urlscan.io logo urlscan.io
SecurityTrails logo

xmass.saitechsupport.xyz Open in urlscan Pro
2a00:1450:4001:814::2013  Public Scan

Go To Rescan Add Verdict Report
URL: https://xmass.saitechsupport.xyz/
Submission: On December 20 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 2 countries across 15 domains to perform 35 HTTP transactions. The main IP is 2a00:1450:4001:814::2013, located in Frankfurt am Main, Germany and belongs to GOOGLE, US. The main domain is xmass.saitechsupport.xyz.
TLS certificate: Issued by R3 on December 20th 2020. Valid for: 3 months.
This is the only time xmass.saitechsupport.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

2    2a00:1450:4001:814::2013 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
xmass.saitechsupport.xyz
1    2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2a00:1450:4001:81d::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
9    67.199.248.10 (United States)

ASN396982 (GOOGLE-PRIVATE-CLOUD, US)
PTR: bit.ly
bit.ly
9    2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
1.bp.blogspot.com
11    2a00:1450:4001:81c::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
adservice.google.de
googleads.g.doubleclick.net
www.googletagservices.com
1    2a00:1450:4001:815::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
lh5.googleusercontent.com
1    173.201.92.187 (Scottsdale, United States)

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-173-201-92-187.ip.secureserver.net
www.freeabcsongs.com
3    2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
adservice.google.com
1    172.217.21.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s13-in-f226.1e100.net
partner.googleadservices.com
2    2a00:1450:4001:81f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
Domain Requested by
9 1.bp.blogspot.com xmass.saitechsupport.xyz
9 bit.ly 9 redirects
6 pagead2.googlesyndication.com xmass.saitechsupport.xyz
pagead2.googlesyndication.com
5 googleads.g.doubleclick.net pagead2.googlesyndication.com
2 tpc.googlesyndication.com pagead2.googlesyndication.com
tpc.googlesyndication.com
2 cdnjs.cloudflare.com xmass.saitechsupport.xyz
2 xmass.saitechsupport.xyz xmass.saitechsupport.xyz
1 www.googletagservices.com pagead2.googlesyndication.com
1 adservice.google.com pagead2.googlesyndication.com
1 adservice.google.de pagead2.googlesyndication.com
1 partner.googleadservices.com pagead2.googlesyndication.com
1 www.freeabcsongs.com xmass.saitechsupport.xyz
1 lh5.googleusercontent.com xmass.saitechsupport.xyz
1 fonts.googleapis.com xmass.saitechsupport.xyz
1 www.googletagmanager.com xmass.saitechsupport.xyz
0 m.free-codes.org Failed xmass.saitechsupport.xyz
35 16

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
www.blogger.com
Subject Issuer Validity Valid
xmass.saitechsupport.xyz
R3		 2020-12-20 -
2021-03-20		 3 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-11-10 -
2021-02-02		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-10-21 -
2021-10-20		 a year crt.sh
upload.video.google.com
GTS CA 1O1		 2020-11-10 -
2021-02-02		 3 months crt.sh
misc-sni.blogspot.com
GTS CA 1O1		 2020-11-10 -
2021-02-02		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-11-10 -
2021-02-02		 3 months crt.sh
*.googleusercontent.com
GTS CA 1O1		 2020-11-10 -
2021-02-02		 3 months crt.sh
dreamenglish.com
Go Daddy Secure Certificate Authority - G2		 2020-02-17 -
2022-02-17		 2 years crt.sh
*.googleadservices.com
GTS CA 1O1		 2020-11-10 -
2021-02-02		 3 months crt.sh
*.google.de
GTS CA 1O1		 2020-11-10 -
2021-02-02		 3 months crt.sh
*.google.com
GTS CA 1O1		 2020-11-10 -
2021-02-02		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1O1		 2020-11-10 -
2021-02-02		 3 months crt.sh

This page contains 8 frames:

Primary Page: https://xmass.saitechsupport.xyz/
Frame ID: 9ED050A284935F3001FDF08C641959C8
Requests: 28 HTTP requests in this frame

Frame: https://www.freeabcsongs.com/mp3/merrychristmas.mp3
Frame ID: 80913CAF5E405321A2AA364A0FC14FE1
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20201203/r20190131/zrt_lookup.html
Frame ID: F5F1FBE515F1FD2D52DD1CBC3F7E2DB4
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&guci=1.2.0.0.2.1.0.0&client=ca-pub-1648016894487996&output=html&h=280&slotname=8263503793&adk=644675431&adf=869763061&pi=t.ma~as.8263503793&w=1200&fwrn=4&fwrnh=100&lmt=1608470059&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fxmass.saitechsupport.xyz%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1608470332232&bpp=16&bdt=117&idt=73&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=2118900052697&frm=20&pv=2&ga_vid=866323823.1608470332&ga_sid=1608470332&ga_hid=1458066652&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=32&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066923&oid=3&pvsid=1653582032844458&pem=616&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=Pcb3cN2Hpm&p=https%3A//xmass.saitechsupport.xyz&dtd=92
Frame ID: 97B110A3A8BCCEDF01F432628DFD6A9A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&guci=1.2.0.0.2.1.0.0&client=ca-pub-1648016894487996&output=html&h=280&slotname=8263503793&adk=3817226440&adf=3610564264&pi=t.ma~as.8263503793&w=1200&fwrn=4&fwrnh=100&lmt=1608470059&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fxmass.saitechsupport.xyz%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1608470332248&bpp=4&bdt=133&idt=85&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=2118900052697&frm=20&pv=1&ga_vid=866323823.1608470332&ga_sid=1608470332&ga_hid=1458066652&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1012&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066923&oid=3&pvsid=1653582032844458&pem=616&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=6PucltTuRY&p=https%3A//xmass.saitechsupport.xyz&dtd=89
Frame ID: B98E9CD4CC42B00E3C9C8CACF7C49444
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&guci=1.2.0.0.2.1.0.0&client=ca-pub-1648016894487996&output=html&h=280&slotname=8263503793&adk=3597122126&adf=1770954353&pi=t.ma~as.8263503793&w=1200&fwrn=4&fwrnh=100&lmt=1608470059&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fxmass.saitechsupport.xyz%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1608470332252&bpp=2&bdt=137&idt=89&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C1200x280&correlator=2118900052697&frm=20&pv=1&ga_vid=866323823.1608470332&ga_sid=1608470332&ga_hid=1458066652&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=2044&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066923&oid=3&pvsid=1653582032844458&pem=616&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=9uX9gLRNbx&p=https%3A//xmass.saitechsupport.xyz&dtd=92
Frame ID: A839BAA76BFDE72078A1927AA801054A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&guci=1.2.0.0.2.1.0.0&client=ca-pub-1648016894487996&output=html&adk=1812271804&adf=3025194257&lmt=1608470059&plat=1%3A16809992%2C2%3A16809992%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&format=0x0&url=https%3A%2F%2Fxmass.saitechsupport.xyz%2F&ea=0&flash=0&pra=7&wgl=1&adsid=NT&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1608470356264&bpp=1&bdt=24149&idt=2&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C1200x280%2C1200x280&nras=1&correlator=2118900052697&frm=20&pv=1&ga_vid=866323823.1608470332&ga_sid=1608470332&ga_hid=1458066652&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066923&oid=3&pvsid=1653582032844458&pem=616&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=3&uci=a!3&fsb=1&dtd=25
Frame ID: 636A44D0AF1188A1F368511719FDBC32
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html
Frame ID: 9883358D8BBC732BE2B6F210130B21DD
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /GSE/i
Overall confidence: 100%
Detected patterns
  • headers server /GSE/i

