xosodaiphat.net Open in urlscan Pro
210.211.99.15 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://xosodaiphat.net/quay-thu-xsmb.html
Submission: On September 04 via manual (September 4th 2021, 3:01:16 pm UTC) from VN

Summary HTTP 105 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 19 IPs in 4 countries across 13 domains to perform 105 HTTP transactions. The main IP is 210.211.99.15, located in Viet Nam and belongs to VTDC-AS-VN Vietel - CHT Compamy Ltd, VN. The main domain is xosodaiphat.net.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on September 4th 2020. Valid for: a year.

This is the only time xosodaiphat.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
15	210.211.99.15 210.211.99.15	38731 (VTDC-AS-V...) (VTDC-AS-VN Vietel - CHT Compamy Ltd)
1	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
16	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
4	2a02:6ea0:c70... 2a02:6ea0:c700::10	60068 (CDN77 ^_^) (CDN77 ^_^)
2	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
1	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3033::6815:56d9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700:303... 2606:4700:3035::ac43:a451	13335 (CLOUDFLAR...) (CLOUDFLARENET)
21	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
2 2	2a00:1450:400... 2a00:1450:4001:802::2004	15169 (GOOGLE) (GOOGLE)
3	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
5	2404:6800:400... 2404:6800:400a:80c::2003	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
105	19

15 210.211.99.15 (Viet Nam)

ASN38731 (VTDC-AS-VN Vietel - CHT Compamy Ltd, VN)

xosodaiphat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:6ea0:c700::10 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

img.icons8.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3033::6815:56d9 (United States)

ASN13335 (CLOUDFLARENET, US)

qc.kqbd88.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:3035::ac43:a451 (United States)

ASN13335 (CLOUDFLARENET, US)

static.xosodaiphat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2404:6800:400a:80c::2003 (Osaka, Japan)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
37	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	729 KB
19	xosodaiphat.net xosodaiphat.net static.xosodaiphat.net	579 KB
17	doubleclick.net googleads.g.doubleclick.net securepubads.g.doubleclick.net	159 KB
11	gstatic.com www.gstatic.com csi.gstatic.com fonts.gstatic.com	198 KB
7	google.com 3 redirects adservice.google.com www.google.com	2 KB
4	icons8.com img.icons8.com	5 KB
3	googletagservices.com www.googletagservices.com	111 KB
3	google.de adservice.google.de	1 KB
2	googleapis.com fonts.googleapis.com	1 KB
2	google-analytics.com www.google-analytics.com	19 KB
1	kqbd88.com qc.kqbd88.com	1 KB
1	googleadservices.com partner.googleadservices.com	660 B
1	googletagmanager.com www.googletagmanager.com	40 KB
105	13

	Domain	Requested by
21	tpc.googlesyndication.com	googleads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com
16	pagead2.googlesyndication.com	xosodaiphat.net pagead2.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com tpc.googlesyndication.com
15	xosodaiphat.net	xosodaiphat.net
14	googleads.g.doubleclick.net	pagead2.googlesyndication.com xosodaiphat.net googleads.g.doubleclick.net
5	csi.gstatic.com	securepubads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com
4	fonts.gstatic.com	fonts.googleapis.com
4	www.google.com	3 redirects tpc.googlesyndication.com
4	static.xosodaiphat.net	xosodaiphat.net
4	img.icons8.com	xosodaiphat.net
3	securepubads.g.doubleclick.net	googleads.g.doubleclick.net
3	www.googletagservices.com	googleads.g.doubleclick.net
3	adservice.google.com	pagead2.googlesyndication.com
3	adservice.google.de	pagead2.googlesyndication.com
2	fonts.googleapis.com	tpc.googlesyndication.com googleads.g.doubleclick.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	www.gstatic.com	xosodaiphat.net googleads.g.doubleclick.net
1	qc.kqbd88.com	xosodaiphat.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	www.googletagmanager.com	xosodaiphat.net
105	19

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
www.pinterest.com
twitter.com
www.linkedin.com

Subject Issuer	Validity	Valid
xosodaiphat.net Sectigo RSA Domain Validation Secure Server CA	`2020-09-04` - `2021-09-04`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.icons8.com Sectigo RSA Domain Validation Secure Server CA	`2020-05-13` - `2022-05-13`	2 years	crt.sh
*.gstatic.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-03-03` - `2022-03-02`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-08-16` - `2021-11-08`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh

