expires Tue, 16 Apr 2019 08:04:43 GMT
GET H2	200	integrator.js Show response adservice.google.de/adsid/	109 B 171 B	29ms 28ms	Script application/javascript	2a00:1450:4016:80d::2002 Google LLC
General Check archive.org Show headers Download Go to Full URL https://adservice.google.de/adsid/integrator.js?domain=3fwork.com Requested by Host: pagead2.googlesyndication.com URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2a00:1450:4016:80d::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software cafe / Resource Hash 0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer http://3fwork.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 16 Apr 2019 08:04:43 GMT content-encoding gzip x-content-type-options nosniff content-type application/javascript; charset=UTF-8 server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." status 200 cache-control private, no-cache, no-store content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39" content-length 104 x-xss-protection 0
GET H2	200	integrator.js Show response adservice.google.com/adsid/	109 B 171 B	16ms 15ms	Script application/javascript	2a00:1450:4001:814::2002 Google LLC
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com/adsid/integrator.js?domain=3fwork.com Requested by Host: pagead2.googlesyndication.com URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2a00:1450:4001:814::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software cafe / Resource Hash 0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer http://3fwork.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 16 Apr 2019 08:04:43 GMT content-encoding gzip x-content-type-options nosniff content-type application/javascript; charset=UTF-8 server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." status 200 cache-control private, no-cache, no-store content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39" content-length 104 x-xss-protection 0
GET H/1.1	200 OK	show_ads_impl.js Show response pagead2.googlesyndication.com/pagead/js/r20190410/r20190131/	203 KB 76 KB	53ms 53ms	Script text/javascript	2a00:1450:4016:80d::2002 Google LLC
General Check archive.org Show headers Download Go to Full URL http://pagead2.googlesyndication.com/pagead/js/r20190410/r20190131/show_ads_impl.js Requested by Host: pagead2.googlesyndication.com URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js Protocol HTTP/1.1 Server 2a00:1450:4016:80d::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software cafe / Resource Hash ed1c26206d67d722aeb6f21448430ef82ae9ed906c962e694c483e7ff80d5ee6 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer http://3fwork.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 16 Apr 2019 08:04:43 GMT Content-Encoding gzip X-Content-Type-Options nosniff Content-Type text/javascript; charset=UTF-8 Server cafe ETag 11353445642964329537 Vary Accept-Encoding P3P policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" Cache-Control private, max-age=1209600 Content-Disposition attachment; filename="f.txt" Timing-Allow-Origin * Content-Length 77201 X-XSS-Protection 0 Expires Tue, 16 Apr 2019 08:04:43 GMT
GET H/1.1	200 OK	show_ads_impl.js Show response pagead2.googlesyndication.com/pagead/js/r20190410/r20190131/ Frame AAF9	203 KB 76 KB	25ms 24ms	Script text/javascript	2a00:1450:4001:81b::2002 Google LLC