Page Statistics

35
Requests

94 %
HTTPS

75 %
IPv6

15
Domains

16
Subdomains

12
IPs

2
Countries

580 kB
Transfer

1029 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • https://bit.ly/3nRTP0b HTTP 301
  • https://1.bp.blogspot.com/-M7r3v9veNok/X7z18eAHCEI/AAAAAAAAmYE/iuKYYguW-cAFzzC5a38cHxzJdE8CBhfdACLcBGAsYHQ/s200/PicsArt_11-24-05.26.25.png
Request Chain 5
  • https://bit.ly/35XqknM HTTP 301
  • https://1.bp.blogspot.com/-ukv_DTtjiD8/X7zzblFi4KI/AAAAAAAAmX4/M9LiEXQlcys-0WmjqDi0yfgfQU-_0Y2NgCLcBGAsYHQ/s200/PicsArt_11-24-05.02.54.png
Request Chain 7
  • https://bit.ly/3mOe4Mk HTTP 301
  • https://1.bp.blogspot.com/-7gV32HkHLao/X8y-O90O8bI/AAAAAAAAmaI/u47WES2zuhoDslfeDrwhjzR4sv30y1mNwCLcBGAsYHQ/s320/bell.png
Request Chain 8
  • https://bit.ly/36O0sem HTTP 301
  • https://1.bp.blogspot.com/-qXJMsJ_FQzI/X8zCjSB2p_I/AAAAAAAAmao/s1xWoyKC6EoJB3EV5qI4Ji9zmlj59TwQgCLcBGAsYHQ/s320/Snow.gif
Request Chain 9
  • https://bit.ly/39cueeg HTTP 301
  • https://1.bp.blogspot.com/-ch3Kq7VfNB0/X7z4clKyCUI/AAAAAAAAmYQ/o-oqAc7yUhAs6PiCKjOqOBW8NE579bvoQCLcBGAsYHQ/s320/Christmas-2018-715x263-removebg-preview.png
Request Chain 10
  • https://bit.ly/3fscLQe HTTP 301
  • https://1.bp.blogspot.com/-QMZ-9RyIIq0/X7z56ou8QSI/AAAAAAAAmYc/MEF2MlqZZTAarY3TNnwup51jTg1Z4RAmwCLcBGAsYHQ/s320/su23-removebg-preview.png
Request Chain 11
  • https://bit.ly/3nLuwgi HTTP 301
  • https://1.bp.blogspot.com/-2T5S1t0AXcU/X7z8Boy6yvI/AAAAAAAAmYw/WaYI5wlMkWkvBJfbosD_JEdThzWywNmtACLcBGAsYHQ/s320/merry-christmas-2020-gif.gif
Request Chain 12
  • https://bit.ly/3m1MYkt HTTP 301
  • https://1.bp.blogspot.com/-YSQ46KgsaD8/X7z7m6R774I/AAAAAAAAmYo/zIC4VEA2vCcI-OVBY7gLeyZizCE65bTjwCLcBGAsYHQ/s320/3068dfa295322918a57fcc2eae53cff5.gif
Request Chain 14
  • https://bit.ly/2VLMnaW HTTP 301
  • https://1.bp.blogspot.com/-ARiMLSA5jAc/X8zAsBK0PpI/AAAAAAAAmac/8LEjw1rBgwkoPNJcMHLxGBR-sIbfSAGuQCLcBGAsYHQ/s200/wp.png