This page contains 14 frames:

Primary Page: https://xosodaiphat.net/quay-thu-xsmb.html
Frame ID: E017FCAFD9D32046316C56FDC7B0279B
Requests: 46 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210831/r20190131/zrt_lookup.html
Frame ID: DD547D01AE64B060BB8B2978EB507477
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5650397705160395&output=html&adk=1812271804&adf=3025194257&lmt=1630767656&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fxosodaiphat.net%2Fquay-thu-xsmb.html&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630767656063&bpp=2&bdt=4372&idt=74&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8212161975320&rume=1&frm=20&pv=2&ga_vid=931501573.1630767656&ga_sid=1630767656&ga_hid=156683618&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31061691%2C31061692%2C31062297%2C31062312&oid=3&pvsid=3226787076400028&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=93
Frame ID: 64B35AF6DC280BBB0FE77AA9597745EF
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210831/r20110914/zrt_lookup.html?fsb=1
Frame ID: A8CCDB8927E9AE08CEE77D19F0546809
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: D843920C997721FDF78FD014295ADF76
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/WyPn2IgoBqLw06x46K_q_eg8d-IpxicgJR-1ncxoZqI.js
Frame ID: 8BC445392BF8D8745F53CD32C26FD644
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5650397705160395&output=html&h=250&slotname=4944322664&adk=1371069709&adf=658811037&pi=t.ma~as.4944322664&w=300&lmt=1630767657&psa=0&format=300x250&url=https%3A%2F%2Fxosodaiphat.net%2Fquay-thu-xsmb.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630767657490&bpp=1&bdt=5798&idt=-M&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1005x124&nras=2&correlator=8212161975320&rume=1&frm=20&pv=1&ga_vid=931501573.1630767656&ga_sid=1630767656&ga_hid=156683618&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=605&ady=576&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31061691%2C31061692%2C31062297%2C31062312&oid=2&psts=AGkb-H8k6uBkk3cmj1m50ecFiM5OHRkdGnUGpzy1QnWphdwFtFu71UC-MksFgAbsyrgZdS9Obc-Ly542qfQDDwJE4OpgebHX5YDk1K7o&pvsid=3226787076400028&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=EjdcQoPEW3&p=https%3A//xosodaiphat.net&dtd=8
Frame ID: 77D32AA5480DB6151B77FA8A41ECA8AF
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5650397705160395&output=html&h=600&slotname=6421055866&adk=392922152&adf=2013891403&pi=t.ma~as.6421055866&w=300&lmt=1630767657&psa=0&format=300x600&url=https%3A%2F%2Fxosodaiphat.net%2Fquay-thu-xsmb.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630767657490&bpp=1&bdt=5799&idt=1&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1005x124%2C300x250%2C300x250&nras=2&correlator=8212161975320&rume=1&frm=20&pv=1&ga_vid=931501573.1630767656&ga_sid=1630767656&ga_hid=156683618&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1085&ady=460&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31061691%2C31061692%2C31062297%2C31062312&oid=2&psts=AGkb-H8k6uBkk3cmj1m50ecFiM5OHRkdGnUGpzy1QnWphdwFtFu71UC-MksFgAbsyrgZdS9Obc-Ly542qfQDDwJE4OpgebHX5YDk1K7o&pvsid=3226787076400028&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=RxbmcUvkP1&p=https%3A//xosodaiphat.net&dtd=11
Frame ID: EBED13BF9D984AFFBEDCDCE92C48A9C3
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6093951902922309632/index.html
Frame ID: AE5F5320F5B33275DE6E98EE2B7C71AF
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: C543805576FE877EDDD373CC7E6E27CA
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 8F4CF359298A6BF043207D475C4AF758
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/WyPn2IgoBqLw06x46K_q_eg8d-IpxicgJR-1ncxoZqI.js
Frame ID: 256EADB9294794497FF071EB21E7B18C
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 40646AC82756496601DCB1E4DAAC5A2E
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: EEF5906F47BB6264D6E12A557F251480
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Quay thử XSMB - Quay thử Xổ Số Miền Bắc hôm nay - Quay thử MB

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

script /react.*\.js/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href="https:\/\/use\.fontawesome\.com\/releases\/v([^>]+)\/css\//i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