General Check archive.org Show headers Download Go to Full URL http://pagead2.googlesyndication.com/pagead/js/r20190410/r20190131/show_ads_impl.js Requested by Host: pagead2.googlesyndication.com URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js Protocol HTTP/1.1 Server 2a00:1450:4001:81b::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software cafe / Resource Hash ed1c26206d67d722aeb6f21448430ef82ae9ed906c962e694c483e7ff80d5ee6 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer http://3fwork.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 16 Apr 2019 08:04:43 GMT Content-Encoding gzip X-Content-Type-Options nosniff Content-Type text/javascript; charset=UTF-8 Server cafe ETag 11353445642964329537 Vary Accept-Encoding P3P policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" Cache-Control private, max-age=1209600 Content-Disposition attachment; filename="f.txt" Timing-Allow-Origin * Content-Length 77201 X-XSS-Protection 0 Expires Tue, 16 Apr 2019 08:04:43 GMT
GET H2	200	ca-pub-9566164446225205.js Show response pagead2.googlesyndication.com/pub-config/r20160913/	133 B 239 B	47ms 47ms	Script text/javascript	2a00:1450:4016:80d::2002 Google LLC
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pub-config/r20160913/ca-pub-9566164446225205.js Requested by Host: pagead2.googlesyndication.com URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2a00:1450:4016:80d::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash ad3f5743027d58f0c5e8b2f074edc3fb50e776ddecdb8a90531fd30407d6ff48 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer http://3fwork.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 16 Apr 2019 08:04:43 GMT content-encoding gzip x-content-type-options nosniff last-modified Mon, 15 Apr 2019 20:13:11 GMT server sffe vary Accept-Encoding content-type text/javascript status 200 cache-control public, max-age=43200 accept-ranges bytes alt-svc quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39" content-length 125 x-xss-protection 0 expires Tue, 16 Apr 2019 20:04:43 GMT
GET H2	200	zrt_lookup.html googleads.g.doubleclick.net/pagead/html/r20190410/r20190131/ Frame 3717	0 0	8ms 6ms	Document text/html	2a00:1450:4001:806::2002 Google LLC
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/html/r20190410/r20190131/zrt_lookup.html Requested by Host: pagead2.googlesyndication.com URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2a00:1450:4001:806::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software cafe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority googleads.g.doubleclick.net :scheme https :path /pagead/html/r20190410/r20190131/zrt_lookup.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 referer http://3fwork.com/ accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://3fwork.com/ Response headers status 200 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * vary Accept-Encoding date Wed, 10 Apr 2019 21:19:18 GMT expires Wed, 24 Apr 2019 21:19:18 GMT content-type text/html; charset=UTF-8 etag 3275482936266559025 x-content-type-options nosniff content-encoding gzip server cafe content-length 6909 x-xss-protection 0 cache-control public, max-age=1209600 age 470725 alt-svc quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
GET H2	200	ads googleads.g.doubleclick.net/pagead/ Frame 300D	0 0	232ms 231ms	Document text/html	2a00:1450:4001:806::2002 Google LLC