35 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
xmass.saitechsupport.xyz/ 		30 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://xmass.saitechsupport.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
17210340d3bbd9f91f5aa1e69d5bb549bbfba0dac54399a8f6f960512c0ccd64
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
xmass.saitechsupport.xyz
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-type
text/html; charset=UTF-8
expires
Sun, 20 Dec 2020 13:18:52 GMT
date
Sun, 20 Dec 2020 13:18:52 GMT
cache-control
private, max-age=0
last-modified
Sun, 20 Dec 2020 13:14:19 GMT
etag
W/"11afe23fe11f842c9e8189668c77160bce59debed0791820dae800af6b4af35b"
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
7578
server
GSE
js
www.googletagmanager.com/gtag/ 		96 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-126729444-1
Requested by
Host: xmass.saitechsupport.xyz
URL: https://xmass.saitechsupport.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
6aeb0fd00b9f980dd57262cb80ac7a727d10f2d267150942e175d5e4158e16e5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://xmass.saitechsupport.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 20 Dec 2020 13:18:52 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39021
x-xss-protection
0
last-modified
Sun, 20 Dec 2020 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sun, 20 Dec 2020 13:18:52 GMT
animate.min.css
cdnjs.cloudflare.com/ajax/libs/animate.css/3.5.2/ 		52 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/animate.css/3.5.2/animate.min.css
Requested by
Host: xmass.saitechsupport.xyz
URL: https://xmass.saitechsupport.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8fe3fa119255adb5e0c12479331f9e092e85bcff56ab6ecc0510bfa2056b898d
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://xmass.saitechsupport.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 20 Dec 2020 13:18:52 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
312671
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
3279
cf-request-id
0721e69ade000005f584954000000001
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:04:58 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03d2a-ce35"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Cre2QJS695DV%2BFxQb2L3hxulksgi088dr8OxZ2GEcU4%2BlNl%2FAhJTXqH5G%2F75SEum7oVaHo58Nuoaok28UN8GDyTzuEgFkGrkvRIipTVz8dVoEMi4de%2BZuVsvrwwELX1ODg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6049a6d7c8e205f5-FRA
expires
Fri, 10 Dec 2021 13:18:52 GMT
font-awesome.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 		37 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
Requested by
Host: xmass.saitechsupport.xyz
URL: https://xmass.saitechsupport.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://xmass.saitechsupport.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 20 Dec 2020 13:18:52 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
211105
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
5884
cf-request-id
0721e69adf000005f5b300e000000001
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:10:07 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e5f-9226"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ZQLAKCE%2F%2FnWC1W%2BnOlI7w%2B54aibCW1I38tMPVWO1Uq9ig%2B752PzX9xoa6fIB3btqiLLKGh3w2czEDzaHgW4HNeGWXbrOffyQmnZ5sLmWt8VMmfdt15X1sBEkCijzQAm2ag%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6049a6d7c8e705f5-FRA
expires
Fri, 10 Dec 2021 13:18:52 GMT
css
fonts.googleapis.com/ 		542 B
459 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Sofia:&effect=neon
Requested by
Host: xmass.saitechsupport.xyz
URL: https://xmass.saitechsupport.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
83bd180894b0a2dabc42ac3b9cac289eeba25d57901165cf0b0534cbb9e225c1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://xmass.saitechsupport.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 20 Dec 2020 13:18:52 GMT
server
ESF
date
Sun, 20 Dec 2020 13:18:52 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 20 Dec 2020 13:18:52 GMT
PicsArt_11-24-05.26.25.png
1.bp.blogspot.com/-M7r3v9veNok/X7z18eAHCEI/AAAAAAAAmYE/iuKYYguW-cAFzzC5a38cHxzJdE8CBhfdACLcBGAsYHQ/s200/
Redirect Chain
  • https://bit.ly/3nRTP0b
  • https://1.bp.blogspot.com/-M7r3v9veNok/X7z18eAHCEI/AAAAAAAAmYE/iuKYYguW-cAFzzC5a38cHxzJdE8CBhfdACLcBGAsYHQ/s200/PicsArt_11-24-05.26.25.png
14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1.bp.blogspot.com/-M7r3v9veNok/X7z18eAHCEI/AAAAAAAAmYE/iuKYYguW-cAFzzC5a38cHxzJdE8CBhfdACLcBGAsYHQ/s200/PicsArt_11-24-05.26.25.png
Requested by
Host: xmass.saitechsupport.xyz
URL: https://xmass.saitechsupport.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
d6a37177661e7e9064c96525175a5c2e56dfab9178ef20b524b81b0c865ec7b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xmass.saitechsupport.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 20 Dec 2020 13:18:52 GMT
x-content-type-options
nosniff
age
0
content-disposition
inline;filename="PicsArt_11-24-05.26.25.png"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14589
x-xss-protection
0
server
fife
etag
"v9982"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Sat, 12 Dec 2020 06:15:46 GMT

Redirect headers

content-security-policy
referrer always;
via
1.1 google
referrer-policy
unsafe-url
server
nginx
date
Sun, 20 Dec 2020 13:18:52 GMT
content-type
text/html; charset=utf-8
location
https://1.bp.blogspot.com/-M7r3v9veNok/X7z18eAHCEI/AAAAAAAAmYE/iuKYYguW-cAFzzC5a38cHxzJdE8CBhfdACLcBGAsYHQ/s200/PicsArt_11-24-05.26.25.png
cache-control
private, max-age=90
alt-svc
clear
content-length
225
PicsArt_11-24-05.02.54.png
1.bp.blogspot.com/-ukv_DTtjiD8/X7zzblFi4KI/AAAAAAAAmX4/M9LiEXQlcys-0WmjqDi0yfgfQU-_0Y2NgCLcBGAsYHQ/s200/
Redirect Chain
  • https://bit.ly/35XqknM
  • https://1.bp.blogspot.com/-ukv_DTtjiD8/X7zzblFi4KI/AAAAAAAAmX4/M9LiEXQlcys-0WmjqDi0yfgfQU-_0Y2NgCLcBGAsYHQ/s200/PicsArt_11-24-05.02.54.png
23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1.bp.blogspot.com/-ukv_DTtjiD8/X7zzblFi4KI/AAAAAAAAmX4/M9LiEXQlcys-0WmjqDi0yfgfQU-_0Y2NgCLcBGAsYHQ/s200/PicsArt_11-24-05.02.54.png
Requested by
Host: xmass.saitechsupport.xyz
URL: https://xmass.saitechsupport.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
6324a26bc6658c57e8c92be8b0b68a4f63830707cf0b32f919f858f1d256396b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xmass.saitechsupport.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 20 Dec 2020 13:18:52 GMT
x-content-type-options
nosniff
age
0
content-disposition
inline;filename="PicsArt_11-24-05.02.54.png"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23409
x-xss-protection
0
server
fife
etag
"v997f"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Sat, 12 Dec 2020 06:15:52 GMT

Redirect headers

content-security-policy
referrer always;
via
1.1 google
referrer-policy
unsafe-url
server
nginx
date
Sun, 20 Dec 2020 13:18:52 GMT
content-type
text/html; charset=utf-8
location
https://1.bp.blogspot.com/-ukv_DTtjiD8/X7zzblFi4KI/AAAAAAAAmX4/M9LiEXQlcys-0WmjqDi0yfgfQU-_0Y2NgCLcBGAsYHQ/s200/PicsArt_11-24-05.02.54.png
cache-control
private, max-age=90
alt-svc
clear
content-length
225
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		133 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: xmass.saitechsupport.xyz
URL: https://xmass.saitechsupport.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c221228ab25af041a5c8e218684dd4238acb17fc23b1a4a8c4864951550a3197
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xmass.saitechsupport.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 20 Dec 2020 13:18:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
47107
x-xss-protection
0
server
cafe
etag
13290078405355148527
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sun, 20 Dec 2020 13:18:52 GMT
bell.png
1.bp.blogspot.com/-7gV32HkHLao/X8y-O90O8bI/AAAAAAAAmaI/u47WES2zuhoDslfeDrwhjzR4sv30y1mNwCLcBGAsYHQ/s320/
Redirect Chain
  • https://bit.ly/3mOe4Mk
  • https://1.bp.blogspot.com/-7gV32HkHLao/X8y-O90O8bI/AAAAAAAAmaI/u47WES2zuhoDslfeDrwhjzR4sv30y1mNwCLcBGAsYHQ/s320/bell.png
32 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1.bp.blogspot.com/-7gV32HkHLao/X8y-O90O8bI/AAAAAAAAmaI/u47WES2zuhoDslfeDrwhjzR4sv30y1mNwCLcBGAsYHQ/s320/bell.png
Requested by
Host: xmass.saitechsupport.xyz
URL: https://xmass.saitechsupport.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
e0a060ac7e84e43ae8de0436d84e00ebaf03a08aa692f58e20b89dc43a1d4b2f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xmass.saitechsupport.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 20 Dec 2020 13:18:52 GMT
x-content-type-options
nosniff
age
0
content-disposition
inline;filename="bell.png"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
32821
x-xss-protection
0
server
fife
etag
"v99a3"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Sat, 12 Dec 2020 06:15:40 GMT