105
Requests

100 %
HTTPS

84 %
IPv6

13
Domains

19
Subdomains

19
IPs

4
Countries

1848 kB
Transfer

4029 kB
Size

0
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/xosodaiphat.net1/
Title:

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/xosodaiphat/
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/ketquasieutoc68
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/xo-so-dai-phat-net/
Title:

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 46

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 65

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 81

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

105 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request quay-thu-xsmb.html Show response
xosodaiphat.net/ 69 KB
9 KB 3484ms
1617ms Document
text/html 210.211.99.15
CHT Compamy Ltd

General

Check archive.org

Show headers Download Go to

Full URL

https://xosodaiphat.net/quay-thu-xsmb.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

210.211.99.15 , Viet Nam, ASN38731 (VTDC-AS-VN Vietel - CHT Compamy Ltd, VN),

Reverse DNS

Software

nginx /

Resource Hash

429f40dd6ebd3230aeb9f7579bdfc3b45a08eb5df14718d6fa81f08adfaa0096

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: xosodaiphat.net
:scheme: https
:path: /quay-thu-xsmb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

server: nginx
date: Sat, 04 Sep 2021 15:05:31 GMT
content-type: text/html; charset=UTF-8
content-length: 8997
set-cookie: JSESSIONID=bJKxU6NPt1Pk29midgAjf7Wo4haZrlE9w4lyGR9nHChItbPXxwrI!2087510450; path=/; HttpOnly
content-language: vi-VN
content-encoding: gzip
x-ua-device: pc
storage: gateway-vt
cache-control: public, max-age=14900, s-maxage=14900
vary: User-Agent, Accept-Encoding
x-cache: MISS
accept-ranges: bytes
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff

GET
H2 200 bootstrap.min.css
xosodaiphat.net/static.xosodaiphat.net/resource/css/ 118 KB
20 KB 414ms
414ms Stylesheet
text/css 210.211.99.15
CHT Compamy Ltd

General

Check archive.org

Show headers Download Go to

Full URL

https://xosodaiphat.net/static.xosodaiphat.net/resource/css/bootstrap.min.css

Requested by

Host: xosodaiphat.net
URL: https://xosodaiphat.net/quay-thu-xsmb.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

210.211.99.15 , Viet Nam, ASN38731 (VTDC-AS-VN Vietel - CHT Compamy Ltd, VN),

Reverse DNS

Software

nginx /

Resource Hash

880de7665b1aaa840303313deca3352af257d55aed4584d5e17f0fbffe0fde01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /static.xosodaiphat.net/resource/css/bootstrap.min.css
pragma: no-cache
cookie: JSESSIONID=bJKxU6NPt1Pk29midgAjf7Wo4haZrlE9w4lyGR9nHChItbPXxwrI!2087510450
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: xosodaiphat.net
referer: https://xosodaiphat.net/quay-thu-xsmb.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xosodaiphat.net/quay-thu-xsmb.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 15:05:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cache: MISS
x-ua-device: pc
vary: User-Agent, Accept-Encoding
content-length: 19751
x-xss-protection: 1; mode=block
last-modified: Sat, 05 Oct 2019 09:08:57 GMT
server: nginx
cache-control: public, max-age=14900, s-maxage=14900
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
storage: gateway-vt
accept-ranges: bytes

GET
H2 200 reset.css
xosodaiphat.net/static.xosodaiphat.net/resource/css/ 2 KB
1 KB 407ms
406ms Stylesheet
text/css 210.211.99.15
CHT Compamy Ltd

General

Check archive.org

Show headers Download Go to

Full URL

https://xosodaiphat.net/static.xosodaiphat.net/resource/css/reset.css

Requested by

Host: xosodaiphat.net
URL: https://xosodaiphat.net/quay-thu-xsmb.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

210.211.99.15 , Viet Nam, ASN38731 (VTDC-AS-VN Vietel - CHT Compamy Ltd, VN),

Reverse DNS

Software

nginx /

Resource Hash

a049c00e18fc64bcf0c54a6ce085ba472627d955a4982909c5b67cecc713a36c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /static.xosodaiphat.net/resource/css/reset.css
pragma: no-cache
cookie: JSESSIONID=bJKxU6NPt1Pk29midgAjf7Wo4haZrlE9w4lyGR9nHChItbPXxwrI!2087510450
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: xosodaiphat.net
referer: https://xosodaiphat.net/quay-thu-xsmb.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xosodaiphat.net/quay-thu-xsmb.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 15:05:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cache: MISS
x-ua-device: pc
vary: User-Agent, Accept-Encoding
content-length: 903
x-xss-protection: 1; mode=block
last-modified: Sat, 05 Oct 2019 09:08:57 GMT
server: nginx
cache-control: public, max-age=14900, s-maxage=14900
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
storage: gateway-vt
accept-ranges: bytes