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9566164446225205&output=html&h=90&slotname=5948488659&adk=1507886057&adf=3188904773&w=960&fwrn=4&fwrnh=100&lmt=1555401884&rafmt=1&guci=1.2.0.0.2.2.0.0&format=960x90&url=http%3A%2F%2F3fwork.com%2F&flash=0&fwr=0&resp_fmts=3&wgl=1&adsid=NT&dt=1555401883965&bpp=15&bdt=681&fdt=50&idt=49&shv=r20190410&cbv=r20190131&saldr=aa&abxe=1&correlator=3520420619544&frm=20&pv=2&ga_vid=817186868.1555401884&ga_sid=1555401884&ga_hid=2118887082&ga_fc=0&iag=0&icsg=170&dssz=6&mdo=0&mso=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=522&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21060853&oid=3&rx=0&eae=0&fc=656&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&ppjl=u&pfx=0&fu=144&bc=7&ifi=1&uci=1.at97m25g9gf0&fsb=1&xpc=paBEdh2JMc&p=http%3A//3fwork.com&dtd=68 Requested by Host: pagead2.googlesyndication.com URL: http://pagead2.googlesyndication.com/pagead/js/r20190410/r20190131/show_ads_impl.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2a00:1450:4001:806::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software cafe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority googleads.g.doubleclick.net :scheme https :path /pagead/ads?client=ca-pub-9566164446225205&output=html&h=90&slotname=5948488659&adk=1507886057&adf=3188904773&w=960&fwrn=4&fwrnh=100&lmt=1555401884&rafmt=1&guci=1.2.0.0.2.2.0.0&format=960x90&url=http%3A%2F%2F3fwork.com%2F&flash=0&fwr=0&resp_fmts=3&wgl=1&adsid=NT&dt=1555401883965&bpp=15&bdt=681&fdt=50&idt=49&shv=r20190410&cbv=r20190131&saldr=aa&abxe=1&correlator=3520420619544&frm=20&pv=2&ga_vid=817186868.1555401884&ga_sid=1555401884&ga_hid=2118887082&ga_fc=0&iag=0&icsg=170&dssz=6&mdo=0&mso=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=522&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21060853&oid=3&rx=0&eae=0&fc=656&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&ppjl=u&pfx=0&fu=144&bc=7&ifi=1&uci=1.at97m25g9gf0&fsb=1&xpc=paBEdh2JMc&p=http%3A//3fwork.com&dtd=68 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 referer http://3fwork.com/ accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://3fwork.com/ Response headers status 200 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * content-type text/html; charset=UTF-8 x-content-type-options nosniff content-encoding br date Tue, 16 Apr 2019 08:04:44 GMT server cafe content-length 19912 x-xss-protection 0 set-cookie test_cookie=CheckForPermission; expires=Tue, 16-Apr-2019 08:19:44 GMT; path=/; domain=.doubleclick.net alt-svc quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39" expires Tue, 16 Apr 2019 08:04:44 GMT cache-control private
GET H2	200	osd.js Show response www.googletagservices.com/activeview/js/current/	77 KB 29 KB	40ms 40ms	Script text/javascript	2a00:1450:4001:820::2002 Google LLC
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101 Requested by Host: pagead2.googlesyndication.com URL: http://pagead2.googlesyndication.com/pagead/js/r20190410/r20190131/show_ads_impl.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2a00:1450:4001:820::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash 030abf52b6ae97a39b654a1501817eabbd77224dea6175a9c7a6a61f45ee4008 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer http://3fwork.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 16 Apr 2019 08:04:44 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "1555327092593175" vary Accept-Encoding content-type text/javascript status 200 cache-control private, max-age=3000 accept-ranges bytes alt-svc quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39" content-length 29092 x-xss-protection 0 expires Tue, 16 Apr 2019 08:04:44 GMT
GET H/1.1	200 OK	txtreader.gif u.3fwork.com/txtreader/img/	6 KB 6 KB	485ms 200ms	Image image/gif	103.39.108.27 CLOUDIE-AS-AP Clo...
