scam.vn Open in urlscan Pro
2606:4700:20::ac43:4a7c Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://scamvn.com/
Effective URL:
https://scam.vn/
Submission: On February 20 via manual (February 20th 2023, 4:25:00 pm UTC) from VN — Scanned from DE

Summary HTTP 220 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 34 IPs in 8 countries across 31 domains to perform 220 HTTP transactions. The main IP is 2606:4700:20::ac43:4a7c, located in United States and belongs to CLOUDFLARENET, US. The main domain is scam.vn.
TLS certificate: Issued by GTS CA 1P5 on January 25th 2023. Valid for: 3 months.

This is the only time scam.vn was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:20:... 2606:4700:20::681a:604	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 26	2606:4700:20:... 2606:4700:20::ac43:4a7c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
25	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
24	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700:303... 2606:4700:3036::6815:1437	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	2606:4700:10:... 2606:4700:10::6816:46c5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
23	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
6	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
3	2a00:1450:400... 2a00:1450:400d:80a::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f01... 2a03:2880:f01c:800e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
3	2a00:1450:400... 2a00:1450:4001:829::200e	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f01... 2a03:2880:f01f:6:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
25	2a00:1450:400... 2a00:1450:400d:80a::2001	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:400d:806::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400d:80d::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
1	2620:116:800d... 2620:116:800d:21:e365:4988:e8a7:3270	16509 (AMAZON-02) (AMAZON-02)
1 1	185.29.132.241 185.29.132.241	30419 (MEDIAMATH...) (MEDIAMATH-INC)
4 19	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
2 2	34.91.62.186 34.91.62.186	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	104.18.24.185 104.18.24.185	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	3.248.98.105 3.248.98.105	16509 (AMAZON-02) (AMAZON-02)
1 2	104.111.217.42 104.111.217.42	16625 (AKAMAI-AS) (AKAMAI-AS)
2 4	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
3 4	185.89.210.82 185.89.210.82	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	54.78.104.30 54.78.104.30	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:400d:802::2006	15169 (GOOGLE) (GOOGLE)
2 2	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	51.38.120.206 51.38.120.206	16276 (OVH) (OVH)
2 2	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
1 1	185.89.210.101 185.89.210.101	29990 (ASN-APPNEX) (ASN-APPNEX)
2 2	18.193.251.179 18.193.251.179	16509 (AMAZON-02) (AMAZON-02)
2	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
2	2600:9000:214... 2600:9000:214f:4000:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
5	2600:1f18:1ac... 2600:1f18:1aca:4281:e21b:6240:d239:4516	14618 (AMAZON-AES) (AMAZON-AES)
220	34

1 2606:4700:20::681a:604 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

scamvn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2606:4700:20::ac43:4a7c (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

scamvn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
scam.vn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
scontent.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3036::6815:1437 (United States)

ASN13335 (CLOUDFLARENET, US)

visafe.vn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2606:4700:10::6816:46c5 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400d:80a::2002 (Ireland)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f01c:800e:face:b00c:0:2 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

socialplugin.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f01f:6:face:b00c:0:3 (Pantin, France)

ASN32934 (FACEBOOK, US)

scontent-cdg2-1.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a00:1450:400d:80a::2001 (Ireland)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:400d:806::2002 (Ireland)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn0.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:80d::200e (Ireland)

ASN15169 (GOOGLE, US)

encrypted-tbn2.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn1.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn3.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:e365:4988:e8a7:3270 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.132.241 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 142.250.181.226 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.91.62.186 (Groningen, Netherlands) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 186.62.91.34.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.165 (Frankfurt am Main, Germany) 2 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.24.185 (None, ) 2 redirects

ASN13335 (CLOUDFLARENET, US)

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.248.98.105 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-98-105.eu-west-1.compute.amazonaws.com

match.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.217.42 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-217-42.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.80.39.216 (Canada) 2 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.89.210.82 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.78.104.30 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-78-104-30.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400d:802::2006 (Ireland)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.115 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.38.120.206 (Hessen, Germany) 1 redirects

ASN16276 (OVH, FR)
PTR: ip206.ip-51-38-120.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.156.0.31 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.89.210.101 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.193.251.179 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-193-251-179.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:214f:4000:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:1f18:1aca:4281:e21b:6240:d239:4516 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
50	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 101 tpc.googlesyndication.com — Cisco Umbrella Rank: 137	511 KB
33	doubleclick.net 4 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 41 cm.g.doubleclick.net — Cisco Umbrella Rank: 205 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 313	190 KB
29	gstatic.com fonts.gstatic.com www.gstatic.com encrypted-tbn0.gstatic.com encrypted-tbn2.gstatic.com encrypted-tbn1.gstatic.com encrypted-tbn3.gstatic.com	369 KB
25	scam.vn scam.vn	522 KB
23	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 796 scontent-cdg2-1.xx.fbcdn.net — Cisco Umbrella Rank: 21078 scontent.xx.fbcdn.net — Cisco Umbrella Rank: 449	328 KB
13	addtoany.com static.addtoany.com — Cisco Umbrella Rank: 3770	34 KB
9	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 753 static.adsafeprotected.com — Cisco Umbrella Rank: 571 dt.adsafeprotected.com — Cisco Umbrella Rank: 531	98 KB
6	casalemedia.com 4 redirects ssum-sec.casalemedia.com — Cisco Umbrella Rank: 421 dsum-sec.casalemedia.com — Cisco Umbrella Rank: 533	4 KB
6	google.com adservice.google.com — Cisco Umbrella Rank: 72 www.google.com — Cisco Umbrella Rank: 2	2 KB
6	facebook.com www.facebook.com — Cisco Umbrella Rank: 106	30 KB
5	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 203 secure.adnxs.com — Cisco Umbrella Rank: 385	5 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 183	239 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 35 region1.google-analytics.com — Cisco Umbrella Rank: 2506	64 KB
3	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 270	71 KB
3	google.de adservice.google.de — Cisco Umbrella Rank: 9006	818 B
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 50	198 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 149 socialplugin.facebook.net — Cisco Umbrella Rank: 11934	90 KB
2	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 284	1 KB
2	yahoo.com 2 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 273	797 B
2	pubmatic.com 2 redirects image6.pubmatic.com — Cisco Umbrella Rank: 731	1 KB
2	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 1222	459 B
2	360yield.com 2 redirects match.360yield.com — Cisco Umbrella Rank: 2330	789 B
2	rubiconproject.com 2 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 316	923 B
2	simpli.fi 2 redirects um.simpli.fi — Cisco Umbrella Rank: 726	1 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 43	2 KB
2	scamvn.com 2 redirects scamvn.com	1 KB
1	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 712	338 B
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 460	864 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 643	465 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 863	599 B
1	visafe.vn visafe.vn	3 KB
220	31

	Domain	Requested by
25	tpc.googlesyndication.com	googleads.g.doubleclick.net scam.vn tpc.googlesyndication.com pagead2.googlesyndication.com
25	pagead2.googlesyndication.com	scam.vn pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
25	scam.vn	scam.vn
20	static.xx.fbcdn.net	www.facebook.com static.xx.fbcdn.net
19	cm.g.doubleclick.net	4 redirects googleads.g.doubleclick.net scam.vn
19	fonts.gstatic.com	fonts.googleapis.com
13	static.addtoany.com	scam.vn static.addtoany.com
12	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net scam.vn
6	www.facebook.com	scam.vn connect.facebook.net
5	dt.adsafeprotected.com	googleads.g.doubleclick.net
5	www.googletagservices.com	googleads.g.doubleclick.net
4	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	www.gstatic.com	googleads.g.doubleclick.net
3	s0.2mdn.net	scam.vn s0.2mdn.net
3	www.google.com	googleads.g.doubleclick.net tpc.googlesyndication.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	adservice.google.com	pagead2.googlesyndication.com
3	adservice.google.de	pagead2.googlesyndication.com
3	www.googletagmanager.com	scam.vn www.googletagmanager.com
2	static.adsafeprotected.com	googleads.g.doubleclick.net
2	googleads4.g.doubleclick.net	scam.vn
2	x.bidswitch.net	2 redirects
2	ups.analytics.yahoo.com	2 redirects
2	image6.pubmatic.com	2 redirects
2	fw.adsafeprotected.com	1 redirects scam.vn
2	sync.teads.tv	1 redirects googleads.g.doubleclick.net
2	match.360yield.com	2 redirects
2	ssum-sec.casalemedia.com	2 redirects
2	pixel.rubiconproject.com	2 redirects
2	um.simpli.fi	2 redirects
2	encrypted-tbn3.gstatic.com	googleads.g.doubleclick.net
2	encrypted-tbn2.gstatic.com	googleads.g.doubleclick.net
2	scontent.xx.fbcdn.net	www.facebook.com
2	region1.google-analytics.com	www.googletagmanager.com
2	connect.facebook.net	scam.vn connect.facebook.net
2	fonts.googleapis.com	scam.vn googleads.g.doubleclick.net
2	scamvn.com	2 redirects
1	secure.adnxs.com	1 redirects
1	onetag-sys.com	1 redirects
1	sync.mathtag.com	1 redirects
1	cms.quantserve.com	googleads.g.doubleclick.net
1	encrypted-tbn1.gstatic.com	googleads.g.doubleclick.net
1	encrypted-tbn0.gstatic.com	googleads.g.doubleclick.net
1	scontent-cdg2-1.xx.fbcdn.net	www.facebook.com
1	socialplugin.facebook.net	connect.facebook.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	visafe.vn	scam.vn
220	48

This site contains links to these domains. Also see Links.

Domain
visafe.vn
chongluadao.vn
www.facebook.com
congan.com.vn
www.addtoany.com

Subject Issuer	Validity	Valid
*.scam.vn GTS CA 1P5	`2023-01-25` - `2023-04-25`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-11-29` - `2023-02-27`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-11` - `2023-05-11`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.socialplugin.facebook.net DigiCert SHA2 High Assurance Server CA	`2022-12-03` - `2023-02-27`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-02-10` - `2023-05-27`	4 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
static.adsafeprotected.com Amazon	`2022-08-06` - `2023-09-04`	a year	crt.sh
dt.adsafeprotected.com Amazon	`2022-04-10` - `2023-05-08`	a year	crt.sh

This page contains 24 frames:

Primary Page: https://scam.vn/
Frame ID: 0436879024656E16CF5496AF41ADB2ED
Requests: 85 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.24.html
Frame ID: 44CE271163FB5DB838C25E3172914D29
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230215/r20190131/zrt_lookup.html
Frame ID: 425E90E9246CC0B309B8D56D99644FD5
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7618423324404424&output=html&adk=1812271804&adf=3025194257&lmt=1676910292&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=188x945_l%7C212x945_r&format=0x0&url=https%3A%2F%2Fscam.vn%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676910292609&bpp=12&bdt=278&idt=191&shv=r20230215&mjsv=m202302130101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3247602610087&frm=20&pv=2&ga_vid=100274804.1676910293&ga_sid=1676910293&ga_hid=557402630&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071755%2C31071662%2C31071976%2C31072499&oid=2&pvsid=2204243330728700&tmod=1929045309&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=213
Frame ID: 87C398BB27FB429D35AD46C622E5624B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7618423324404424&output=html&h=280&adk=2654064360&adf=1801062927&pi=t.aa~a.3605552536~rp.4&w=1145&fwrn=4&fwrnh=100&lmt=1676910292&rafmt=1&to=qs&pwprc=5012342430&format=1145x280&url=https%3A%2F%2Fscam.vn%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676910292621&bpp=3&bdt=290&idt=208&shv=r20230215&mjsv=m202302130101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=3247602610087&frm=20&pv=1&ga_vid=100274804.1676910293&ga_sid=1676910293&ga_hid=557402630&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=228&ady=577&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071755%2C31071662%2C31071976%2C31072499&oid=2&pvsid=2204243330728700&tmod=1929045309&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=cgwaS0GVij&p=https%3A//scam.vn&dtd=211
Frame ID: 856D4F3DBBA55E141E0ABC903E9DCB00
Requests: 16 HTTP requests in this frame

Frame: https://www.facebook.com/v13.0/plugins/page.php?adapt_container_width=true&app_id=478050516060600&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dffb3e080b754cc%26domain%3Dscam.vn%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fscam.vn%252Ff95db253bd1d1c%26relation%3Dparent.parent&container_width=362&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fchongluadaovietnam%2F&locale=vi_VN&sdk=joey&show_facepile=true&small_header=false&tabs=&width=270
Frame ID: 27419651FE80730F2E3DFFAC8F834766
Requests: 12 HTTP requests in this frame

Frame: https://www.facebook.com/v13.0/plugins/group.php?app_id=478050516060600&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df251250e9dd88a8%26domain%3Dscam.vn%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fscam.vn%252Ff95db253bd1d1c%26relation%3Dparent.parent&container_width=362&href=https%3A%2F%2Fwww.facebook.com%2Fgroups%2Fchongluadaovietnam&locale=vi_VN&sdk=joey&show_metadata=false&show_social_context=true&width=270
Frame ID: B318B1F1378930A7F266316493613080
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7618423324404424&output=html&h=280&adk=1166979537&adf=1272846351&pi=t.aa~a.2460070978~rp.4&w=1175&fwrn=4&fwrnh=100&lmt=1676910293&rafmt=1&to=qs&pwprc=5012342430&format=1175x280&url=https%3A%2F%2Fscam.vn%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676910293455&bpp=1&bdt=1123&idt=-M&shv=r20230215&mjsv=m202302130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc1664e6979bdde9f-22968790f6dc0005%3AT%3D1676910292%3ART%3D1676910292%3AS%3DALNI_MZoAa6b_rr5_Ocmms6VUyaNBfVCcw&gpic=UID%3D00000bb957e8f02a%3AT%3D1676910292%3ART%3D1676910292%3AS%3DALNI_MaGmySzK1xQTZAvFZg0Twz5HaKebA&prev_fmts=0x0%2C1145x280&nras=3&correlator=3247602610087&frm=20&pv=1&ga_vid=100274804.1676910293&ga_sid=1676910293&ga_hid=557402630&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=213&ady=1366&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071755%2C31071662%2C31071976%2C31072499&oid=2&pvsid=2204243330728700&tmod=1929045309&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=0dC31HJmDT&p=https%3A//scam.vn&dtd=6
Frame ID: 9EA4017493B7EB1A610E128756B6149F
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7618423324404424&output=html&h=90&adk=3869488725&adf=360036981&pi=t.aa~a.3759911452~rp.1&w=1145&fwrn=4&fwrnh=100&lmt=1676910293&rafmt=1&to=qs&pwprc=5012342430&format=1145x90&url=https%3A%2F%2Fscam.vn%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676910293455&bpp=1&bdt=1123&idt=1&shv=r20230215&mjsv=m202302130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc1664e6979bdde9f-22968790f6dc0005%3AT%3D1676910292%3ART%3D1676910292%3AS%3DALNI_MZoAa6b_rr5_Ocmms6VUyaNBfVCcw&gpic=UID%3D00000bb957e8f02a%3AT%3D1676910292%3ART%3D1676910292%3AS%3DALNI_MaGmySzK1xQTZAvFZg0Twz5HaKebA&prev_fmts=0x0%2C1145x280%2C1175x280&nras=4&correlator=3247602610087&frm=20&pv=1&ga_vid=100274804.1676910293&ga_sid=1676910293&ga_hid=557402630&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=228&ady=2224&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071755%2C31071662%2C31071976%2C31072499&oid=2&pvsid=2204243330728700&tmod=1929045309&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=IJDrVqT7QY&p=https%3A//scam.vn&dtd=9
Frame ID: 1836AB4B101586D2F025644A140A5A3F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230215/r20110914/zrt_lookup.html?fsb=1
Frame ID: DC1B58919152D5876FEAC745D00B46BE
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230215/r20110914/zrt_lookup.html?fsb=1
Frame ID: 4D0446518F240BA1C9E76A8EC5A37289
Requests: 11 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/ENhUjQ5Efr1LKcBlRSMtCxEMsPeXm4hb-JW7itjXrRA.js
Frame ID: 93549D9B1F5B56547E61B6D17C1F720F
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/ENhUjQ5Efr1LKcBlRSMtCxEMsPeXm4hb-JW7itjXrRA.js
Frame ID: 0AE347B3A36FD5B37FBB4D693D128569
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/ENhUjQ5Efr1LKcBlRSMtCxEMsPeXm4hb-JW7itjXrRA.js
Frame ID: 2F78E607CEBBC89E4B2DD4A831A73160
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYuqmj3wEwAQ&v=APEucNWqA-OUYASMH3gmAKEtEon0FLOj3wUMUftoh1GB3IHVfpki4obftPNwqQrW9grxJ6zBLRCq0C624Sm2nqNog54rbAmVe5iF2DGz_dmX6VfEkV1ORbN1ujhaWtGj10I3FwJWczplKY1cgNDTCh1tkzPSwVmQESAKbrwdRDvOj7uQeoLzMiQ
Frame ID: 469126DC120BEC5C0934C19AD8CD0EC5
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 3835C235429F7B200143BA4317F36A28
Requests: 25 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 45A0682BA9157FE91EAA6DBCEDC78569
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/ENhUjQ5Efr1LKcBlRSMtCxEMsPeXm4hb-JW7itjXrRA.js
Frame ID: 36B914F052149B28F1D11C52AF8FB63A
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 282312FA0868FD09EBD25EBDBD3CDD61
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 33043289601DE917575EFF36BF47438B
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/3262300174248127772/index.html
Frame ID: BD9A5029445AD048377F8765F97E46DE
Requests: 2 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 57145FF3861FCE2C948552B901F16013
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 2970E87473D08DC885FED1942FB7B823
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 6AE2E6CEFC3F8FDC510EDE914636D9AF
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cảnh Báo Lừa Đảo - SCAM.VN

Page URL History Show full URLs

http://scamvn.com/ HTTP 301
https://scamvn.com/ HTTP 301
https://scam.vn/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

animate.css (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css

AddToAny (Widgets) Expand

Overall confidence: 100%
Detected patterns

addtoany\.com/menu/page\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

220
Requests

92 %
HTTPS

64 %
IPv6

31
Domains

48
Subdomains

34
IPs

8
Countries

2755 kB
Transfer

7135 kB
Size

28
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://visafe.vn/

Search URL Search Domain Scan URL

URL: https://chongluadao.vn/tai-ve

Search URL Search Domain Scan URL

URL: https://www.facebook.com/ConganThuDo
Title: Công an thành phố Hà Nội

Search URL Search Domain Scan URL

URL: http://congan.com.vn/vu-an/canh-giac/len-mang-lua-tien-thue-tro-cua-sinh-vien-roi-chia-cho-ban-gai-tieu-xai_143718.html
Title: Thanh niên mạo danh email của trường đại học lừa đảo chiếm đoạt tài sản

Search URL Search Domain Scan URL

URL: http://congan.com.vn/vu-an/bat-giu-nguoi-phu-nu-vao-tiem-vang-chiem-doat-hon-22-trieu-dong_143712.html
Title: Vào tiệm vàng lừa đảo, lấy tiền chưa kịp thoát thân thì bị bắt

Search URL Search Domain Scan URL

URL: http://congan.com.vn/vu-an/canh-giac/dak-nong-mao-danh-cong-an-lua-chay-an-de-lua-dao-chiem-doat-tai-san_143585.html
Title: Đắk Nông: Mạo danh Công an lừa “chạy án” chiếm đoạt số tiền lớn

Search URL Search Domain Scan URL

URL: http://congan.com.vn/vu-an/canh-giac/nhieu-nguoi-sap-bay-lua-dao-qua-mang_143578.html
Title: Miền Tây: Nhiều người sập bẫy lừa đảo qua mạng

Search URL Search Domain Scan URL

URL: http://congan.com.vn/vu-an/sap-bay-lua-tien-ti-vi-can-nha-the-chap-gia-dep_143568.html
Title: Sấp bẫy lừa hơn 4 tỷ đồng vì căn nhà thế chấp... giá đẹp

Search URL Search Domain Scan URL

URL: http://congan.com.vn/vu-an/bat-qua-tang-doi-tuong-voi-chieu-lua-chay-an_143559.html
Title: Bắt quả tang một phụ nữ lừa 'chạy án' khi đang nhận 1,1 tỷ đồng

Search URL Search Domain Scan URL

URL: https://congan.com.vn/vu-an/canh-giac/
Title: Xem thêm...

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/share#url=https%3A%2F%2Fscam.vn%2F&title=C%E1%BA%A3nh%20B%C3%A1o%20L%E1%BB%ABa%20%C4%90%E1%BA%A3o%20-%20SCAM.VN
Title: Chia sẻ

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/
Title: AddToAny

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://scamvn.com/ HTTP 301
https://scamvn.com/ HTTP 301
https://scam.vn/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 168

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEAmU4fRFLZex1PJZDDtm3wM&google_cver=1&google_push=Aa02lx-6gX0vtuVUgPOOrkubvJKDa9I6sFPerYrbUiXP4jG_qinFmfzujGB84s8Jp3lSMug1EQzJME6XytFOmSDJ3AEhHDiK48y_53Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=Aa02lx-6gX0vtuVUgPOOrkubvJKDa9I6sFPerYrbUiXP4jG_qinFmfzujGB84s8Jp3lSMug1EQzJME6XytFOmSDJ3AEhHDiK48y_53Y

Request Chain 169

https://um.simpli.fi/gp_match?google_gid=CAESEGRVRGeljiw4ep3JcQmvpX4&google_cver=1&google_push=Aa02lx-oDAw0ksihpiklQUNLXwatGmSVdbl_FssCGqXFSmTssQ0c9jFS6IOzda_q1hlYONKC5ZopM33vXGuOLheotemUA45u0HqTi1c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=2A61C854C76D4AC7BF61EF8213662CB0&google_push=Aa02lx-oDAw0ksihpiklQUNLXwatGmSVdbl_FssCGqXFSmTssQ0c9jFS6IOzda_q1hlYONKC5ZopM33vXGuOLheotemUA45u0HqTi1c

Request Chain 170

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEM2yOkYMkGvqejjq8Wi-NVM&google_cver=1&google_push=Aa02lx9MltNvL8zOm9J3U925qO550DDPeoqr5zNgXOEk4TIofI1RjDzlVboEQsT-SLuBKrd6BFQ7T_UHQPcOxoE0kfxmCWQySJFazh4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEVEMTNDNkotSC0xOTRP&google_push=Aa02lx9MltNvL8zOm9J3U925qO550DDPeoqr5zNgXOEk4TIofI1RjDzlVboEQsT-SLuBKrd6BFQ7T_UHQPcOxoE0kfxmCWQySJFazh4

Request Chain 171

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEC8Qt4MlT7xh9hS6pmb0ctk&google_cver=1&google_push=Aa02lx9wpAcedxTY8ZAW4XJNLuXKywzJdsTx157gqJ1qtF54qessjaK-WIDCjZ09V9wa6Vak4_L-8cpNGuYmDpGDOmZyJCvl9eH0SkA HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEC8Qt4MlT7xh9hS6pmb0ctk&google_push=Aa02lx9wpAcedxTY8ZAW4XJNLuXKywzJdsTx157gqJ1qtF54qessjaK-WIDCjZ09V9wa6Vak4_L-8cpNGuYmDpGDOmZyJCvl9eH0SkA&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEC8Qt4MlT7xh9hS6pmb0ctk&google_hm=Y_Oe1tOi8q_85X0f-xiMVQAABLwAAAAB&google_nid=index&google_push=Aa02lx9wpAcedxTY8ZAW4XJNLuXKywzJdsTx157gqJ1qtF54qessjaK-WIDCjZ09V9wa6Vak4_L-8cpNGuYmDpGDOmZyJCvl9eH0SkA

Request Chain 172

https://match.360yield.com/match/ebda?google_gid=CAESEEd4_cpRHWaD88sZl0avz6E&google_cver=1&google_push=Aa02lx_XKnYa7q6geqljyWFo_djxDif0NTw4KEPAr8GSxITW8Xj8LJ58eL3mb7960LRwgumNN234awuTDgtQWkY2_18rdP9-Z9Jt20o HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEEd4_cpRHWaD88sZl0avz6E&google_cver=1&google_push=Aa02lx_XKnYa7q6geqljyWFo_djxDif0NTw4KEPAr8GSxITW8Xj8LJ58eL3mb7960LRwgumNN234awuTDgtQWkY2_18rdP9-Z9Jt20o HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=TBoj5zoxTRyRwKc2f_56ig&google_push=Aa02lx_XKnYa7q6geqljyWFo_djxDif0NTw4KEPAr8GSxITW8Xj8LJ58eL3mb7960LRwgumNN234awuTDgtQWkY2_18rdP9-Z9Jt20o

Request Chain 173

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEPtjadQUqMD8pY3pGfO5Qzk&google_cver=1&google_push=Aa02lx-RRYbVD49hxwKrHnemLPlqu0Py69aeFp0dqyC09IhBa7pe12WbFq5zKKfwQyI1cv7r6sodNuuFFXyqCogEL0eopXSIaLOuP9Yf HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=Aa02lx-RRYbVD49hxwKrHnemLPlqu0Py69aeFp0dqyC09IhBa7pe12WbFq5zKKfwQyI1cv7r6sodNuuFFXyqCogEL0eopXSIaLOuP9Yf HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 175

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKqfrZTfeC0EHH06xKKfLjY&google_cver=1

Request Chain 176

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y-Oe1lTqMi7YHY2rQAo-ngAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKqfrZTfeC0EHH06xKKfLjY&google_cver=1

Request Chain 177

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEDYyxJdLLKR-LHv2sYpM70c&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEDYyxJdLLKR-LHv2sYpM70c%26google_cver%3D1

Request Chain 178

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTAyMzIzNTYwNDQyMDgwNjc1NQ%3D%3D

Request Chain 191

https://um.simpli.fi/gp_match?google_gid=CAESEBlRQtNk5w579MqRvRdXcK0&google_cver=1&google_push=Aa02lx9WPML3wMO3Ykl56tUtvWAXna6547ga7CL-QnVZzgzvGlhbTjZq0mVHhlBjDxcbWecczujEdkEl-CoNVkczZvp0MSP95k-dOws HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=2A61C854C76D4AC7BF61EF8213662CB0&google_push=Aa02lx9WPML3wMO3Ykl56tUtvWAXna6547ga7CL-QnVZzgzvGlhbTjZq0mVHhlBjDxcbWecczujEdkEl-CoNVkczZvp0MSP95k-dOws

Request Chain 192

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEA0EmDReuXtPhPGk-5YURvk&google_cver=1&google_push=Aa02lx_2eTVJ2HApDhJL4hddBIetWaafHdPxv3XDH8f1-iSxmjRER2BC-Lgn_c1DMzv3B9xy9gKesJbd8DB3SxlOLeKshjTQ4BCmGgM HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEA0EmDReuXtPhPGk-5YURvk&google_cver=1&google_push=Aa02lx_2eTVJ2HApDhJL4hddBIetWaafHdPxv3XDH8f1-iSxmjRER2BC-Lgn_c1DMzv3B9xy9gKesJbd8DB3SxlOLeKshjTQ4BCmGgM&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=po0vAXH-TN-F0zkeRFb90w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=Aa02lx_2eTVJ2HApDhJL4hddBIetWaafHdPxv3XDH8f1-iSxmjRER2BC-Lgn_c1DMzv3B9xy9gKesJbd8DB3SxlOLeKshjTQ4BCmGgM

Request Chain 193

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEDi4Q7pxWdNZEW54CpWs71A&google_cver=1&google_push=Aa02lx9095pKPWPBBRglAEI7nydRbAlbgFHzD1Z-mNjJAlAWQlUfIyToP2EiuiIvuF1p9lVUVdju_MAn9-P8ERyC2mnT6r5pqyunlA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEVEMTNDQ0EtMVQtRlNZUg==&google_push=Aa02lx9095pKPWPBBRglAEI7nydRbAlbgFHzD1Z-mNjJAlAWQlUfIyToP2EiuiIvuF1p9lVUVdju_MAn9-P8ERyC2mnT6r5pqyunlA

Request Chain 194

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEJwKtbKKZHLZGzarRAc3N4c&google_cver=1&google_push=Aa02lx-mMVVJgWHjC2Bz639o8UVjaN85-56lVRBNLj7JYaL1QOhEvwt0RogYaCJ6SfMZUexIbFPgL-ehcPp7jhG7MoEVDWarUytxVQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx-mMVVJgWHjC2Bz639o8UVjaN85-56lVRBNLj7JYaL1QOhEvwt0RogYaCJ6SfMZUexIbFPgL-ehcPp7jhG7MoEVDWarUytxVQ

Request Chain 195

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESECYAB97EMjteno4ixm_iznA&google_cver=1&google_push=Aa02lx9voaUmMSBwvpwkZiz6Lii4pAYN7eyE6x4lsu9PgaoN7tu1qYnGQzu9u9kCgzMwFg9DREU_C7O6HiEoAFxIgZeWmKTb2LblomZx HTTP 302
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESECYAB97EMjteno4ixm_iznA&google_cver=1&google_push=Aa02lx9voaUmMSBwvpwkZiz6Lii4pAYN7eyE6x4lsu9PgaoN7tu1qYnGQzu9u9kCgzMwFg9DREU_C7O6HiEoAFxIgZeWmKTb2LblomZx&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS00ZWFDcWFaRTJ1RWNtWW9NR2xEZVJDejFweE5VZENfX35B&google_push=Aa02lx9voaUmMSBwvpwkZiz6Lii4pAYN7eyE6x4lsu9PgaoN7tu1qYnGQzu9u9kCgzMwFg9DREU_C7O6HiEoAFxIgZeWmKTb2LblomZx