Redirect headers

content-security-policy
referrer always;
via
1.1 google
referrer-policy
unsafe-url
server
nginx
date
Sun, 20 Dec 2020 13:18:52 GMT
content-type
text/html; charset=utf-8
location
https://1.bp.blogspot.com/-7gV32HkHLao/X8y-O90O8bI/AAAAAAAAmaI/u47WES2zuhoDslfeDrwhjzR4sv30y1mNwCLcBGAsYHQ/s320/bell.png
cache-control
private, max-age=90
alt-svc
clear
content-length
207
Snow.gif
1.bp.blogspot.com/-qXJMsJ_FQzI/X8zCjSB2p_I/AAAAAAAAmao/s1xWoyKC6EoJB3EV5qI4Ji9zmlj59TwQgCLcBGAsYHQ/s320/
Redirect Chain
  • https://bit.ly/36O0sem
  • https://1.bp.blogspot.com/-qXJMsJ_FQzI/X8zCjSB2p_I/AAAAAAAAmao/s1xWoyKC6EoJB3EV5qI4Ji9zmlj59TwQgCLcBGAsYHQ/s320/Snow.gif
23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1.bp.blogspot.com/-qXJMsJ_FQzI/X8zCjSB2p_I/AAAAAAAAmao/s1xWoyKC6EoJB3EV5qI4Ji9zmlj59TwQgCLcBGAsYHQ/s320/Snow.gif
Requested by
Host: xmass.saitechsupport.xyz
URL: https://xmass.saitechsupport.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
71c394e2d7b9c3dc5d654080613cd6e4facb04fe5d9e53c036192be2258e1003
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xmass.saitechsupport.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 20 Dec 2020 13:18:52 GMT
x-content-type-options
nosniff
age
0
content-disposition
inline;filename="Snow.gif"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23685
x-xss-protection
0
server
fife
etag
"v99ab"
vary
Origin
content-type
image/gif
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Sun, 13 Dec 2020 05:53:53 GMT

Redirect headers

content-security-policy
referrer always;
via
1.1 google
referrer-policy
unsafe-url
server
nginx
date
Sun, 20 Dec 2020 13:18:52 GMT
content-type
text/html; charset=utf-8
location
https://1.bp.blogspot.com/-qXJMsJ_FQzI/X8zCjSB2p_I/AAAAAAAAmao/s1xWoyKC6EoJB3EV5qI4Ji9zmlj59TwQgCLcBGAsYHQ/s320/Snow.gif
cache-control
private, max-age=90
alt-svc
clear
content-length
207
Christmas-2018-715x263-removebg-preview.png
1.bp.blogspot.com/-ch3Kq7VfNB0/X7z4clKyCUI/AAAAAAAAmYQ/o-oqAc7yUhAs6PiCKjOqOBW8NE579bvoQCLcBGAsYHQ/s320/
Redirect Chain
  • https://bit.ly/39cueeg
  • https://1.bp.blogspot.com/-ch3Kq7VfNB0/X7z4clKyCUI/AAAAAAAAmYQ/o-oqAc7yUhAs6PiCKjOqOBW8NE579bvoQCLcBGAsYHQ/s320/Christmas-2018-715x263-removebg-preview.png
63 KB
63 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1.bp.blogspot.com/-ch3Kq7VfNB0/X7z4clKyCUI/AAAAAAAAmYQ/o-oqAc7yUhAs6PiCKjOqOBW8NE579bvoQCLcBGAsYHQ/s320/Christmas-2018-715x263-removebg-preview.png
Requested by
Host: xmass.saitechsupport.xyz
URL: https://xmass.saitechsupport.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
04e36d1fdb757fababbc588148af586550b5a947b95adc1754fe084f5bf29d6c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xmass.saitechsupport.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 20 Dec 2020 13:18:52 GMT
x-content-type-options
nosniff
age
0
content-disposition
inline;filename="Christmas-2018-715x263-removebg-preview.png"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
64432
x-xss-protection
0
server
fife
etag
"v9985"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Sat, 12 Dec 2020 06:15:27 GMT

Redirect headers

content-security-policy
referrer always;
via
1.1 google
referrer-policy
unsafe-url
server
nginx
date
Sun, 20 Dec 2020 13:18:52 GMT
content-type
text/html; charset=utf-8
location
https://1.bp.blogspot.com/-ch3Kq7VfNB0/X7z4clKyCUI/AAAAAAAAmYQ/o-oqAc7yUhAs6PiCKjOqOBW8NE579bvoQCLcBGAsYHQ/s320/Christmas-2018-715x263-removebg-preview.png
cache-control
private, max-age=90
alt-svc
clear
content-length
242
su23-removebg-preview.png
1.bp.blogspot.com/-QMZ-9RyIIq0/X7z56ou8QSI/AAAAAAAAmYc/MEF2MlqZZTAarY3TNnwup51jTg1Z4RAmwCLcBGAsYHQ/s320/
Redirect Chain
  • https://bit.ly/3fscLQe
  • https://1.bp.blogspot.com/-QMZ-9RyIIq0/X7z56ou8QSI/AAAAAAAAmYc/MEF2MlqZZTAarY3TNnwup51jTg1Z4RAmwCLcBGAsYHQ/s320/su23-removebg-preview.png
67 KB
67 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1.bp.blogspot.com/-QMZ-9RyIIq0/X7z56ou8QSI/AAAAAAAAmYc/MEF2MlqZZTAarY3TNnwup51jTg1Z4RAmwCLcBGAsYHQ/s320/su23-removebg-preview.png
Requested by
Host: xmass.saitechsupport.xyz
URL: https://xmass.saitechsupport.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
3e749c7d6c0d110cb5ca323904beb7ce49c406afb09b8c04069dfceef554567f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xmass.saitechsupport.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 20 Dec 2020 13:18:52 GMT
x-content-type-options
nosniff
age
0
content-disposition
inline;filename="su23-removebg-preview.png"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
68208
x-xss-protection
0
server
fife
etag
"v9988"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Sat, 12 Dec 2020 06:15:35 GMT