General Check archive.org Show headers Download Go to Show image Full URL http://u.3fwork.com/txtreader/img/txtreader.gif Requested by Host: 3fwork.com URL: http://3fwork.com/ Protocol HTTP/1.1 Server 103.39.108.27 Guangzhou, China, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK), Reverse DNS ctst.gzroyal.cn Software Microsoft-IIS/6.0 / ASP.NET Resource Hash ee2ada9b27addf85a976fe164742200be6d3368cf5ff3e4271a7d9c441c70dd0 Request headers Pragma no-cache Accept-Encoding gzip, deflate Host u.3fwork.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/*,*/*;q=0.8 Referer http://3fwork.com/ Connection keep-alive Cache-Control no-cache Referer http://3fwork.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 16 Apr 2019 08:04:33 GMT Last-Modified Thu, 03 Apr 2014 02:28:28 GMT Server Microsoft-IIS/6.0 X-Powered-By ASP.NET ETag "64f61266e44ecf1:3c05" Content-Type image/gif Accept-Ranges bytes Content-Length 6219
GET H2	200	ads googleads.g.doubleclick.net/pagead/ Frame E3F5	0 0	242ms 242ms	Document text/html	2a00:1450:4001:806::2002 Google LLC
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9566164446225205&output=html&h=90&slotname=5948488659&adk=1507886057&adf=180932948&w=960&fwrn=4&fwrnh=100&lmt=1555401884&rafmt=1&guci=1.2.0.0.2.2.0.0&format=960x90&url=http%3A%2F%2F3fwork.com%2F&flash=0&fwr=0&resp_fmts=3&wgl=1&adsid=NT&dt=1555401884395&bpp=5&bdt=1110&fdt=5&idt=-M&shv=r20190410&cbv=r20190131&saldr=aa&abxe=1&prev_fmts=960x90&correlator=3520420619544&frm=20&pv=1&ga_vid=817186868.1555401884&ga_sid=1555401884&ga_hid=2118887082&ga_fc=0&iag=0&icsg=2730&dssz=9&mdo=0&mso=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=313&ady=1431&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21060853&oid=3&rx=0&eae=0&fc=656&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&ppjl=u&pfx=0&fu=144&bc=7&ifi=2&uci=2.6zg2p3mkxsm9&fsb=1&xpc=GkW5m8KJLy&p=http%3A//3fwork.com&dtd=8 Requested by Host: pagead2.googlesyndication.com URL: http://pagead2.googlesyndication.com/pagead/js/r20190410/r20190131/show_ads_impl.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2a00:1450:4001:806::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software cafe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority googleads.g.doubleclick.net :scheme https :path /pagead/ads?client=ca-pub-9566164446225205&output=html&h=90&slotname=5948488659&adk=1507886057&adf=180932948&w=960&fwrn=4&fwrnh=100&lmt=1555401884&rafmt=1&guci=1.2.0.0.2.2.0.0&format=960x90&url=http%3A%2F%2F3fwork.com%2F&flash=0&fwr=0&resp_fmts=3&wgl=1&adsid=NT&dt=1555401884395&bpp=5&bdt=1110&fdt=5&idt=-M&shv=r20190410&cbv=r20190131&saldr=aa&abxe=1&prev_fmts=960x90&correlator=3520420619544&frm=20&pv=1&ga_vid=817186868.1555401884&ga_sid=1555401884&ga_hid=2118887082&ga_fc=0&iag=0&icsg=2730&dssz=9&mdo=0&mso=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=313&ady=1431&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21060853&oid=3&rx=0&eae=0&fc=656&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&ppjl=u&pfx=0&fu=144&bc=7&ifi=2&uci=2.6zg2p3mkxsm9&fsb=1&xpc=GkW5m8KJLy&p=http%3A//3fwork.com&dtd=8 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 referer http://3fwork.com/ accept-encoding gzip, deflate, br cookie IDE=AHWqTUmSgr3RMWGr1Bb02q296F6noWC6uahRJzUKfChRkPq0yBuKDDg_qr0Ud6dK Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://3fwork.com/ Response headers status 200 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * content-type text/html; charset=UTF-8 x-content-type-options nosniff content-encoding br date Tue, 16 Apr 2019 08:04:44 GMT server cafe content-length 12293 x-xss-protection 0 alt-svc quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
GET H/1.1	200 OK	onekeyclear.gif u.3fwork.com/onekeyclear/img/	7 KB 8 KB	229ms 229ms	Image image/gif	103.39.108.27 CLOUDIE-AS-AP Clo...