Request Chain 196

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESECAgg2UjtkEf-C2jcYPcv0Q&google_cver=1&google_push=Aa02lx-R9ssK4qkw8GI3165SSYjyJOsgdjEx9lVede8Y8F-fIiaLLv6NEpdBAgOoywa4kKq3sT3eEtJFEWscij8KERX5y3OYLJ_8WOc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=MTAyMzIzNTYwNDQyMDgwNjc1NQ%3D%3D&google_gid=CAESECAgg2UjtkEf-C2jcYPcv0Q&google_cver=1&google_push=Aa02lx-R9ssK4qkw8GI3165SSYjyJOsgdjEx9lVede8Y8F-fIiaLLv6NEpdBAgOoywa4kKq3sT3eEtJFEWscij8KERX5y3OYLJ_8WOc

Request Chain 197

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEPqZAkQcf30Xt8q3AL4WOMc&google_cver=1&google_push=Aa02lx-IU5_eZgFbiYsa2DDteQ8X82rfP7VFX9LVWRnibMYTbLH2pW183FwLncxbwbNJk_dUnUF4XBtfqbLxQDmWj-lRikH9PpTKrJOz HTTP 302
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEPqZAkQcf30Xt8q3AL4WOMc&google_cver=1&google_push=Aa02lx-IU5_eZgFbiYsa2DDteQ8X82rfP7VFX9LVWRnibMYTbLH2pW183FwLncxbwbNJk_dUnUF4XBtfqbLxQDmWj-lRikH9PpTKrJOz HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=dcc9e09b-36a9-4824-bcbd-359e9ae5d616&%%GOOGLE_PUSH_PAIR%%

Request Chain 206

https://fw.adsafeprotected.com/rfw/st/1333404/69076805/4.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=27496782&ias_pubId=pub-7618423324404424&ias_chanId=1&ias_placementId=16627720464&bidurl=https://scam.vn/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0jwr_JnyZi5cCMrpZA7Y9Lg&adContainerId=brand_safety_1p7zY8qBGsey3gO52YbwDg&cbFunctionName=goog_wrapCb_1p7zY8qBGsey3gO52YbwDg&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_728x90.js&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fscam.vn&adsafe_type=g&adsafe_url=https%3A%2F%2Fscam.vn%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-7618423324404424%26output%3Dhtml%26h%3D90%26adk%3D3869488725%26adf%3D360036981%26pi%3Dt.aa~a.3759911452~rp.1%26w%3D1145%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1676910293%26rafmt%3D1%26to%3Dqs%26pwprc%3D5012342430%26format%3D1145x90%26url%3Dhttps%253A%252F%252Fscam.vn%252F%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd%26dt%3D1676910293455%26bpp%3D1%26bdt%3D1123%26idt%3D1%26shv%3Dr20230215%26mjsv%3Dm202302130101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26cookie%3DID%253Dc1664e6979bdde9f-22968790f6dc0005%253AT%253D1676910292%253ART%253D1676910292%253AS%253DALNI_MZoAa6b_rr5_Ocmms6VUyaNBfVCcw%26gpic%3DUID%253D00000bb957e8f02a%253AT%253D1676910292%253ART%253D1676910292%253AS%253DALNI_MaGmySzK1xQTZAvFZg0Twz5HaKebA%26prev_fmts%3D0x0%252C1145x280%252C1175x280%26nras%3D4%26correlator%3D3247602610087%26frm%3D20%26pv%3D1%26ga_vid%3D100274804.1676910293%26ga_sid%3D1676910293%26ga_hid%3D557402630%26ga_fc%3D1%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D228%26ady%3D2224%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759876%252C44759927%252C44759842%252C31071755%252C31071662%252C31071976%252C31072499%26oid%3D2%26pvsid%3D2204243330728700%26tmod%3D1929045309%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26ifi%3D4%26uci%3Da!4%26btvi%3D2%26fsb%3D1%26xpc%3DIJDrVqT7QY%26p%3Dhttps%253A%2F%2Fscam.vn%26dtd%3D9&adsafe_type=bed&adsafe_jsinfo=,id:5d5f91f5-d619-9308-6043-1fe0bddbc95b,c:4MmeEv,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-69f5898b7f-rm8bc,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:3,mot:0,app:0,maw:0,fm:twqcHDD+11%7C12%7C13%7C141%7C15%7C16%7C171%7C172%7C181*.1333404-69076805%7C1811%7C1812%7C1813%7C1814%7C191%7C1a1,idMap:181*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,tt:rjss,et:18,oid:1bde65d4-b13b-11ed-93f5-b644461cb8d3,v:19.8.394,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}

220 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
scam.vn/
Redirect Chain

http://scamvn.com/
https://scamvn.com/
https://scam.vn/

23 KB
8 KB

793ms
335ms

Document
text/html

2606:4700:20::ac43:4a7c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://scam.vn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4a7c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

feb9ee3473e53c76ec01db637355e2eb232041bd9468d431920bb710c9a80854

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=2592000
cf-cache-status: DYNAMIC
cf-ray: 79c8984cf8335b74-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 20 Feb 2023 16:24:52 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FVrOxYDQdBCv%2FLfv3xIGPjCTSpMgH8mbMpRBijKDRgk4vH9UACkYQ7QUkDfGz1JjnitO5g%2BS9g7Tb2PzKRnbEWWTW2Q4GFMJt5mo3rowqVizbj3BepN2CPiuLyCPy0dwb45LYdQ9"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

cf-cache-status: DYNAMIC
cf-ray: 79c898439b679006-FRA
content-type: text/html
date: Mon, 20 Feb 2023 16:24:51 GMT
location: https://scam.vn/
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bDJpSV9YgmyoGwn%2B7EnvSIbe5MSOIgxl7YBH9RbmAfDgNlnBoGGsJFCGo6jUtrFMo61yK3eNhMlBpYY8dUGWFCEHfPFyu%2Fv60Dv2gdn8rXrUkBt9WjkWOVbeosnkjkDZHvYyErzqvi4%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 css
fonts.googleapis.com/ 16 KB
1 KB 87ms
38ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,400i,500,500i,700,700i,900,900i

Requested by

Host: scam.vn
URL: https://scam.vn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4bc8cdf3562606c10745355607a232a5b9057a627b5a0451789bdb526443694e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 20 Feb 2023 16:24:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 20 Feb 2023 16:24:52 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 20 Feb 2023 16:24:52 GMT

GET
H2 200 fontawesome.min.css
scam.vn/js/fontawesome/css/ 76 KB
16 KB 25ms
23ms Stylesheet
text/css 2606:4700:20::ac43:4a7c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://scam.vn/js/fontawesome/css/fontawesome.min.css
Requested by: Host: scam.vn
URL: https://scam.vn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 472eba26edf0c44a76d8ba69eb469b4a4937f0a18d8ab909db350b3932621f02

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 42828
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
last-modified: Sat, 01 Oct 2022 15:54:39 GMT
server: cloudflare
etag: W/"633862bf-130ec"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AA6pIwkp3B9CUqPSOJWgi7dinQ4vzDJLalNjFOFTvcS8XFyBC9wE9Bjdjpc6uR9cqveOYpi9Ks7Sa4BW1mblS8Bvp3RBD%2Ff5OORhtM9rcMcgIJOWHtnJgX5VBtEUnD1aYtWvg6av"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 79c8984f1b095b74-FRA
expires: Wed, 22 Mar 2023 04:31:04 GMT

GET
H2 200 solid.min.css
scam.vn/js/fontawesome/css/ 622 B
665 B 21ms
19ms Stylesheet
text/css 2606:4700:20::ac43:4a7c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://scam.vn/js/fontawesome/css/solid.min.css
Requested by: Host: scam.vn
URL: https://scam.vn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8f7901aedf8ac99048afa2a070fd2929d51edec4a5cb3f3381d8510e6eee9767

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 19546
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
last-modified: Sat, 01 Oct 2022 15:54:35 GMT
server: cloudflare
etag: W/"633862bb-26e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=id1BfRFMiARPQXDCcaKjC4GyhrqKEpIOEoQDnocZbQwO2zhgtokXMlza%2B0xvcWiTU51yqN2Y9TfcQ4eXBcT3t3B8uFvb778e4fuvpB%2BUMHc7z9WylaF8Z%2Fmpk%2BKC1BlKgJVRRqH%2F"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 79c8984f1b0a5b74-FRA
expires: Wed, 22 Mar 2023 10:59:06 GMT

GET
H2 200 brands.min.css
scam.vn/js/fontawesome/css/ 617 B
570 B 23ms
21ms Stylesheet
text/css 2606:4700:20::ac43:4a7c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://scam.vn/js/fontawesome/css/brands.min.css
Requested by: Host: scam.vn
URL: https://scam.vn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b01b2ea03d398cc29223fcc3c042556bccccbfe7218cee4c09252df54612005e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 19545
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
last-modified: Sat, 01 Oct 2022 15:54:39 GMT
server: cloudflare
etag: W/"633862bf-269"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HpbR7HrlxZdr87iyKoW92kMPTEZ4OIqksswl00hkhudebUFXpltMA6RJen%2BpFufveBzpi8Yzcyhfn2%2BgM0yTbJd4nlO7e1eU6FxYeaiYToinzA5DNineCyNMiHoHs966aaiLDrct"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 79c8984f1b0b5b74-FRA
expires: Wed, 22 Mar 2023 10:59:06 GMT

GET
H2 200 bootstrap.min.css
scam.vn/css/ 150 KB
24 KB 27ms
25ms Stylesheet
text/css 2606:4700:20::ac43:4a7c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://scam.vn/css/bootstrap.min.css?v=1.1
Requested by: Host: scam.vn
URL: https://scam.vn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4d49da8d763da4e2e36ca9e1d83f5ecc5b0e1b9bcaaefef98679b02ca342ce68

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 42827
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
last-modified: Sat, 17 Jul 2021 09:56:42 GMT
server: cloudflare
etag: W/"60f2a95a-25665"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pK6U%2FMwfxKt19bgw2G53K9rkGyJntA%2FSvLaTN1Q4lF4g5fwIU9d7yK7y%2BStkDJt9gqsBpEga7vnly4QhDY4rQ3N74ZKxkdKTyZOHndltjPVdlaN3ub0ctkZ%2Bkmhxgexh51WSgF1e"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 79c8984f2b0e5b74-FRA
expires: Wed, 22 Mar 2023 04:31:05 GMT

GET
H2 200 slicknav.min.css
scam.vn/css/ 2 KB
1 KB 23ms
21ms Stylesheet
text/css 2606:4700:20::ac43:4a7c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://scam.vn/css/slicknav.min.css
Requested by: Host: scam.vn
URL: https://scam.vn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2c48050a1280b38ee66b4122dc30f7b8d0d89776c80f76f213dca958e701f45d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 19545
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
last-modified: Sat, 17 Jul 2021 09:56:42 GMT
server: cloudflare
etag: W/"60f2a95a-9c9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5p7w3F6DJWOinXkhwu3Bk%2BPAQW%2FW7hMOWxFAhk89eVP7wcygo7XMQlWzwinypHs%2BQ3KccTWUZaGKDktzz5K%2FzIBsOnQ9OUc68WmOFoIkuxB60JGbs2S7b%2B7r%2FXXQDc4eZBFklZ8R"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 79c8984f2b0f5b74-FRA
expires: Wed, 22 Mar 2023 10:59:06 GMT

GET
H2 200 animate.css
scam.vn/css/ 57 KB
5 KB 36ms
35ms Stylesheet
text/css 2606:4700:20::ac43:4a7c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://scam.vn/css/animate.css
Requested by: Host: scam.vn
URL: https://scam.vn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3fdfe2323bbd7714631973620d41fff07d79b1e178d5fe9fc84d4fc61bfebe27

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 19545
cf-polished: origSize=75052
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
cf-bgj: minify
last-modified: Sat, 17 Jul 2021 09:56:42 GMT
server: cloudflare
etag: W/"60f2a95a-1252c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FHKLnFVDjFgFO6i%2FA4WwIZp3o4v%2BjDhAkRXelDiuz3i6Yp6FRkK0EAWVuEi1x9B4ENDnQXqarCAK578DrzSfkUe5hzc8MqAP15%2FizzgIrbw%2BH3qZfjkH06oyiavZ0ffKkOKpFqXy"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 79c8984f2b105b74-FRA
expires: Wed, 22 Mar 2023 10:59:06 GMT

GET
H2 200 animation2.css
scam.vn/css/ 2 KB
911 B 21ms
20ms Stylesheet
text/css 2606:4700:20::ac43:4a7c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://scam.vn/css/animation2.css
Requested by: Host: scam.vn
URL: https://scam.vn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2bdb233d92326b494db90e3b601c8feccfbbb2fffce274faefeccc7b36a1449b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 19546
cf-polished: origSize=3338
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
cf-bgj: minify
last-modified: Sat, 17 Jul 2021 09:56:42 GMT
server: cloudflare
etag: W/"60f2a95a-d0a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VrmomA6IeD7NIExUzV7Ip%2FosSSaxKDY5s914fuMFZZTY8oBqPO%2BWx3mKslru5zyMWs0CHL5nD8reprbB8DNpTM0v%2FTEAaAJRhyCTcx2FLVsX73tqz%2FPbfsHFnyn4kHIG6VpuxNGc"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 79c8984f2b115b74-FRA
expires: Wed, 22 Mar 2023 10:59:06 GMT

GET
H2 200 style.css
scam.vn/css/ 24 KB
6 KB 39ms
38ms Stylesheet
text/css 2606:4700:20::ac43:4a7c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://scam.vn/css/style.css?v=2.26
Requested by: Host: scam.vn
URL: https://scam.vn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f50de8dd2a4c119cc674ed157631325b646de88ac9121288b7351b7fd6cc1de4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 19545
cf-polished: origSize=37916
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
cf-bgj: minify
last-modified: Fri, 25 Nov 2022 15:50:07 GMT
server: cloudflare
etag: W/"6380e42f-941c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9mArGgf6o9WoWrT4wbQPUzKMViNjikeyjIMhhX5BidMIay22xtWsgdFdjDjBZaWGImQztwAekDWfuTvRtmtZGbayD7E96uH9JrzQmfaabw3CmCCKH9FYeGJYljtizOn0Tn5fida9"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 79c8984f2b135b74-FRA
expires: Wed, 22 Mar 2023 10:59:06 GMT

GET
H2 200 jquery-3.2.1.min.js Show response
scam.vn/js/ 85 KB
31 KB 37ms
36ms Script
application/javascript 2606:4700:20::ac43:4a7c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://scam.vn/js/jquery-3.2.1.min.js
Requested by: Host: scam.vn
URL: https://scam.vn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 19546
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
last-modified: Sat, 17 Jul 2021 09:56:43 GMT
server: cloudflare
etag: W/"60f2a95b-15283"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rpZSzbAD%2FLtr5skWG9ZgCfszxPSmO7cdBRoPEryAgAVKeHjH9gXcUylMjZx7D2TFhExY3N0vufv7QeRbnNzoPwOpPd%2B1kw2Xz5lmjWHUD%2BzPKpWrYGC%2BCHuXvSbuDPqbxTEDHOXS"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 79c8984f2b145b74-FRA
expires: Wed, 22 Mar 2023 10:59:06 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 149 KB
49 KB 130ms
79ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: scam.vn
URL: https://scam.vn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8e1546f3e67fc3a9eab614e5335ecca2127851fbb8a7a48c82e6e4a626c4aa9d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:52 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49856
x-xss-protection: 0
server: cafe
etag: 1505598011457871015
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 20 Feb 2023 16:24:52 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/vi_VN/ 3 KB
2 KB 77ms
19ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/vi_VN/sdk.js

Requested by

Host: scam.vn
URL: https://scam.vn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

7e5db4019200e2770390f2277447d966a8cc0d87ac4ad6de0098fc06f1dbf8f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://scam.vn/
Origin: https://scam.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 20 Feb 2023 16:24:52 GMT
content-md5: 4OHe1iDoOXbbejnowOXXsA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1688
x-fb-rlafr: 0
x-fb-debug: STFT3XW0yqjNDBE9LAq+M01k2Z80fiJUZelXEznrlz+XSGojd03iUGwrfAj5rYdyZJRJLzdnw0Dppf5M8Lws0w==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 917726464
x-fb-content-md5: 4ebfbf7589682c19ada52aefef406915
cross-origin-opener-policy: same-origin-allow-popups
etag: "0387c613166214cd3a71fb7690dac7df"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
x-frame-options: DENY
timing-allow-origin: *
expires: Mon, 20 Feb 2023 16:31:52 GMT

GET
H3 200 scamvn_horizontal_250.png
scam.vn/img/ 9 KB
9 KB 333ms
331ms Image
image/png 2606:4700:20::ac43:4a7c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scam.vn/img/scamvn_horizontal_250.png
Requested by: Host: scam.vn
URL: https://scam.vn/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 55c96e92f80cba90942c042bf3ea1ee4c97aff224872b3ab704aba6fc49d9264

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:52 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8853
pragma: public
last-modified: Thu, 08 Dec 2022 09:25:54 GMT
server: cloudflare
etag: "6391ada2-2295"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ULZPxPaIfCysTG%2B%2FOZjTUehWoQmfWXG2xBMMBgv6G1y2QQeEWswjxy7u7KiYQI4Fvq%2FOQKjGIr5xglGQmX7fWYgWFuGngArouZru2DhcJv%2F0IjXFy%2FNpwh91gQzCfOXv70%2FXYpIj"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 79c8984fbaf0bb7a-FRA
expires: Wed, 22 Mar 2023 16:24:52 GMT

GET
H2 200 logo-visafe.033d436f.svg
visafe.vn/static/media/ 5 KB
3 KB 2310ms
1823ms Image
image/svg+xml 2606:4700:3036::6815:1437
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://visafe.vn/static/media/logo-visafe.033d436f.svg
Requested by: Host: scam.vn
URL: https://scam.vn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:1437 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bccdc44986b82eb4426a791daace17cf903e46af08c13be6f6e51faa205735f4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-served-by: visafe.vn
date: Mon, 20 Feb 2023 16:24:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"619b08fa-1526"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m3y6uJ3GxsxOuoNUPyq5KluwA7G0QiR82TAFwe3Ub3vZEYkFN3UDyEWvlqPaZ9FmmqKSVfZsxRSZlkTZF6I9TVG9ie7aSBwW9l8iXRjqjYsHfwIe%2Fs8mhwnsuLjEsuJEXWhSYPq6bMM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=75355
cf-ray: 79c89852b95537f6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Tue, 21 Feb 2023 00:30:00 GMT

GET
H3 200 chongluadao-rm.jpg
scam.vn/img/ 27 KB
28 KB 479ms
477ms Image
image/jpeg 2606:4700:20::ac43:4a7c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scam.vn/img/chongluadao-rm.jpg
Requested by: Host: scam.vn
URL: https://scam.vn/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3ae9a79cc7871111728e09757585f66290a91e9a5e27425f7a398b805f329116

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:52 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 27694
pragma: public
last-modified: Tue, 22 Mar 2022 09:11:33 GMT
server: cloudflare
etag: "623992c5-6c2e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5uklcPjfzeLdGxl2yt5183F6fR32YVnFdwM8ullEwrEmVvPklpR3MRpBxWu9oxlKYzlMvE2IeKe0OFllQn8S%2BusB8xpPKK0OLDpfETOGO2Ds72H%2F7OtCxB6%2FzyRryCugPLCXI35S"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 79c8984fbaf5bb7a-FRA
expires: Wed, 22 Mar 2023 16:24:52 GMT

GET
H3 200 Pulse-1s-30px.svg
scam.vn/img/ 2 KB
1016 B 340ms
339ms Image
image/svg+xml 2606:4700:20::ac43:4a7c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scam.vn/img/Pulse-1s-30px.svg
Requested by: Host: scam.vn
URL: https://scam.vn/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 19e6179558d2c6c252c89325e6b79a362da6df4d1c3ff5e8e0748cda6907a6cf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: public
date: Mon, 20 Feb 2023 16:24:52 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 21 Mar 2022 09:37:49 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"6238476d-89a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O%2BJ37od6Nwcp2kOUbYC4MfaU7IdgJl%2Bil4RAlJa9zFjyPw9ljnptqnAnimA74shjueC8S%2FpRtg7Nr7pKflZmEXYdUOVIMPJwCPuygmdY9pSJg4akP9qai9fjTB%2F47IaMRpVS66rE"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 79c8984fbaf6bb7a-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Wed, 22 Mar 2023 16:24:52 GMT

GET
H2 200 page.js Show response
static.addtoany.com/menu/ 3 KB
2 KB 78ms
28ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/page.js

Requested by

Host: scam.vn
URL: https://scam.vn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c5cc47eb8499efe3f4353bc50b38690756e78da21b0e158e14293b39c5ef812

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:52 GMT
via: e4s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 54528
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 11 Jan 2023 01:11:30 GMT
server: cloudflare
etag: W/"c04-5f1f2ae2e431b"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=172800
cf-ray: 79c898500d409088-FRA

GET
H3 200 popper.min.js Show response
scam.vn/js/ 21 KB
8 KB 336ms
335ms Script
application/javascript 2606:4700:20::ac43:4a7c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://scam.vn/js/popper.min.js
Requested by: Host: scam.vn
URL: https://scam.vn/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 66f3a07e1fa9b64a686b66381e4458dbc8abf3dbbff954720c4eec07b84411c2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: public
date: Mon, 20 Feb 2023 16:24:52 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sat, 17 Jul 2021 09:56:43 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"60f2a95b-520c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tidMcNcN2mzXQxWamEPRpg8TNgNF0lAT2WEeysLPV7U0VA4fMXKgcy6aXhKyBAHEqMaSML%2BSPgOZetavUgYaEHP8yEsiZ6hTiSIUPMi4I31Zdws7lUS92W48G%2BjwvOJ4UGXEj%2Fqc"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 79c8984f6a28bb7a-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Wed, 22 Mar 2023 16:24:52 GMT

GET
H3 200 bootstrap.min.js Show response
scam.vn/js/ 54 KB
15 KB 488ms
488ms Script
application/javascript 2606:4700:20::ac43:4a7c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://scam.vn/js/bootstrap.min.js
Requested by: Host: scam.vn
URL: https://scam.vn/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eb795deda8983fa5310627c9584cf3f3b95d272567113500059018b3941cb267

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: public
date: Mon, 20 Feb 2023 16:24:52 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sat, 17 Jul 2021 09:56:43 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"60f2a95b-d9df"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xwcr3cB11YcjTbBhG3w3jkoEuyR9k8y14SRpxd7fILteYF9mdZlBIOvDrdch%2BQjDOdBR9XebLQhZvO4GcIQDvTS8yrXnfuJyZEQ%2FxHENjVf3f8x%2BVKeN8JUxwMcrSGOGBU0mQfv4"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 79c8984faac5bb7a-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Wed, 22 Mar 2023 16:24:52 GMT

GET
H3 200 jquery.slicknav.min.js Show response
scam.vn/js/ 8 KB
3 KB 27ms
26ms Script
application/javascript 2606:4700:20::ac43:4a7c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://scam.vn/js/jquery.slicknav.min.js
Requested by: Host: scam.vn
URL: https://scam.vn/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 190402f488a1616b47304ae066078580059ca6a5958b7f217d2156d0a73931a9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 12622
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
last-modified: Sat, 17 Jul 2021 09:56:43 GMT
server: cloudflare
etag: W/"60f2a95b-20df"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eeLnpxtuYipAP9%2Bu%2FdJXOfBHOq5vYo%2FkaDr%2FUVsnJ4LNRAtU8d6mF3bpbT%2B2wl9rT6hpV48pnTj1sJeZ296lRIfWQsBKL4zri30mWWkcap3wuaEjQurbyzfyFXrbaC36JowkVNEh"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 79c8984fbae5bb7a-FRA
expires: Wed, 22 Mar 2023 12:54:30 GMT

GET
H3 200 jquery.sticky-sidebar.min.js Show response
scam.vn/js/ 12 KB
4 KB 24ms
22ms Script
application/javascript 2606:4700:20::ac43:4a7c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://scam.vn/js/jquery.sticky-sidebar.min.js
Requested by: Host: scam.vn
URL: https://scam.vn/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 493ac7ad59fab104b7122ad2cb01b549f25f38fd570586c065dee5633f3faecd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 12622
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
last-modified: Sat, 17 Jul 2021 09:56:43 GMT
server: cloudflare
etag: W/"60f2a95b-30c5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1mvSDvg5RrYjRMsHP2Qj0mLm3nvrWPluGIOzvowcLZukKrHKT1tqZ32GkKq5%2F3WXsCfq2jnBVDMncgyMI7IpHO8Nix6ngd8B%2BVXUxFcI8sUTLRZmaAs4IybJaP84XjgLjc69iqWs"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 79c8984fbaedbb7a-FRA
expires: Wed, 22 Mar 2023 12:54:30 GMT

GET
H3 200 main.js Show response
scam.vn/js/ 7 KB
3 KB 23ms
21ms Script
application/javascript 2606:4700:20::ac43:4a7c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://scam.vn/js/main.js?v=4.13
Requested by: Host: scam.vn
URL: https://scam.vn/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: da38b429e7f4dbb602356436d44ae4ae03dffe20868f36ba70de4d4aaa78d6a0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 12622
cf-polished: origSize=9456
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
cf-bgj: minify
last-modified: Wed, 12 Oct 2022 10:01:00 GMT
server: cloudflare
etag: W/"6346905c-24f0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WR7UsVvc2Do0pl5CY2Se76i%2FVVQUihOOINu%2ByUJ0mNNoz%2BIoZhy4m60x3VQrFtshAmv8AROnYKb8A2rPlvVEVDiiF8fAUuHTfJtptaSqK5Yo5nEtsOHvXSkMFpXKBQWIrhWuLGHO"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 79c8984fbaeebb7a-FRA
expires: Wed, 22 Mar 2023 12:54:30 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 113 KB
44 KB 92ms
43ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-158914372-1

Requested by

Host: scam.vn
URL: https://scam.vn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

60cce93d163fa6398b91c5a84a300f41f0b23c76a8743e7715dd144f3fbae2b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:52 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 45167
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 20 Feb 2023 16:24:52 GMT

GET
H3 200 scam-alert-gray-min.jpg
scam.vn/img/ 237 KB
237 KB 640ms
640ms Image
image/jpeg 2606:4700:20::ac43:4a7c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scam.vn/img/scam-alert-gray-min.jpg
Requested by: Host: scam.vn
URL: https://scam.vn/css/style.css?v=2.26
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 26e77c6b4bcc2a3532d791f8ba1ca6d02518178eaa467773904b61fdaa67f940

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/css/style.css?v=2.26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 242365
pragma: public
last-modified: Fri, 25 Nov 2022 15:49:05 GMT
server: cloudflare
etag: "6380e3f1-3b2bd"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a8oXUGke3nJbZ0NqYxDouNwaY8zWyHi48OkvfAdY4swoEFA%2Fp1vU0sLBm4CL4vNmL%2B7XLALvctSVFx8yWqyON8Edzxh8XQ44G0%2BL0dFdsp%2FhbUIFEgS%2Fm9u7iJinA5U0BvhRr5BQ"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 79c8984fbafabb7a-FRA
expires: Wed, 22 Mar 2023 16:24:52 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 71ms
19ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,400i,500,500i,700,700i,900,900i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://scam.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 14:05:36 GMT
x-content-type-options: nosniff
age: 353956
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 16 Feb 2024 14:05:36 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 16 KB
16 KB 87ms
35ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,400i,500,500i,700,700i,900,900i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://scam.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 16:22:50 GMT
x-content-type-options: nosniff
age: 432122
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 15 Feb 2024 16:22:50 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 90ms
39ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,400i,500,500i,700,700i,900,900i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://scam.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 08:06:08 GMT
x-content-type-options: nosniff
age: 289124
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 17 Feb 2024 08:06:08 GMT

GET
H2 200 KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2
fonts.gstatic.com/s/roboto/v30/ 17 KB
17 KB 131ms
79ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,400i,500,500i,700,700i,900,900i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6be97ca17228a69c406231d89c003194c3dfba7401eaa9fe9e9ed0ef1c18dc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://scam.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 08:08:39 GMT
x-content-type-options: nosniff
age: 375373
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17032
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 16 Feb 2024 08:08:39 GMT

GET
H3 200 fa-solid-900.woff2
scam.vn/js/fontawesome/webfonts/ 115 KB
115 KB 360ms
359ms Font
font/woff2 2606:4700:20::ac43:4a7c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://scam.vn/js/fontawesome/webfonts/fa-solid-900.woff2

Requested by

Host: scam.vn
URL: https://scam.vn/js/fontawesome/css/solid.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4a7c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe529bb3f596ef36f463c8be98e02b43acccdfc0626719077481fe94e03cff21

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://scam.vn/js/fontawesome/css/solid.min.css
Origin: https://scam.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:52 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 117364
x-xss-protection: 1; mode=block
last-modified: Sat, 01 Oct 2022 15:45:39 GMT
server: cloudflare
etag: "633860a3-1ca74"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8264kryuSx2M8HdRJ0A%2BL8H1I7KbhpgYJZiDi1SsNfqpssPjOBp65sec5G5cTF1G1H1ihm50FWktvOA29FhdHUeX72jMajv7yNHOdTwwIjO7X4a64Z77NvwzhKg%2B%2BhjylHYHBubN"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 79c8984fcb01bb7a-FRA