Redirect headers

content-security-policy
referrer always;
via
1.1 google
referrer-policy
unsafe-url
server
nginx
date
Sun, 20 Dec 2020 13:18:52 GMT
content-type
text/html; charset=utf-8
location
https://1.bp.blogspot.com/-QMZ-9RyIIq0/X7z56ou8QSI/AAAAAAAAmYc/MEF2MlqZZTAarY3TNnwup51jTg1Z4RAmwCLcBGAsYHQ/s320/su23-removebg-preview.png
cache-control
private, max-age=90
alt-svc
clear
content-length
224
merry-christmas-2020-gif.gif
1.bp.blogspot.com/-2T5S1t0AXcU/X7z8Boy6yvI/AAAAAAAAmYw/WaYI5wlMkWkvBJfbosD_JEdThzWywNmtACLcBGAsYHQ/s320/
Redirect Chain
  • https://bit.ly/3nLuwgi
  • https://1.bp.blogspot.com/-2T5S1t0AXcU/X7z8Boy6yvI/AAAAAAAAmYw/WaYI5wlMkWkvBJfbosD_JEdThzWywNmtACLcBGAsYHQ/s320/merry-christmas-2020-gif.gif
72 KB
73 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1.bp.blogspot.com/-2T5S1t0AXcU/X7z8Boy6yvI/AAAAAAAAmYw/WaYI5wlMkWkvBJfbosD_JEdThzWywNmtACLcBGAsYHQ/s320/merry-christmas-2020-gif.gif
Requested by
Host: xmass.saitechsupport.xyz
URL: https://xmass.saitechsupport.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
1bb6b3ed7b2b631b1040f4bd9146783c6cba3f058951545858b932af9f23f297
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xmass.saitechsupport.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 20 Dec 2020 13:18:52 GMT
x-content-type-options
nosniff
age
0
content-disposition
inline;filename="merry-christmas-2020-gif.gif"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
74179
x-xss-protection
0
server
fife
etag
"v998d"
vary
Origin
content-type
image/gif
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Sat, 12 Dec 2020 06:15:58 GMT

Redirect headers

content-security-policy
referrer always;
via
1.1 google
referrer-policy
unsafe-url
server
nginx
date
Sun, 20 Dec 2020 13:18:52 GMT
content-type
text/html; charset=utf-8
location
https://1.bp.blogspot.com/-2T5S1t0AXcU/X7z8Boy6yvI/AAAAAAAAmYw/WaYI5wlMkWkvBJfbosD_JEdThzWywNmtACLcBGAsYHQ/s320/merry-christmas-2020-gif.gif
cache-control
private, max-age=90
alt-svc
clear
content-length
227
3068dfa295322918a57fcc2eae53cff5.gif
1.bp.blogspot.com/-YSQ46KgsaD8/X7z7m6R774I/AAAAAAAAmYo/zIC4VEA2vCcI-OVBY7gLeyZizCE65bTjwCLcBGAsYHQ/s320/
Redirect Chain
  • https://bit.ly/3m1MYkt
  • https://1.bp.blogspot.com/-YSQ46KgsaD8/X7z7m6R774I/AAAAAAAAmYo/zIC4VEA2vCcI-OVBY7gLeyZizCE65bTjwCLcBGAsYHQ/s320/3068dfa295322918a57fcc2eae53cff5.gif
29 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1.bp.blogspot.com/-YSQ46KgsaD8/X7z7m6R774I/AAAAAAAAmYo/zIC4VEA2vCcI-OVBY7gLeyZizCE65bTjwCLcBGAsYHQ/s320/3068dfa295322918a57fcc2eae53cff5.gif
Requested by
Host: xmass.saitechsupport.xyz
URL: https://xmass.saitechsupport.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
f5e344d4b70470528195dfb5ee74232e0c531e785ea4082cf9ebdd809dd92589
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xmass.saitechsupport.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 20 Dec 2020 13:18:52 GMT
x-content-type-options
nosniff
age
0
content-disposition
inline;filename="3068dfa295322918a57fcc2eae53cff5.gif"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30111
x-xss-protection
0
server
fife
etag
"v998b"
vary
Origin
content-type
image/gif
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Sun, 13 Dec 2020 15:37:50 GMT

Redirect headers

content-security-policy
referrer always;
via
1.1 google
referrer-policy
unsafe-url
server
nginx
date
Sun, 20 Dec 2020 13:18:52 GMT
content-type
text/html; charset=utf-8
location
https://1.bp.blogspot.com/-YSQ46KgsaD8/X7z7m6R774I/AAAAAAAAmYo/zIC4VEA2vCcI-OVBY7gLeyZizCE65bTjwCLcBGAsYHQ/s320/3068dfa295322918a57fcc2eae53cff5.gif
cache-control
private, max-age=90
alt-svc
clear
content-length
235
cookienotice.js
xmass.saitechsupport.xyz/js/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://xmass.saitechsupport.xyz/js/cookienotice.js
Requested by
Host: xmass.saitechsupport.xyz
URL: https://xmass.saitechsupport.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xmass.saitechsupport.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 20 Dec 2020 13:18:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Sun, 20 Dec 2020 12:09:14 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
2026
x-xss-protection
0
expires
Sun, 27 Dec 2020 13:18:52 GMT
wp.png
1.bp.blogspot.com/-ARiMLSA5jAc/X8zAsBK0PpI/AAAAAAAAmac/8LEjw1rBgwkoPNJcMHLxGBR-sIbfSAGuQCLcBGAsYHQ/s200/
Redirect Chain
  • https://bit.ly/2VLMnaW
  • https://1.bp.blogspot.com/-ARiMLSA5jAc/X8zAsBK0PpI/AAAAAAAAmac/8LEjw1rBgwkoPNJcMHLxGBR-sIbfSAGuQCLcBGAsYHQ/s200/wp.png
3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1.bp.blogspot.com/-ARiMLSA5jAc/X8zAsBK0PpI/AAAAAAAAmac/8LEjw1rBgwkoPNJcMHLxGBR-sIbfSAGuQCLcBGAsYHQ/s200/wp.png
Requested by
Host: xmass.saitechsupport.xyz
URL: https://xmass.saitechsupport.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
6d19767ab10d4c5fbccf96d7d674a9fb967a3b63ee52eb2c26e99e8e9941b9f1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xmass.saitechsupport.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 20 Dec 2020 13:18:52 GMT
x-content-type-options
nosniff
age
0
content-disposition
inline;filename="wp.png"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2696
x-xss-protection
0
server
fife
etag
"v99a8"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Sat, 12 Dec 2020 06:16:12 GMT