GET
H2 200 style.css
xosodaiphat.net/static.xosodaiphat.net/resource/scss/ 73 KB
12 KB 4147ms
4147ms Stylesheet
text/css 210.211.99.15
CHT Compamy Ltd

General

Check archive.org

Show headers Download Go to

Full URL

https://xosodaiphat.net/static.xosodaiphat.net/resource/scss/style.css

Requested by

Host: xosodaiphat.net
URL: https://xosodaiphat.net/quay-thu-xsmb.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

210.211.99.15 , Viet Nam, ASN38731 (VTDC-AS-VN Vietel - CHT Compamy Ltd, VN),

Reverse DNS

Software

nginx /

Resource Hash

5dfcb510b01456c9783283ee80b9ec6c1860a8fd96f045dc9bc14b9b98cd31db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /static.xosodaiphat.net/resource/scss/style.css
pragma: no-cache
cookie: JSESSIONID=bJKxU6NPt1Pk29midgAjf7Wo4haZrlE9w4lyGR9nHChItbPXxwrI!2087510450
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: xosodaiphat.net
referer: https://xosodaiphat.net/quay-thu-xsmb.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xosodaiphat.net/quay-thu-xsmb.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 15:05:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cache: HIT
x-ua-device: pc
vary: User-Agent, Accept-Encoding
content-length: 11821
x-xss-protection: 1; mode=block
last-modified: Sat, 05 Oct 2019 09:08:58 GMT
server: nginx
cache-control: public, max-age=14900, s-maxage=14900
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
storage: gateway-vt
accept-ranges: bytes

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 101 KB
40 KB 39ms
37ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-149432570-1

Requested by

Host: xosodaiphat.net
URL: https://xosodaiphat.net/quay-thu-xsmb.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

cef0f0f177b1d93e6df1667c73aa00465481bfd823e1d9d06ba9a2c18e2e0aaa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://xosodaiphat.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 15:00:55 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41242
x-xss-protection: 0
expires: Sat, 04 Sep 2021 15:00:55 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 138 KB
49 KB 175ms
37ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: xosodaiphat.net
URL: https://xosodaiphat.net/quay-thu-xsmb.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9eb37f86ae123a55a9338be74e9da597032cfb705eca5e2b4c0de305d5d8f48d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xosodaiphat.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 15:00:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49531
x-xss-protection: 0
server: cafe
etag: 16169102450127370147
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 04 Sep 2021 15:00:56 GMT

GET
H2 200 logo_daiphat.png
xosodaiphat.net/resource/images/ 16 KB
16 KB 794ms
792ms Image
image/png 210.211.99.15
CHT Compamy Ltd

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://xosodaiphat.net/resource/images/logo_daiphat.png

Requested by

Host: xosodaiphat.net
URL: https://xosodaiphat.net/quay-thu-xsmb.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

210.211.99.15 , Viet Nam, ASN38731 (VTDC-AS-VN Vietel - CHT Compamy Ltd, VN),

Reverse DNS

Software

nginx /

Resource Hash

c0c0680f1e64e139c1c6c160cd8e7b559a217c391bc594372b4e6de27d4636d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /resource/images/logo_daiphat.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: xosodaiphat.net
referer: https://xosodaiphat.net/quay-thu-xsmb.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xosodaiphat.net/quay-thu-xsmb.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 15:05:36 GMT
x-content-type-options: nosniff
last-modified: Fri, 11 Oct 2019 02:38:21 GMT
server: nginx
cache-control: public, max-age=14900, s-maxage=14900
x-frame-options: SAMEORIGIN
x-cache: HIT
content-type: image/png
x-ua-device: pc
storage: gateway-vt
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
vary: User-Agent
content-length: 16388
x-xss-protection: 1; mode=block

GET
H2 200 facebook-new.png
img.icons8.com/officexs/16/000000/ 672 B
1 KB 144ms
6ms Image
image/png 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.icons8.com/officexs/16/000000/facebook-new.png