GET
H2 200 KFOkCnqEu92Fr1Mu51xIIzI.woff2
fonts.gstatic.com/s/roboto/v30/ 17 KB
17 KB 135ms
84ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,400i,500,500i,700,700i,900,900i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://scam.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 07:48:58 GMT
x-content-type-options: nosniff
age: 290154
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17368
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 17 Feb 2024 07:48:58 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/ 12 KB
12 KB 116ms
70ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,400i,500,500i,700,700i,900,900i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7f1c829b0c90fd664a03bb714a74f7d35d9e38ee1687104abc8ad5bd9c8ccb6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://scam.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 01:29:48 GMT
x-content-type-options: nosniff
age: 399304
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11800
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:25:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 16 Feb 2024 01:29:48 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/ 12 KB
12 KB 103ms
59ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,400i,500,500i,700,700i,900,900i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc66f942651a9fe1a598770d3d896529dcd7a03d02f40655451513093103e61b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://scam.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 03:52:03 GMT
x-content-type-options: nosniff
age: 477169
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11824
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:43 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 15 Feb 2024 03:52:03 GMT

GET
H2 200 KFOjCnqEu92Fr1Mu51TzBic0CsTKlA.woff2
fonts.gstatic.com/s/roboto/v30/ 12 KB
12 KB 113ms
72ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOjCnqEu92Fr1Mu51TzBic0CsTKlA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,400i,500,500i,700,700i,900,900i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

acaac043ca238f0e56e61864456777faa4a413b1f0a1dd02fe506b870bc69f26

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://scam.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 09:49:22 GMT
x-content-type-options: nosniff
age: 282930
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12620
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:25:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 17 Feb 2024 09:49:22 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu7GxKOzY.woff2
fonts.gstatic.com/s/roboto/v30/ 12 KB
12 KB 100ms
62ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,400i,500,500i,700,700i,900,900i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c23eb02de6b34e30f18cfb7167abd81a2cedfd1da60dfcb71989517ab3fb431

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://scam.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 08:17:11 GMT
x-content-type-options: nosniff
age: 288461
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11872
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:25:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 17 Feb 2024 08:17:11 GMT

GET
H2 200 KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2
fonts.gstatic.com/s/roboto/v30/ 17 KB
17 KB 95ms
66ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,400i,500,500i,700,700i,900,900i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

661d4b208656c006e7aab58acf7784857963123675de2302279fbe6c05313547

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://scam.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 13:42:36 GMT
x-content-type-options: nosniff
age: 355336
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17336
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 16 Feb 2024 13:42:36 GMT

GET
H2 200 KFOjCnqEu92Fr1Mu51S7ACc0CsTKlA.woff2
fonts.gstatic.com/s/roboto/v30/ 13 KB
13 KB 81ms
56ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOjCnqEu92Fr1Mu51S7ACc0CsTKlA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,400i,500,500i,700,700i,900,900i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7af61b2367eba2b1852e837c46a75696c130fd67b934aae77f9f082a5a771416

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://scam.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 01:11:07 GMT
x-content-type-options: nosniff
age: 486825
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12848
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 15 Feb 2024 01:11:07 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/vi_VN/ 306 KB
87 KB 39ms
22ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/vi_VN/sdk.js?hash=ff99739be890bd4b4236c3ed70406738

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/vi_VN/sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f930454994bf9c09a759f1da467e8ab97b0b0fc36f8a10723f8ee62c9a94fa63

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://scam.vn/
Origin: https://scam.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 20 Feb 2023 16:24:52 GMT
content-md5: 3/Mus1AEJnWBbL8JZrwgUw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88624
x-fb-rlafr: 0
x-fb-debug: na8kcYWQcv9WYgq0Mn8L9iczeieE389FwcSlzwnZ+FEzT7LmiOwCEfOrHHRRYb4ozQkV/kbRqxuQUtTF5YZbjA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 917726464
x-fb-content-md5: c2bc0158b6ddd74031afe7c430b94e38
cross-origin-opener-policy: same-origin-allow-popups
etag: "01c3a6977913ced446d0740f763e364f"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
x-frame-options: DENY
timing-allow-origin: *
expires: Tue, 20 Feb 2024 15:04:28 GMT

GET
H2 200 sm.24.html Show response
static.addtoany.com/menu/ Frame 44CE 677 B
538 B 32ms
29ms Document
text/html 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/sm.24.html

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a4192e762a449dfd6e63bee835e0941627223c9159e8219acdd01881a1ac175

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://scam.vn/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 330794
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=315360000, immutable
cf-cache-status: HIT
cf-ray: 79c898504d8d9088-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 20 Feb 2023 16:24:52 GMT
etag: W/"2a5-5edb40e6d10d8"
last-modified: Fri, 18 Nov 2022 00:47:55 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: e4s
x-content-type-options: nosniff

GET
H3 200 core.26680508.js Show response
static.addtoany.com/menu/modules/ 69 KB
25 KB 209ms
191ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/modules/core.26680508.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

73cfb0ed71e314a835831530e27ba1fde5609b224781f7dbc2dd3eb9a08603cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://scam.vn/
Origin: https://scam.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:52 GMT
via: e2s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 11 Jan 2023 01:11:29 GMT
server: cloudflare
etag: W/"11452-5f1f2ae24215b"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, immutable
cf-ray: 79c898506f4037e4-FRA

GET
H2 200 KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/ 5 KB
6 KB 24ms
21ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,400i,500,500i,700,700i,900,900i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ec57f2a80b91090971b83970230ca09ab3568c5f5b224896ca9aa6180a76aa9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://scam.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 08:27:58 GMT
x-content-type-options: nosniff
age: 287814
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5548
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 17 Feb 2024 08:27:58 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu7WxKOzY.woff2
fonts.gstatic.com/s/roboto/v30/ 5 KB
6 KB 25ms
23ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7WxKOzY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,400i,500,500i,700,700i,900,900i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

77b24796a3d4ab521f66765651875338ed50cb9306cfe4603a3e79618e429cec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://scam.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 05:44:59 GMT
x-content-type-options: nosniff
age: 556793
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5560
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:41 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Feb 2024 05:44:59 GMT

GET
H2 200 KFOjCnqEu92Fr1Mu51S7ACc1CsTKlA.woff2
fonts.gstatic.com/s/roboto/v30/ 6 KB
6 KB 25ms
23ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOjCnqEu92Fr1Mu51S7ACc1CsTKlA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,400i,500,500i,700,700i,900,900i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e10480d4154762bc7c8fbb40877e104f45bf1406b769e9dd76981e489e61586

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://scam.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 19:24:20 GMT
x-content-type-options: nosniff
age: 334832
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5928
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:25:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 16 Feb 2024 19:24:20 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/ 5 KB
6 KB 17ms
17ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,400i,500,500i,700,700i,900,900i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0948409a22b5979aa7e1ec20da9e61f12e7d403800b541ece053881bd2542b70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://scam.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 14:05:05 GMT
x-content-type-options: nosniff
age: 353987
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5604
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:41 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 16 Feb 2024 14:05:05 GMT

GET
H2 200 KFOjCnqEu92Fr1Mu51TzBic1CsTKlA.woff2
fonts.gstatic.com/s/roboto/v30/ 6 KB
6 KB 17ms
17ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOjCnqEu92Fr1Mu51TzBic1CsTKlA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,400i,500,500i,700,700i,900,900i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bdbb6b52604c2451fdcba9cdfd44f4e1907e5cc562e8cd0177660f3aef678332

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://scam.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:01:58 GMT
x-content-type-options: nosniff
age: 505374
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5972
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Feb 2024 20:01:58 GMT

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302130101/ 366 KB
120 KB 71ms
70ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302130101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7618423324404424&plah=scam.vn

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

79ac04577e5e730f39a60b3d7a2090f28144c1a6c875a48d9f74728a473da99d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:52 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 122953
x-xss-protection: 0
server: cafe
etag: 6542233338701378418
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 20 Feb 2023 16:24:52 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230215/r20190131/ Frame 425E 10 KB
5 KB 63ms
20ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230215/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://scam.vn/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 70559
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Feb 2023 20:48:53 GMT
etag: 10353107486223812946
expires: Sun, 05 Mar 2023 20:48:53 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 120ms
21ms Image
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=478050516060600&ev=fb_page_view&dl=https%3A%2F%2Fscam.vn%2F&rl=&if=false&ts=1676910292653&sw=1600&sh=1200&at=

Requested by

Host: scam.vn
URL: https://scam.vn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 20 Feb 2023 16:24:52 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 381 B
599 B 143ms
54ms Script
text/javascript 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=scam.vn&callback=_gfp_s_&client=ca-pub-7618423324404424

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302130101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7618423324404424&plah=scam.vn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1f0b3e2a6015413c71df6b865b0c78b6608600b462a410ab5f733e23fde666c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 247
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
531 B 166ms
55ms Script
application/javascript 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=scam.vn

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 78ms
24ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=scam.vn

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 87C3 291 KB
55 KB 554ms
554ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7618423324404424&output=html&adk=1812271804&adf=3025194257&lmt=1676910292&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=188x945_l%7C212x945_r&format=0x0&url=https%3A%2F%2Fscam.vn%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676910292609&bpp=12&bdt=278&idt=191&shv=r20230215&mjsv=m202302130101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3247602610087&frm=20&pv=2&ga_vid=100274804.1676910293&ga_sid=1676910293&ga_hid=557402630&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071755%2C31071662%2C31071976%2C31072499&oid=2&pvsid=2204243330728700&tmod=1929045309&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=213

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

709f991dde46bb374655ed7fa2b82f2bb2b350591a1af20147ec32a85e704df8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://scam.vn/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 55851
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 20 Feb 2023 16:24:53 GMT
expires: Mon, 20 Feb 2023 16:24:53 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 856D 117 KB
36 KB 1119ms
1118ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7618423324404424&output=html&h=280&adk=2654064360&adf=1801062927&pi=t.aa~a.3605552536~rp.4&w=1145&fwrn=4&fwrnh=100&lmt=1676910292&rafmt=1&to=qs&pwprc=5012342430&format=1145x280&url=https%3A%2F%2Fscam.vn%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676910292621&bpp=3&bdt=290&idt=208&shv=r20230215&mjsv=m202302130101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=3247602610087&frm=20&pv=1&ga_vid=100274804.1676910293&ga_sid=1676910293&ga_hid=557402630&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=228&ady=577&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071755%2C31071662%2C31071976%2C31072499&oid=2&pvsid=2204243330728700&tmod=1929045309&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=cgwaS0GVij&p=https%3A//scam.vn&dtd=211

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2d86774ae6452cbc321a666e869acbb7f5ccd2a9350de50a8efa4c28c30a5899

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://scam.vn/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 36768
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 20 Feb 2023 16:24:53 GMT
expires: Mon, 20 Feb 2023 16:24:53 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 vi.js Show response
static.addtoany.com/menu/locale/ 997 B
912 B 27ms
27ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/locale/vi.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.26680508.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5d6d7382a0b924330776e97ec1e805e40893e93d2349357cca4cae83f54ad5d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:52 GMT
via: e1s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 470964
cf-polished: origSize=1137
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Sat, 10 Nov 2018 02:45:14 GMT
server: cloudflare
etag: W/"471-57a46751ffd7a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
cf-ray: 79c89852cdda364a-FRA

GET
H3 200 facebook.js Show response
static.addtoany.com/menu/svg/icons/ 318 B
494 B 177ms
177ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/facebook.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.26680508.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3a19ff3554a1e589f756a92be8263726674127c133feb1d333095668b77ba08c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://scam.vn/
Origin: https://scam.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
via: e2s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 18 Nov 2022 01:01:36 GMT
server: cloudflare
etag: W/"13e-5edb43f5ee978"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=7776000
cf-ray: 79c89852cc1237e4-FRA

GET
H3 200 facebook_messenger.js Show response
static.addtoany.com/menu/svg/icons/ 378 B
536 B 185ms
184ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/facebook_messenger.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.26680508.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

705ddd320c7afe5895ed0bb7438874918110baaaec1ad4b7da72bd13de82f96d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://scam.vn/
Origin: https://scam.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
via: e3s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 18 Nov 2022 01:01:36 GMT
server: cloudflare
etag: W/"17a-5edb43f5eca38"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=7776000
cf-ray: 79c89852cc1b37e4-FRA

GET
H3 200 twitter.js Show response
static.addtoany.com/menu/svg/icons/ 695 B
668 B 191ms
189ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/twitter.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.26680508.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

74ec1e2bfcf647ccdeaf5b127294db846ee4a6f8ffd6c909d4938370d4187d1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://scam.vn/
Origin: https://scam.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
via: e3s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 18 Nov 2022 01:01:39 GMT
server: cloudflare
etag: W/"2b7-5edb43f86f378"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=7776000
cf-ray: 79c89852dc1d37e4-FRA

GET
H3 200 telegram.js Show response
static.addtoany.com/menu/svg/icons/ 360 B
520 B 181ms
179ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/telegram.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.26680508.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6415561e892cf9d614e7179f71353af4ceadfd641d71c42fe54c9420eb0d0138

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://scam.vn/
Origin: https://scam.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
via: e4s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 18 Nov 2022 01:01:39 GMT
server: cloudflare
etag: W/"168-5edb43f8443f8"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=7776000
cf-ray: 79c89852dc1e37e4-FRA

GET
H3 200 pinterest.js Show response
static.addtoany.com/menu/svg/icons/ 803 B
719 B 196ms
194ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/pinterest.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.26680508.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eee4cfa769b7416160f34ecbc48ddc2086388350baab9d29d30ea3f165b6fbab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://scam.vn/
Origin: https://scam.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
via: e4s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 18 Nov 2022 01:01:38 GMT
server: cloudflare
etag: W/"323-5edb43f7a8f98"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=7776000
cf-ray: 79c89852dc1f37e4-FRA

GET
H3 200 linkedin.js Show response
static.addtoany.com/menu/svg/icons/ 447 B
561 B 186ms
185ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/linkedin.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.26680508.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98a4e1fdf290cfc7c5d58fd5688a45f0348db9ea62eceefad96a75569cae2a2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://scam.vn/
Origin: https://scam.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
via: e3s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 18 Nov 2022 01:01:37 GMT
server: cloudflare
etag: W/"1bf-5edb43f69a778"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=7776000
cf-ray: 79c89852dc2437e4-FRA

GET
H3 200 link.js Show response
static.addtoany.com/menu/svg/icons/ 2 KB
1 KB 197ms
196ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/link.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.26680508.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

580802bc7ec92604a7c1d8bab24826dc038ea4b33c9c49bc4612bf0f2d6376a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://scam.vn/
Origin: https://scam.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
via: e1s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 18 Nov 2022 01:01:37 GMT
server: cloudflare
etag: W/"6f8-5edb43f695958"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=7776000
cf-ray: 79c89852dc2837e4-FRA

GET
H3 200 print.js Show response
static.addtoany.com/menu/svg/icons/ 579 B
526 B 182ms
180ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/print.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.26680508.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55f12640587a4040f51dc4ba8943bd8ddbc309d9cfaa928cf27597c7482c9af2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://scam.vn/
Origin: https://scam.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
via: e2s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 18 Nov 2022 01:01:38 GMT
server: cloudflare
etag: W/"243-5edb43f7b9938"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=7776000
cf-ray: 79c89852dc2b37e4-FRA

GET
H3 200 a2a.js Show response
static.addtoany.com/menu/svg/icons/ 182 B
409 B 187ms
186ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/a2a.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.26680508.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dab93242ee573bbcfc22c9d15acd47794e500ed44e6bd48a35400b39d65aa43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://scam.vn/
Origin: https://scam.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
via: e1s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 18 Nov 2022 01:01:36 GMT
server: cloudflare
etag: W/"b6-5edb43f58ee38"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=7776000
cf-ray: 79c89852dc2d37e4-FRA

GET
H2 200 / Show response
socialplugin.facebook.net/new_domain_gating/ 40 B
1 KB 165ms
50ms XHR
application/json 2a03:2880:f01c:800e:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://socialplugin.facebook.net/new_domain_gating/?endpoint=customerchat&page_id=101189494837454&suppress_http_code=1

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/vi_VN/sdk.js?hash=ff99739be890bd4b4236c3ed70406738

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:800e:face:b00c:0:2 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

cdaab024c0121953419a4a1094ffe2ee9a902df55ee79d792e411bac835b9134

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://scam.vn/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: br
x-content-type-options: nosniff
date: Mon, 20 Feb 2023 16:24:53 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: KfPLVlRbq0trq8Ivxqx13qxmkDInG5RZwNDMJZVrdIIhiLMba2c3dqrJFgSg5TNV8HDlqVD7lGqkAaMUOtqb3A==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/json; charset=utf-8
x-frame-options: DENY
access-control-allow-origin: https://scam.vn
origin-agent-cluster: ?0
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 page.php Show response
www.facebook.com/v13.0/plugins/ Frame 2741 42 KB
14 KB 154ms
153ms Document
text/html 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v13.0/plugins/page.php?adapt_container_width=true&app_id=478050516060600&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dffb3e080b754cc%26domain%3Dscam.vn%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fscam.vn%252Ff95db253bd1d1c%26relation%3Dparent.parent&container_width=362&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fchongluadaovietnam%2F&locale=vi_VN&sdk=joey&show_facepile=true&small_header=false&tabs=&width=270

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/vi_VN/sdk.js?hash=ff99739be890bd4b4236c3ed70406738

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6347e9c0a0f2bf5d8c48e20fbddf712d03a6a19e8bb8d015143e6632157cb84d

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://scam.vn/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none
date: Mon, 20 Feb 2023 16:24:53 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v15.0
origin-agent-cluster: ?0
pragma: no-cache
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: 9AnQbjufnTvbCw7niIILNXje0T/1GNRbWBAfMH2f6SuU9f5f+K+SMXiyybCYlAU93Q39iphhCE64wmlUKyLDKA==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H2 200 group.php Show response
www.facebook.com/v13.0/plugins/ Frame B318 41 KB
15 KB 122ms
122ms Document
text/html 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v13.0/plugins/group.php?app_id=478050516060600&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df251250e9dd88a8%26domain%3Dscam.vn%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fscam.vn%252Ff95db253bd1d1c%26relation%3Dparent.parent&container_width=362&href=https%3A%2F%2Fwww.facebook.com%2Fgroups%2Fchongluadaovietnam&locale=vi_VN&sdk=joey&show_metadata=false&show_social_context=true&width=270

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/vi_VN/sdk.js?hash=ff99739be890bd4b4236c3ed70406738

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

cb4ced9377f832bd2c96ce81aedd75b89d68748716fd653b20d3742677d2dd90

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://scam.vn/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: same-origin
date: Mon, 20 Feb 2023 16:24:53 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v15.0
origin-agent-cluster: ?0
pragma: no-cache
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: Z2g2z0SCJE2mzvK0/GclZl1ZXy36JdIcUhTueQ8aYdk8wLaaALoP6roT0mLHKQ20xmJLL1uzBwcsyNHVnUwqiQ==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 215 KB
76 KB 34ms
33ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-FMVK5PJX3B&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-158914372-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c6d7b845c67709b28ef4a3e3e277b8241460a1224b6850a81ce3b4db94431a85

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:52 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 77327
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 20 Feb 2023 16:24:52 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 392ms
39ms Script
text/javascript 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-158914372-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 20 Feb 2023 14:54:44 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 5409
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Mon, 20 Feb 2023 16:54:44 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 226 KB
78 KB 45ms
44ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-X22FH0X0SQ&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-158914372-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6379a96a595c7340696a66582297add07fd4cccd0cc9c29c0f9da1f29822e38a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:52 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 80133
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 20 Feb 2023 16:24:52 GMT

GET
H3 200 realtime-check-website Show response
scam.vn/ 5 KB
1 KB 2186ms
2186ms XHR
text/html 2606:4700:20::ac43:4a7c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://scam.vn/realtime-check-website

Requested by

Host: scam.vn
URL: https://scam.vn/js/jquery-3.2.1.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4a7c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fd7a4911529a096141b90fdc89d1a0e9d300ffd15cd447f8d97fecf6d6e1173

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://scam.vn/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U1qIFIt9UF2PI1yQO%2BcNZRdIHjgIQHLDTxCz75GKbPFHroom1AyjwmAXYbQ2W0yygGiHlOaTZMb3c55B3Wn%2FaESxUk3MJvXEMsUd1N5W1LWrgSDz%2BUKzhTh26fQ%2Byx40cOReUMPA"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
cf-ray: 79c898530952bb7a-FRA
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H3 200 realtime-search Show response
scam.vn/ 8 KB
1 KB 2193ms
2193ms XHR
text/html 2606:4700:20::ac43:4a7c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://scam.vn/realtime-search

Requested by

Host: scam.vn
URL: https://scam.vn/js/jquery-3.2.1.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4a7c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

133e148d552c1d21d1e152612e5ac60ea1a63287d3e5a2102c5d522835f784df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://scam.vn/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GWXA3IGZxpyJNjclp%2BSDHQDVzsYwp9%2BP6kRYNbATQpjwSY5pEVf3vof1lYI68itH%2FKskxrbWMTvv9rBt9ekDZbup6LcDKCbgoruKMnYC9kvybSk8nrBi6xaw99BCJvSMiZDMoI1R"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
cf-ray: 79c898530954bb7a-FRA
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H3 200 realtime-last-update Show response
scam.vn/ 10 KB
2 KB 459ms
459ms XHR
text/html 2606:4700:20::ac43:4a7c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://scam.vn/realtime-last-update

Requested by

Host: scam.vn
URL: https://scam.vn/js/jquery-3.2.1.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4a7c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c609b5f98c72f048615c0847a56d31adfc0bf115c14ac7a331b112796fb67570

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://scam.vn/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gA5MIDJVv6b7M4SZsjnZBzsJoktA5JXjbAgV9CmSz68F6hiKJiYQO4OM9fcSx0NyzLcAhoYro5LPDSwoGOmg2A%2FvaXpjbx2N5hHNa0rP2fogV1IdMIemMY5vKRgzElHkmdD9L%2BKl"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
cf-ray: 79c898530956bb7a-FRA
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H3 200 realtime-top-views Show response
scam.vn/ 10 KB
2 KB 2188ms
2188ms XHR
text/html 2606:4700:20::ac43:4a7c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://scam.vn/realtime-top-views

Requested by

Host: scam.vn
URL: https://scam.vn/js/jquery-3.2.1.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4a7c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de22cabf571b95688601b2d7d044bd625ef7d6a4ac10786d5c207b130a9a495c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://scam.vn/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sCVCUd%2FwghzUVMHvx3okKhDn1BmP5MD4Gpx2KxYn2GL3dWeV3QDUhPO7ozbAXZgrZ6zy9N3IRQLhMTNZy%2FYFNKsdQM6F%2F28cPTJAvyRckMlCvxmtZ%2Fsiu3L%2BVMT2lkOMV%2FInKGEx"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
cf-ray: 79c898530957bb7a-FRA
expires: Thu, 19 Nov 1981 08:52:00 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
239 B 69ms
24ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-FMVK5PJX3B&gtm=45je32f0&_p=557402630&cid=100274804.1676910293&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1676910293&sct=1&seg=0&dl=https%3A%2F%2Fscam.vn%2F&dt=C%E1%BA%A3nh%20B%C3%A1o%20L%E1%BB%ABa%20%C4%90%E1%BA%A3o%20-%20SCAM.VN&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FMVK5PJX3B&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:53 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://scam.vn
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 3Pgg3iaRvlz.css
static.xx.fbcdn.net/rsrc.php/v3/yT/l/0,cross/ Frame B318 20 KB
5 KB 20ms
18ms Stylesheet
text/css 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yT/l/0,cross/3Pgg3iaRvlz.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v13.0/plugins/group.php?app_id=478050516060600&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df251250e9dd88a8%26domain%3Dscam.vn%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fscam.vn%252Ff95db253bd1d1c%26relation%3Dparent.parent&container_width=362&href=https%3A%2F%2Fwww.facebook.com%2Fgroups%2Fchongluadaovietnam&locale=vi_VN&sdk=joey&show_metadata=false&show_social_context=true&width=270

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3064bb4fe20387a07de58d7ac8e57883e0669622567fb2b0986cc173ed8a63f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: tPYPx3VoDZBvF1uN50zCmA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 5108
x-fb-rlafr: 0
x-fb-debug: zkNFkgmIAwMKtWWLjgkmyaqobJBUC1AbyPlu1Ns2JVJAdN23WwgpxDsnDa/zGyXXtppQ+jKMf6QCBUD5LK7wGA==
x-fb-trip-id: 917726464
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: text/css; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Mon, 19 Feb 2024 17:07:51 GMT

GET
H2 200 k9frVvgZWTr.css
static.xx.fbcdn.net/rsrc.php/v3/yt/l/0,cross/ Frame B318 2 KB
1 KB 38ms
36ms Stylesheet
text/css 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yt/l/0,cross/k9frVvgZWTr.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

cb5c67ccd076f55e9436fb016a51b3c33f646751187a7e0053908ca5e265108b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: q6bCky1+00PrRbx3auADnQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 833
x-fb-rlafr: 0
x-fb-debug: 4/9OZjx5e4DPu2EhK3TUiF8gBXPBZyqpUUC/4QjQ3oiCGMDbCZm3F0HcvIwuFuE6ycD/HEdlI3lomHxlO/zIDw==
x-fb-trip-id: 917726464
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: text/css; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Tue, 13 Feb 2024 20:58:05 GMT

GET
H2 200 wpfZHGyn2hp.css
static.xx.fbcdn.net/rsrc.php/v3/yo/l/0,cross/ Frame B318 24 KB
6 KB 20ms
19ms Stylesheet
text/css 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yo/l/0,cross/wpfZHGyn2hp.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5f80060f0a487a8227a8f1fa57150dcd885ff09941554feae20396380353dfa5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: ebPusGWuawOaUdtCZEeeMA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 5556
x-fb-rlafr: 0
x-fb-debug: d0JGDKxslHY8L1bFviBlc9QHIEfwSxQQ5bJ5SSvsnL+H/YqN1VIQCPvnnDIGbJS7/khubnZtf3jJ4uNRCk8YZw==
x-fb-trip-id: 917726464
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: text/css; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Mon, 19 Feb 2024 17:10:13 GMT

GET
H2 200 eM7fx0tnEj2.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yD/r/ Frame B318 300 KB
79 KB 21ms
20ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yD/r/eM7fx0tnEj2.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

96ba3e807f30b75139d7c208cd41d9a11c983e9b04926e6ca77fe335ee7569d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: mbFaTbwN/USB/7gHisaxHA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 81125
x-fb-rlafr: 0
x-fb-debug: GnebnVA0hCKFy2hizb4eU/SaEmHalsdu/+9U1tD8BL3SWFovyne4V9ixlBCIyuHpDhxAgwqiwV5XZwJOW5GgTA==
x-fb-trip-id: 917726464
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Sat, 17 Feb 2024 20:51:13 GMT

GET
H2 200 nMFM52FAyXC.js Show response
static.xx.fbcdn.net/rsrc.php/v3/y1/r/ Frame B318 12 KB
4 KB 21ms
20ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/nMFM52FAyXC.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9041b3bcc26f2d4a54217036c5ff63eff2aa60ae421b3dafa88e1ced9cd72559

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 2BG/nVnMndffZpRB8niX/Q==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 3891
x-fb-rlafr: 0
x-fb-debug: Nivj3C7gGKcDDK6QK9Mnx93lpTcEOh6qvDYSK9+XJCUkXKeLz84R3UqHzjo1Oy70rNnnfaXYWNXDw28PLSi+Dw==
x-fb-trip-id: 917726464
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Wed, 14 Feb 2024 17:12:16 GMT

GET
H2 200 Mw3QR2lNtuN.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yz/r/ Frame B318 39 KB
12 KB 21ms
20ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yz/r/Mw3QR2lNtuN.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

87e6cd6f8a53a60700cdf056b445ab7229367ca4a3ed713616cb8f27b4f15a88

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: kaSaFcCmsPdC/Qe5jNiADA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 12532
x-fb-rlafr: 0
x-fb-debug: HPL4Zvsxvvo/zKBiZkmlpXPy2ELwnLSzMEqcKarA5kdoVnrg0rbNhYuekziZxJK/63f1VWpX83zUSF5ekGpmCw==
x-fb-trip-id: 917726464
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Sun, 18 Feb 2024 02:02:33 GMT

GET
H2 200 sZ5F-OUzwqI.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yx/r/ Frame B318 52 KB
16 KB 38ms
37ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yx/r/sZ5F-OUzwqI.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8f5bffc3d2be5367e8f93fdb2856a4ce4658f75d1fdf78d69428aa8be88d99a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: cqfDbfN12En7EkVA6rzexw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 16335
x-fb-rlafr: 0
x-fb-debug: dUu4QYyyyzH6UpJNU3SsKKK2rDZJa/DHtcJ09kyL45Xl9NMirKqrMiE1woRo2TfVB7wLmxs4Pirv8W6R+IwlUg==
x-fb-trip-id: 917726464
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Sun, 18 Feb 2024 02:02:33 GMT

GET
H2 200 CXoUumwGalv.js Show response
static.xx.fbcdn.net/rsrc.php/v3/y2/r/ Frame B318 2 KB
958 B 38ms
37ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y2/r/CXoUumwGalv.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0eb985dec68adbbd8a8e5410806ceb817a23fd3e7d9a461c7691e085318dc986

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: c23r//2fX1THYuhRu74YhQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 766
x-fb-rlafr: 0
x-fb-debug: jjrNCNDNvXeK164MARAox2aTB9rdTLuT/Otjor1A+9HQgBHt/MCbKL//8yRMk7XBRV6usZlDXzcCXWF355314Q==
x-fb-trip-id: 917726464
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Sat, 10 Feb 2024 19:18:39 GMT