Redirect headers

content-security-policy
referrer always;
via
1.1 google
referrer-policy
unsafe-url
server
nginx
date
Sun, 20 Dec 2020 13:18:52 GMT
content-type
text/html; charset=utf-8
location
https://1.bp.blogspot.com/-ARiMLSA5jAc/X8zAsBK0PpI/AAAAAAAAmac/8LEjw1rBgwkoPNJcMHLxGBR-sIbfSAGuQCLcBGAsYHQ/s200/wp.png
cache-control
private, max-age=90
alt-svc
clear
content-length
205
qiqdzC5aFgJH0hiMyVaHX77ItRXdWcfluPMIJZrgLQNnOyc_URgOH1MOfpA8Pk5WMDzulIB6gvdasj2PPxDT4AG-Z9AQY8gYEsNCDJB9AdjYR_uBnKcHMqIhVyZ8ttQoBBHTbTUGPGcMyw=s0-d
lh5.googleusercontent.com/proxy/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh5.googleusercontent.com/proxy/qiqdzC5aFgJH0hiMyVaHX77ItRXdWcfluPMIJZrgLQNnOyc_URgOH1MOfpA8Pk5WMDzulIB6gvdasj2PPxDT4AG-Z9AQY8gYEsNCDJB9AdjYR_uBnKcHMqIhVyZ8ttQoBBHTbTUGPGcMyw=s0-d
Requested by
Host: xmass.saitechsupport.xyz
URL: https://xmass.saitechsupport.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
b4fa0e8134cc4933644908009ab96d1027a79ea1b4a1a3945e58adb427f3ddf2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xmass.saitechsupport.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 20 Dec 2020 09:42:53 GMT
x-content-type-options
nosniff
server
fife
age
12959
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
content-disposition
attachment;filename="unnamed.png"
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16371
x-xss-protection
0
expires
Mon, 21 Dec 2020 09:42:53 GMT
gh.php
m.free-codes.org/ 		0
0
merrychristmas.mp3
www.freeabcsongs.com/mp3/ Frame 8091 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.freeabcsongs.com/mp3/merrychristmas.mp3
Requested by
Host: xmass.saitechsupport.xyz
URL: https://xmass.saitechsupport.xyz/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
173.201.92.187 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
ip-173-201-92-187.ip.secureserver.net
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Host
www.freeabcsongs.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
embed
Referer
https://xmass.saitechsupport.xyz/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://xmass.saitechsupport.xyz/