Requested by

Host: xosodaiphat.net
URL: https://xosodaiphat.net/quay-thu-xsmb.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

CDN77-Turbo /

Resource Hash

b4d587efacfde9ba385121031802c1e89bc365fab285051e9c377a835dcc0edb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://xosodaiphat.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 04 Sep 2021 15:00:55 GMT
icon-size: 16
x-content-type-options: nosniff
memory-svg-cache: true
access-control-allow-origin: *
from-cache: false
from-svg-cache: true
icon-format: png
x-cache: HIT
x-age: 132834
x-dns-prefetch-control: off
content-length: 672
x-xss-protection: 1; mode=block
x-77-nzt: Abk73BCt4ffv4gYCAA==
x-accel-expires: @1630937221
not-found-platform: false
last-modified: Thu, 02 Sep 2021 20:07:51 GMT
server: CDN77-Turbo
x-77-nzt-ray: KynWrmkjaao=
x-download-options: noopen
x-77-cache: HIT
strict-transport-security: max-age=15552000; includeSubDomains
content-type: image/png
memory-cache: false
access-control-expose-headers: Content-Disposition
cache-control: public, max-age=302400
icon-id: qwzAoTEWRtn7
accept-ranges: bytes
version: 0.1.0-SNAPSHOT.20210708094643665

GET
H2 200 pinterest.png
img.icons8.com/officexs/16/000000/ 771 B
1 KB 144ms
6ms Image
image/png 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.icons8.com/officexs/16/000000/pinterest.png

Requested by

Host: xosodaiphat.net
URL: https://xosodaiphat.net/quay-thu-xsmb.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

CDN77-Turbo /

Resource Hash

925abb03f4100152b16eaee3da6a86a5783b1db06b07c7e3ddf0f3120630ef06

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://xosodaiphat.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 04 Sep 2021 15:00:55 GMT
icon-size: 16
x-content-type-options: nosniff
memory-svg-cache: true
access-control-allow-origin: *
from-cache: false
from-svg-cache: true
icon-format: png
x-cache: HIT
x-age: 132834
x-dns-prefetch-control: off
content-length: 771
x-xss-protection: 1; mode=block
x-77-nzt: Abk73BBlzGLv4gYCAA==
x-accel-expires: @1630937221
not-found-platform: false
last-modified: Thu, 02 Sep 2021 12:19:49 GMT
server: CDN77-Turbo
x-77-nzt-ray: u5gAoW4q1WU=
x-download-options: noopen
x-77-cache: HIT
strict-transport-security: max-age=15552000; includeSubDomains
content-type: image/png
memory-cache: false
access-control-expose-headers: Content-Disposition
cache-control: public, max-age=302400
icon-id: TH_37MlgSpXF
accept-ranges: bytes
version: 0.1.0-SNAPSHOT.20210708094643665

GET
H2 200 twitter.png
img.icons8.com/officexs/16/000000/ 477 B
1 KB 144ms
7ms Image
image/png 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.icons8.com/officexs/16/000000/twitter.png

Requested by

Host: xosodaiphat.net
URL: https://xosodaiphat.net/quay-thu-xsmb.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

CDN77-Turbo /

Resource Hash

8d30da4c6152075f8a2c18311345702bbfcbff36d8d0d204f68b002980658f62

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://xosodaiphat.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 04 Sep 2021 15:00:55 GMT
icon-size: 16
x-content-type-options: nosniff
memory-svg-cache: true
access-control-allow-origin: *
from-cache: false
from-svg-cache: true
icon-format: png
x-cache: HIT
x-age: 132834
x-dns-prefetch-control: off
content-length: 477
x-xss-protection: 1; mode=block
x-77-nzt: Abk73BBTcRPv4gYCAA==
x-accel-expires: @1630937221
not-found-platform: false
last-modified: Thu, 02 Sep 2021 00:02:13 GMT
server: CDN77-Turbo
x-77-nzt-ray: moHdAcVB05c=
x-download-options: noopen
x-77-cache: HIT
strict-transport-security: max-age=15552000; includeSubDomains
content-type: image/png
memory-cache: false
access-control-expose-headers: Content-Disposition
cache-control: public, max-age=302400
icon-id: OucUKTHZvuzz
accept-ranges: bytes
version: 0.1.0-SNAPSHOT.20210708094643665