GET
H2 200 295000306_569496388006760_5628819943557974573_n.jpg
scontent-cdg2-1.xx.fbcdn.net/v/t39.30808-6/ Frame B318 11 KB
12 KB 78ms
19ms Image
image/jpeg 2a03:2880:f01f:6:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scontent-cdg2-1.xx.fbcdn.net/v/t39.30808-6/295000306_569496388006760_5628819943557974573_n.jpg?stp=dst-jpg_s280x280&_nc_cat=108&ccb=1-7&_nc_sid=ac9ee4&_nc_ohc=FltggnKLCucAX-IWMh2&_nc_ht=scontent-cdg2-1.xx&edm=ALBVGg4EAAAA&oh=00_AfAO4Oj5_6TUHRu_ygH-RR1YmlaAECgCz2lZYk8qDyNPQA&oe=63F816E0
Requested by: Host: www.facebook.com
URL: https://www.facebook.com/v13.0/plugins/group.php?app_id=478050516060600&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df251250e9dd88a8%26domain%3Dscam.vn%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fscam.vn%252Ff95db253bd1d1c%26relation%3Dparent.parent&container_width=362&href=https%3A%2F%2Fwww.facebook.com%2Fgroups%2Fchongluadaovietnam&locale=vi_VN&sdk=joey&show_metadata=false&show_social_context=true&width=270
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f01f:6:face:b00c:0:3 Pantin, France, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash: 8659b086fe7f662cafcb70f56041b91e410a0effd3668c4a0c35aca0e5905d0d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-haystack-needlechecksum: 2065148909
date: Mon, 20 Feb 2023 16:24:53 GMT
x-fb-trip-id: 1460883810
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Sun, 24 Jul 2022 04:08:22 GMT
content-type: image/jpeg
access-control-allow-origin: *
content-digest: adler32=1652324266
cache-control: max-age=1209600, no-transform
cross-origin-resource-policy: cross-origin
x-needle-checksum: 1194968280
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 11617

GET
H3 200 huUKVraSeRU.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame B318 221 B
275 B 41ms
18ms Image
image/png 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/huUKVraSeRU.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ef018cca916a53ab3f8b018a7abe7eef2199231c4354b4978874174a139e0748

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
x-content-type-options: nosniff
content-md5: FNy2AcQQ6Gl3ai7wI8ljBg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 221
x-fb-rlafr: 0
x-fb-debug: HxXykBfXJ8ubPc7hMgoEbuIKO8sKugyT6k3dcfpln88ze5CvdWhTSYGd8Jnro5V+RX5ZOr6E1MiVwT1lUKn/Nw==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Sat, 10 Feb 2024 19:18:39 GMT

GET
H3 200 / Show response
www.facebook.com/plugins/customer_chat/SDK/ 0
33 B 78ms
54ms XHR
text/html 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/customer_chat/SDK/?app_id=478050516060600&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df122338f50a143c%26domain%3Dscam.vn%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fscam.vn%252Ff95db253bd1d1c%26relation%3Dparent.parent&current_url=https%3A%2F%2Fscam.vn%2F&event_name=chat_plugin_sdk_facade_create&is_loaded_by_facade=true&loading_time=0&locale=vi_VN&log_id=fda8a215-0486-4c1b-b9b1-e1c9a0091606&page_id=101189494837454&request_time=1676910293179&sdk=joey&should_use_new_domain=false&suppress_http_code=1

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/vi_VN/sdk.js?hash=ff99739be890bd4b4236c3ed70406738

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://scam.vn/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
date: Mon, 20 Feb 2023 16:24:53 GMT
document-policy: force-load-at-top
alt-svc: h3=":443"; ma=86400
content-length: 0
x-fb-rlafr: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: lQvNhhYNclHPRfl9DkS1AgytKZfghsc6O5nQKMH/ie7aH6XnImZ9oGtS9g3NbcpsQt/g891oddOaBZjLwn0OHA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://scam.vn
origin-agent-cluster: ?0
cache-control: private, no-cache, no-store, must-revalidate
priority: u=1
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 / Show response
www.facebook.com/plugins/customer_chat/facade/ 1 KB
785 B 98ms
75ms XHR
application/json 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/customer_chat/facade/?app_id=478050516060600&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df122338f50a143c%26domain%3Dscam.vn%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fscam.vn%252Ff95db253bd1d1c%26relation%3Dparent.parent&current_url=https%3A%2F%2Fscam.vn%2F&is_loaded_by_facade=true&locale=vi_VN&log_id=fda8a215-0486-4c1b-b9b1-e1c9a0091606&page_id=101189494837454&request_time=1676910293179&sdk=joey&should_use_new_domain=false&suppress_http_code=1

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/vi_VN/sdk.js?hash=ff99739be890bd4b4236c3ed70406738

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9ca5df4d14c68200817750744e2e6eadf2a149c8123dc2296297726ca6b68c06

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://scam.vn/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
date: Mon, 20 Feb 2023 16:24:53 GMT
document-policy: force-load-at-top
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: 1hhxUKgWiZAoqDDYXUq2IoVwWlZGzKp9pBNtnGbOQEumKcWhG/oykyZNNCD76Vfz828ssBfDBsm+85CgYF/rdw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-type: application/json; charset=utf-8
x-frame-options: DENY
access-control-allow-origin: https://scam.vn
origin-agent-cluster: ?0
cache-control: private, no-cache, no-store, must-revalidate
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 3Pgg3iaRvlz.css
static.xx.fbcdn.net/rsrc.php/v3/yT/l/0,cross/ Frame 2741 20 KB
5 KB 29ms
27ms Stylesheet
text/css 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yT/l/0,cross/3Pgg3iaRvlz.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v13.0/plugins/page.php?adapt_container_width=true&app_id=478050516060600&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dffb3e080b754cc%26domain%3Dscam.vn%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fscam.vn%252Ff95db253bd1d1c%26relation%3Dparent.parent&container_width=362&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fchongluadaovietnam%2F&locale=vi_VN&sdk=joey&show_facepile=true&small_header=false&tabs=&width=270

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3064bb4fe20387a07de58d7ac8e57883e0669622567fb2b0986cc173ed8a63f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: tPYPx3VoDZBvF1uN50zCmA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 5108
x-fb-rlafr: 0
x-fb-debug: zkNFkgmIAwMKtWWLjgkmyaqobJBUC1AbyPlu1Ns2JVJAdN23WwgpxDsnDa/zGyXXtppQ+jKMf6QCBUD5LK7wGA==
x-fb-trip-id: 917726464
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: text/css; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Mon, 19 Feb 2024 17:07:51 GMT

GET
H2 200 k9frVvgZWTr.css
static.xx.fbcdn.net/rsrc.php/v3/yt/l/0,cross/ Frame 2741 2 KB
982 B 30ms
28ms Stylesheet
text/css 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yt/l/0,cross/k9frVvgZWTr.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

cb5c67ccd076f55e9436fb016a51b3c33f646751187a7e0053908ca5e265108b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: q6bCky1+00PrRbx3auADnQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 833
x-fb-rlafr: 0
x-fb-debug: 4/9OZjx5e4DPu2EhK3TUiF8gBXPBZyqpUUC/4QjQ3oiCGMDbCZm3F0HcvIwuFuE6ycD/HEdlI3lomHxlO/zIDw==
x-fb-trip-id: 917726464
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: text/css; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Tue, 13 Feb 2024 20:58:05 GMT

GET
H2 200 eM7fx0tnEj2.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yD/r/ Frame 2741 300 KB
79 KB 56ms
55ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yD/r/eM7fx0tnEj2.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

96ba3e807f30b75139d7c208cd41d9a11c983e9b04926e6ca77fe335ee7569d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: mbFaTbwN/USB/7gHisaxHA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 81125
x-fb-rlafr: 0
x-fb-debug: GnebnVA0hCKFy2hizb4eU/SaEmHalsdu/+9U1tD8BL3SWFovyne4V9ixlBCIyuHpDhxAgwqiwV5XZwJOW5GgTA==
x-fb-trip-id: 917726464
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Sat, 17 Feb 2024 20:51:13 GMT

GET
H2 200 nMFM52FAyXC.js Show response
static.xx.fbcdn.net/rsrc.php/v3/y1/r/ Frame 2741 12 KB
4 KB 55ms
54ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/nMFM52FAyXC.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9041b3bcc26f2d4a54217036c5ff63eff2aa60ae421b3dafa88e1ced9cd72559

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 2BG/nVnMndffZpRB8niX/Q==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 3891
x-fb-rlafr: 0
x-fb-debug: Nivj3C7gGKcDDK6QK9Mnx93lpTcEOh6qvDYSK9+XJCUkXKeLz84R3UqHzjo1Oy70rNnnfaXYWNXDw28PLSi+Dw==
x-fb-trip-id: 917726464
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Wed, 14 Feb 2024 17:12:16 GMT

GET
H2 200 Mw3QR2lNtuN.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yz/r/ Frame 2741 39 KB
12 KB 30ms
29ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yz/r/Mw3QR2lNtuN.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

87e6cd6f8a53a60700cdf056b445ab7229367ca4a3ed713616cb8f27b4f15a88

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: kaSaFcCmsPdC/Qe5jNiADA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 12532
x-fb-rlafr: 0
x-fb-debug: HPL4Zvsxvvo/zKBiZkmlpXPy2ELwnLSzMEqcKarA5kdoVnrg0rbNhYuekziZxJK/63f1VWpX83zUSF5ekGpmCw==
x-fb-trip-id: 917726464
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Sun, 18 Feb 2024 02:02:33 GMT

GET
H2 200 sZ5F-OUzwqI.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yx/r/ Frame 2741 52 KB
16 KB 56ms
55ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yx/r/sZ5F-OUzwqI.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8f5bffc3d2be5367e8f93fdb2856a4ce4658f75d1fdf78d69428aa8be88d99a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: cqfDbfN12En7EkVA6rzexw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 16335
x-fb-rlafr: 0
x-fb-debug: dUu4QYyyyzH6UpJNU3SsKKK2rDZJa/DHtcJ09kyL45Xl9NMirKqrMiE1woRo2TfVB7wLmxs4Pirv8W6R+IwlUg==
x-fb-trip-id: 917726464
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Sun, 18 Feb 2024 02:02:33 GMT

GET
H2 200 dCr8nJpupVz.js Show response
static.xx.fbcdn.net/rsrc.php/v3iSa94/yV/l/vi_VN/ Frame 2741 83 KB
23 KB 57ms
56ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iSa94/yV/l/vi_VN/dCr8nJpupVz.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ee4d5618e5f92851dc1149992a6b858d7f5ef67165f163a2b9cbe0ebf75a5105

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: oxT3cjhCsIULyn24jjASSw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 23289
x-fb-rlafr: 0
x-fb-debug: WEaBEUiyC4I+zeeR0sUkh2M1ZY8oI6o2AsMF/G1tWZsGQ/d64cGtMJpOoWyrilplHJPjMgJRGS7T0BzzjLIjuw==
x-fb-trip-id: 917726464
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Sun, 18 Feb 2024 02:14:06 GMT

GET
H2 200 305390951_416835653906113_6498678989852568660_n.jpg
scontent.xx.fbcdn.net/v/t39.30808-6/ Frame 2741 10 KB
10 KB 122ms
85ms Image
image/jpeg 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scontent.xx.fbcdn.net/v/t39.30808-6/305390951_416835653906113_6498678989852568660_n.jpg?stp=dst-jpg_p133x133&_nc_cat=107&ccb=1-7&_nc_sid=dd9801&_nc_ohc=EPVNjdvdJbEAX_8_xV_&_nc_ht=scontent.xx&edm=APQiy74EAAAA&oh=00_AfD1fOnCmAd6dnvsT60qW3vyAJjPurt8E56HEvIsl1V4Qg&oe=63F7A473
Requested by: Host: www.facebook.com
URL: https://www.facebook.com/v13.0/plugins/page.php?adapt_container_width=true&app_id=478050516060600&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dffb3e080b754cc%26domain%3Dscam.vn%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fscam.vn%252Ff95db253bd1d1c%26relation%3Dparent.parent&container_width=362&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fchongluadaovietnam%2F&locale=vi_VN&sdk=joey&show_facepile=true&small_header=false&tabs=&width=270
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash: ad02afd70b801065790392272bc330cc2b684e179498f680121ca75bdd6c949d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-haystack-needlechecksum: 1970144604
date: Mon, 20 Feb 2023 16:24:53 GMT
content-digest: adler32=769043951
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 10195
x-fb-trip-id: 917726464
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Sat, 17 Sep 2022 00:02:43 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
x-fb-edge-debug: wqXEG2f2ZBdFMcd4iKt0K8D8pEa4yzQXymVqJoYiHWSu4rswwTViRzfEqwYZ-eUbgXU-IlkWuL3J9gB5_e-ulxAJ8lhd3Lx4CA415ldzKZ_fB1FKnYiEmca5feDOCk0q
x-needle-checksum: 1575207444
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 316804712_477598037829874_7917133197759764783_n.jpg
scontent.xx.fbcdn.net/v/t39.30808-1/ Frame 2741 2 KB
2 KB 156ms
123ms Image
image/jpeg 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scontent.xx.fbcdn.net/v/t39.30808-1/316804712_477598037829874_7917133197759764783_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=107&ccb=1-7&_nc_sid=dbb9e7&_nc_ohc=GrN6TwiLQoEAX9Gi4Nq&_nc_ht=scontent.xx&edm=APQiy74EAAAA&oh=00_AfBlP7hBxSUNFgI6cr5lh7UaD2c_cAp_hVuGCl5vXDjB6g&oe=63F7CC86
Requested by: Host: www.facebook.com
URL: https://www.facebook.com/v13.0/plugins/page.php?adapt_container_width=true&app_id=478050516060600&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dffb3e080b754cc%26domain%3Dscam.vn%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fscam.vn%252Ff95db253bd1d1c%26relation%3Dparent.parent&container_width=362&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fchongluadaovietnam%2F&locale=vi_VN&sdk=joey&show_facepile=true&small_header=false&tabs=&width=270
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash: b90b1244bf1750499d5f46df2a03f77149183d2cebbd140d739f2e6a9751929c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
x-fb-trip-id: 917726464
x-storage-error-category: dfs:none;sc_p:200:WSE_NOT_SET
last-modified: Thu, 08 Dec 2022 09:28:00 GMT
content-type: image/jpeg
access-control-allow-origin: *
content-digest: adler32=1766529173
cache-control: max-age=1209600, no-transform
x-fb-edge-debug: 69jTHogtB8BzDo8GY18tV3Ak92WE2MI2CduOZrPg1beOrr-DIEgpVlFLDCbRMCtAQ1T1Juk2-A78nU10mfBC6uH7KbvpbWiH_RrgigXGy-1Me8ZA4W0iLTnPOaimXSm5
cross-origin-resource-policy: cross-origin
x-needle-checksum: 2687786391
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 1587

POST
H2 204 collect
region1.google-analytics.com/g/ 0
45 B 27ms
26ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-X22FH0X0SQ&gtm=45je32f0&_p=557402630&cid=100274804.1676910293&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1676910293&sct=1&seg=0&dl=https%3A%2F%2Fscam.vn%2F&dt=C%E1%BA%A3nh%20B%C3%A1o%20L%E1%BB%ABa%20%C4%90%E1%BA%A3o%20-%20SCAM.VN&en=page_view&_fv=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-X22FH0X0SQ&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:53 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://scam.vn
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
www.facebook.com/plugins/customer_chat/SDK/ 0
26 B 121ms
121ms XHR
text/html 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/customer_chat/SDK/?app_id=478050516060600&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df122338f50a143c%26domain%3Dscam.vn%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fscam.vn%252Ff95db253bd1d1c%26relation%3Dparent.parent&current_url=https%3A%2F%2Fscam.vn%2F&event_name=chat_plugin_sdk_facade_load&is_loaded_by_facade=true&loading_time=113&locale=vi_VN&log_id=fda8a215-0486-4c1b-b9b1-e1c9a0091606&page_id=101189494837454&request_time=1676910293292&sdk=joey&should_use_new_domain=false&suppress_http_code=1

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/vi_VN/sdk.js?hash=ff99739be890bd4b4236c3ed70406738

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://scam.vn/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
date: Mon, 20 Feb 2023 16:24:53 GMT
document-policy: force-load-at-top
alt-svc: h3=":443"; ma=86400
content-length: 0
x-fb-rlafr: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: /2/Iughv6pj00WO46gGk6CBzqx3ys7cLVuC04Txx8d/Uhq4sbTXSIjbUmr0bgNybV6FuI9fOAOeFjDHquVP06Q==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://scam.vn
origin-agent-cluster: ?0
cache-control: private, no-cache, no-store, must-revalidate
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 dCr8nJpupVz.js Show response
static.xx.fbcdn.net/rsrc.php/v3iSa94/yV/l/vi_VN/ Frame B318 83 KB
23 KB 18ms
18ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iSa94/yV/l/vi_VN/dCr8nJpupVz.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yD/r/eM7fx0tnEj2.js?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ee4d5618e5f92851dc1149992a6b858d7f5ef67165f163a2b9cbe0ebf75a5105

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: oxT3cjhCsIULyn24jjASSw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 23289
x-fb-rlafr: 0
x-fb-debug: WEaBEUiyC4I+zeeR0sUkh2M1ZY8oI6o2AsMF/G1tWZsGQ/d64cGtMJpOoWyrilplHJPjMgJRGS7T0BzzjLIjuw==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Sun, 18 Feb 2024 02:14:06 GMT

GET
H3 200 LknN3bY3OG2.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yt/r/ Frame B318 21 KB
7 KB 17ms
16ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yt/r/LknN3bY3OG2.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yD/r/eM7fx0tnEj2.js?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5970ba4f88cb09634969327e073e156dd29749a70ca4ac454a30ed0f82e0bea9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: guArMA32NFllqig+bkpcsg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 7031
x-fb-rlafr: 0
x-fb-debug: Uc7z/5ZuQ93hlq8lrd/A6UBM6AZ8tEtNy05iJVr0CPr6RqZygTLC7nO+eGYiriK+6h9qivm57alHfIPz8plQcw==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=1
expires: Sat, 17 Feb 2024 01:42:45 GMT

GET
H3 200 odN6yT5qyq_.png
static.xx.fbcdn.net/rsrc.php/v3/yS/r/ Frame 2741 1 KB
1 KB 15ms
15ms Image
image/png 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yS/r/odN6yT5qyq_.png

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yT/l/0,cross/3Pgg3iaRvlz.css?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3a16bbf4914a49b1afe816e119c7da2d731dead9167c01d07984ef323e26bfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://static.xx.fbcdn.net/rsrc.php/v3/yT/l/0,cross/3Pgg3iaRvlz.css?_nc_x=Ij3Wp8lg5Kz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
x-content-type-options: nosniff
content-md5: jWtlBZOXpZs9LMNqqzeJoA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1341
x-fb-rlafr: 0
x-fb-debug: cFE9A9tqeg1zfChCqy5F034Tt/nKZ712pHpF/uL2j2N5OWATY7mZkAOENcDO3Ybza5p7GtDn/xo1yG6C8CyL/A==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Tue, 06 Feb 2024 18:06:45 GMT

GET
H3 200 LknN3bY3OG2.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yt/r/ Frame 2741 21 KB
7 KB 18ms
18ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yt/r/LknN3bY3OG2.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yD/r/eM7fx0tnEj2.js?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5970ba4f88cb09634969327e073e156dd29749a70ca4ac454a30ed0f82e0bea9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: guArMA32NFllqig+bkpcsg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 7031
x-fb-rlafr: 0
x-fb-debug: Uc7z/5ZuQ93hlq8lrd/A6UBM6AZ8tEtNy05iJVr0CPr6RqZygTLC7nO+eGYiriK+6h9qivm57alHfIPz8plQcw==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=1
expires: Sat, 17 Feb 2024 01:42:45 GMT

GET
H2 200 js Show response
www.google-analytics.com/gtm/ 111 KB
44 KB 33ms
33ms Script
application/javascript 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-T5B3QCG&t=gtag_UA_158914372_1&cid=100274804.1676910293

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

109727aca7ecbba75fb100a6428fb8e02b45a1dfd1dabd2194ea321db8db07d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44626
x-xss-protection: 0
last-modified: Mon, 20 Feb 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 20 Feb 2023 16:24:53 GMT

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302130101/ 150 KB
51 KB 106ms
106ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302130101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f9a131614d916e7ef426c29cfb5f395a06ee53055584835012145a2d12b28c6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52063
x-xss-protection: 0
server: cafe
etag: 18133918001091738098
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 20 Feb 2023 16:24:53 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 57ms
56ms Script
application/javascript 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=scam.vn

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 27ms
27ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=scam.vn

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 9EA4 110 KB
37 KB 698ms
698ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7618423324404424&output=html&h=280&adk=1166979537&adf=1272846351&pi=t.aa~a.2460070978~rp.4&w=1175&fwrn=4&fwrnh=100&lmt=1676910293&rafmt=1&to=qs&pwprc=5012342430&format=1175x280&url=https%3A%2F%2Fscam.vn%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676910293455&bpp=1&bdt=1123&idt=-M&shv=r20230215&mjsv=m202302130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc1664e6979bdde9f-22968790f6dc0005%3AT%3D1676910292%3ART%3D1676910292%3AS%3DALNI_MZoAa6b_rr5_Ocmms6VUyaNBfVCcw&gpic=UID%3D00000bb957e8f02a%3AT%3D1676910292%3ART%3D1676910292%3AS%3DALNI_MaGmySzK1xQTZAvFZg0Twz5HaKebA&prev_fmts=0x0%2C1145x280&nras=3&correlator=3247602610087&frm=20&pv=1&ga_vid=100274804.1676910293&ga_sid=1676910293&ga_hid=557402630&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=213&ady=1366&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071755%2C31071662%2C31071976%2C31072499&oid=2&pvsid=2204243330728700&tmod=1929045309&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=0dC31HJmDT&p=https%3A//scam.vn&dtd=6

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b237980a96daff3e773b4672de27cf0abf7bc68005cc0c137af185819ac8500a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://scam.vn/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 37828
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 20 Feb 2023 16:24:54 GMT
expires: Mon, 20 Feb 2023 16:24:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1836 21 KB
9 KB 734ms
734ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7618423324404424&output=html&h=90&adk=3869488725&adf=360036981&pi=t.aa~a.3759911452~rp.1&w=1145&fwrn=4&fwrnh=100&lmt=1676910293&rafmt=1&to=qs&pwprc=5012342430&format=1145x90&url=https%3A%2F%2Fscam.vn%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676910293455&bpp=1&bdt=1123&idt=1&shv=r20230215&mjsv=m202302130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc1664e6979bdde9f-22968790f6dc0005%3AT%3D1676910292%3ART%3D1676910292%3AS%3DALNI_MZoAa6b_rr5_Ocmms6VUyaNBfVCcw&gpic=UID%3D00000bb957e8f02a%3AT%3D1676910292%3ART%3D1676910292%3AS%3DALNI_MaGmySzK1xQTZAvFZg0Twz5HaKebA&prev_fmts=0x0%2C1145x280%2C1175x280&nras=4&correlator=3247602610087&frm=20&pv=1&ga_vid=100274804.1676910293&ga_sid=1676910293&ga_hid=557402630&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=228&ady=2224&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071755%2C31071662%2C31071976%2C31072499&oid=2&pvsid=2204243330728700&tmod=1929045309&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=IJDrVqT7QY&p=https%3A//scam.vn&dtd=9

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5d4ab02eb17eda31652f712809b9f1966e937394f7c3731dfddfbc2419516a5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://scam.vn/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 9002
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 20 Feb 2023 16:24:54 GMT
expires: Mon, 20 Feb 2023 16:24:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 26ms
26ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=557402630&t=pageview&_s=1&dl=https%3A%2F%2Fscam.vn%2F&ul=en-us&de=UTF-8&dt=C%E1%BA%A3nh%20B%C3%A1o%20L%E1%BB%ABa%20%C4%90%E1%BA%A3o%20-%20SCAM.VN&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aCDAAUADQAAAACAAI~&jid=911201356&gjid=353879447&cid=100274804.1676910293&tid=UA-158914372-1&_gid=2083160207.1676910293&_r=1&gtm=457e32f0&z=405003056

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://scam.vn/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:53 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://scam.vn
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 25ms
25ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=scam.vn

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 26ms
25ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=scam.vn

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230215/r20110914/ Frame DC1B 10 KB
4 KB 19ms
19ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230215/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://scam.vn/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 70557
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Feb 2023 20:48:56 GMT
etag: 10353107486223812946
expires: Sun, 05 Mar 2023 20:48:56 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230215/r20110914/ Frame 4D04 10 KB
4 KB 19ms
18ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230215/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://scam.vn/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 70557
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Feb 2023 20:48:56 GMT
etag: 10353107486223812946
expires: Sun, 05 Mar 2023 20:48:56 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230215/r20110914/client/ Frame DC1B 2 KB
846 B 191ms
82ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230215/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230215/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 12:34:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13817
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Mar 2023 12:34:36 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230215/r20110914/ Frame DC1B 22 KB
9 KB 144ms
37ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230215/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230215/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ceb563d6ce39ba6ab2e90a1d7e6a39d737a2fa59db1914b115f784bbf97fa5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 02:41:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49389
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8814
x-xss-protection: 0
server: cafe
etag: 11378319237421819138
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Mar 2023 02:41:44 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230215/r20110914/client/ Frame DC1B 3 KB
1 KB 190ms
83ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230215/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230215/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 10:57:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19634
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Mar 2023 10:57:39 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230215/r20110914/client/ Frame DC1B 20 KB
8 KB 149ms
42ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230215/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230215/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5e713a207017a40f54387d0e25bbb3cbbe1b3d10338cdd4a7342cc1486b19140

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 10:57:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19634
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8274
x-xss-protection: 0
server: cafe
etag: 9471482037410804447
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Mar 2023 10:57:39 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DC1B 156 KB
48 KB 252ms
141ms Script
text/javascript 2a00:1450:400d:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230215/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a85af52452417453ae5ced98aa54a149925de2155e823234dce588c331d11aa0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48814
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1676465787912926"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 20 Feb 2023 16:24:53 GMT

GET
H2 200 3fa5291869997d20adf47a02a7a75d04.js Show response
www.gstatic.com/mysidia/ Frame DC1B 34 KB
14 KB 68ms
23ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/3fa5291869997d20adf47a02a7a75d04.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230215/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68e1fe5f35b4b0131be24086e7de0e04291d335c32ac4868bf0803abe50a862e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:26:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 503875
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14191
x-xss-protection: 0
last-modified: Tue, 14 Feb 2023 00:07:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 15 May 2023 20:26:58 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230215/r20110914/client/ Frame 4D04 2 KB
799 B 182ms
83ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230215/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230215/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 12:34:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13817
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Mar 2023 12:34:36 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230215/r20110914/ Frame 4D04 22 KB
9 KB 145ms
48ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230215/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230215/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ceb563d6ce39ba6ab2e90a1d7e6a39d737a2fa59db1914b115f784bbf97fa5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 02:41:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49389
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8814
x-xss-protection: 0
server: cafe
etag: 11378319237421819138
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Mar 2023 02:41:44 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230215/r20110914/client/ Frame 4D04 3 KB
1 KB 177ms
81ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230215/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230215/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 10:57:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19634
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Mar 2023 10:57:39 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230215/r20110914/client/ Frame 4D04 20 KB
8 KB 170ms
73ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230215/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230215/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5e713a207017a40f54387d0e25bbb3cbbe1b3d10338cdd4a7342cc1486b19140

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 10:57:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19634
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8274
x-xss-protection: 0
server: cafe
etag: 9471482037410804447
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Mar 2023 10:57:39 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4D04 156 KB
48 KB 318ms
218ms Script
text/javascript 2a00:1450:400d:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230215/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a85af52452417453ae5ced98aa54a149925de2155e823234dce588c331d11aa0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48814
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1676465787912926"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 20 Feb 2023 16:24:53 GMT

GET
H2 200 3fa5291869997d20adf47a02a7a75d04.js Show response
www.gstatic.com/mysidia/ Frame 4D04 34 KB
14 KB 80ms
46ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/3fa5291869997d20adf47a02a7a75d04.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230215/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68e1fe5f35b4b0131be24086e7de0e04291d335c32ac4868bf0803abe50a862e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:26:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 503875
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14191
x-xss-protection: 0
last-modified: Tue, 14 Feb 2023 00:07:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 15 May 2023 20:26:58 GMT

GET
H3 200 KFOkCnqEu92Fr1Mu51xGIzIFKw.woff2
fonts.gstatic.com/s/roboto/v30/ 12 KB
12 KB 22ms
20ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xGIzIFKw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,400i,500,500i,700,700i,900,900i

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9582ced8a675bf267cc7ac392a86413ed850e53c85919b93719134ecc22ea04b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://scam.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 08:08:45 GMT
x-content-type-options: nosniff
age: 375368
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12704
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 16 Feb 2024 08:08:45 GMT

GET
H3 200 KFOkCnqEu92Fr1Mu51xHIzIFKw.woff2
fonts.gstatic.com/s/roboto/v30/ 6 KB
6 KB 18ms
17ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xHIzIFKw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,400i,500,500i,700,700i,900,900i

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0b68e8634c96265eb32a0c769416b5b02215ee3fee0c9e228f3455dc13ecabaf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://scam.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 19:18:03 GMT
x-content-type-options: nosniff
age: 335210
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5928
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 16 Feb 2024 19:18:03 GMT