General Check archive.org Show headers Download Go to Show image Full URL http://u.3fwork.com/onekeyclear/img/onekeyclear.gif Requested by Host: 3fwork.com URL: http://3fwork.com/ Protocol HTTP/1.1 Server 103.39.108.27 Guangzhou, China, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK), Reverse DNS ctst.gzroyal.cn Software Microsoft-IIS/6.0 / ASP.NET Resource Hash 0ad6d3c5fd3c614e5e5c1c8d8770dc703009b1e18147493019f7be0d36e8c1d0 Request headers Pragma no-cache Accept-Encoding gzip, deflate Host u.3fwork.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/*,*/*;q=0.8 Referer http://3fwork.com/ Connection keep-alive Cache-Control no-cache Referer http://3fwork.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 16 Apr 2019 08:04:33 GMT Last-Modified Thu, 03 Apr 2014 02:28:29 GMT Server Microsoft-IIS/6.0 X-Powered-By ASP.NET ETag "aab93666e44ecf1:3c05" Content-Type image/gif Accept-Ranges bytes Content-Length 7669
GET H/1.1	200 OK	5c2248516ce63a7_size111_w1024_h695.jpg d.ifengimg.com/w163_h114/p0.ifengimg.com/a/2018_26/	3 KB 4 KB	815ms 18ms	Image image/jpeg	213.244.178.207 Level 3 Parent
General Check archive.org Show headers Download Go to Show image Full URL http://d.ifengimg.com/w163_h114/p0.ifengimg.com/a/2018_26/5c2248516ce63a7_size111_w1024_h695.jpg Requested by Host: 3fwork.com URL: http://3fwork.com/ Protocol HTTP/1.1 Server 213.244.178.207 , United Kingdom, ASN3356 (LEVEL3 - Level 3 Parent, LLC, US), Reverse DNS Software Tengine / Resource Hash 19e64d2ffbbf2d03a7be954e97ff564f6910b9bf7df249bc15bd87a5489d5770 Request headers Referer http://3fwork.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 04 Sep 2018 04:42:08 GMT Via cache33.l2hk71[0,200-0,H], cache23.l2hk71[1,0], cache5.nl1[0,200-0,H], cache2.nl1[1,0] Age 19365757 X-Cache HIT TCP_HIT dirn:0:277521080 X-Swift-CacheTime 12223501 X-Swift-SaveTime Mon, 15 Apr 2019 17:17:07 GMT cachekey /w163_h114/p0.ifengimg.com/a/2018_26/5c2248516ce63a7_size111_w1024_h695.jpg Content-Length 3367 Server Tengine Connection keep-alive Ali-Swift-Global-Savetime 1536036128 Content-Type image/jpeg Cache-Control max-age=31536000 Timing-Allow-Origin * EagleId d5f4b28215554018855514613e Expires Wed, 04 Sep 2019 04:42:08 GMT
GET H/1.1	200 OK	918b9a885ed6f81_size59_w600_h612.jpg d.ifengimg.com/w163_h114/p2.ifengimg.com/a/2017_41/	5 KB 5 KB	814ms 17ms	Image image/jpeg	213.244.178.207 Level 3 Parent
General Check archive.org Show headers Download Go to Show image Full URL http://d.ifengimg.com/w163_h114/p2.ifengimg.com/a/2017_41/918b9a885ed6f81_size59_w600_h612.jpg Requested by Host: 3fwork.com URL: http://3fwork.com/ Protocol HTTP/1.1 Server 213.244.178.207 , United Kingdom, ASN3356 (LEVEL3 - Level 3 Parent, LLC, US), Reverse DNS Software Tengine / Resource Hash 165b7001afbbbe62b804f86a6077e86d1071ac651478ebf7839e52611bf24c5b Request headers Referer http://3fwork.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 27 Aug 2018 18:43:00 GMT Via cache24.l2hk71[0,200-0,H], cache14.l2hk71[0,0], cache4.nl1[0,200-0,H], cache1.nl1[1,0] Age 20006505 X-Cache HIT TCP_HIT dirn:0:598951634 X-Swift-CacheTime 11582753 X-Swift-SaveTime Mon, 15 Apr 2019 17:17:07 GMT cachekey /w163_h114/p2.ifengimg.com/a/2017_41/918b9a885ed6f81_size59_w600_h612.jpg Content-Length 4883 Server Tengine Connection keep-alive Ali-Swift-Global-Savetime 1535395380 Content-Type image/jpeg Cache-Control max-age=31536000 Timing-Allow-Origin * EagleId d5f4b28115554018855348162e Expires Tue, 27 Aug 2019 18:43:00 GMT
GET H/1.1	200 OK	f43da9f60ba3e20_size177_w633_h950.jpg d.ifengimg.com/w163_h114/p2.ifengimg.com/a/2018_25/	6 KB 7 KB	814ms 17ms	Image image/jpeg	213.244.178.207 Level 3 Parent