Response headers

Date
Sun, 20 Dec 2020 13:18:52 GMT
Server
Apache
Last-Modified
Mon, 24 Nov 2008 11:13:49 GMT
ETag
"e1b8e-45c6d7d3a3540"
Accept-Ranges
bytes
Content-Length
924558
Cache-Control
max-age=2592000
Expires
Tue, 19 Jan 2021 13:18:52 GMT
Strict-Transport-Security
max-age=300
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
audio/mpeg
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/ 		234 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fe5d97969e5d98e03eaacc671edb2e30373f05070f5a37d69f5a5f6f91b79149
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xmass.saitechsupport.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 20 Dec 2020 13:18:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
89527
x-xss-protection
0
server
cafe
etag
1810063338415286733
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Sun, 20 Dec 2020 13:18:52 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20201203/r20190131/ Frame F5F1 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20201203/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20201203/r20190131/zrt_lookup.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://xmass.saitechsupport.xyz/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://xmass.saitechsupport.xyz/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Sun, 20 Dec 2020 09:58:13 GMT
expires
Sun, 03 Jan 2021 09:58:13 GMT
content-type
text/html; charset=UTF-8
etag
10723747146953794269
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4923
x-xss-protection
0
age
12039
cache-control
public, max-age=1209600
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
cookie.js
partner.googleadservices.com/gampad/ 		208 B
647 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=xmass.saitechsupport.xyz&callback=_gfp_s_&client=ca-pub-1648016894487996
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s13-in-f226.1e100.net
Software
cafe /
Resource Hash
d0f8939d9abbb6eb5385874f5f89f640d4ab1baf968f4d7a9c7758f9d37ec2dd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xmass.saitechsupport.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 20 Dec 2020 13:18:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
198
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ 		109 B
803 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=xmass.saitechsupport.xyz
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xmass.saitechsupport.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 20 Dec 2020 13:18:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		109 B
247 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=xmass.saitechsupport.xyz
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xmass.saitechsupport.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 20 Dec 2020 13:18:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 97B1 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?npa=1&guci=1.2.0.0.2.1.0.0&client=ca-pub-1648016894487996&output=html&h=280&slotname=8263503793&adk=644675431&adf=869763061&pi=t.ma~as.8263503793&w=1200&fwrn=4&fwrnh=100&lmt=1608470059&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fxmass.saitechsupport.xyz%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1608470332232&bpp=16&bdt=117&idt=73&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=2118900052697&frm=20&pv=2&ga_vid=866323823.1608470332&ga_sid=1608470332&ga_hid=1458066652&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=32&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066923&oid=3&pvsid=1653582032844458&pem=616&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=Pcb3cN2Hpm&p=https%3A//xmass.saitechsupport.xyz&dtd=92
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?npa=1&guci=1.2.0.0.2.1.0.0&client=ca-pub-1648016894487996&output=html&h=280&slotname=8263503793&adk=644675431&adf=869763061&pi=t.ma~as.8263503793&w=1200&fwrn=4&fwrnh=100&lmt=1608470059&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fxmass.saitechsupport.xyz%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1608470332232&bpp=16&bdt=117&idt=73&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=2118900052697&frm=20&pv=2&ga_vid=866323823.1608470332&ga_sid=1608470332&ga_hid=1458066652&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=32&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066923&oid=3&pvsid=1653582032844458&pem=616&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=Pcb3cN2Hpm&p=https%3A//xmass.saitechsupport.xyz&dtd=92
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://xmass.saitechsupport.xyz/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://xmass.saitechsupport.xyz/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Sun, 20 Dec 2020 13:18:52 GMT
server
cafe
content-length
205
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Sun, 20-Dec-2020 13:33:52 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires
Sun, 20 Dec 2020 13:18:52 GMT
cache-control
private
osd.js
www.googletagservices.com/activeview/js/current/ 		74 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c1c9310eb6a56101c2133db372cfbe9cefb5ff6b90a02ded916984c975b813b2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xmass.saitechsupport.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 20 Dec 2020 13:18:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1607690616793149"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
28334
x-xss-protection
0
expires
Sun, 20 Dec 2020 13:18:52 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame B98E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?npa=1&guci=1.2.0.0.2.1.0.0&client=ca-pub-1648016894487996&output=html&h=280&slotname=8263503793&adk=3817226440&adf=3610564264&pi=t.ma~as.8263503793&w=1200&fwrn=4&fwrnh=100&lmt=1608470059&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fxmass.saitechsupport.xyz%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1608470332248&bpp=4&bdt=133&idt=85&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=2118900052697&frm=20&pv=1&ga_vid=866323823.1608470332&ga_sid=1608470332&ga_hid=1458066652&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1012&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066923&oid=3&pvsid=1653582032844458&pem=616&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=6PucltTuRY&p=https%3A//xmass.saitechsupport.xyz&dtd=89
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?npa=1&guci=1.2.0.0.2.1.0.0&client=ca-pub-1648016894487996&output=html&h=280&slotname=8263503793&adk=3817226440&adf=3610564264&pi=t.ma~as.8263503793&w=1200&fwrn=4&fwrnh=100&lmt=1608470059&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fxmass.saitechsupport.xyz%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1608470332248&bpp=4&bdt=133&idt=85&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=2118900052697&frm=20&pv=1&ga_vid=866323823.1608470332&ga_sid=1608470332&ga_hid=1458066652&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1012&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066923&oid=3&pvsid=1653582032844458&pem=616&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=6PucltTuRY&p=https%3A//xmass.saitechsupport.xyz&dtd=89
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://xmass.saitechsupport.xyz/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://xmass.saitechsupport.xyz/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Sun, 20 Dec 2020 13:18:52 GMT
server
cafe
content-length
205
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Sun, 20-Dec-2020 13:33:52 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires
Sun, 20 Dec 2020 13:18:52 GMT
cache-control
private
ads
googleads.g.doubleclick.net/pagead/ Frame A839 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?npa=1&guci=1.2.0.0.2.1.0.0&client=ca-pub-1648016894487996&output=html&h=280&slotname=8263503793&adk=3597122126&adf=1770954353&pi=t.ma~as.8263503793&w=1200&fwrn=4&fwrnh=100&lmt=1608470059&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fxmass.saitechsupport.xyz%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1608470332252&bpp=2&bdt=137&idt=89&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C1200x280&correlator=2118900052697&frm=20&pv=1&ga_vid=866323823.1608470332&ga_sid=1608470332&ga_hid=1458066652&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=2044&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066923&oid=3&pvsid=1653582032844458&pem=616&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=9uX9gLRNbx&p=https%3A//xmass.saitechsupport.xyz&dtd=92
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?npa=1&guci=1.2.0.0.2.1.0.0&client=ca-pub-1648016894487996&output=html&h=280&slotname=8263503793&adk=3597122126&adf=1770954353&pi=t.ma~as.8263503793&w=1200&fwrn=4&fwrnh=100&lmt=1608470059&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fxmass.saitechsupport.xyz%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1608470332252&bpp=2&bdt=137&idt=89&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C1200x280&correlator=2118900052697&frm=20&pv=1&ga_vid=866323823.1608470332&ga_sid=1608470332&ga_hid=1458066652&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=2044&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066923&oid=3&pvsid=1653582032844458&pem=616&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=9uX9gLRNbx&p=https%3A//xmass.saitechsupport.xyz&dtd=92
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://xmass.saitechsupport.xyz/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://xmass.saitechsupport.xyz/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Sun, 20 Dec 2020 13:18:52 GMT
server
cafe
content-length
204
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Sun, 20-Dec-2020 13:33:52 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires
Sun, 20 Dec 2020 13:18:52 GMT
cache-control
private
gen_204
pagead2.googlesyndication.com/pagead/ 		0
121 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fxmass.saitechsupport.xyz%2F&tn=MARQUEE&cls=m2&ign=false
Requested by
Host: xmass.saitechsupport.xyz
URL: https://xmass.saitechsupport.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xmass.saitechsupport.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 20 Dec 2020 13:19:16 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
56 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fxmass.saitechsupport.xyz%2F&tn=DIV&id=cookieChoiceInfo&cls=cookie-choices-info%20singleton-element&ign=false
Requested by
Host: xmass.saitechsupport.xyz
URL: https://xmass.saitechsupport.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xmass.saitechsupport.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 20 Dec 2020 13:19:16 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 636A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?npa=1&guci=1.2.0.0.2.1.0.0&client=ca-pub-1648016894487996&output=html&adk=1812271804&adf=3025194257&lmt=1608470059&plat=1%3A16809992%2C2%3A16809992%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&format=0x0&url=https%3A%2F%2Fxmass.saitechsupport.xyz%2F&ea=0&flash=0&pra=7&wgl=1&adsid=NT&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1608470356264&bpp=1&bdt=24149&idt=2&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C1200x280%2C1200x280&nras=1&correlator=2118900052697&frm=20&pv=1&ga_vid=866323823.1608470332&ga_sid=1608470332&ga_hid=1458066652&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066923&oid=3&pvsid=1653582032844458&pem=616&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=3&uci=a!3&fsb=1&dtd=25
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?npa=1&guci=1.2.0.0.2.1.0.0&client=ca-pub-1648016894487996&output=html&adk=1812271804&adf=3025194257&lmt=1608470059&plat=1%3A16809992%2C2%3A16809992%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&format=0x0&url=https%3A%2F%2Fxmass.saitechsupport.xyz%2F&ea=0&flash=0&pra=7&wgl=1&adsid=NT&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1608470356264&bpp=1&bdt=24149&idt=2&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C1200x280%2C1200x280&nras=1&correlator=2118900052697&frm=20&pv=1&ga_vid=866323823.1608470332&ga_sid=1608470332&ga_hid=1458066652&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066923&oid=3&pvsid=1653582032844458&pem=616&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=3&uci=a!3&fsb=1&dtd=25
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://xmass.saitechsupport.xyz/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://xmass.saitechsupport.xyz/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Sun, 20 Dec 2020 13:19:16 GMT
server
cafe
content-length
4268
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Sun, 20-Dec-2020 13:34:16 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires
Sun, 20 Dec 2020 13:19:16 GMT
cache-control
private
sodar
pagead2.googlesyndication.com/getconfig/ 		8 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20201203&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3bfa92f56dbf9ee24f45dbda45f96448efbfdac58843c5c181893f5734a20bd9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xmass.saitechsupport.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 20 Dec 2020 13:19:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
6454
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xmass.saitechsupport.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 20 Dec 2020 13:19:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1603823857801521"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6015
x-xss-protection
0
expires
Sun, 20 Dec 2020 13:19:16 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/219/ Frame 9883 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/219/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://xmass.saitechsupport.xyz/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://xmass.saitechsupport.xyz/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
content-length
4867
date
Sun, 20 Dec 2020 13:10:04 GMT
expires
Mon, 20 Dec 2021 13:10:04 GMT
last-modified
Mon, 05 Oct 2020 22:33:01 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
552
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
gen_204
pagead2.googlesyndication.com/pagead/ 		0
111 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=219&t=2&li=gda_r20201203&jk=1653582032844458&bg=!AwClACDNAAXKjztBylhkk_DV_AAi1QIAAABjUgAAAAxoAQcKAKHhW8geYZbcGytMgfZiWxEITs-F6lcTmC9H5gqxY1rUlzi9s5bqOnm1fx8y81HLbKB-gBJ5uquPnfJFB0Kwi3g0TFXzLiQuOWGR-lGKPHezfs1jVLhKdW3w6qwOirrGJ7DS9Bb9t9k6Xqx__HALV-TTfIZNzdc4oC38kFyn-taWWV54oRLV5GVU6dUTTt9-Hrxy572QK9zpM_Qn9kNRNAnHzZkBwR4JiKfo5XP4ZIPX-2qT1bKYzGbFgKWTW3nKyQh1l_EShdyi-X8vQlzu33lP3kkrm1oJRZVbVktVj8WDTuOkquN1-sB2dMxiv7pFD5LfRgkSM3zIIKQzXAbMeYLSNA6WF9eC8kkmTq1owYY64K_h-prU0pJfxPF7gzjLgvGs38EBhA0QWeNbT7KpfF6WBWjaQa0AOo5Eg8rEJ4vaG7xGt45RL2B0wPMgnfsYrGcH1kD3lAulVR5JG8OiXIYYgrGAokWmDJZHX0lYZdfv7R-nhhiClq-lgL7kA5iTQTCdY5bKgAVo4TIXHycpXob_nD3isB0M-sqqGZl7bsvaF-BYQMMCWoRsTYPXhRdMpUaWRVLIlMHfNG-ZGBJC_IAWYBgFDQcsMyTHThL1a8txAaKMNGvQUuRNLABMnO_oBWzV4LEyLNCcs3eP-qRj_pzqPV1Y7g726QxxKroJv7Szu0D8BnOI8XB31o4dTvanXPWUil0h-SDT38HjMdYYA4DofVBj_8k97NF8d248YgKnAhQMiZYSCdjH8hLXkrwnnHIK0z3OB1qyupQ6kdkeFqcGmtc5b9BJ5zPY_UwJjyBiIR50JCcT
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xmass.saitechsupport.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 20 Dec 2020 13:19:16 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
m.free-codes.org
URL
https://m.free-codes.org/gh.php?id=2001