GET
H3 200 ENhUjQ5Efr1LKcBlRSMtCxEMsPeXm4hb-JW7itjXrRA.js Show response
pagead2.googlesyndication.com/bg/ Frame 9354 36 KB
14 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ENhUjQ5Efr1LKcBlRSMtCxEMsPeXm4hb-JW7itjXrRA.js

Requested by

Host: scam.vn
URL: https://scam.vn/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

10d8548d0e447ebd4b29c06545232d0b110cb0f7979b885bf895bb8ad8d7ad10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 07:30:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32085
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14306
x-xss-protection: 0
last-modified: Mon, 13 Feb 2023 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 20 Feb 2024 07:30:08 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230215/r20110914/client/ Frame 856D 2 KB
799 B 33ms
31ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230215/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7618423324404424&output=html&h=280&adk=2654064360&adf=1801062927&pi=t.aa~a.3605552536~rp.4&w=1145&fwrn=4&fwrnh=100&lmt=1676910292&rafmt=1&to=qs&pwprc=5012342430&format=1145x280&url=https%3A%2F%2Fscam.vn%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676910292621&bpp=3&bdt=290&idt=208&shv=r20230215&mjsv=m202302130101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=3247602610087&frm=20&pv=1&ga_vid=100274804.1676910293&ga_sid=1676910293&ga_hid=557402630&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=228&ady=577&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071755%2C31071662%2C31071976%2C31072499&oid=2&pvsid=2204243330728700&tmod=1929045309&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=cgwaS0GVij&p=https%3A//scam.vn&dtd=211

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 12:34:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13817
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Mar 2023 12:34:36 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230215/r20110914/ Frame 856D 22 KB
9 KB 33ms
32ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230215/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ceb563d6ce39ba6ab2e90a1d7e6a39d737a2fa59db1914b115f784bbf97fa5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 02:41:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49389
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8814
x-xss-protection: 0
server: cafe
etag: 11378319237421819138
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Mar 2023 02:41:44 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230215/r20110914/client/ Frame 856D 3 KB
1 KB 37ms
36ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230215/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 10:57:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19634
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Mar 2023 10:57:39 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230215/r20110914/client/ Frame 856D 20 KB
8 KB 38ms
37ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230215/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5e713a207017a40f54387d0e25bbb3cbbe1b3d10338cdd4a7342cc1486b19140

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 10:57:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19634
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8274
x-xss-protection: 0
server: cafe
etag: 9471482037410804447
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Mar 2023 10:57:39 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 856D 156 KB
48 KB 96ms
95ms Script
text/javascript 2a00:1450:400d:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a85af52452417453ae5ced98aa54a149925de2155e823234dce588c331d11aa0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48814
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1676465787912926"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 20 Feb 2023 16:24:54 GMT

GET
H2 200 3fa5291869997d20adf47a02a7a75d04.js Show response
www.gstatic.com/mysidia/ Frame 856D 34 KB
14 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/3fa5291869997d20adf47a02a7a75d04.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68e1fe5f35b4b0131be24086e7de0e04291d335c32ac4868bf0803abe50a862e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:26:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 503875
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14191
x-xss-protection: 0
last-modified: Tue, 14 Feb 2023 00:07:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 15 May 2023 20:26:58 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 856D 0
0 61ms
61ms Fetch
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CyQ1i1J7zY-PxNJ601fAP_6e22Aa8hYaFb56ZmKupEMjFgJmoMhABIJ6q3Slglcr5gZQHoAGMwYzDA8gBCakCTxrYiBzusT6oAwHIA8sEqgS-AU_QB8VYu07FgStGDkWxZL3fZHXGQE63HlFPp2MnlkO5BW33aZqfd5-phIZtqhuIbv-_4R7L7-5Ys47L0E2yqae9UFulUfXaGErmKG_e_JYJZHFqEvuRSi_Vfpv9A1T_hjkWZVuin6D7vyG9LFYM8ps5pLZMecIVqf-EDkFo8lJ2KWsewILayXI9OOjWo1ANRyLQL3Je9y4Ffy_ZP6FS3QPScoDT7P3XPfLT2BjR_BocTI7E1S76ITWS5YRFT6jABJyC5ouqBJIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAeW7O4bqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgHpr4b2AcA8gcEEJjeKtIIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsB2BML0BUBgBcBshccChoIABIUcHViLTc2MTg0MjMzMjQ0MDQ0MjQYAA&sigh=IdM_R3m3K0o&uach_m=[UACH]&cid=CAQSGwDUE5ymWsVhVNT8-NP_wd8XWWrBc_WE8ePVghgB&template_id=494

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7618423324404424&output=html&h=280&adk=2654064360&adf=1801062927&pi=t.aa~a.3605552536~rp.4&w=1145&fwrn=4&fwrnh=100&lmt=1676910292&rafmt=1&to=qs&pwprc=5012342430&format=1145x280&url=https%3A%2F%2Fscam.vn%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676910292621&bpp=3&bdt=290&idt=208&shv=r20230215&mjsv=m202302130101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=3247602610087&frm=20&pv=1&ga_vid=100274804.1676910293&ga_sid=1676910293&ga_hid=557402630&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=228&ady=577&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071755%2C31071662%2C31071976%2C31072499&oid=2&pvsid=2204243330728700&tmod=1929045309&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=cgwaS0GVij&p=https%3A//scam.vn&dtd=211
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 20 Feb 2023 16:24:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 20 Feb 2023 16:24:54 GMT

GET
H2 200 15836097291663145966
tpc.googlesyndication.com/daca_images/simgad/ Frame 4D04 11 KB
11 KB 107ms
107ms Image
image/jpeg 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/15836097291663145966?w=180&h=360

Requested by

Host: scam.vn
URL: https://scam.vn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9fccf44fe359b9109c82ff95e0c8f154574438f20723210c2bd6c05610759f51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:54 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10758
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 22:26:44 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 27 Feb 2023 16:24:54 GMT

GET
DATA 200
OK truncated
/ Frame 4D04 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f15ee4ea8ac3222e4995dd224f6de521c13f3fdafc4b5b6e9386de621953856d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame 856D 5 KB
6 KB 82ms
14ms Image
image/jpeg 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcQos12YYfyh2Aaf6OnapoIL0n-hEgzjb0b8GE1D1oJFZ7cdemxH&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c2aa24261e5d3c5cf7f09ab468265227ae210cccc850737fe874ca23b302dfdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sun, 19 Feb 2023 16:39:13 GMT
x-content-type-options: nosniff
age: 85541
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5521
x-xss-protection: 0
last-modified: Mon, 20 May 2019 11:51:54 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Mon, 19 Feb 2024 16:39:13 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame 856D 8 KB
8 KB 148ms
64ms Image
image/jpeg 2a00:1450:400d:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcQy4Xk-Hv-1BbGAbNHbv_pRE-uattSl3DQSZdifPlPA6rjkHzU&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac99740c633caa0382f2dec9cdf7db8b6e0d18a5ba1ba4fcd714d890123c2678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 06:40:41 GMT
x-content-type-options: nosniff
age: 467053
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8167
x-xss-protection: 0
last-modified: Mon, 02 Jan 2023 09:32:17 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Thu, 15 Feb 2024 06:40:41 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame 856D 10 KB
11 KB 62ms
18ms Image
image/jpeg 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcQ9-wVbYPXnv2pB34VSJcZOrWALqWoH7hdJOPSkZuFWHGQKeFk&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

72cfab2049fee3657af4fbb4a80d958b5b58dd612ffd3fd8642546e1362ec8fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 15:38:22 GMT
x-content-type-options: nosniff
age: 348392
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10458
x-xss-protection: 0
last-modified: Fri, 07 Feb 2020 07:07:58 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Fri, 16 Feb 2024 15:38:22 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 856D 11 KB
11 KB 78ms
20ms Image
image/jpeg 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcTjzIUN9nlTA_QFTPEB9vWT_gZMPiVHdOpFxz5j8QQCtgQuHnQb&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b7bbe7887654e38f171a574c71bc310ebea0649af0e1d4db1a427c315ade6e3f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 01:13:06 GMT
x-content-type-options: nosniff
age: 400308
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11266
x-xss-protection: 0
last-modified: Wed, 10 Mar 2021 19:22:13 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Fri, 16 Feb 2024 01:13:06 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 856D 12 KB
12 KB 75ms
16ms Image
image/jpeg 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcRoa78hVLgp5DwTIO4P1G1LGYNECRKExWbmsoOqUtCcyYjUh2A&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e1683961ff49c088f888de8dddc359f3d842b15b6c1f8ed3a99f19f62aa9bdcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 12:28:50 GMT
x-content-type-options: nosniff
age: 446164
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12181
x-xss-protection: 0
last-modified: Mon, 02 Jan 2023 06:12:13 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Thu, 15 Feb 2024 12:28:50 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame 856D 31 KB
32 KB 114ms
30ms Image
image/png 2a00:1450:400d:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcQ3NyelT_cIGxCVeAGii4cdHxni8hXMYOqDVLf0UcxeKTmyZaQt&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5ad42dcf2b99c1338f0633c11ffc8612e035352c42746283d3d43b795c9c6cb6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 00:38:39 GMT
x-content-type-options: nosniff
age: 315975
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32055
x-xss-protection: 0
last-modified: Thu, 27 Jan 2022 10:33:00 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sat, 17 Feb 2024 00:38:39 GMT

GET
H3 200 ENhUjQ5Efr1LKcBlRSMtCxEMsPeXm4hb-JW7itjXrRA.js Show response
pagead2.googlesyndication.com/bg/ Frame 0AE3 36 KB
14 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ENhUjQ5Efr1LKcBlRSMtCxEMsPeXm4hb-JW7itjXrRA.js

Requested by

Host: scam.vn
URL: https://scam.vn/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

10d8548d0e447ebd4b29c06545232d0b110cb0f7979b885bf895bb8ad8d7ad10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 07:30:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32086
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14306
x-xss-protection: 0
last-modified: Mon, 13 Feb 2023 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 20 Feb 2024 07:30:08 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 4D04 0
18 B 60ms
60ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Claz-1J7zY6DCNI7I1fAPmPWJwAXKr5T3brmL5cCIDtrZHhABIJ6q3Slglcr5gZQHoAGi1_qeA8gBAqkCTxrYiBzusT6oAwHIA8sEqgTCAU_Qzw9GTVzKazewj7SqmZnM4qczYOiKUI32xCyI9Fx2rRml1dw6Cuu4otrPiJs1Dx5h5UFzkGxkrn5vOkg1o30fxMzASzDvGwfXyqLR6OdykLRIs27cmSMvCyfKe1OSpq5DoIVsSAUZLnfflfNRBbE06UdibydB4QbXxbIi6eykxQgyM6UiYgsft5dNIVM_AysrC-AnUPlh229x5_gACdbakBXNpMAiRyCuwk-onG10bBblhGosoPTL2_zOM-oak6zFwASvkpKq5QOSBQQIBBgBkgUECAUYBKAGAoAHu5jd5wKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBDdyAbSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAdgTDYgUF9AVAYAXAbIXHAoaCAASFHB1Yi03NjE4NDIzMzI0NDA0NDI0GAA&sigh=FKBOVrx2tSI&uach_m=[UACH]&cid=CAQSGwDUE5ym99t9MMFfTpfRBEkzcDOiwXzkunTaHhgB&vis=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd

Requested by

Host: scam.vn
URL: https://scam.vn/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20230215/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 20 Feb 2023 16:24:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 856D 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9cf9cf76bb3087940feb0589d40f6bb12256e4b3fb6c8dd63dd935b2a535bcde

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 css
fonts.googleapis.com/ Frame 9EA4 8 KB
991 B 24ms
23ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7618423324404424&output=html&h=280&adk=1166979537&adf=1272846351&pi=t.aa~a.2460070978~rp.4&w=1175&fwrn=4&fwrnh=100&lmt=1676910293&rafmt=1&to=qs&pwprc=5012342430&format=1175x280&url=https%3A%2F%2Fscam.vn%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676910293455&bpp=1&bdt=1123&idt=-M&shv=r20230215&mjsv=m202302130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc1664e6979bdde9f-22968790f6dc0005%3AT%3D1676910292%3ART%3D1676910292%3AS%3DALNI_MZoAa6b_rr5_Ocmms6VUyaNBfVCcw&gpic=UID%3D00000bb957e8f02a%3AT%3D1676910292%3ART%3D1676910292%3AS%3DALNI_MaGmySzK1xQTZAvFZg0Twz5HaKebA&prev_fmts=0x0%2C1145x280&nras=3&correlator=3247602610087&frm=20&pv=1&ga_vid=100274804.1676910293&ga_sid=1676910293&ga_hid=557402630&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=213&ady=1366&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071755%2C31071662%2C31071976%2C31072499&oid=2&pvsid=2204243330728700&tmod=1929045309&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=0dC31HJmDT&p=https%3A//scam.vn&dtd=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 20 Feb 2023 16:24:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 20 Feb 2023 16:18:13 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 20 Feb 2023 16:24:54 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230215/r20110914/client/ Frame 9EA4 2 KB
765 B 30ms
30ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230215/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 12:34:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13818
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Mar 2023 12:34:36 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 9EA4 0
0 63ms
62ms Fetch
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cs4qO1Z7zY5iSH_OA1fAPpLewoArU9NiJZbDcg4DMEJaCzYWIFhABIJ6q3SlglYKAgKAHoAHR8orCA8gBCakCTxrYiBzusT6oAwHIA8sEqgTLAU_Q8_VQ0sajWCK_AptXIICtgYXNwCNzUoQHkvJWwmT7msbjgV3lcsAUnXa0SwhyH569C5yPmoUSfu4cA9-pSOw9PSnSPqcbNK3o0rhO5LGdlj8kQS3tzJiNMokB8OEkIwtodz1rPV-Vt1X4SL3UJG3tlvcEIVNdT71TkFLkewI9nsK-Es4WS0hqzZu8O2l8DkVUqQetRIpWZUd1iL8Yvc7WgsxItXJ8x69aBNVUpzlZ5S5LPa2MkShXu07EhDJVnkRkxckLAgTJeoOmwASyk5zWgwSSBQQIBBgBkgUECAUYBKAGLoAHl431PagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEOC1CtIIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsB2BMMiBQB0BUBmBYBgBcBshccChoIABIUcHViLTc2MTg0MjMzMjQ0MDQ0MjQYAA&sigh=vFFN--gKpZY&uach_m=[UACH]&cid=CAQSPADUE5ymMcAGMy53X9VuGtHrrhT64faOdpEPl74SugwbQEDFV88HaPaPFVUW1i-V_mTQ7yd4qD5bzCujOxgB&template_id=5000

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7618423324404424&output=html&h=280&adk=1166979537&adf=1272846351&pi=t.aa~a.2460070978~rp.4&w=1175&fwrn=4&fwrnh=100&lmt=1676910293&rafmt=1&to=qs&pwprc=5012342430&format=1175x280&url=https%3A%2F%2Fscam.vn%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676910293455&bpp=1&bdt=1123&idt=-M&shv=r20230215&mjsv=m202302130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc1664e6979bdde9f-22968790f6dc0005%3AT%3D1676910292%3ART%3D1676910292%3AS%3DALNI_MZoAa6b_rr5_Ocmms6VUyaNBfVCcw&gpic=UID%3D00000bb957e8f02a%3AT%3D1676910292%3ART%3D1676910292%3AS%3DALNI_MaGmySzK1xQTZAvFZg0Twz5HaKebA&prev_fmts=0x0%2C1145x280&nras=3&correlator=3247602610087&frm=20&pv=1&ga_vid=100274804.1676910293&ga_sid=1676910293&ga_hid=557402630&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=213&ady=1366&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071755%2C31071662%2C31071976%2C31072499&oid=2&pvsid=2204243330728700&tmod=1929045309&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=0dC31HJmDT&p=https%3A//scam.vn&dtd=6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 20 Feb 2023 16:24:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230215/r20110914/ Frame 9EA4 22 KB
9 KB 32ms
32ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230215/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ceb563d6ce39ba6ab2e90a1d7e6a39d737a2fa59db1914b115f784bbf97fa5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 02:41:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49390
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8814
x-xss-protection: 0
server: cafe
etag: 11378319237421819138
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Mar 2023 02:41:44 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230215/r20110914/client/ Frame 9EA4 3 KB
1 KB 33ms
32ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230215/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 10:57:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19635
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Mar 2023 10:57:39 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230215/r20110914/client/ Frame 9EA4 20 KB
8 KB 33ms
32ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230215/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5e713a207017a40f54387d0e25bbb3cbbe1b3d10338cdd4a7342cc1486b19140

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 10:57:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19635
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8274
x-xss-protection: 0
server: cafe
etag: 9471482037410804447
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Mar 2023 10:57:39 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 9EA4 0
0 97ms
29ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSrgm7ihphdL9dt2qerC-IYkztJPeFovgioYPgEQzTUliujm1tF8zG4mcTJxhVWkkv_GRc-lLOw2sObglrohIz2X7SAGw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7618423324404424&output=html&h=280&adk=1166979537&adf=1272846351&pi=t.aa~a.2460070978~rp.4&w=1175&fwrn=4&fwrnh=100&lmt=1676910293&rafmt=1&to=qs&pwprc=5012342430&format=1175x280&url=https%3A%2F%2Fscam.vn%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676910293455&bpp=1&bdt=1123&idt=-M&shv=r20230215&mjsv=m202302130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc1664e6979bdde9f-22968790f6dc0005%3AT%3D1676910292%3ART%3D1676910292%3AS%3DALNI_MZoAa6b_rr5_Ocmms6VUyaNBfVCcw&gpic=UID%3D00000bb957e8f02a%3AT%3D1676910292%3ART%3D1676910292%3AS%3DALNI_MaGmySzK1xQTZAvFZg0Twz5HaKebA&prev_fmts=0x0%2C1145x280&nras=3&correlator=3247602610087&frm=20&pv=1&ga_vid=100274804.1676910293&ga_sid=1676910293&ga_hid=557402630&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=213&ady=1366&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071755%2C31071662%2C31071976%2C31072499&oid=2&pvsid=2204243330728700&tmod=1929045309&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=0dC31HJmDT&p=https%3A//scam.vn&dtd=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9EA4 156 KB
48 KB 154ms
154ms Script
text/javascript 2a00:1450:400d:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a85af52452417453ae5ced98aa54a149925de2155e823234dce588c331d11aa0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48814
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1676465787912926"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 20 Feb 2023 16:24:54 GMT

GET
H3 200 3fa5291869997d20adf47a02a7a75d04.js Show response
www.gstatic.com/mysidia/ Frame 9EA4 34 KB
14 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/3fa5291869997d20adf47a02a7a75d04.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68e1fe5f35b4b0131be24086e7de0e04291d335c32ac4868bf0803abe50a862e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:26:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 503876
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14191
x-xss-protection: 0
last-modified: Tue, 14 Feb 2023 00:07:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 15 May 2023 20:26:58 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/1981773749243797972/ Frame 9EA4 23 KB
23 KB 37ms
37ms Image
image/jpeg 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1981773749243797972/14763004658117789537?w=600&h=314

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3d152389e6f8519aae380b69d025b38e2aa1635d790d4d8344cadb0e16e7146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 13:30:10 GMT
x-content-type-options: nosniff
age: 356084
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23386
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 17:24:22 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 16 Feb 2024 13:30:10 GMT

GET
DATA 200
OK truncated
/ Frame 9EA4 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 9EA4 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 ENhUjQ5Efr1LKcBlRSMtCxEMsPeXm4hb-JW7itjXrRA.js Show response
pagead2.googlesyndication.com/bg/ Frame 2F78 36 KB
14 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ENhUjQ5Efr1LKcBlRSMtCxEMsPeXm4hb-JW7itjXrRA.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

10d8548d0e447ebd4b29c06545232d0b110cb0f7979b885bf895bb8ad8d7ad10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 07:30:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32086
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14306
x-xss-protection: 0
last-modified: Mon, 13 Feb 2023 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 20 Feb 2024 07:30:08 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 4691 624 B
242 B 57ms
54ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYuqmj3wEwAQ&v=APEucNWqA-OUYASMH3gmAKEtEon0FLOj3wUMUftoh1GB3IHVfpki4obftPNwqQrW9grxJ6zBLRCq0C624Sm2nqNog54rbAmVe5iF2DGz_dmX6VfEkV1ORbN1ujhaWtGj10I3FwJWczplKY1cgNDTCh1tkzPSwVmQESAKbrwdRDvOj7uQeoLzMiQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7618423324404424&output=html&h=90&adk=3869488725&adf=360036981&pi=t.aa~a.3759911452~rp.1&w=1145&fwrn=4&fwrnh=100&lmt=1676910293&rafmt=1&to=qs&pwprc=5012342430&format=1145x90&url=https%3A%2F%2Fscam.vn%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676910293455&bpp=1&bdt=1123&idt=1&shv=r20230215&mjsv=m202302130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc1664e6979bdde9f-22968790f6dc0005%3AT%3D1676910292%3ART%3D1676910292%3AS%3DALNI_MZoAa6b_rr5_Ocmms6VUyaNBfVCcw&gpic=UID%3D00000bb957e8f02a%3AT%3D1676910292%3ART%3D1676910292%3AS%3DALNI_MaGmySzK1xQTZAvFZg0Twz5HaKebA&prev_fmts=0x0%2C1145x280%2C1175x280&nras=4&correlator=3247602610087&frm=20&pv=1&ga_vid=100274804.1676910293&ga_sid=1676910293&ga_hid=557402630&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=228&ady=2224&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071755%2C31071662%2C31071976%2C31072499&oid=2&pvsid=2204243330728700&tmod=1929045309&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=IJDrVqT7QY&p=https%3A//scam.vn&dtd=9

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7618423324404424&output=html&h=90&adk=3869488725&adf=360036981&pi=t.aa~a.3759911452~rp.1&w=1145&fwrn=4&fwrnh=100&lmt=1676910293&rafmt=1&to=qs&pwprc=5012342430&format=1145x90&url=https%3A%2F%2Fscam.vn%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676910293455&bpp=1&bdt=1123&idt=1&shv=r20230215&mjsv=m202302130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc1664e6979bdde9f-22968790f6dc0005%3AT%3D1676910292%3ART%3D1676910292%3AS%3DALNI_MZoAa6b_rr5_Ocmms6VUyaNBfVCcw&gpic=UID%3D00000bb957e8f02a%3AT%3D1676910292%3ART%3D1676910292%3AS%3DALNI_MaGmySzK1xQTZAvFZg0Twz5HaKebA&prev_fmts=0x0%2C1145x280%2C1175x280&nras=4&correlator=3247602610087&frm=20&pv=1&ga_vid=100274804.1676910293&ga_sid=1676910293&ga_hid=557402630&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=228&ady=2224&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071755%2C31071662%2C31071976%2C31072499&oid=2&pvsid=2204243330728700&tmod=1929045309&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=IJDrVqT7QY&p=https%3A//scam.vn&dtd=9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 20 Feb 2023 16:24:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 3835 78 KB
27 KB 139ms
138ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

16b432ac8f43a6b2d8aa358f41ee60e2ef5923b2645bf2c37f3a06f8334b1557

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:54 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27790
x-xss-protection: 0
server: cafe
etag: 3677590245327912432
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 20 Feb 2023 16:24:54 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230215/r20110914/client/ Frame 3835 3 KB
1 KB 34ms
32ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230215/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 10:57:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19635
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Mar 2023 10:57:39 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230215/r20110914/client/ Frame 3835 20 KB
8 KB 34ms
32ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230215/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5e713a207017a40f54387d0e25bbb3cbbe1b3d10338cdd4a7342cc1486b19140

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 10:57:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19635
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8274
x-xss-protection: 0
server: cafe
etag: 9471482037410804447
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Mar 2023 10:57:39 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 3835 0
0 59ms
29ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQbyh-2AfhiOFobkqRJ7QrpdvTtHxxiERap-8b7e8QHSgZ459MF2u_2Z-Uk00uqua5BIIV3S4_dGQAa4II4H701c8S1oQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7618423324404424&output=html&h=90&adk=3869488725&adf=360036981&pi=t.aa~a.3759911452~rp.1&w=1145&fwrn=4&fwrnh=100&lmt=1676910293&rafmt=1&to=qs&pwprc=5012342430&format=1145x90&url=https%3A%2F%2Fscam.vn%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676910293455&bpp=1&bdt=1123&idt=1&shv=r20230215&mjsv=m202302130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc1664e6979bdde9f-22968790f6dc0005%3AT%3D1676910292%3ART%3D1676910292%3AS%3DALNI_MZoAa6b_rr5_Ocmms6VUyaNBfVCcw&gpic=UID%3D00000bb957e8f02a%3AT%3D1676910292%3ART%3D1676910292%3AS%3DALNI_MaGmySzK1xQTZAvFZg0Twz5HaKebA&prev_fmts=0x0%2C1145x280%2C1175x280&nras=4&correlator=3247602610087&frm=20&pv=1&ga_vid=100274804.1676910293&ga_sid=1676910293&ga_hid=557402630&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=228&ady=2224&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071755%2C31071662%2C31071976%2C31072499&oid=2&pvsid=2204243330728700&tmod=1929045309&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=IJDrVqT7QY&p=https%3A//scam.vn&dtd=9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3835 156 KB
48 KB 119ms
117ms Script
text/javascript 2a00:1450:400d:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a85af52452417453ae5ced98aa54a149925de2155e823234dce588c331d11aa0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48814
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1676465787912926"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 20 Feb 2023 16:24:54 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3835 42 B
63 B 52ms
50ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BubBwVPQ6lDCMSw97wY42Wht-871xxiTvdbaH3G75X_Olzqjr3RzJeTr8_iSjnb8VmzkvKQUTdQr9AEQkc1cqninpNmNTSz2R3Sg0GIp1yvD04_jA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3835 0
20 B 53ms
51ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=18259861602315892463&x=1&ct=76

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 45A0 1 KB
643 B 18ms
18ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 68416
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Feb 2023 21:24:38 GMT
etag: 48472445140208031
expires: Mon, 20 Feb 2023 21:24:38 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 9EA4 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 751c89307d7a60434eb03102363422ce95d6f835bfc830a3025b563a278c8179

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dpixel
cms.quantserve.com/ Frame 45A0 35 B
465 B 297ms
18ms Image
image/gif 2620:116:800d:21:e365:4988:e8a7:3270
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEIFfaCXRgF816jEZq5T1MIY&google_cver=1&google_push=Aa02lx_s9i-1yJ3gD6U2Z5w4LW6DOixcL_R8C0Nkgwc9pYst5peCsq0XcFv6gm1K0pVSxfGZzxKfWyisH6vrGldcnlQ589es8Ww_mYc

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:e365:4988:e8a7:3270 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:54 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 45A0
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEAmU4fRFLZex1PJZDDtm3wM&google_cver=1&google_push=Aa02lx-6gX0vtuVUgPOOrkubvJKDa9I6sFPerYrbUiXP4jG_qinFmfzujGB84s8Jp3lSMug1EQzJME6XytFOmSDJ...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=Aa02lx-6gX0vtuVUgPOOrkubvJKDa9I6sFPerYrbUiXP4jG_qinFmfzujGB84s8Jp3lSMug1EQzJME6XytFOmSDJ3AEhHDiK48y_53Y

170 B
232 B

31ms
31ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=Aa02lx-6gX0vtuVUgPOOrkubvJKDa9I6sFPerYrbUiXP4jG_qinFmfzujGB84s8Jp3lSMug1EQzJME6XytFOmSDJ3AEhHDiK48y_53Y

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 20 Feb 2023 16:24:54 GMT
Server: MT3 475 4bd2ccd master zrh-pixel-x30 config:1.0.0
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=Aa02lx-6gX0vtuVUgPOOrkubvJKDa9I6sFPerYrbUiXP4jG_qinFmfzujGB84s8Jp3lSMug1EQzJME6XytFOmSDJ3AEhHDiK48y_53Y
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 20 Feb 2023 16:24:53 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 45A0
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEGRVRGeljiw4ep3JcQmvpX4&google_cver=1&google_push=Aa02lx-oDAw0ksihpiklQUNLXwatGmSVdbl_FssCGqXFSmTssQ0c9jFS6IOzda_q1hlYONKC5ZopM33vXGuOLheotemUA45u0HqTi1c
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=2A61C854C76D4AC7BF61EF8213662CB0&google_push=Aa02lx-oDAw0ksihpiklQUNLXwatGmSVdbl_FssCGqXFSmTssQ0c9jFS6IOzda_q1hlYONKC5ZopM33vXGuOLhe...