General Check archive.org Show headers Download Go to Show image Full URL http://d.ifengimg.com/w163_h114/p2.ifengimg.com/a/2018_25/f43da9f60ba3e20_size177_w633_h950.jpg Requested by Host: 3fwork.com URL: http://3fwork.com/ Protocol HTTP/1.1 Server 213.244.178.207 , United Kingdom, ASN3356 (LEVEL3 - Level 3 Parent, LLC, US), Reverse DNS Software Tengine / Resource Hash 44cf310d77fdee7b2460a4946a318058ffbd0cb6f2ceea7cad6b1ba781944711 Request headers Referer http://3fwork.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 27 Aug 2018 18:43:00 GMT Via cache4.l2hk71[0,200-0,H], cache2.l2hk71[0,0], cache3.nl1[0,200-0,H], cache7.nl1[2,0] Age 20006505 X-Cache HIT TCP_HIT dirn:4:898788243 X-Swift-CacheTime 11582753 X-Swift-SaveTime Mon, 15 Apr 2019 17:17:07 GMT cachekey /w163_h114/p2.ifengimg.com/a/2018_25/f43da9f60ba3e20_size177_w633_h950.jpg Content-Length 6469 Server Tengine Connection keep-alive Ali-Swift-Global-Savetime 1535395380 Content-Type image/jpeg Cache-Control max-age=31536000 Timing-Allow-Origin * EagleId d5f4b28715554018855258963e Expires Tue, 27 Aug 2019 18:43:00 GMT
GET H/1.1	200 OK	5d860f4fc12e06a_size160_w676_h1024.jpg d.ifengimg.com/w163_h114/p3.ifengimg.com/a/2018_26/	6 KB 6 KB	814ms 17ms	Image image/jpeg	213.244.178.207 Level 3 Parent
General Check archive.org Show headers Download Go to Show image Full URL http://d.ifengimg.com/w163_h114/p3.ifengimg.com/a/2018_26/5d860f4fc12e06a_size160_w676_h1024.jpg Requested by Host: 3fwork.com URL: http://3fwork.com/ Protocol HTTP/1.1 Server 213.244.178.207 , United Kingdom, ASN3356 (LEVEL3 - Level 3 Parent, LLC, US), Reverse DNS Software Tengine / Resource Hash b42f88781b81b27a71508ce0db49ccf6722b98035d2b3cb03455769626f6343a Request headers Referer http://3fwork.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 28 Aug 2018 15:18:29 GMT Via cache30.l2hk71[0,200-0,H], cache38.l2hk71[1,0], cache5.nl1[0,200-0,H], cache6.nl1[1,0] Age 19932376 X-Cache HIT TCP_HIT dirn:8:303081563 X-Swift-CacheTime 11656882 X-Swift-SaveTime Mon, 15 Apr 2019 17:17:07 GMT cachekey /w163_h114/p3.ifengimg.com/a/2018_26/5d860f4fc12e06a_size160_w676_h1024.jpg Content-Length 5637 Server Tengine Connection keep-alive Ali-Swift-Global-Savetime 1535469509 Content-Type image/jpeg Cache-Control max-age=31536000 Timing-Allow-Origin * EagleId d5f4b28615554018855458668e Expires Wed, 28 Aug 2019 15:18:29 GMT
GET H/1.1	200 OK	stat.php Show response s21.cnzz.com/	11 KB 5 KB	870ms 295ms	Script application/javascript	140.249.60.199 CHINATELECOM-HUNA...
General Check archive.org Show headers Download Go to Full URL http://s21.cnzz.com/stat.php?id=74260&web_id=74260&show=pic Requested by Host: 3fwork.com URL: http://3fwork.com/ Protocol HTTP/1.1 Server 140.249.60.199 Jinan, China, ASN58541 (CHINATELECOM-HUNAN-XIANGTAN-MAN Xiangtan, CN), Reverse DNS Software Tengine / PHP/5.5.25 Resource Hash 1a4d6d870d5e73ecb099da9a60ebbc7731834ed5bb73f0ff21ca485457462100 Request headers Referer http://3fwork.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 16 Apr 2019 08:04:45 GMT Content-Encoding gzip X-Swift-CacheTime 5400 X-Powered-By PHP/5.5.25 Transfer-Encoding chunked X-Cache MISS TCP_REFRESH_MISS dirn:0:374383444 Connection keep-alive Last-Modified Tue, 16 Apr 2019 08:04:45 GMT Server Tengine Vary Accept-Encoding Ali-Swift-Global-Savetime 1555401885 Content-Type application/javascript Via cache48.l2cm9[44,200-0,M], cache8.l2cm9[45,0], kunlun2.cn1597[46,200-0,M], kunlun4.cn1597[48,0] Cache-Control max-age=5400,s-maxage=5400 Timing-Allow-Origin * EagleId 8cf93c2215554018855237922e X-Swift-SaveTime Tue, 16 Apr 2019 08:04:45 GMT
GET H/1.1	200 OK	core.php Show response c.cnzz.com/	968 B 1 KB	555ms 254ms	Script application/javascript	140.249.60.199 CHINATELECOM-HUNA...