GET
H2 200 linkedin.png
img.icons8.com/officexs/16/000000/ 308 B
944 B 123ms
7ms Image
image/png 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.icons8.com/officexs/16/000000/linkedin.png

Requested by

Host: xosodaiphat.net
URL: https://xosodaiphat.net/quay-thu-xsmb.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

CDN77-Turbo /

Resource Hash

b3a0996bebbf4ae763970d18c21034a53c5850862b5bb49472afb2d0ef5bd181

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://xosodaiphat.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 04 Sep 2021 15:00:55 GMT
icon-size: 16
x-content-type-options: nosniff
memory-svg-cache: true
access-control-allow-origin: *
from-cache: false
from-svg-cache: true
icon-format: png
x-cache: HIT
x-age: 132834
x-dns-prefetch-control: off
content-length: 308
x-xss-protection: 1; mode=block
x-77-nzt: Abk73BBFy3vv4gYCAA==
x-accel-expires: @1630937221
not-found-platform: false
last-modified: Thu, 02 Sep 2021 15:41:46 GMT
server: CDN77-Turbo
x-77-nzt-ray: Sb1DWUKvKw8=
x-download-options: noopen
x-77-cache: HIT
strict-transport-security: max-age=15552000; includeSubDomains
content-type: image/png
memory-cache: false
access-control-expose-headers: Content-Disposition
cache-control: public, max-age=302400
icon-id: tvG-nQ3s2hZL
accept-ranges: bytes
version: 0.1.0-SNAPSHOT.20210708094643665

GET
H2 200 jquery-2.2.1.min.js Show response
xosodaiphat.net/static.xosodaiphat.net/resource/js/ 84 KB
30 KB 4131ms
4131ms Script
text/javascript 210.211.99.15
CHT Compamy Ltd

General

Check archive.org

Show headers Download Go to

Full URL

https://xosodaiphat.net/static.xosodaiphat.net/resource/js/jquery-2.2.1.min.js

Requested by

Host: xosodaiphat.net
URL: https://xosodaiphat.net/quay-thu-xsmb.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

210.211.99.15 , Viet Nam, ASN38731 (VTDC-AS-VN Vietel - CHT Compamy Ltd, VN),

Reverse DNS

Software

nginx /

Resource Hash

037e64fc78a418047f98a7204b73650df48a03ee3675c8ea5c9d57a35240d9e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /static.xosodaiphat.net/resource/js/jquery-2.2.1.min.js
pragma: no-cache
cookie: JSESSIONID=bJKxU6NPt1Pk29midgAjf7Wo4haZrlE9w4lyGR9nHChItbPXxwrI!2087510450
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: xosodaiphat.net
referer: https://xosodaiphat.net/quay-thu-xsmb.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xosodaiphat.net/quay-thu-xsmb.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 15:05:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cache: HIT
x-ua-device: pc
vary: User-Agent, Accept-Encoding
content-length: 29937
x-xss-protection: 1; mode=block
last-modified: Sat, 05 Oct 2019 09:08:58 GMT
server: nginx
cache-control: public, max-age=14900, s-maxage=14900
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript
storage: gateway-vt
accept-ranges: bytes

GET
H2 200 bootstrap.min.js Show response
xosodaiphat.net/static.xosodaiphat.net/resource/js/ 57 KB
15 KB 797ms
796ms Script
text/javascript 210.211.99.15
CHT Compamy Ltd

General

Check archive.org

Show headers Download Go to

Full URL

https://xosodaiphat.net/static.xosodaiphat.net/resource/js/bootstrap.min.js

Requested by

Host: xosodaiphat.net
URL: https://xosodaiphat.net/quay-thu-xsmb.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

210.211.99.15 , Viet Nam, ASN38731 (VTDC-AS-VN Vietel - CHT Compamy Ltd, VN),

Reverse DNS

Software

nginx /

Resource Hash

0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /static.xosodaiphat.net/resource/js/bootstrap.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: xosodaiphat.net
referer: https://xosodaiphat.net/quay-thu-xsmb.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xosodaiphat.net/quay-thu-xsmb.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 15:05:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cache: HIT
x-ua-device: pc
vary: User-Agent, Accept-Encoding
content-length: 15434
x-xss-protection: 1; mode=block
last-modified: Sat, 05 Oct 2019 09:08:58 GMT
server: nginx
cache-control: public, max-age=14900, s-maxage=14900
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript
storage: gateway-vt
accept-ranges: bytes