170 B
232 B

29ms
28ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=2A61C854C76D4AC7BF61EF8213662CB0&google_push=Aa02lx-oDAw0ksihpiklQUNLXwatGmSVdbl_FssCGqXFSmTssQ0c9jFS6IOzda_q1hlYONKC5ZopM33vXGuOLheotemUA45u0HqTi1c

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 20 Feb 2023 16:24:54 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=2A61C854C76D4AC7BF61EF8213662CB0&google_push=Aa02lx-oDAw0ksihpiklQUNLXwatGmSVdbl_FssCGqXFSmTssQ0c9jFS6IOzda_q1hlYONKC5ZopM33vXGuOLheotemUA45u0HqTi1c
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Sun, 19 Feb 2023 16:24:54 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 45A0
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEM2yOkYMkGvqejjq8Wi-NVM&google_cver=1&google_push=Aa02lx9MltNvL8zOm9J3U925qO550DDPeoqr5zNgXOEk4TIofI1RjDzlVboEQsT-SLuBKrd6BFQ...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEVEMTNDNkotSC0xOTRP&google_push=Aa02lx9MltNvL8zOm9J3U925qO550DDPeoqr5zNgXOEk4TIofI1RjDzlVboEQsT-SLuBKrd6BFQ7T_UHQPcOxoE0kfxmCWQySJFazh4

170 B
243 B

34ms
32ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEVEMTNDNkotSC0xOTRP&google_push=Aa02lx9MltNvL8zOm9J3U925qO550DDPeoqr5zNgXOEk4TIofI1RjDzlVboEQsT-SLuBKrd6BFQ7T_UHQPcOxoE0kfxmCWQySJFazh4

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEVEMTNDNkotSC0xOTRP&google_push=Aa02lx9MltNvL8zOm9J3U925qO550DDPeoqr5zNgXOEk4TIofI1RjDzlVboEQsT-SLuBKrd6BFQ7T_UHQPcOxoE0kfxmCWQySJFazh4
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
Expires: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 45A0
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEC8Qt4MlT7xh9hS6pmb0ctk&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEC8Qt4MlT7xh9hS6pmb0ctk&google_push=Aa...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEC8Qt4MlT7xh9hS6pmb0ctk&google_hm=Y_Oe1tOi8q_85X0f-xiMVQAABLwAAAAB&google_nid=index&google_push=Aa02lx9wpAcedxTY8ZAW4XJNLuXKywzJdsTx1...

170 B
232 B

30ms
30ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEC8Qt4MlT7xh9hS6pmb0ctk&google_hm=Y_Oe1tOi8q_85X0f-xiMVQAABLwAAAAB&google_nid=index&google_push=Aa02lx9wpAcedxTY8ZAW4XJNLuXKywzJdsTx157gqJ1qtF54qessjaK-WIDCjZ09V9wa6Vak4_L-8cpNGuYmDpGDOmZyJCvl9eH0SkA

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:54 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vZpReW%2F0YchPdpHm3GpMsi1Nn8MU2f7Pm%2BXGa7zosM0%2B4e28%2Fmz3EJGXAxsAmvv4fRY3mW3%2FTF5%2FVMBAdak%2BvqssMwXBAYBOjKB1gyc6QRkoyoxs%2BQuYKYFJJRPBtNAFHt68u%2Bu2juweZw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEC8Qt4MlT7xh9hS6pmb0ctk&google_hm=Y_Oe1tOi8q_85X0f-xiMVQAABLwAAAAB&google_nid=index&google_push=Aa02lx9wpAcedxTY8ZAW4XJNLuXKywzJdsTx157gqJ1qtF54qessjaK-WIDCjZ09V9wa6Vak4_L-8cpNGuYmDpGDOmZyJCvl9eH0SkA
cache-control: no-cache
cf-ray: 79c8985bd84e9188-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 45A0
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEEd4_cpRHWaD88sZl0avz6E&google_cver=1&google_push=Aa02lx_XKnYa7q6geqljyWFo_djxDif0NTw4KEPAr8GSxITW8Xj8LJ58eL3mb7960LRwgumNN234awuTDgtQWkY2_18rdP...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEEd4_cpRHWaD88sZl0avz6E&google_cver=1&google_push=Aa02lx_XKnYa7q6geqljyWFo_djxDif0NTw4KEPAr8GSxITW8Xj8LJ58eL3mb7960LRwgumNN234awuTDgtQWkY2...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=TBoj5zoxTRyRwKc2f_56ig&google_push=Aa02lx_XKnYa7q6geqljyWFo_djxDif0NTw4KEPAr8GSxITW8Xj8LJ58eL3mb7960LRwgumNN234awuTDgtQWkY...

170 B
188 B

28ms
28ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=TBoj5zoxTRyRwKc2f_56ig&google_push=Aa02lx_XKnYa7q6geqljyWFo_djxDif0NTw4KEPAr8GSxITW8Xj8LJ58eL3mb7960LRwgumNN234awuTDgtQWkY2_18rdP9-Z9Jt20o

Requested by

Host: scam.vn
URL: https://scam.vn/

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=TBoj5zoxTRyRwKc2f_56ig&google_push=Aa02lx_XKnYa7q6geqljyWFo_djxDif0NTw4KEPAr8GSxITW8Xj8LJ58eL3mb7960LRwgumNN234awuTDgtQWkY2_18rdP9-Z9Jt20o
access-control-allow-origin: *
date: Mon, 20 Feb 2023 16:24:54 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

report
sync.teads.tv/um/ Frame 45A0
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEPtjadQUqMD8pY3pGfO5Qzk&...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=Aa02lx-RRYbVD49hxwKrHnemLPlqu0Py69aeFp0dqyC09IhBa7pe12WbFq5zKKfwQyI1cv7r6sodNuuFFXyqCogEL0eopXSIaLOuP9Yf
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
172 B

54ms
54ms

Image
image/gif

104.111.217.42
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7618423324404424&output=html&h=280&adk=1166979537&adf=1272846351&pi=t.aa~a.2460070978~rp.4&w=1175&fwrn=4&fwrnh=100&lmt=1676910293&rafmt=1&to=qs&pwprc=5012342430&format=1175x280&url=https%3A%2F%2Fscam.vn%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676910293455&bpp=1&bdt=1123&idt=-M&shv=r20230215&mjsv=m202302130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc1664e6979bdde9f-22968790f6dc0005%3AT%3D1676910292%3ART%3D1676910292%3AS%3DALNI_MZoAa6b_rr5_Ocmms6VUyaNBfVCcw&gpic=UID%3D00000bb957e8f02a%3AT%3D1676910292%3ART%3D1676910292%3AS%3DALNI_MaGmySzK1xQTZAvFZg0Twz5HaKebA&prev_fmts=0x0%2C1145x280&nras=3&correlator=3247602610087&frm=20&pv=1&ga_vid=100274804.1676910293&ga_sid=1676910293&ga_hid=557402630&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=213&ady=1366&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071755%2C31071662%2C31071976%2C31072499&oid=2&pvsid=2204243330728700&tmod=1929045309&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=0dC31HJmDT&p=https%3A//scam.vn&dtd=6
Protocol: H2
Server: 104.111.217.42 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-217-42.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.9 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

expires: Mon, 20 Feb 2023 16:24:54 GMT
pragma: no-cache
date: Mon, 20 Feb 2023 16:24:54 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.9
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:54 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 45A0 0
139 B 86ms
25ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JSa3FRBs3wB8KoXjj4YmQBTeKjNaDnxcFtVtILr6_02eGGCugV98mjQ7l8jZMFJKImvPH5rQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:54 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 4691
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKqfrZTfeC0EHH06xKKfLjY&google_cver=1

43 B
632 B

41ms
12ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKqfrZTfeC0EHH06xKKfLjY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYuqmj3wEwAQ&v=APEucNWqA-OUYASMH3gmAKEtEon0FLOj3wUMUftoh1GB3IHVfpki4obftPNwqQrW9grxJ6zBLRCq0C624Sm2nqNog54rbAmVe5iF2DGz_dmX6VfEkV1ORbN1ujhaWtGj10I3FwJWczplKY1cgNDTCh1tkzPSwVmQESAKbrwdRDvOj7uQeoLzMiQ
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 20 Feb 2023 16:24:54 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:54 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKqfrZTfeC0EHH06xKKfLjY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 4691
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y-Oe1lTqMi7YHY2rQAo-ngAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKqfrZTfeC0EHH06xKKfLjY&google_cver=1

43 B
766 B

13ms
13ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKqfrZTfeC0EHH06xKKfLjY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYuqmj3wEwAQ&v=APEucNWqA-OUYASMH3gmAKEtEon0FLOj3wUMUftoh1GB3IHVfpki4obftPNwqQrW9grxJ6zBLRCq0C624Sm2nqNog54rbAmVe5iF2DGz_dmX6VfEkV1ORbN1ujhaWtGj10I3FwJWczplKY1cgNDTCh1tkzPSwVmQESAKbrwdRDvOj7uQeoLzMiQ
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 20 Feb 2023 16:24:54 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:54 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKqfrZTfeC0EHH06xKKfLjY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame 4691
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEDYyxJdLLKR-LHv2sYpM70c&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEDYyxJdLLKR-LHv2sYpM70c%26google_cver%3D1

43 B
1 KB

20ms
20ms

Image
image/gif

185.89.210.82
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEDYyxJdLLKR-LHv2sYpM70c%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYuqmj3wEwAQ&v=APEucNWqA-OUYASMH3gmAKEtEon0FLOj3wUMUftoh1GB3IHVfpki4obftPNwqQrW9grxJ6zBLRCq0C624Sm2nqNog54rbAmVe5iF2DGz_dmX6VfEkV1ORbN1ujhaWtGj10I3FwJWczplKY1cgNDTCh1tkzPSwVmQESAKbrwdRDvOj7uQeoLzMiQ

Protocol

HTTP/1.1

Server

185.89.210.82 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 20 Feb 2023 16:24:54 GMT
AN-X-Request-Uuid: a189f746-eb86-4246-9b43-4ca0385f5ed5
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 178.162.209.142; 178.162.209.142; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 20 Feb 2023 16:24:54 GMT
AN-X-Request-Uuid: 440fb20f-dc8b-40a4-88bb-5dbd21cf0f84
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEDYyxJdLLKR-LHv2sYpM70c%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 178.162.209.142; 178.162.209.142; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4691
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTAyMzIzNTYwNDQyMDgwNjc1NQ%3D%3D

170 B
188 B

30ms
30ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTAyMzIzNTYwNDQyMDgwNjc1NQ%3D%3D

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 20 Feb 2023 16:24:54 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 178.162.209.142; 178.162.209.142; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 948e9fe7-4d05-465c-b36a-15e6030361da
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTAyMzIzNTYwNDQyMDgwNjc1NQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3835 0
20 B 53ms
53ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=4526408382081&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3835 0
20 B 51ms
51ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=4526408382081&version=m202301230201&ct=76&x=1&cor=18259861602315893000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 3835 93 KB
37 KB 70ms
69ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DUcHF8RCmu9TT266PD3wCklEPaOKa1MWhJ51v_fGyo3ZtXFT8TmtajRUQCNcfkxIp7I8WWu3IypgypkRdt4tOM86AqxLRpOaFACrpAWUGZPCLYhjYgzDlXkj_VEzxY0BVxtMFcwvD2mmgLvf4P3Pz7zZmtPPOhkn2c_FT4FsIA2LQIfVI&dbm_d=AKAmf-BygZrtNDluO-mvv3b0iX_vhsr0Zkk-l3kWsECtUTVIVAl3xh817U8WZyN_OhMksaM4Yyhs98oAhmt5QwaReq71uMBFugdfGmtXUUKNdXOQ2RXKhkL3z4fq27VzarLnTQgB1Bzu9bAkBquBxI1FzMeAd68CoPUa2qQZpvod8FnYYnZ9P93HX98DLQpa79Dc2QGroYNq-RYAjMPgyorsxI1R2I79l1LN5ejCihZ4A72VgtIRHYs4dLAzrNDbsZuI0921Lgx16zxzrGCA7Bx4jgDjLTZAbhKqCcLtlGX9_EhZGm-MXJPmShr3TaSpj0_eAFk5ixcIsLOoe80EaIJTkm8394O3eV2qtbN2Vkgvh0u5ENm-w3GdIsj34JDVXtrhQGYHhd8LD_rVINSYGvrKBgLsdtu9_kqgKdI_U2JkGeoYFniMXLl6q69CRTuXFG-MPJecPaczg-3b8YFkpyjseLXvRWs49KhJYnvQIf25O69_3fcxSV156xMWwvnMhh5lIH6ODDoIq7l6uqzuZdFCNNVDEdnx83vcU2c0oQFaRPQQ72iW9WNwJ338MW_IincUim3N14WDOzLMDQ_HyHNE6KYEMHLGFkVB-iiymFitZhy3fub6327a4NDUqOchWowM1lbvgEtIRLV4jwwq37zvmsvHpbJqdP4R0INSNKXkjfFywdhWLWYLwTuRgdQAsBflics8iXYsdZVUNE8Tx61EMoyBqiyN5_njYWNDgvQIWRtA7TKn9EUntXc1f9IMdSLHkSa7Ef-vc5gRVsRMA3O2Jbc70a8i5umL70-MKl8pyOWpKTIk4a6jgwRtVCdh57XxZQeo4zmFYstn7OO_2IrTpbJmJSVzprHC1dS4-aoqpxCJztsxPt9IysMBKW4mf9BiEX7fX5s5qYOuNfFqq2g4L5M0jD4_iumcJBgnmb9GNNd5CkJrgmGDSz-3WjlWzYB9lMAIxo_jmiqSyvF28zzxN_YrfdEiZgWJiYuc6bhZvVrVEl88yKr0JHAU9nbaqmTcTUS1_SB6aiwMmtx-i2aIZpaZCh3z4wWwFZt_HxD0xRE-9II2spR_cvRt1QxL1RE44PLw78wyDvx3qaTElU8hzhobmruHLSah0oA-Au57qoCDiwOL-Y-O2jp4M3yuPOeN-400AdLfyeMusRlt-mnL67ac6XFl680qZQXD7f-VLeCWfWO5eBiyTvRmcznWac6BnYIwogpo1GF1v5hNpM1UkxPQhSC5GDL8-YCwotjSa9PfSlb6diZL9oV3Y0FkMhwPyWURezIZtTx2GLdYEVCTIZLd32RRofVIgo0HtmcaF-odITqQ7FPWPDO3JZovorY3FlSyN5XxcR8ilLDtIksf-bWHwbhbWMoobGStYajL5ceeLyUQcxyPhGjicrHqBwbsQQxeRsqV8096w-HqFG58n_oAsQonRixxn1tDDjSM5gCYccpFibd3tywkkA_TQmydhyVdLnUo6APs8Le1WPiFhD6XwTtcDakb3z44fVKZNw_dQa2Ns5QEBOcq6sTCbOhcM7Mr-2vZS54hN18Z3OmDxfJUqvxnSgiJ_BlW70TVrP7j3eA-aq6qrmqRw43O9PBS7OoTF9COMlknsQ4YQpfy6ZLvBgktivH5qDZvLnxfGDJQICtQwsz-ecbHp340RT9RJLkzjIitE5A-Ad3HcyTAD5wAcB_3qfaOXlkAALgH4-loSTbxbESn25VBchxFPFLid5JSbalJgvFlHmxZSIXMw_D7yMrHC9kWWE1rBUN4QzZ48RwCLd-_FDZBOW6fLGYL-VqXOwaPZNNRiSwiRoCVmEwZYA_a1O483iTK_-0LWv0UHFtiTkd8ynpNO9s_HwC8xdmUud-kk_TgpGuSBkJPO2bOHYLky2buC2sTrjWxRbYpbdL2ACC84nqjHsh85HVUfX2WCL5EcIOl6PvYlH76wp-0NZOmDo-k0ateCHL9MeMSSu0RpsCuAlCNaANv-unCC_mMWERnAn_GPQENGtd-u36P7OaYx_eW7-GmfYKmMGVmN-TP8tMdo5pum6jiyzqK6ZF_y-MP1SdIp9xrNyQXUlwbdPx-fqNGQesdsaW9LqbI0IF8iOjXbpb0cdO2Sno5ctAWDTZe-8llMGxtIDAtyzZDpdzvNsfZX8TqwlMNSqm44QKRExugdmlm1k8RGvqi0WDm8NkVL-Gc3TKV1bInqLi-lbc-wZw_of9WwuHoQljH5tvXsK8DVWUNGl0Ilg76tCinbRpW8IuhvwGV7vdEbS72nFjESPAWebW2HT-U_dKNi-PqSlJuhm8UwBK47mhvX38PoQTzbm0mVEoEUAizsPbDC6adJBlDQDOuWFK8pHohLrhtMdIJ2ZpVR8XUlxTxnEeZD1TrP_cfRzlqtlnW9tj798_sAxTmq1kc6YbVySaeCCcIAMYyaicF4SNfgmvX95DtURtiGmXmXcPHMOY4BKn0RMVL0u7cgtPWuzPzAGYGmkAENTrVv4D7kMFekQJVQuJ4xwPixQ1zVROt8OAna8j3btSy1w8tL2hAep3FOD56D-TRJWW-MiUYjSPKB3ioM6224SWImhs9BY_dtg6k5QuVnay5tB8ucPLwveQ7fUrVy8mbtPjm35pCBIXN3oGtCR8UK4xeegbLIh7woJoPspvB9Dwfc92IOMtJuG6AQD17iBtJrmzW7plSGRk1w-_4SyG5OKAGU1bSWyHcUUUYfnsSizxg-7-czuN8VuBBRMNhDo8FFqBbug_1hhKGffU6UeZ8IOXM8n33mz4WgJ3gCBzHmfddDfsUeNEkiW4q348qgCihBgVvGndrjjeNnMiQS2GJnwzj6h_qF2pB4dF_iqNl2Wla2vB47P7Y1sxtLYlJauWR32Jr-eK1HbXPfYTDtYBNa_NnhCQG-NLE-1Xgy4IR_fkMAVPWcyhaVDCHLtmWHihVvie5nDLJ48vLk7zxeJ_UuDPA7-4Smm2XySW6Uemi_hERnhwst0FNJMIZhops1rKkDdLOd2QcK-j22gUfYvTtuJAhAaBZc81fZfPbxWJO26GlIQXuX8V6OJiCfeU6F6gc2hvqPFLoAYVn6tG2i2khHPmEuFKx-JCl7ZymdTlRqOEnGq42jYJIsKqV_OR6r64zcN5h--nEFtUbJRLWE0hJTlPORvRtLVr-5FDX8wEZWB4l6JwSbzw8NA5OXcR7yJv2Ntndd_OwBzBEGtNMOv3oqQ7pNGT5Q2jUhhm9p7aZEYIct9eA082UttotDy1o0cxF6a3Y3yZfQjPGmI9eMLVzI8bazNFshTmXE9_oPR-wbHRM1M4PqCWlpFTWD88Jl-ALhjr0fPBu0hFk4CVyM80id_rz&cid=CAQSPADUE5ym0Ebca4TKWngN8EESjpX7jJvziBM5elWOd3h-Epp7lNMkCWjhtaDtVptU-3zdJl6baoLXlWzHkBgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fscam.vn%2F&ds=l&xdt=1&iif=1&cor=18259861602315893000&adk=1877897943&idt=164&cac=0&dtd=6

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e5fe1bb91f7591c3e93fa382507c7b0ef3f3eb4f0e98d7549fa5424ef17365b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7618423324404424&output=html&h=90&adk=3869488725&adf=360036981&pi=t.aa~a.3759911452~rp.1&w=1145&fwrn=4&fwrnh=100&lmt=1676910293&rafmt=1&to=qs&pwprc=5012342430&format=1145x90&url=https%3A%2F%2Fscam.vn%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676910293455&bpp=1&bdt=1123&idt=1&shv=r20230215&mjsv=m202302130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc1664e6979bdde9f-22968790f6dc0005%3AT%3D1676910292%3ART%3D1676910292%3AS%3DALNI_MZoAa6b_rr5_Ocmms6VUyaNBfVCcw&gpic=UID%3D00000bb957e8f02a%3AT%3D1676910292%3ART%3D1676910292%3AS%3DALNI_MaGmySzK1xQTZAvFZg0Twz5HaKebA&prev_fmts=0x0%2C1145x280%2C1175x280&nras=4&correlator=3247602610087&frm=20&pv=1&ga_vid=100274804.1676910293&ga_sid=1676910293&ga_hid=557402630&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=228&ady=2224&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071755%2C31071662%2C31071976%2C31072499&oid=2&pvsid=2204243330728700&tmod=1929045309&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=IJDrVqT7QY&p=https%3A//scam.vn&dtd=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:54 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37741
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 9EA4 28 KB
28 KB 19ms
19ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 17:05:31 GMT
x-content-type-options: nosniff
age: 429563
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 15 Feb 2024 17:05:31 GMT

GET
H3 200 ENhUjQ5Efr1LKcBlRSMtCxEMsPeXm4hb-JW7itjXrRA.js Show response
pagead2.googlesyndication.com/bg/ Frame 36B9 36 KB
14 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ENhUjQ5Efr1LKcBlRSMtCxEMsPeXm4hb-JW7itjXrRA.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

10d8548d0e447ebd4b29c06545232d0b110cb0f7979b885bf895bb8ad8d7ad10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 07:30:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32086
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14306
x-xss-protection: 0
last-modified: Mon, 13 Feb 2023 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 20 Feb 2024 07:30:08 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1333404/69076805/ Frame 3835 243 KB
73 KB 251ms
41ms Script
application/javascript 54.78.104.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1333404/69076805/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=27496782&ias_pubId=pub-7618423324404424&ias_chanId=1&ias_placementId=16627720464&bidurl=https://scam.vn/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0jwr_JnyZi5cCMrpZA7Y9Lg
Requested by: Host: scam.vn
URL: https://scam.vn/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.78.104.30 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-78-104-30.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8bb90dede9f9dc277898d24507082149c631ea36798c9ad6a3b926835ddf33f6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:54 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 3835 106 KB
37 KB 138ms
35ms Script
text/javascript 2a00:1450:400d:802::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: scam.vn
URL: https://scam.vn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 08:41:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 27818
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 21 Feb 2023 08:41:16 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230215/r20110914/elements/html/ Frame 3835 8 KB
3 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230215/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DUcHF8RCmu9TT266PD3wCklEPaOKa1MWhJ51v_fGyo3ZtXFT8TmtajRUQCNcfkxIp7I8WWu3IypgypkRdt4tOM86AqxLRpOaFACrpAWUGZPCLYhjYgzDlXkj_VEzxY0BVxtMFcwvD2mmgLvf4P3Pz7zZmtPPOhkn2c_FT4FsIA2LQIfVI&dbm_d=AKAmf-BygZrtNDluO-mvv3b0iX_vhsr0Zkk-l3kWsECtUTVIVAl3xh817U8WZyN_OhMksaM4Yyhs98oAhmt5QwaReq71uMBFugdfGmtXUUKNdXOQ2RXKhkL3z4fq27VzarLnTQgB1Bzu9bAkBquBxI1FzMeAd68CoPUa2qQZpvod8FnYYnZ9P93HX98DLQpa79Dc2QGroYNq-RYAjMPgyorsxI1R2I79l1LN5ejCihZ4A72VgtIRHYs4dLAzrNDbsZuI0921Lgx16zxzrGCA7Bx4jgDjLTZAbhKqCcLtlGX9_EhZGm-MXJPmShr3TaSpj0_eAFk5ixcIsLOoe80EaIJTkm8394O3eV2qtbN2Vkgvh0u5ENm-w3GdIsj34JDVXtrhQGYHhd8LD_rVINSYGvrKBgLsdtu9_kqgKdI_U2JkGeoYFniMXLl6q69CRTuXFG-MPJecPaczg-3b8YFkpyjseLXvRWs49KhJYnvQIf25O69_3fcxSV156xMWwvnMhh5lIH6ODDoIq7l6uqzuZdFCNNVDEdnx83vcU2c0oQFaRPQQ72iW9WNwJ338MW_IincUim3N14WDOzLMDQ_HyHNE6KYEMHLGFkVB-iiymFitZhy3fub6327a4NDUqOchWowM1lbvgEtIRLV4jwwq37zvmsvHpbJqdP4R0INSNKXkjfFywdhWLWYLwTuRgdQAsBflics8iXYsdZVUNE8Tx61EMoyBqiyN5_njYWNDgvQIWRtA7TKn9EUntXc1f9IMdSLHkSa7Ef-vc5gRVsRMA3O2Jbc70a8i5umL70-MKl8pyOWpKTIk4a6jgwRtVCdh57XxZQeo4zmFYstn7OO_2IrTpbJmJSVzprHC1dS4-aoqpxCJztsxPt9IysMBKW4mf9BiEX7fX5s5qYOuNfFqq2g4L5M0jD4_iumcJBgnmb9GNNd5CkJrgmGDSz-3WjlWzYB9lMAIxo_jmiqSyvF28zzxN_YrfdEiZgWJiYuc6bhZvVrVEl88yKr0JHAU9nbaqmTcTUS1_SB6aiwMmtx-i2aIZpaZCh3z4wWwFZt_HxD0xRE-9II2spR_cvRt1QxL1RE44PLw78wyDvx3qaTElU8hzhobmruHLSah0oA-Au57qoCDiwOL-Y-O2jp4M3yuPOeN-400AdLfyeMusRlt-mnL67ac6XFl680qZQXD7f-VLeCWfWO5eBiyTvRmcznWac6BnYIwogpo1GF1v5hNpM1UkxPQhSC5GDL8-YCwotjSa9PfSlb6diZL9oV3Y0FkMhwPyWURezIZtTx2GLdYEVCTIZLd32RRofVIgo0HtmcaF-odITqQ7FPWPDO3JZovorY3FlSyN5XxcR8ilLDtIksf-bWHwbhbWMoobGStYajL5ceeLyUQcxyPhGjicrHqBwbsQQxeRsqV8096w-HqFG58n_oAsQonRixxn1tDDjSM5gCYccpFibd3tywkkA_TQmydhyVdLnUo6APs8Le1WPiFhD6XwTtcDakb3z44fVKZNw_dQa2Ns5QEBOcq6sTCbOhcM7Mr-2vZS54hN18Z3OmDxfJUqvxnSgiJ_BlW70TVrP7j3eA-aq6qrmqRw43O9PBS7OoTF9COMlknsQ4YQpfy6ZLvBgktivH5qDZvLnxfGDJQICtQwsz-ecbHp340RT9RJLkzjIitE5A-Ad3HcyTAD5wAcB_3qfaOXlkAALgH4-loSTbxbESn25VBchxFPFLid5JSbalJgvFlHmxZSIXMw_D7yMrHC9kWWE1rBUN4QzZ48RwCLd-_FDZBOW6fLGYL-VqXOwaPZNNRiSwiRoCVmEwZYA_a1O483iTK_-0LWv0UHFtiTkd8ynpNO9s_HwC8xdmUud-kk_TgpGuSBkJPO2bOHYLky2buC2sTrjWxRbYpbdL2ACC84nqjHsh85HVUfX2WCL5EcIOl6PvYlH76wp-0NZOmDo-k0ateCHL9MeMSSu0RpsCuAlCNaANv-unCC_mMWERnAn_GPQENGtd-u36P7OaYx_eW7-GmfYKmMGVmN-TP8tMdo5pum6jiyzqK6ZF_y-MP1SdIp9xrNyQXUlwbdPx-fqNGQesdsaW9LqbI0IF8iOjXbpb0cdO2Sno5ctAWDTZe-8llMGxtIDAtyzZDpdzvNsfZX8TqwlMNSqm44QKRExugdmlm1k8RGvqi0WDm8NkVL-Gc3TKV1bInqLi-lbc-wZw_of9WwuHoQljH5tvXsK8DVWUNGl0Ilg76tCinbRpW8IuhvwGV7vdEbS72nFjESPAWebW2HT-U_dKNi-PqSlJuhm8UwBK47mhvX38PoQTzbm0mVEoEUAizsPbDC6adJBlDQDOuWFK8pHohLrhtMdIJ2ZpVR8XUlxTxnEeZD1TrP_cfRzlqtlnW9tj798_sAxTmq1kc6YbVySaeCCcIAMYyaicF4SNfgmvX95DtURtiGmXmXcPHMOY4BKn0RMVL0u7cgtPWuzPzAGYGmkAENTrVv4D7kMFekQJVQuJ4xwPixQ1zVROt8OAna8j3btSy1w8tL2hAep3FOD56D-TRJWW-MiUYjSPKB3ioM6224SWImhs9BY_dtg6k5QuVnay5tB8ucPLwveQ7fUrVy8mbtPjm35pCBIXN3oGtCR8UK4xeegbLIh7woJoPspvB9Dwfc92IOMtJuG6AQD17iBtJrmzW7plSGRk1w-_4SyG5OKAGU1bSWyHcUUUYfnsSizxg-7-czuN8VuBBRMNhDo8FFqBbug_1hhKGffU6UeZ8IOXM8n33mz4WgJ3gCBzHmfddDfsUeNEkiW4q348qgCihBgVvGndrjjeNnMiQS2GJnwzj6h_qF2pB4dF_iqNl2Wla2vB47P7Y1sxtLYlJauWR32Jr-eK1HbXPfYTDtYBNa_NnhCQG-NLE-1Xgy4IR_fkMAVPWcyhaVDCHLtmWHihVvie5nDLJ48vLk7zxeJ_UuDPA7-4Smm2XySW6Uemi_hERnhwst0FNJMIZhops1rKkDdLOd2QcK-j22gUfYvTtuJAhAaBZc81fZfPbxWJO26GlIQXuX8V6OJiCfeU6F6gc2hvqPFLoAYVn6tG2i2khHPmEuFKx-JCl7ZymdTlRqOEnGq42jYJIsKqV_OR6r64zcN5h--nEFtUbJRLWE0hJTlPORvRtLVr-5FDX8wEZWB4l6JwSbzw8NA5OXcR7yJv2Ntndd_OwBzBEGtNMOv3oqQ7pNGT5Q2jUhhm9p7aZEYIct9eA082UttotDy1o0cxF6a3Y3yZfQjPGmI9eMLVzI8bazNFshTmXE9_oPR-wbHRM1M4PqCWlpFTWD88Jl-ALhjr0fPBu0hFk4CVyM80id_rz&cid=CAQSPADUE5ym0Ebca4TKWngN8EESjpX7jJvziBM5elWOd3h-Epp7lNMkCWjhtaDtVptU-3zdJl6baoLXlWzHkBgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fscam.vn%2F&ds=l&xdt=1&iif=1&cor=18259861602315893000&adk=1877897943&idt=164&cac=0&dtd=6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 13:42:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9722
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Mar 2023 13:42:52 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230215/r20110914/ Frame 3835 28 KB
11 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230215/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

139c36234c15d74808b6156ef8e3d533a4a2dfd4ea6447428091ad4b6916b8da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 13:42:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9722
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10784
x-xss-protection: 0
server: cafe
etag: 15652644324719269315
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Mar 2023 13:42:52 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 3835 41 KB
15 KB 34ms
34ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 18:06:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 339520
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 16 Feb 2024 18:06:14 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 2823 1 KB
643 B 20ms
19ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 68416
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Feb 2023 21:24:38 GMT
etag: 48472445140208031
expires: Mon, 20 Feb 2023 21:24:38 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 3835 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5e55743ee430c576dd1c0dad897efb97fae4c2ee3ade090aa1abe208aeaef759

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2823
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEBlRQtNk5w579MqRvRdXcK0&google_cver=1&google_push=Aa02lx9WPML3wMO3Ykl56tUtvWAXna6547ga7CL-QnVZzgzvGlhbTjZq0mVHhlBjDxcbWecczujEdkEl-CoNVkczZvp0MSP95k-dOws
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=2A61C854C76D4AC7BF61EF8213662CB0&google_push=Aa02lx9WPML3wMO3Ykl56tUtvWAXna6547ga7CL-QnVZzgzvGlhbTjZq0mVHhlBjDxcbWecczujEdkEl-CoNVkc...