General Check archive.org Show headers Download Go to Full URL http://c.cnzz.com/core.php?web_id=74260&show=pic&t=z Requested by Host: s21.cnzz.com URL: http://s21.cnzz.com/stat.php?id=74260&web_id=74260&show=pic Protocol HTTP/1.1 Server 140.249.60.199 Jinan, China, ASN58541 (CHINATELECOM-HUNAN-XIANGTAN-MAN Xiangtan, CN), Reverse DNS Software Tengine / PHP/5.5.25 Resource Hash 662d69f4aa4faf5a68cbfb8efe362558c9b236d27404df330a891194d945668e Request headers Referer http://3fwork.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers Date Tue, 16 Apr 2019 08:02:36 GMT Content-Encoding gzip Age 130 X-Powered-By PHP/5.5.25 X-Cache MISS TCP_REFRESH_MISS dirn:10:152957078 X-Swift-CacheTime 770 X-Swift-SaveTime Tue, 16 Apr 2019 08:04:46 GMT Content-Length 616 Last-Modified Tue, 16 Apr 2019 08:02:36 GMT Server Tengine Vary Accept-Encoding Ali-Swift-Global-Savetime 1555401756 Content-Type application/javascript Via cache40.l2cm9[0,200-0,H], cache31.l2cm9[1,0], kunlun5.cn1597[1,200-0,M], kunlun5.cn1597[3,0] Connection keep-alive Timing-Allow-Origin * EagleId 8cf93c2315554018861366403e Expires Tue, 16 Apr 2019 08:17:36 GMT
GET H/1.1	200 OK	stat.htm hzs4.cnzz.com/	2 B 245 B	1447ms 1047ms	Image text/html	2401:b180:2000:20::27 CNNIC-ALIBABA-CN-...
General Check archive.org Show headers Download Go to Show image Full URL http://hzs4.cnzz.com/stat.htm?id=74260&r=&lg=en-us&ntime=none&cnzz_eid=1457835010-1555401885-&showp=1600x1200&p=http%3A%2F%2F3fwork.com%2F&t=%E4%B8%89%E4%B8%B0%E8%BD%AF%E4%BB%B6(3FWORK.COM)%7CIT%E5%BC%80%E5%8F%91%E7%9F%A5%E8%AF%86%7Ctxt%E5%B0%8F%E8%AF%B4%E9%98%85%E8%AF%BB%E5%99%A8%E5%AE%98%E7%BD%91%7C%E5%9B%BE%E7%89%87%E6%89%B9%E9%87%8F%E4%B8%8B...&umuuid=16a252d47ead6a-082878079e2697-17366952-1d4c00-16a252d47ebeb4&h=1&rnd=1062121004 Requested by Host: 3fwork.com URL: http://3fwork.com/ Protocol HTTP/1.1 Server 2401:b180:2000:20::27 , China, ASN37963 (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN), Reverse DNS Software Tengine / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer http://3fwork.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 16 Apr 2019 08:04:47 GMT Content-Encoding gzip Vary Accept-Encoding Server Tengine Connection keep-alive Transfer-Encoding chunked Content-Type text/html; charset=utf-8
GET H/1.1	200 OK	pic.gif icon.cnzz.com/img/	719 B 1 KB	965ms 188ms	Image image/gif	59.63.247.232 CT-JIANGXI-IDC CH...
General Check archive.org Show headers Download Go to Show image Full URL http://icon.cnzz.com/img/pic.gif Requested by Host: 3fwork.com URL: http://3fwork.com/ Protocol HTTP/1.1 Server 59.63.247.232 Nanchang, China, ASN134238 (CT-JIANGXI-IDC CHINANET Jiangx province IDC network, CN), Reverse DNS Software Tengine / Resource Hash 98a4ab97e12555ab969012d151a578dae7a3b8699d202485fcf8116e55497735 Request headers Referer http://3fwork.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 15 Apr 2019 10:10:03 GMT Via cache11.l2cn1732[95,200-0,C], cache33.l2cn1732[49,0], kunlun1.cn1425[0,200-0,H], kunlun10.cn1425[0,0] Age 78884 X-Cache HIT TCP_MEM_HIT dirn:10:859090310 X-Swift-CacheTime 86400 X-Swift-SaveTime Mon, 15 Apr 2019 10:10:03 GMT Content-Length 719 Last-Modified Thu, 12 Feb 2015 08:15:09 GMT Server Tengine Connection keep-alive Ali-Swift-Global-Savetime 1555323003 Content-Type image/gif Cache-Control max-age=86400 Accept-Ranges bytes Timing-Allow-Origin * EagleId 3b3ff71e15554018871047213e Expires Tue, 16 Apr 2019 10:10:03 GMT