Verdicts & Comments Add Verdict or Comment

63 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| adsbygoogle object| a number| countDownDate number| x object| google_tag_manager object| dataLayer object| google_js_reporting_queue number| google_srt object| google_ad_modifications object| google_logging_queue object| ggeac boolean| google_measure_js_timing object| google_trust_token_operation_status object| google_reactive_ads_global_state object| google_persistent_state_async boolean| _gfp_a_ object| google_sa_queue object| google_sl_win function| google_process_slots boolean| google_apltlad function| google_spfd number| google_lpabyc number| google_unique_id object| google_sv_map function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter function| google_sa_impl object| __google_ad_urls number| google_global_correlator number| __google_ad_urls_id object| googleToken object| googleIMState boolean| _gfp_p_ function| processGoogleToken object| google_prev_clients object| gaGlobal object| google_jobrunner object| ampInaboxIframes object| ampInaboxPendingMessages boolean| google_osd_loaded boolean| google_onload_fired function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb object| cookieChoices object| google_image_requests object| GoogleGcLKhOms

1 Cookies

Domain/Path Name / Value
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1.bp.blogspot.com
adservice.google.com
adservice.google.de
bit.ly
cdnjs.cloudflare.com
fonts.googleapis.com
googleads.g.doubleclick.net
lh5.googleusercontent.com
m.free-codes.org
pagead2.googlesyndication.com
partner.googleadservices.com
tpc.googlesyndication.com
www.freeabcsongs.com
www.googletagmanager.com
www.googletagservices.com
xmass.saitechsupport.xyz
m.free-codes.org
172.217.21.226
173.201.92.187
2606:4700::6810:125e
2a00:1450:4001:806::2002
2a00:1450:4001:808::2001
2a00:1450:4001:808::2008
2a00:1450:4001:814::2013
2a00:1450:4001:815::2001
2a00:1450:4001:81c::2002
2a00:1450:4001:81d::200a
2a00:1450:4001:81f::2001
67.199.248.10
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
04e36d1fdb757fababbc588148af586550b5a947b95adc1754fe084f5bf29d6c
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568
17210340d3bbd9f91f5aa1e69d5bb549bbfba0dac54399a8f6f960512c0ccd64
1bb6b3ed7b2b631b1040f4bd9146783c6cba3f058951545858b932af9f23f297
36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c
3bfa92f56dbf9ee24f45dbda45f96448efbfdac58843c5c181893f5734a20bd9
3e749c7d6c0d110cb5ca323904beb7ce49c406afb09b8c04069dfceef554567f
6324a26bc6658c57e8c92be8b0b68a4f63830707cf0b32f919f858f1d256396b
66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd
6aeb0fd00b9f980dd57262cb80ac7a727d10f2d267150942e175d5e4158e16e5
6d19767ab10d4c5fbccf96d7d674a9fb967a3b63ee52eb2c26e99e8e9941b9f1
71c394e2d7b9c3dc5d654080613cd6e4facb04fe5d9e53c036192be2258e1003
83bd180894b0a2dabc42ac3b9cac289eeba25d57901165cf0b0534cbb9e225c1
8fe3fa119255adb5e0c12479331f9e092e85bcff56ab6ecc0510bfa2056b898d
b4fa0e8134cc4933644908009ab96d1027a79ea1b4a1a3945e58adb427f3ddf2
c1c9310eb6a56101c2133db372cfbe9cefb5ff6b90a02ded916984c975b813b2
c221228ab25af041a5c8e218684dd4238acb17fc23b1a4a8c4864951550a3197
d0f8939d9abbb6eb5385874f5f89f640d4ab1baf968f4d7a9c7758f9d37ec2dd
d6a37177661e7e9064c96525175a5c2e56dfab9178ef20b524b81b0c865ec7b3
e0a060ac7e84e43ae8de0436d84e00ebaf03a08aa692f58e20b89dc43a1d4b2f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f5e344d4b70470528195dfb5ee74232e0c531e785ea4082cf9ebdd809dd92589
fe5d97969e5d98e03eaacc671edb2e30373f05070f5a37d69f5a5f6f91b79149