170 B
188 B

29ms
29ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=2A61C854C76D4AC7BF61EF8213662CB0&google_push=Aa02lx9WPML3wMO3Ykl56tUtvWAXna6547ga7CL-QnVZzgzvGlhbTjZq0mVHhlBjDxcbWecczujEdkEl-CoNVkczZvp0MSP95k-dOws

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 20 Feb 2023 16:24:54 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=2A61C854C76D4AC7BF61EF8213662CB0&google_push=Aa02lx9WPML3wMO3Ykl56tUtvWAXna6547ga7CL-QnVZzgzvGlhbTjZq0mVHhlBjDxcbWecczujEdkEl-CoNVkczZvp0MSP95k-dOws
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Sun, 19 Feb 2023 16:24:54 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2823
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=po0vAXH-TN-F0zkeRFb90w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

26ms
25ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=po0vAXH-TN-F0zkeRFb90w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=Aa02lx_2eTVJ2HApDhJL4hddBIetWaafHdPxv3XDH8f1-iSxmjRER2BC-Lgn_c1DMzv3B9xy9gKesJbd8DB3SxlOLeKshjTQ4BCmGgM

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=po0vAXH-TN-F0zkeRFb90w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=Aa02lx_2eTVJ2HApDhJL4hddBIetWaafHdPxv3XDH8f1-iSxmjRER2BC-Lgn_c1DMzv3B9xy9gKesJbd8DB3SxlOLeKshjTQ4BCmGgM
date: Mon, 20 Feb 2023 16:24:54 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2823
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEDi4Q7pxWdNZEW54CpWs71A&google_cver=1&google_push=Aa02lx9095pKPWPBBRglAEI7nydRbAlbgFHzD1Z-mNjJAlAWQlUfIyToP2EiuiIvuF1p9lVUVdj...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEVEMTNDQ0EtMVQtRlNZUg==&google_push=Aa02lx9095pKPWPBBRglAEI7nydRbAlbgFHzD1Z-mNjJAlAWQlUfIyToP2EiuiIvuF1p9lVUVdju_MAn9-P8ERyC2mnT6r5pqyunlA

170 B
188 B

31ms
31ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEVEMTNDQ0EtMVQtRlNZUg==&google_push=Aa02lx9095pKPWPBBRglAEI7nydRbAlbgFHzD1Z-mNjJAlAWQlUfIyToP2EiuiIvuF1p9lVUVdju_MAn9-P8ERyC2mnT6r5pqyunlA

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEVEMTNDQ0EtMVQtRlNZUg==&google_push=Aa02lx9095pKPWPBBRglAEI7nydRbAlbgFHzD1Z-mNjJAlAWQlUfIyToP2EiuiIvuF1p9lVUVdju_MAn9-P8ERyC2mnT6r5pqyunlA
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2823
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEJwKtbKKZHLZGzarRAc3N4c&google_cver=1&google_push=Aa02lx-mMVVJgWHjC2Bz639o8UVjaN85-56lVRBNLj7JYaL1QOhEvwt0RogYaCJ6SfMZUexIbFPgL-ehcPp7...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx-mMVVJgWHjC2Bz639o8UVjaN85-56lVRBNLj7JYaL1QOhEvwt0RogYaCJ6SfMZUexIbFPgL-ehcPp7jhG7MoEVDWarUytxVQ

170 B
188 B

27ms
27ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx-mMVVJgWHjC2Bz639o8UVjaN85-56lVRBNLj7JYaL1QOhEvwt0RogYaCJ6SfMZUexIbFPgL-ehcPp7jhG7MoEVDWarUytxVQ

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx-mMVVJgWHjC2Bz639o8UVjaN85-56lVRBNLj7JYaL1QOhEvwt0RogYaCJ6SfMZUexIbFPgL-ehcPp7jhG7MoEVDWarUytxVQ
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2823
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESECYAB97EMjteno4ixm_iznA&google_cver=1&google_push=Aa02lx9voaUmMSBwvpwkZiz6Lii4pAYN7eyE6x4lsu9PgaoN7tu1qYnGQzu9u9kCgzMwFg9DRE...
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESECYAB97EMjteno4ixm_iznA&google_cver=1&google_push=Aa02lx9voaUmMSBwvpwkZiz6Lii4pAYN7eyE6x4lsu9PgaoN7tu1qYnGQzu9u9kCgzMwFg9DRE...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS00ZWFDcWFaRTJ1RWNtWW9NR2xEZVJDejFweE5VZENfX35B&google_push=Aa02lx9voaUmMSBwvpwkZiz6Lii4pAYN7eyE6x4lsu9PgaoN7tu1qYnGQ...

170 B
188 B

29ms
29ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS00ZWFDcWFaRTJ1RWNtWW9NR2xEZVJDejFweE5VZENfX35B&google_push=Aa02lx9voaUmMSBwvpwkZiz6Lii4pAYN7eyE6x4lsu9PgaoN7tu1qYnGQzu9u9kCgzMwFg9DREU_C7O6HiEoAFxIgZeWmKTb2LblomZx

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS00ZWFDcWFaRTJ1RWNtWW9NR2xEZVJDejFweE5VZENfX35B&google_push=Aa02lx9voaUmMSBwvpwkZiz6Lii4pAYN7eyE6x4lsu9PgaoN7tu1qYnGQzu9u9kCgzMwFg9DREU_C7O6HiEoAFxIgZeWmKTb2LblomZx
date: Mon, 20 Feb 2023 16:24:54 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2823
Redirect Chain

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESECAgg2UjtkEf-C2jcYPcv0Q&google_cver=1&google_push=Aa02lx-R9ssK4qkw8...
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=MTAyMzIzNTYwNDQyMDgwNjc1NQ%3D%3D&google_gid=CAESECAgg2UjtkEf-C2jcYPcv0Q&google_cver=1&google_push=Aa02lx-R9ssK4qkw8GI3165SSYjyJOsgdj...

170 B
188 B

29ms
29ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=MTAyMzIzNTYwNDQyMDgwNjc1NQ%3D%3D&google_gid=CAESECAgg2UjtkEf-C2jcYPcv0Q&google_cver=1&google_push=Aa02lx-R9ssK4qkw8GI3165SSYjyJOsgdjEx9lVede8Y8F-fIiaLLv6NEpdBAgOoywa4kKq3sT3eEtJFEWscij8KERX5y3OYLJ_8WOc

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 20 Feb 2023 16:24:54 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 178.162.209.142; 178.162.209.142; 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 05940f79-c81e-46de-ae4e-5a0bb6c50609
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=MTAyMzIzNTYwNDQyMDgwNjc1NQ%3D%3D&google_gid=CAESECAgg2UjtkEf-C2jcYPcv0Q&google_cver=1&google_push=Aa02lx-R9ssK4qkw8GI3165SSYjyJOsgdjEx9lVede8Y8F-fIiaLLv6NEpdBAgOoywa4kKq3sT3eEtJFEWscij8KERX5y3OYLJ_8WOc
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2823
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEPqZAkQcf...
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEPq...
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=dcc9e09b-36a9-4824-bcbd-359e9ae5d616&%%GOOGLE_PUSH_PAIR%%

170 B
188 B

28ms
28ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=dcc9e09b-36a9-4824-bcbd-359e9ae5d616&%%GOOGLE_PUSH_PAIR%%

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=dcc9e09b-36a9-4824-bcbd-359e9ae5d616&%%GOOGLE_PUSH_PAIR%%
date: Mon, 20 Feb 2023 16:24:55 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 2823 0
12 B 28ms
27ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JLU7AavPA1p9bDAAV7-E59kTa1Hr-1LSOl4s2v7stdY_2Un_u_W1QFKPyRAUGJsXEOL-q2Bi1L

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:54 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 3304 22 KB
8 KB 37ms
36ms Document
text/html 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 339519
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 18:06:15 GMT
expires: Fri, 16 Feb 2024 18:06:15 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/3262300174248127772/ Frame BD9A 157 KB
24 KB 100ms
33ms Document
text/html 2a00:1450:400d:802::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/3262300174248127772/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:802::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4aaaf183987b18a9443083873e5c489f1543ce6acabe355a182887c1cb7b713c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 357448
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 24280
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 13:07:26 GMT
expires: Fri, 16 Feb 2024 13:07:26 GMT
last-modified: Tue, 17 Jan 2023 11:25:47 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3835 0
0 118ms
59ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuMAMdlr1nDGfyLzinZiUpik_dZFTHmQtJrMXWiPK7GoQGwPQkEZscmMnWe7wDvuBOBjR-b2ep_rhkn747srBzM0SzyMnbXdtBcycYsIX4FELqrBBFmLDJHoPt-9cBb6SOLhs3T0p1huO5scPOkGH2F0u_H4iZKdxQuWJI3FrbQLJaxUqaVmN5fxEe3gSizBWMBzO1TS54rSOvW-C9DHisFqOBuKIh03Rc2hGTnWiM6N7SYyY_LWrlowd_wAMlG_zYq5NdMZYUwmDT7scqpTQjdL7KS0jjbl9C09QUTww2owr2RmzllTzp3vqxnO8lddQ7kXDtRA6i5R_RXoQavacN8yPd6dTR0LjrvOA_ux1zGlcdi0sLR47uS3PMvD1HqJY_5q0ppVPcFMCGoyNTONCeKMNAYKzMoV76Fy9Li4xXoH5u53fjEGAn5-wmIWlzDDLrjKc_TYb1_Z9yFQW0Zln0HEryw6GAui88dre-NPHfo6bxcRj175hWimCVkdc-Pr_ub7V71xZL6B00Dl6oAIGfQ95kOM9cwSljZAH57cGE2wo7fmBtHCN_iXuhFAHpt-feuCWTzK10kMDsCDrvl1YY8RWDeBk6e8_GnyQNrqjCxr6hCFgiAVRkPUdgeITIOrawXARAs4oTPzwWCnRBVOS1Vbz8I3EHtgFbCXVAB2MDkat8ZZBV07zrpszT4_yu3ZxoQQHjHJE6uRrRJDIYe1EBZZqvfw-_Mwly2Wjx3ygTlU58c_mbEzJJgXLf9LYYmjgQyZ37sjzzIW0Fv8RYeu29nPOZlX0ynK97W8mabkqKutT9OaN2hKJev5XfNGLEUvcMDAgYemgeFl1DibAQQvAbTErlGz0IAd6LxpfO6ZUvVHWTKzpZVxkqWVBase_b0BJ9CG5H6-k1G9oceXs2CZ8pBoHcRr-xlL6hQdufbMWLA1Mf7n6VkZ6zEih5tpsQyc5j1iEhntLDDUUOv7nju9-GZIK-VAwF7-cI93_JNpBoRYmcPl-Q0SxVuMmRENeR1aCozEAJz3Jo-1tWFhvx8IEFJnXCk_jsb1Xjq13orBmYp1ae8-E8xo-eg90Zv9ALrS7dN6HDIbmOlGcjNbm7B13uKosfuzb1gKGcgur7cD1aDICNnsHj99P9FzcMfd_J2oPrAE9r-Z6qE4MrYsbdIq6uTIMDv_uwZaB3yFjR0ylcz8D9_wdi97dWRYuswBIA3lmnkjtbfCkI&sai=AMfl-YQpkIlp1nV3LlxqE5w5snrev4FDu8DdB2K-X9Pw5gA4y9Ho9ErnqzsLJwXWzWlqn-agho8BOREv2e0jiGS-2tSofqKGj2FZ2BLTasPwezIsuZkumcggoVL1IVRF-id6IxxoBL4oyVcBnprH_A8SVDYNYExgvNCbumKYJXISpEkOQsNnGEkQWzk9keFXyrZ0Nl2mFp6vy-tArx9XPgq3Z2qrPdaEI0sLizJa1DT9xlglv_Mg7hBgAet-ddi6YhiUb5zB9g0&sig=Cg0ArKJSzDECQOncvw6dEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=193&cbvp=1&cstd=189&cisv=r20230215.33445&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: scam.vn
URL: https://scam.vn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 20 Feb 2023 16:24:54 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 20 Feb 2023 16:24:54 GMT

GET
H3 200 ENhUjQ5Efr1LKcBlRSMtCxEMsPeXm4hb-JW7itjXrRA.js Show response
pagead2.googlesyndication.com/bg/ Frame 3304 36 KB
14 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ENhUjQ5Efr1LKcBlRSMtCxEMsPeXm4hb-JW7itjXrRA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

10d8548d0e447ebd4b29c06545232d0b110cb0f7979b885bf895bb8ad8d7ad10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 07:30:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32086
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14306
x-xss-protection: 0
last-modified: Mon, 13 Feb 2023 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 20 Feb 2024 07:30:08 GMT

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame BD9A 29 KB
10 KB 31ms
30ms Script
text/javascript 2a00:1450:400d:802::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/3262300174248127772/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:802::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/3262300174248127772/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 13:24:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10820
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 21 Feb 2023 13:24:34 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3304 0
20 B 53ms
53ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BzxZu1p7zY8qBGsey3gO52YbwDgAAAAA4AeAEAg&bg=!cHOlcyfNAAZYlHKzeJQ7ADkAdvg8Wo5juPeNPmWD_o2TGEiKapq5eGs9DrAoLr4g7ytARiWlSuU8t7kxDr7rQ4ABRiR-DQJIu2QCAAAAWFIAAAACaAEHmQLkklgvC_q2Eh7FDTa-260aOl0ZLpvXcnHFQ8Dcgvk1SytT5slX6wwUx2IFJU8oKhOxUbsAUJXylMHx1JaWUFd-LlRuq9NDnK3mMb2bdDsWOYJINU07E6W32XZyU2_PgsvWfd0x3AWSFiLK0g5bgU7PMuJAtBG7fffdXAv1ZWP7YJhiq5r6U1Kphqp0YDGDNW8_tdGhms7ArCXBFeZsElgM2D7YGkqLqAvccfzskZBFew61e2hEMH6GybxnrG_dnVjXIXN05wgxFfhqLGe7_vetWbUnn1Ua23URCBpQd2AZLarCPZAYF7Xxvmn4P_jPTxfmuDP08cYBRMLW8Ul8OXUai3B0A8M7KTFunmlVXQPXKaYWveEodgNSheaCMUlSehw-5LyspjD8nD3pwtRONob4RwG-hWWyyQ8roK-F4lJAFLb4hjn0qq99ErndQp6gW4DBNcYY1CeuO68lrgY7xQbkmOKb-vtSeVU_rDy1RbpUeiJZn242PrM7PDh0asMu9brCxQbCT17mINU653x_mKWlz5qg4x-kWQDwZTcATDx01kSX-GJ7Rv8F9RAyJvqjk2VY3_2dA4wyD8NdEZiQ4ECOf1u0Oruhc8U7MG-liQpJsWhP8ugmcNX-kOD5C0gEamwcrC7AVBQQprd3q-NC2mnXikdhuXncSKts5LEplh4YHcbnIVg060d2AlZiOl1VrpZir0bEKtu7b1BbjZt7Nv0kHx03J-9T2wNYS3rwsmypzA4vg3hMpnlNNnSKH5NlwQmMlgxUMXWxfMonZZM_kCRDsqVW6tHzjCIUVShwCNnUxzG6UiA_4SZDXuTm8r3jXhG-4YbSpHAWFOnH5JBxYBG6jhuOcPPYdAYN3rgVekTvaH1mqIEXZqexujCezy4hiUR4nVgg30dzXJUfRKoi5IZA3GCFeHGaFfoKGoScycbwV2Ubj-JRys716GyehMiJdrY06w47Dsu-VRldTu_cSfyVjSxN_lM

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3835 0
0 55ms
55ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuMAMdlr1nDGfyLzinZiUpik_dZFTHmQtJrMXWiPK7GoQGwPQkEZscmMnWe7wDvuBOBjR-b2ep_rhkn747srBzM0SzyMnbXdtBcycYsIX4FELqrBBFmLDJHoPt-9cBb6SOLhs3T0p1huO5scPOkGH2F0u_H4iZKdxQuWJI3FrbQLJaxUqaVmN5fxEe3gSizBWMBzO1TS54rSOvW-C9DHisFqOBuKIh03Rc2hGTnWiM6N7SYyY_LWrlowd_wAMlG_zYq5NdMZYUwmDT7scqpTQjdL7KS0jjbl9C09QUTww2owr2RmzllTzp3vqxnO8lddQ7kXDtRA6i5R_RXoQavacN8yPd6dTR0LjrvOA_ux1zGlcdi0sLR47uS3PMvD1HqJY_5q0ppVPcFMCGoyNTONCeKMNAYKzMoV76Fy9Li4xXoH5u53fjEGAn5-wmIWlzDDLrjKc_TYb1_Z9yFQW0Zln0HEryw6GAui88dre-NPHfo6bxcRj175hWimCVkdc-Pr_ub7V71xZL6B00Dl6oAIGfQ95kOM9cwSljZAH57cGE2wo7fmBtHCN_iXuhFAHpt-feuCWTzK10kMDsCDrvl1YY8RWDeBk6e8_GnyQNrqjCxr6hCFgiAVRkPUdgeITIOrawXARAs4oTPzwWCnRBVOS1Vbz8I3EHtgFbCXVAB2MDkat8ZZBV07zrpszT4_yu3ZxoQQHjHJE6uRrRJDIYe1EBZZqvfw-_Mwly2Wjx3ygTlU58c_mbEzJJgXLf9LYYmjgQyZ37sjzzIW0Fv8RYeu29nPOZlX0ynK97W8mabkqKutT9OaN2hKJev5XfNGLEUvcMDAgYemgeFl1DibAQQvAbTErlGz0IAd6LxpfO6ZUvVHWTKzpZVxkqWVBase_b0BJ9CG5H6-k1G9oceXs2CZ8pBoHcRr-xlL6hQdufbMWLA1Mf7n6VkZ6zEih5tpsQyc5j1iEhntLDDUUOv7nju9-GZIK-VAwF7-cI93_JNpBoRYmcPl-Q0SxVuMmRENeR1aCozEAJz3Jo-1tWFhvx8IEFJnXCk_jsb1Xjq13orBmYp1ae8-E8xo-eg90Zv9ALrS7dN6HDIbmOlGcjNbm7B13uKosfuzb1gKGcgur7cD1aDICNnsHj99P9FzcMfd_J2oPrAE9r-Z6qE4MrYsbdIq6uTIMDv_uwZaB3yFjR0ylcz8D9_wdi97dWRYuswBIA3lmnkjtbfCkI&sai=AMfl-YQpkIlp1nV3LlxqE5w5snrev4FDu8DdB2K-X9Pw5gA4y9Ho9ErnqzsLJwXWzWlqn-agho8BOREv2e0jiGS-2tSofqKGj2FZ2BLTasPwezIsuZkumcggoVL1IVRF-id6IxxoBL4oyVcBnprH_A8SVDYNYExgvNCbumKYJXISpEkOQsNnGEkQWzk9keFXyrZ0Nl2mFp6vy-tArx9XPgq3Z2qrPdaEI0sLizJa1DT9xlglv_Mg7hBgAet-ddi6YhiUb5zB9g0&sig=Cg0ArKJSzDECQOncvw6dEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=349&vt=11&dtpt=156&dett=3&cstd=189&cisv=r20230215.33445&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: scam.vn
URL: https://scam.vn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:54 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 20 Feb 2023 16:24:54 GMT

GET
H2

200

4.js Show response
static.adsafeprotected.com/ Frame 3835
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1333404/69076805/4.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=27496782&ias_pubId=pub-7618423324404424&ias_chanId=1&ias_placementId=16627720464&bidurl=http...
https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}

1 KB
1 KB

73ms
13ms

Script
application/javascript

2600:9000:214f:4000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7618423324404424&output=html&h=90&adk=3869488725&adf=360036981&pi=t.aa~a.3759911452~rp.1&w=1145&fwrn=4&fwrnh=100&lmt=1676910293&rafmt=1&to=qs&pwprc=5012342430&format=1145x90&url=https%3A%2F%2Fscam.vn%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676910293455&bpp=1&bdt=1123&idt=1&shv=r20230215&mjsv=m202302130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc1664e6979bdde9f-22968790f6dc0005%3AT%3D1676910292%3ART%3D1676910292%3AS%3DALNI_MZoAa6b_rr5_Ocmms6VUyaNBfVCcw&gpic=UID%3D00000bb957e8f02a%3AT%3D1676910292%3ART%3D1676910292%3AS%3DALNI_MaGmySzK1xQTZAvFZg0Twz5HaKebA&prev_fmts=0x0%2C1145x280%2C1175x280&nras=4&correlator=3247602610087&frm=20&pv=1&ga_vid=100274804.1676910293&ga_sid=1676910293&ga_hid=557402630&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=228&ady=2224&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071755%2C31071662%2C31071976%2C31072499&oid=2&pvsid=2204243330728700&tmod=1929045309&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=IJDrVqT7QY&p=https%3A//scam.vn&dtd=9
Protocol: H2
Server: 2600:9000:214f:4000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-amz-version-id: ttDhIYiXE0kVliG2ed9eZ.882H52mbmE
content-encoding: gzip
via: 1.1 1cc446ef4692d8e752b16c07f2f58a58.cloudfront.net (CloudFront)
date: Thu, 16 Feb 2023 22:03:50 GMT
x-amz-cf-pop: FRA53-C1
age: 325266
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Thu, 09 Feb 2023 22:03:45 GMT
server: AmazonS3
etag: W/"33dffa7df253125904b2f354b5bb5e8d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: LiEhfPczqNlS9tDMPqrCc5KfGyHmHvlFU8v8WbSi6u9tPC6uw2wD3A==

Redirect headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:55 GMT
server: nginx
x-server-name: app13.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 5714 91 KB
23 KB 99ms
12ms Script
application/javascript 2600:9000:214f:4000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7618423324404424&output=html&h=90&adk=3869488725&adf=360036981&pi=t.aa~a.3759911452~rp.1&w=1145&fwrn=4&fwrnh=100&lmt=1676910293&rafmt=1&to=qs&pwprc=5012342430&format=1145x90&url=https%3A%2F%2Fscam.vn%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676910293455&bpp=1&bdt=1123&idt=1&shv=r20230215&mjsv=m202302130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc1664e6979bdde9f-22968790f6dc0005%3AT%3D1676910292%3ART%3D1676910292%3AS%3DALNI_MZoAa6b_rr5_Ocmms6VUyaNBfVCcw&gpic=UID%3D00000bb957e8f02a%3AT%3D1676910292%3ART%3D1676910292%3AS%3DALNI_MaGmySzK1xQTZAvFZg0Twz5HaKebA&prev_fmts=0x0%2C1145x280%2C1175x280&nras=4&correlator=3247602610087&frm=20&pv=1&ga_vid=100274804.1676910293&ga_sid=1676910293&ga_hid=557402630&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=228&ady=2224&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071755%2C31071662%2C31071976%2C31072499&oid=2&pvsid=2204243330728700&tmod=1929045309&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=IJDrVqT7QY&p=https%3A//scam.vn&dtd=9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:4000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 1cc446ef4692d8e752b16c07f2f58a58.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 13135719
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: 4Mml_CXITpUi0OZMEXOwaKVLhh5Cj08A6eD5lYVpM15V3k3Ov2lCLQ==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 3835 43 B
215 B 368ms
102ms Image
image/gif 2600:1f18:1aca:4281:e21b:6240:d239:4516
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1333404&asId=5d5f91f5-d619-9308-6043-1fe0bddbc95b&tv=%7Bc:4MmeEV,pingTime:-3,time:44,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:17%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:44,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B38~0%5D,as:%5B38~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:twqcHDD+11%7C12%7C13%7C141%7C15%7C16%7C171%7C172%7C181*.1333404-69076805%7C1811%7C1812%7C1813%7C1814%7C191%7C1a1,idMap:181*,rmeas:1,rend:0,renddet:na,siq:19%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7618423324404424&output=html&h=90&adk=3869488725&adf=360036981&pi=t.aa~a.3759911452~rp.1&w=1145&fwrn=4&fwrnh=100&lmt=1676910293&rafmt=1&to=qs&pwprc=5012342430&format=1145x90&url=https%3A%2F%2Fscam.vn%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676910293455&bpp=1&bdt=1123&idt=1&shv=r20230215&mjsv=m202302130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc1664e6979bdde9f-22968790f6dc0005%3AT%3D1676910292%3ART%3D1676910292%3AS%3DALNI_MZoAa6b_rr5_Ocmms6VUyaNBfVCcw&gpic=UID%3D00000bb957e8f02a%3AT%3D1676910292%3ART%3D1676910292%3AS%3DALNI_MaGmySzK1xQTZAvFZg0Twz5HaKebA&prev_fmts=0x0%2C1145x280%2C1175x280&nras=4&correlator=3247602610087&frm=20&pv=1&ga_vid=100274804.1676910293&ga_sid=1676910293&ga_hid=557402630&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=228&ady=2224&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071755%2C31071662%2C31071976%2C31072499&oid=2&pvsid=2204243330728700&tmod=1929045309&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=IJDrVqT7QY&p=https%3A//scam.vn&dtd=9
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:e21b:6240:d239:4516 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:55 GMT
server: nginx
x-server-name: dt15.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 3835 43 B
215 B 366ms
102ms Image
image/gif 2600:1f18:1aca:4281:e21b:6240:d239:4516
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1333404&asId=5d5f91f5-d619-9308-6043-1fe0bddbc95b&tv=%7Bc:4MmeEX,pingTime:-6,time:46,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:46,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B40~0%5D,as:%5B40~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:twqcHDD+11%7C12%7C13%7C141%7C15%7C16%7C171%7C172%7C181*.1333404-69076805%7C1811%7C1812%7C1813%7C1814%7C191%7C1a1,idMap:181*,rmeas:1,rend:0,renddet:na,siq:19%7D&tpiLookup=ao:scam.vn*%2Cgoogleads.g.doubleclick.net*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7618423324404424&output=html&h=90&adk=3869488725&adf=360036981&pi=t.aa~a.3759911452~rp.1&w=1145&fwrn=4&fwrnh=100&lmt=1676910293&rafmt=1&to=qs&pwprc=5012342430&format=1145x90&url=https%3A%2F%2Fscam.vn%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676910293455&bpp=1&bdt=1123&idt=1&shv=r20230215&mjsv=m202302130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc1664e6979bdde9f-22968790f6dc0005%3AT%3D1676910292%3ART%3D1676910292%3AS%3DALNI_MZoAa6b_rr5_Ocmms6VUyaNBfVCcw&gpic=UID%3D00000bb957e8f02a%3AT%3D1676910292%3ART%3D1676910292%3AS%3DALNI_MaGmySzK1xQTZAvFZg0Twz5HaKebA&prev_fmts=0x0%2C1145x280%2C1175x280&nras=4&correlator=3247602610087&frm=20&pv=1&ga_vid=100274804.1676910293&ga_sid=1676910293&ga_hid=557402630&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=228&ady=2224&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071755%2C31071662%2C31071976%2C31072499&oid=2&pvsid=2204243330728700&tmod=1929045309&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=IJDrVqT7QY&p=https%3A//scam.vn&dtd=9
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:e21b:6240:d239:4516 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:55 GMT
server: nginx
x-server-name: dt16.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 3835 43 B
216 B 364ms
101ms Image
image/gif 2600:1f18:1aca:4281:e21b:6240:d239:4516
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1333404&asId=5d5f91f5-d619-9308-6043-1fe0bddbc95b&tv=%7Bc:4MmeEZ,pingTime:-2,time:48,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:762,beZ:763,mfA:765,cmA:766,inA:766,inZ:770,prA:771,prZ:776,si:780,poA:781,poZ:800,cmZ:800,mfZ:800,loA:808,loZ:810,ltA:811,ltZ:811%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:17%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:48,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B43~0%5D,as:%5B43~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:twqcHDD+11%7C12%7C13%7C141%7C15%7C16%7C171%7C172%7C181*.1333404-69076805%7C1811%7C1812%7C1813%7C1814%7C191%7C1a1,idMap:181*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:na,siq:19,sinceFw:29,readyFired:true%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7618423324404424&output=html&h=90&adk=3869488725&adf=360036981&pi=t.aa~a.3759911452~rp.1&w=1145&fwrn=4&fwrnh=100&lmt=1676910293&rafmt=1&to=qs&pwprc=5012342430&format=1145x90&url=https%3A%2F%2Fscam.vn%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676910293455&bpp=1&bdt=1123&idt=1&shv=r20230215&mjsv=m202302130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc1664e6979bdde9f-22968790f6dc0005%3AT%3D1676910292%3ART%3D1676910292%3AS%3DALNI_MZoAa6b_rr5_Ocmms6VUyaNBfVCcw&gpic=UID%3D00000bb957e8f02a%3AT%3D1676910292%3ART%3D1676910292%3AS%3DALNI_MaGmySzK1xQTZAvFZg0Twz5HaKebA&prev_fmts=0x0%2C1145x280%2C1175x280&nras=4&correlator=3247602610087&frm=20&pv=1&ga_vid=100274804.1676910293&ga_sid=1676910293&ga_hid=557402630&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=228&ady=2224&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071755%2C31071662%2C31071976%2C31072499&oid=2&pvsid=2204243330728700&tmod=1929045309&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=IJDrVqT7QY&p=https%3A//scam.vn&dtd=9
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:e21b:6240:d239:4516 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:55 GMT
server: nginx
x-server-name: dt17.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 4D04 42 B
64 B 94ms
54ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst_X_yyZQP46pCNJFpWHcaWneTlP5SalkzuYwBE-LpLfyOaei8Xt6JfHR_zRk2o75pn9tgfJGh3HWREIQGGkpTtzlAHZEQbNArShLcNOUiI-twh53MsKNSqiNPwhR5Xd4eF-mPqZA&sai=AMfl-YTuV1rwEaYBx7ma1VfZodD0vy0PAuTlzGI_M1WIbPC4kepsbSDKvCSOH999p7a478HjSwRJ-d1LuJ0z&sig=Cg0ArKJSzHOAEYBaW0VhEAE&cid=CAQSGwDUE5ym99t9MMFfTpfRBEkzcDOiwXzkunTaHhgB&id=lidar2&mcvt=1000&p=0,0,500,180&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230215&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271804&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1676910293558&rpt=434&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 856D 42 B
64 B 55ms
55ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst0nCL6FYgSMS6ht-6WrxMFKSIo4VDrz6d2sAOTnBeNilO154OZbe8XBPedixmycAF_b8oJr1fmIiWHIPZjgqGVTJJiFeaECt2AZoYTbUG0Uca-r0OJs3SiCsVxiv2nHXRDKe8shw&sai=AMfl-YTneyWCNqE1us7dE4K9DCiCUhAdKHffKzRZ_NdH2vcOT8l-kPbrHltKTIS3fnkedFihAwvPfpeiojBW&sig=Cg0ArKJSzFKpQMSmKwf2EAE&cid=CAQSGwDUE5ymWsVhVNT8-NP_wd8XWWrBc_WE8ePVghgB&id=lidar2&mcvt=1000&p=0,0,280,1145&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230215&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=2654064360&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1676910292833&rpt=1375&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 3835 43 B
215 B 102ms
102ms Image
image/gif 2600:1f18:1aca:4281:e21b:6240:d239:4516
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1333404&asId=5d5f91f5-d619-9308-6043-1fe0bddbc95b&tv=%7Bc:4MmeLi,pingTime:-10,time:439,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTEwLjAuNTQ4MS4xMDAgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222222222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1676910295420%7C%7C506194ff571459863a4d31e2fb40f41d%7C%7C41c5992836ce3b548d2ab9f4e4ccb0b4%7C%7C5344e37001bd477919563253fc124ba9%7C%7Cfe0987fd01b572db43894d45c847c563%7C%7Cb1e48d7db3861312be421f5d99c8fc6b%7C%7C79ed9b8c4f7b453c09c6664ba532c1c0%7C%7C5abe3ff4e55d9e22d9ac35a3151515e8%7C%7C1663701684%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7618423324404424&output=html&h=90&adk=3869488725&adf=360036981&pi=t.aa~a.3759911452~rp.1&w=1145&fwrn=4&fwrnh=100&lmt=1676910293&rafmt=1&to=qs&pwprc=5012342430&format=1145x90&url=https%3A%2F%2Fscam.vn%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676910293455&bpp=1&bdt=1123&idt=1&shv=r20230215&mjsv=m202302130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc1664e6979bdde9f-22968790f6dc0005%3AT%3D1676910292%3ART%3D1676910292%3AS%3DALNI_MZoAa6b_rr5_Ocmms6VUyaNBfVCcw&gpic=UID%3D00000bb957e8f02a%3AT%3D1676910292%3ART%3D1676910292%3AS%3DALNI_MaGmySzK1xQTZAvFZg0Twz5HaKebA&prev_fmts=0x0%2C1145x280%2C1175x280&nras=4&correlator=3247602610087&frm=20&pv=1&ga_vid=100274804.1676910293&ga_sid=1676910293&ga_hid=557402630&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=228&ady=2224&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071755%2C31071662%2C31071976%2C31072499&oid=2&pvsid=2204243330728700&tmod=1929045309&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=IJDrVqT7QY&p=https%3A//scam.vn&dtd=9
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:e21b:6240:d239:4516 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:55 GMT
server: nginx
x-server-name: dt11.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 76ms
75ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230215&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ab3bcb3b327211e22f315c11c5852fa98598b192badcb3685af99cb0acae003