42 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| killerrors object| adsbygoogle object| google_js_reporting_queue object| google_ad_modifications boolean| google_measure_js_timing object| googleToken object| googleIMState function| processGoogleToken object| google_reactive_ads_global_state object| google_sa_queue object| google_sl_win function| google_process_slots function| google_spfd number| google_lpabyc number| google_unique_id object| google_sv_map object| google_t12n_vars function| google_sa_impl object| google_jobrunner object| google_persistent_state_async object| google_pub_config object| __google_ad_urls number| google_global_correlator object| google_prev_clients object| gaGlobal object| ampInaboxIframes object| ampInaboxPendingMessages object| google_iframe_oncopy function| Goog_AdSense_getAdAdapterInstance boolean| google_osd_loaded boolean| google_onload_fired function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb object| _cz_loaded string| _cz_account object| _czc object| _CNZZDbridge_74260 object| cnzz_image_2140775376

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.bannerflow.com/	1970-01-19 08:48:57	Name: __cfduid Value: d95c5c39fd89add4d55fe566c526917b31555401884
			.doubleclick.net/	1970-01-19 09:24:57	Name: IDE Value: AHWqTUkz-R1BQF-lCgcHms4IAYUpDwJa02LZocceRtO2tPnCqyIqzScGe-9zEsqr
			3fwork.com/	1970-01-19 04:25:26	Name: CNZZDATA74260 Value: cnzz_eid%3D1457835010-1555401885-%26ntime%3D1555401885
			.3fwork.com/	1970-01-19 04:25:26	Name: UM_distinctid Value: 16a252d47ead6a-082878079e2697-17366952-1d4c00-16a252d47ebeb4

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3fwork.com
adservice.google.com
adservice.google.de
c.cnzz.com
d.ifengimg.com
googleads.g.doubleclick.net
hzs4.cnzz.com
icon.cnzz.com
pagead2.googlesyndication.com
s21.cnzz.com
u.3fwork.com
www.googletagservices.com
103.39.108.27
103.39.109.39
140.249.60.199
213.244.178.207
2401:b180:2000:20::27
2a00:1450:4001:806::2002
2a00:1450:4001:814::2002
2a00:1450:4001:81b::2002
2a00:1450:4001:820::2002
2a00:1450:4016:80d::2002
59.63.247.232
030abf52b6ae97a39b654a1501817eabbd77224dea6175a9c7a6a61f45ee4008
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
0ad6d3c5fd3c614e5e5c1c8d8770dc703009b1e18147493019f7be0d36e8c1d0
165b7001afbbbe62b804f86a6077e86d1071ac651478ebf7839e52611bf24c5b
19e64d2ffbbf2d03a7be954e97ff564f6910b9bf7df249bc15bd87a5489d5770
1a4d6d870d5e73ecb099da9a60ebbc7731834ed5bb73f0ff21ca485457462100
1d05aae17aad17366a90fec32d55d50f62f5543b21b4ed05d19b1a57db5592f3
443f0283555a395bfb09324f1f3432c68bf6c8a796df93e1ae42600c03168c6e
44cf310d77fdee7b2460a4946a318058ffbd0cb6f2ceea7cad6b1ba781944711
64944844baa488946e243b22fe14bd6ae9bdc396da509bb8eec8fc8941dccb53
662d69f4aa4faf5a68cbfb8efe362558c9b236d27404df330a891194d945668e
97207da9f88101e6c8b37bffd544492499cb138db458027a7f2c023d409eee90
98a4ab97e12555ab969012d151a578dae7a3b8699d202485fcf8116e55497735
9a9ca147ddc3000d906ef58ca015692aa5ea3354d493e9dacc996abf334d45b7
ad3f5743027d58f0c5e8b2f074edc3fb50e776ddecdb8a90531fd30407d6ff48
b42f88781b81b27a71508ce0db49ccf6722b98035d2b3cb03455769626f6343a
ccae79ef9177513e6dee1f04b4b4afa679ee8b67c41430a6a8445df925efa947
ce86678ffda617c421b1bcdd1dd9a54911ee0a477e74bbdb7ba108a8f1fd171e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed1c26206d67d722aeb6f21448430ef82ae9ed906c962e694c483e7ff80d5ee6
ee2ada9b27addf85a976fe164742200be6d3368cf5ff3e4271a7d9c441c70dd0