GET
H2 200 firebase.js Show response
www.gstatic.com/firebasejs/4.8.0/ 386 KB
113 KB 9ms
6ms Script
text/javascript 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/4.8.0/firebase.js

Requested by

Host: xosodaiphat.net
URL: https://xosodaiphat.net/quay-thu-xsmb.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

247a64693b38ff04db57ff8b3b5fc308e593957d0bea794ab66aa2a47e3536ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xosodaiphat.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 19:09:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 330656
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 115815
x-xss-protection: 0
last-modified: Thu, 07 Dec 2017 23:35:31 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 31 Aug 2022 19:09:59 GMT

GET
H2 200 live.js Show response
xosodaiphat.net/static.xosodaiphat.net/resource/js/ 15 KB
3 KB 793ms
790ms Script
text/javascript 210.211.99.15
CHT Compamy Ltd

General

Check archive.org

Show headers Download Go to

Full URL

https://xosodaiphat.net/static.xosodaiphat.net/resource/js/live.js?v=2

Requested by

Host: xosodaiphat.net
URL: https://xosodaiphat.net/quay-thu-xsmb.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

210.211.99.15 , Viet Nam, ASN38731 (VTDC-AS-VN Vietel - CHT Compamy Ltd, VN),

Reverse DNS

Software

nginx /

Resource Hash

b778cac28c30c893ebde673bf88a79a1f9a5995903987a89b064e73287e23178

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /static.xosodaiphat.net/resource/js/live.js?v=2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: xosodaiphat.net
referer: https://xosodaiphat.net/quay-thu-xsmb.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xosodaiphat.net/quay-thu-xsmb.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 15:05:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cache: HIT
x-ua-device: pc
vary: User-Agent, Accept-Encoding
content-length: 2473
x-xss-protection: 1; mode=block
last-modified: Fri, 21 Aug 2020 04:52:41 GMT
server: nginx
cache-control: public, max-age=14900, s-maxage=14900
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript
storage: gateway-vt
accept-ranges: bytes

GET
H2 200 ads.js Show response
xosodaiphat.net/static.xosodaiphat.net/resource/js/ 3 KB
1 KB 793ms
790ms Script
text/javascript 210.211.99.15
CHT Compamy Ltd

General

Check archive.org

Show headers Download Go to

Full URL

https://xosodaiphat.net/static.xosodaiphat.net/resource/js/ads.js?v=2

Requested by

Host: xosodaiphat.net
URL: https://xosodaiphat.net/quay-thu-xsmb.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

210.211.99.15 , Viet Nam, ASN38731 (VTDC-AS-VN Vietel - CHT Compamy Ltd, VN),

Reverse DNS

Software

nginx /

Resource Hash

a8c42c3f38da979aadc38c647d7d219e9369145e982f8f421e837e88ec40f64a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /static.xosodaiphat.net/resource/js/ads.js?v=2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: xosodaiphat.net
referer: https://xosodaiphat.net/quay-thu-xsmb.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xosodaiphat.net/quay-thu-xsmb.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 15:05:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cache: HIT
x-ua-device: pc
vary: User-Agent, Accept-Encoding
content-length: 976
x-xss-protection: 1; mode=block
last-modified: Sat, 22 May 2021 01:27:36 GMT
server: nginx
cache-control: public, max-age=14900, s-maxage=14900
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript
storage: gateway-vt
accept-ranges: bytes

GET
H2 200 countdown.js Show response
xosodaiphat.net/static.xosodaiphat.net/resource/js/ 2 KB
1 KB 793ms
790ms Script
text/javascript 210.211.99.15
CHT Compamy Ltd

General

Check archive.org

Show headers Download Go to

Full URL

https://xosodaiphat.net/static.xosodaiphat.net/resource/js/countdown.js?v=1

Requested by

Host: xosodaiphat.net
URL: https://xosodaiphat.net/quay-thu-xsmb.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

210.211.99.15 , Viet Nam, ASN38731 (VTDC-AS-VN Vietel - CHT Compamy Ltd, VN),

Reverse DNS

Software

nginx /

Resource Hash

1375f9f1fc45e71ecb0d9df8774bd130b7adaf3367acab60a5ba82f91479122d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /static.xosodaiphat.net/resource/js/countdown.js?v=1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: xosodaiphat.net
referer: https://xosodaiphat.net/quay-thu-xsmb.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xosodaiphat.net/quay-thu-xsmb.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 15:05:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cache: HIT
x-ua-device: pc
vary: User-Agent, Accept-Encoding
content-length: 798
x-xss-protection: 1; mode=block
last-modified: Mon, 07 Oct 2019 10:56:15 GMT
server: nginx
cache-control: public, max-age=14900, s-maxage=14900
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript
storage: gateway-vt
accept-ranges: bytes