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:55 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11391
x-xss-protection: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 3835 43 B
215 B 103ms
102ms Image
image/gif 2600:1f18:1aca:4281:e21b:6240:d239:4516
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1333404&asId=5d5f91f5-d619-9308-6043-1fe0bddbc95b&tv=%7Bc:4MmeNt,time:574,type:e,im:%7Bpci:%7Btdr:532%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:574,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B568~0%5D,as:%5B568~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:105,fm:twqcHDD+11%7C12%7C13%7C141%7C15%7C16%7C171%7C172%7C181*.1333404-69076805%7C1811%7C1812%7C1813%7C1814%7C191%7C1a1,idMap:181*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:19,sis:141%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:e21b:6240:d239:4516 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:55 GMT
server: nginx
x-server-name: dt06.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 76ms
76ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 20 Feb 2023 16:24:55 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 2970 13 KB
5 KB 33ms
31ms Document
text/html 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://scam.vn/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 22109
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 20 Feb 2023 10:16:26 GMT
expires: Tue, 20 Feb 2024 10:16:26 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 6AE2 783 B
1001 B 28ms
27ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

a54ac9569fd4eefdec62d71a8907e2a5688c947708e4635d1a0d67887925ef21

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-vraH9YsUKmeNVO2Pywj32w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://scam.vn/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-vraH9YsUKmeNVO2Pywj32w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 20 Feb 2023 16:24:55 GMT
expires: Mon, 20 Feb 2023 16:24:55 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 6AE2 0
0 55ms
54ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230215&jk=2204243330728700&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

GET
H3 200 ENhUjQ5Efr1LKcBlRSMtCxEMsPeXm4hb-JW7itjXrRA.js Show response
pagead2.googlesyndication.com/bg/ Frame 2970 36 KB
14 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ENhUjQ5Efr1LKcBlRSMtCxEMsPeXm4hb-JW7itjXrRA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

10d8548d0e447ebd4b29c06545232d0b110cb0f7979b885bf895bb8ad8d7ad10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 07:30:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32087
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14306
x-xss-protection: 0
last-modified: Mon, 13 Feb 2023 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 20 Feb 2024 07:30:08 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 2970 0
10 B 31ms
31ms Image
text/plain 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?uNliPw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:55 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 55ms
54ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230215&jk=2204243330728700&bg=!iIuli9_NAAZYlHKzeJQ7ADkAdvg8WpvlPwgP12-Qxdl1Y5Dkb6P5uOwnS6YTzNyhq15tijTSAhfhMsfxfHXGcK6wFkvMYUXiQXUCAAAAXFIAAAACaAEHCgBfiQcogrJ4WvVRzeWSF-z5RxifNa_V9D0FqPTtjJQUrUbtMRSnSYhGafGGqXZ-ROXZ6D-O35uImWWqun9hGJFi2bbQ6B1c2wux6PdF5iXQ2vswRnn4yjOvcMalaPM2TEiZApThoyIM2nk89PAQgigxOsOFXvyyolyfnUurbYX6so20w06hk0PrhxtfSSBewkHATct4NOEvGdzlAqbOyPJKna4UHFHOZf-gkjMRrRg2gU9EAde3sHrk-sDe3aA0epCcFGA9ViiUnDaMeeMUc4wP0UWnbN_757hqe-WHI7ZWf1HJsn3nIE3FfUB4i7fUiLG4koQBR7XVEk2fjtBzSiRc9ZlLrpEmxDYYNiAXpf2wUrcprH2Gk_5Dh7ZbaQZOKhEGivqn6h5qHUwBMrCwSQshHutnYy86O0len89drzpfMHsqYWMO_UZ39cj5f1nd53HyajFjWKfg0oSrzPyyhoWgxrOMHXbs8byn2T7jdz5q75-bI8JJJN2f4yecQXKjP85zKwXvnYl5aL_Oq1L_vZ_-HshYpa83xlJa5xKWI7KNImCiUdaX8OeRPeanPB0OT004VP47NzP079twIlSftRXuGO6wcE_Ax_Ecd4HDfTSoW3qDrqfXcbULp5J3Oumf0bCHRgyL5PQMlqAvO_MF2vN4A5IqZC-Vv7bXKTQePM4qZGB0x-qEhQ_dWMYuZJyFUP-RjWiz7E2Y3NC2OCjEEX-rh2p1ckV5Q1D4qUY7vIjpGJba2tuB5LmdAYYC6vwXfE8PBHjXOqNDlfDUZKI3WQ-BQNcjrMgbTGnSy5pwdyvnPP62NJD3b0MdKXT6G6W_01u7XO-F0r6luapTiZSk9POmsVTvcrB1kfTuXJ4bpfYhLlBbHVxjaVFZuUoUD_Sf2adJM15vH0kkkjBsO-Atat02Z-gaPva9Iq1CN8EO01b1yFQD0vhQfSPZZHjylo_ZSWipiRY83NBubGUOoVNazXV71czJ72xOE79W-4gPk0K9U_bmjTVS0ls
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scam.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3835 0
20 B 47ms
47ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=4526408382081&version=m202301230201&ct=76&x=1&cor=18259861602315893000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 16:24:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 realtime-check-website Show response
scam.vn/ 5 KB
1 KB 176ms
175ms XHR
text/html 2606:4700:20::ac43:4a7c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://scam.vn/realtime-check-website

Requested by

Host: scam.vn
URL: https://scam.vn/js/jquery-3.2.1.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4a7c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fd7a4911529a096141b90fdc89d1a0e9d300ffd15cd447f8d97fecf6d6e1173

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://scam.vn/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:24:58 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mBH%2F8FXnBQfqHgHI2vQcNLYzcP%2FKCM0GryUPS90nEoiHt77bt0uADtKsHTXU%2B9E12shl8wO2yH8muO1xbgOaEWv8bt6BhakzAZ0XCdoXSlo8heRzdX0gP4IlFTaZfx2WFrZf4NbG"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
cf-ray: 79c898725abcbb7a-FRA
expires: Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

71 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

28 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
scam.vn/	1969-12-31 23:59:59	Name: PHPSESSID Value: mcmdg6ucsgfh8t8anlrpm2lnsi
.scam.vn/	1970-01-20 19:10:06	Name: __gads Value: ID=c1664e6979bdde9f-22968790f6dc0005:T=1676910292:RT=1676910292:S=ALNI_MZoAa6b_rr5_Ocmms6VUyaNBfVCcw
.scam.vn/	1970-01-20 19:10:06	Name: __gpi Value: UID=00000bb957e8f02a:T=1676910292:RT=1676910292:S=ALNI_MaGmySzK1xQTZAvFZg0Twz5HaKebA
.scam.vn/	1970-01-20 19:24:30	Name: _ga_FMVK5PJX3B Value: GS1.1.1676910293.1.0.1676910293.0.0.0
.scam.vn/	1970-01-20 19:24:30	Name: _ga_X22FH0X0SQ Value: GS1.1.1676910293.1.0.1676910293.0.0.0
.scam.vn/	1970-01-20 19:24:30	Name: _ga Value: GA1.2.100274804.1676910293
.scam.vn/	1970-01-20 09:49:56	Name: _gid Value: GA1.2.2083160207.1676910293
.scam.vn/	1970-01-20 09:48:30	Name: _gat_gtag_UA_158914372_1 Value: 1
.doubleclick.net/	1970-01-20 19:10:06	Name: IDE Value: AHWqTUnHo8MadDbHBqsdid5KWXIOvv151jBkvGzZCBsvF4HgDviJdlMifrwKQYU1C_0
.mathtag.com/	1970-01-20 19:14:25	Name: uuid Value: f7bc63f3-9ed6-4f00-b90a-7affd7270cb0
.mathtag.com/	1970-01-20 10:31:42	Name: mt_mop Value: 4:1676910294
.simpli.fi/	1970-01-20 18:35:32	Name: suid Value: 2A61C854C76D4AC7BF61EF8213662CB0
.adnxs.com/	1970-01-20 11:58:06	Name: uuid2 Value: 1023235604420806755
.adnxs.com/	1970-01-20 11:58:06	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GVMuVQ4I!]tbPl1M>e)ZlrFUfJ+tGXxo7E:cLwQR@lFSOS]:V<Mx:N_qYQ_K@qbpR=-F3If)y3KL9D3I?+F@BND4
.360yield.com/	1970-01-20 11:58:06	Name: tuuid Value: 4c1a23e7-3a31-4d1c-91c0-a7367ffe7a8a
.360yield.com/	1970-01-20 11:58:06	Name: tuuid_lu Value: 1676910294
.quantserve.com/	1970-01-20 11:58:06	Name: d Value: EBsBCQGrKIEA
.quantserve.com/	1970-01-20 19:18:44	Name: mc Value: 63f39ed6-8dfaf-c5c85-d64c0
.casalemedia.com/	1970-01-20 18:34:06	Name: CMID Value: Y-Oe1lTqMi7YHY2rQAo-ngAA
.casalemedia.com/	1970-01-20 11:58:06	Name: CMPS Value: 5149
.casalemedia.com/	1970-01-20 11:58:06	Name: CMPRO Value: 5149
.yahoo.com/	1970-01-20 18:34:27	Name: A3 Value: d=AQABBNae82MCEPDk6Zpk3X2LgLDusBwi-24FEgEBAQHw9GP9YwAAAAAA_eMAAA&S=AQAAAhw5-kj6GwW7_weFb0P7b_8
.analytics.yahoo.com/	1970-01-20 18:34:06	Name: IDSYNC Value: 18yx~2a3s
.pubmatic.com/	1970-01-20 09:49:56	Name: KTPCACOOKIE Value: YES
.pubmatic.com/	1970-01-20 18:34:06	Name: KADUSERCOOKIE Value: A68D2F01-71FE-4CDF-85D3-391E4456FDD3
.bidswitch.net/	1970-01-20 18:34:06	Name: tuuid Value: dcc9e09b-36a9-4824-bcbd-359e9ae5d616
.bidswitch.net/	1970-01-20 18:34:06	Name: c Value: 1676910295
.bidswitch.net/	1970-01-20 18:34:06	Name: tuuid_lu Value: 1676910295

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
dsum-sec.casalemedia.com
dt.adsafeprotected.com
encrypted-tbn0.gstatic.com
encrypted-tbn1.gstatic.com
encrypted-tbn2.gstatic.com
encrypted-tbn3.gstatic.com
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
image6.pubmatic.com
match.360yield.com
onetag-sys.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.rubiconproject.com
region1.google-analytics.com
s0.2mdn.net
scam.vn
scamvn.com
scontent-cdg2-1.xx.fbcdn.net
scontent.xx.fbcdn.net
secure.adnxs.com
socialplugin.facebook.net
ssum-sec.casalemedia.com
static.addtoany.com
static.adsafeprotected.com
static.xx.fbcdn.net
sync.mathtag.com
sync.teads.tv
tpc.googlesyndication.com
um.simpli.fi
ups.analytics.yahoo.com
visafe.vn
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
104.111.217.42
104.18.24.185
142.250.181.226
142.250.185.194
18.156.0.31
18.193.251.179
185.29.132.241
185.64.189.115
185.80.39.216
185.89.210.101
185.89.210.82
2001:4860:4802:32::36
2600:1f18:1aca:4281:e21b:6240:d239:4516
2600:9000:214f:4000:8:48e:53c0:93a1
2606:4700:10::6816:46c5
2606:4700:20::681a:604
2606:4700:20::ac43:4a7c
2606:4700:3036::6815:1437
2620:116:800d:21:e365:4988:e8a7:3270
2a00:1450:4001:80f::2008
2a00:1450:4001:811::2002
2a00:1450:4001:811::200e
2a00:1450:4001:813::2002
2a00:1450:4001:827::2004
2a00:1450:4001:828::200a
2a00:1450:4001:829::2003
2a00:1450:4001:829::200e
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::200e
2a00:1450:4001:830::200e
2a00:1450:400d:802::2006
2a00:1450:400d:806::2002
2a00:1450:400d:80a::2001
2a00:1450:400d:80a::2002
2a00:1450:400d:80d::200e
2a03:2880:f01c:800e:face:b00c:0:2
2a03:2880:f01f:6:face:b00c:0:3
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
3.248.98.105
34.91.62.186
51.38.120.206
54.78.104.30
69.173.144.165
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
0948409a22b5979aa7e1ec20da9e61f12e7d403800b541ece053881bd2542b70
0b68e8634c96265eb32a0c769416b5b02215ee3fee0c9e228f3455dc13ecabaf
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ceb563d6ce39ba6ab2e90a1d7e6a39d737a2fa59db1914b115f784bbf97fa5f
0eb985dec68adbbd8a8e5410806ceb817a23fd3e7d9a461c7691e085318dc986
109727aca7ecbba75fb100a6428fb8e02b45a1dfd1dabd2194ea321db8db07d5
10d8548d0e447ebd4b29c06545232d0b110cb0f7979b885bf895bb8ad8d7ad10
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
133e148d552c1d21d1e152612e5ac60ea1a63287d3e5a2102c5d522835f784df
139c36234c15d74808b6156ef8e3d533a4a2dfd4ea6447428091ad4b6916b8da
16b432ac8f43a6b2d8aa358f41ee60e2ef5923b2645bf2c37f3a06f8334b1557
190402f488a1616b47304ae066078580059ca6a5958b7f217d2156d0a73931a9
19e6179558d2c6c252c89325e6b79a362da6df4d1c3ff5e8e0748cda6907a6cf
1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87
1f0b3e2a6015413c71df6b865b0c78b6608600b462a410ab5f733e23fde666c0
26e77c6b4bcc2a3532d791f8ba1ca6d02518178eaa467773904b61fdaa67f940
27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4
2bdb233d92326b494db90e3b601c8feccfbbb2fffce274faefeccc7b36a1449b
2c48050a1280b38ee66b4122dc30f7b8d0d89776c80f76f213dca958e701f45d
2c5cc47eb8499efe3f4353bc50b38690756e78da21b0e158e14293b39c5ef812
2d86774ae6452cbc321a666e869acbb7f5ccd2a9350de50a8efa4c28c30a5899
2e10480d4154762bc7c8fbb40877e104f45bf1406b769e9dd76981e489e61586
3064bb4fe20387a07de58d7ac8e57883e0669622567fb2b0986cc173ed8a63f7
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
3a19ff3554a1e589f756a92be8263726674127c133feb1d333095668b77ba08c
3ab3bcb3b327211e22f315c11c5852fa98598b192badcb3685af99cb0acae003
3ae9a79cc7871111728e09757585f66290a91e9a5e27425f7a398b805f329116
3c23eb02de6b34e30f18cfb7167abd81a2cedfd1da60dfcb71989517ab3fb431
3dab93242ee573bbcfc22c9d15acd47794e500ed44e6bd48a35400b39d65aa43
3fdfe2323bbd7714631973620d41fff07d79b1e178d5fe9fc84d4fc61bfebe27
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30
472eba26edf0c44a76d8ba69eb469b4a4937f0a18d8ab909db350b3932621f02
493ac7ad59fab104b7122ad2cb01b549f25f38fd570586c065dee5633f3faecd
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
4aaaf183987b18a9443083873e5c489f1543ce6acabe355a182887c1cb7b713c
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4bc8cdf3562606c10745355607a232a5b9057a627b5a0451789bdb526443694e
4d49da8d763da4e2e36ca9e1d83f5ecc5b0e1b9bcaaefef98679b02ca342ce68
4ec57f2a80b91090971b83970230ca09ab3568c5f5b224896ca9aa6180a76aa9
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55c96e92f80cba90942c042bf3ea1ee4c97aff224872b3ab704aba6fc49d9264
55f12640587a4040f51dc4ba8943bd8ddbc309d9cfaa928cf27597c7482c9af2
580802bc7ec92604a7c1d8bab24826dc038ea4b33c9c49bc4612bf0f2d6376a8
5970ba4f88cb09634969327e073e156dd29749a70ca4ac454a30ed0f82e0bea9
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
5a4192e762a449dfd6e63bee835e0941627223c9159e8219acdd01881a1ac175
5ad42dcf2b99c1338f0633c11ffc8612e035352c42746283d3d43b795c9c6cb6
5d4ab02eb17eda31652f712809b9f1966e937394f7c3731dfddfbc2419516a5e
5d6d7382a0b924330776e97ec1e805e40893e93d2349357cca4cae83f54ad5d8
5e55743ee430c576dd1c0dad897efb97fae4c2ee3ade090aa1abe208aeaef759
5e713a207017a40f54387d0e25bbb3cbbe1b3d10338cdd4a7342cc1486b19140
5f80060f0a487a8227a8f1fa57150dcd885ff09941554feae20396380353dfa5
5fd7a4911529a096141b90fdc89d1a0e9d300ffd15cd447f8d97fecf6d6e1173
60cce93d163fa6398b91c5a84a300f41f0b23c76a8743e7715dd144f3fbae2b5
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6347e9c0a0f2bf5d8c48e20fbddf712d03a6a19e8bb8d015143e6632157cb84d
6379a96a595c7340696a66582297add07fd4cccd0cc9c29c0f9da1f29822e38a
6415561e892cf9d614e7179f71353af4ceadfd641d71c42fe54c9420eb0d0138
661d4b208656c006e7aab58acf7784857963123675de2302279fbe6c05313547
66f3a07e1fa9b64a686b66381e4458dbc8abf3dbbff954720c4eec07b84411c2
68e1fe5f35b4b0131be24086e7de0e04291d335c32ac4868bf0803abe50a862e
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6be97ca17228a69c406231d89c003194c3dfba7401eaa9fe9e9ed0ef1c18dc38
705ddd320c7afe5895ed0bb7438874918110baaaec1ad4b7da72bd13de82f96d
709f991dde46bb374655ed7fa2b82f2bb2b350591a1af20147ec32a85e704df8
72cfab2049fee3657af4fbb4a80d958b5b58dd612ffd3fd8642546e1362ec8fe
73cfb0ed71e314a835831530e27ba1fde5609b224781f7dbc2dd3eb9a08603cd
74ec1e2bfcf647ccdeaf5b127294db846ee4a6f8ffd6c909d4938370d4187d1f
751c89307d7a60434eb03102363422ce95d6f835bfc830a3025b563a278c8179
77b24796a3d4ab521f66765651875338ed50cb9306cfe4603a3e79618e429cec
79ac04577e5e730f39a60b3d7a2090f28144c1a6c875a48d9f74728a473da99d
7af61b2367eba2b1852e837c46a75696c130fd67b934aae77f9f082a5a771416
7e5db4019200e2770390f2277447d966a8cc0d87ac4ad6de0098fc06f1dbf8f8
7f1c829b0c90fd664a03bb714a74f7d35d9e38ee1687104abc8ad5bd9c8ccb6c
8659b086fe7f662cafcb70f56041b91e410a0effd3668c4a0c35aca0e5905d0d
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
87e6cd6f8a53a60700cdf056b445ab7229367ca4a3ed713616cb8f27b4f15a88
8bb90dede9f9dc277898d24507082149c631ea36798c9ad6a3b926835ddf33f6
8e1546f3e67fc3a9eab614e5335ecca2127851fbb8a7a48c82e6e4a626c4aa9d
8f5bffc3d2be5367e8f93fdb2856a4ce4658f75d1fdf78d69428aa8be88d99a4
8f7901aedf8ac99048afa2a070fd2929d51edec4a5cb3f3381d8510e6eee9767
9041b3bcc26f2d4a54217036c5ff63eff2aa60ae421b3dafa88e1ced9cd72559
9582ced8a675bf267cc7ac392a86413ed850e53c85919b93719134ecc22ea04b
96ba3e807f30b75139d7c208cd41d9a11c983e9b04926e6ca77fe335ee7569d5
98a4e1fdf290cfc7c5d58fd5688a45f0348db9ea62eceefad96a75569cae2a2d
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ca5df4d14c68200817750744e2e6eadf2a149c8123dc2296297726ca6b68c06
9cf9cf76bb3087940feb0589d40f6bb12256e4b3fb6c8dd63dd935b2a535bcde
9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc
9fccf44fe359b9109c82ff95e0c8f154574438f20723210c2bd6c05610759f51
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a54ac9569fd4eefdec62d71a8907e2a5688c947708e4635d1a0d67887925ef21
a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940
a85af52452417453ae5ced98aa54a149925de2155e823234dce588c331d11aa0
ac99740c633caa0382f2dec9cdf7db8b6e0d18a5ba1ba4fcd714d890123c2678
acaac043ca238f0e56e61864456777faa4a413b1f0a1dd02fe506b870bc69f26
ad02afd70b801065790392272bc330cc2b684e179498f680121ca75bdd6c949d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b01b2ea03d398cc29223fcc3c042556bccccbfe7218cee4c09252df54612005e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b237980a96daff3e773b4672de27cf0abf7bc68005cc0c137af185819ac8500a
b7bbe7887654e38f171a574c71bc310ebea0649af0e1d4db1a427c315ade6e3f
b90b1244bf1750499d5f46df2a03f77149183d2cebbd140d739f2e6a9751929c
bccdc44986b82eb4426a791daace17cf903e46af08c13be6f6e51faa205735f4
bdbb6b52604c2451fdcba9cdfd44f4e1907e5cc562e8cd0177660f3aef678332
c2aa24261e5d3c5cf7f09ab468265227ae210cccc850737fe874ca23b302dfdc
c3d152389e6f8519aae380b69d025b38e2aa1635d790d4d8344cadb0e16e7146
c609b5f98c72f048615c0847a56d31adfc0bf115c14ac7a331b112796fb67570
c6d7b845c67709b28ef4a3e3e277b8241460a1224b6850a81ce3b4db94431a85
cb4ced9377f832bd2c96ce81aedd75b89d68748716fd653b20d3742677d2dd90
cb5c67ccd076f55e9436fb016a51b3c33f646751187a7e0053908ca5e265108b
cdaab024c0121953419a4a1094ffe2ee9a902df55ee79d792e411bac835b9134
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
da38b429e7f4dbb602356436d44ae4ae03dffe20868f36ba70de4d4aaa78d6a0
db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9
de22cabf571b95688601b2d7d044bd625ef7d6a4ac10786d5c207b130a9a495c
e1683961ff49c088f888de8dddc359f3d842b15b6c1f8ed3a99f19f62aa9bdcf
e3a16bbf4914a49b1afe816e119c7da2d731dead9167c01d07984ef323e26bfa
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e5fe1bb91f7591c3e93fa382507c7b0ef3f3eb4f0e98d7549fa5424ef17365b3
eb795deda8983fa5310627c9584cf3f3b95d272567113500059018b3941cb267
ee4d5618e5f92851dc1149992a6b858d7f5ef67165f163a2b9cbe0ebf75a5105
eee4cfa769b7416160f34ecbc48ddc2086388350baab9d29d30ea3f165b6fbab
ef018cca916a53ab3f8b018a7abe7eef2199231c4354b4978874174a139e0748
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f15ee4ea8ac3222e4995dd224f6de521c13f3fdafc4b5b6e9386de621953856d
f50de8dd2a4c119cc674ed157631325b646de88ac9121288b7351b7fd6cc1de4
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f930454994bf9c09a759f1da467e8ab97b0b0fc36f8a10723f8ee62c9a94fa63
f9a131614d916e7ef426c29cfb5f395a06ee53055584835012145a2d12b28c6e
fc66f942651a9fe1a598770d3d896529dcd7a03d02f40655451513093103e61b
fe529bb3f596ef36f463c8be98e02b43acccdfc0626719077481fe94e03cff21
feb9ee3473e53c76ec01db637355e2eb232041bd9468d431920bb710c9a80854

scam.vn Open in urlscan Pro 2606:4700:20::ac43:4a7c Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

220 Requests

92 %HTTPS

64 %IPv6

31 Domains

48 Subdomains

34 IPs

8 Countries

2755 kBTransfer

7135 kBSize

28 Cookies

12 Outgoing links

Page URL History

Redirected requests

220 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

scam.vn Open in urlscan Pro
2606:4700:20::ac43:4a7c Public Scan

Screenshot
Live screenshot

Full Image

220
Requests

92 %
HTTPS

64 %
IPv6

31
Domains

48
Subdomains

34
IPs

8
Countries

2755 kB
Transfer

7135 kB
Size

28
Cookies

220 HTTP transactions
6 data transactions