GET
H2 200 list-icon.png
xosodaiphat.net/static.xosodaiphat.net/resource/images/ 394 B
719 B 932ms
932ms Image
image/png 210.211.99.15
CHT Compamy Ltd

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://xosodaiphat.net/static.xosodaiphat.net/resource/images/list-icon.png

Requested by

Host: xosodaiphat.net
URL: https://xosodaiphat.net/static.xosodaiphat.net/resource/scss/style.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

210.211.99.15 , Viet Nam, ASN38731 (VTDC-AS-VN Vietel - CHT Compamy Ltd, VN),

Reverse DNS

Software

nginx /

Resource Hash

710d59cc71277c8e761e9dde1ba57bf54c4ff65f3fa912baeaff109e80ebd98c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /static.xosodaiphat.net/resource/images/list-icon.png
pragma: no-cache
cookie: _ga=GA1.2.931501573.1630767656; _gid=GA1.2.235210313.1630767656; _gat_gtag_UA_149432570_1=1; __gads=ID=2852300bb4c82a24-22899aaaf3c80079:T=1630767656:RT=1630767656:S=ALNI_MaYVt2j2NZkonHkMCSiVSphkhtE2A
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: xosodaiphat.net
referer: https://xosodaiphat.net/static.xosodaiphat.net/resource/scss/style.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xosodaiphat.net/static.xosodaiphat.net/resource/scss/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 15:05:37 GMT
x-content-type-options: nosniff
last-modified: Fri, 11 Oct 2019 02:38:21 GMT
server: nginx
cache-control: public, max-age=14900, s-maxage=14900
x-frame-options: SAMEORIGIN
x-cache: HIT
content-type: image/png
x-ua-device: pc
storage: gateway-vt
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
vary: User-Agent
content-length: 394
x-xss-protection: 1; mode=block

GET
H2 200 Roboto-Bold.ttf
xosodaiphat.net/static.xosodaiphat.net/resource/fonts/ 167 KB
167 KB 784ms
783ms Font
text/plain 210.211.99.15
CHT Compamy Ltd

General

Check archive.org

Show headers Download Go to

Full URL

https://xosodaiphat.net/static.xosodaiphat.net/resource/fonts/Roboto-Bold.ttf

Requested by

Host: xosodaiphat.net
URL: https://xosodaiphat.net/static.xosodaiphat.net/resource/scss/style.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

210.211.99.15 , Viet Nam, ASN38731 (VTDC-AS-VN Vietel - CHT Compamy Ltd, VN),

Reverse DNS

Software

nginx /

Resource Hash

39b089c00ecf8de9796c641924c012fcbb54fd5866ff7aec540319b323bfed19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /static.xosodaiphat.net/resource/fonts/Roboto-Bold.ttf
pragma: no-cache
origin: https://xosodaiphat.net
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: xosodaiphat.net
referer: https://xosodaiphat.net/static.xosodaiphat.net/resource/scss/style.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://xosodaiphat.net
Referer: https://xosodaiphat.net/static.xosodaiphat.net/resource/scss/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 15:05:36 GMT
x-content-type-options: nosniff
last-modified: Sat, 05 Oct 2019 09:08:57 GMT
server: nginx
cache-control: public, max-age=14900, s-maxage=14900
x-frame-options: SAMEORIGIN
x-cache: HIT
x-ua-device: pc
storage: gateway-vt
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
vary: User-Agent
content-length: 170760
x-xss-protection: 1; mode=block

GET
H2 200 Roboto-Regular.ttf
xosodaiphat.net/static.xosodaiphat.net/resource/fonts/ 123 KB
124 KB 1713ms
1713ms Font
text/plain 210.211.99.15
CHT Compamy Ltd

General

Check archive.org

Show headers Download Go to

Full URL

https://xosodaiphat.net/static.xosodaiphat.net/resource/fonts/Roboto-Regular.ttf

Requested by

Host: xosodaiphat.net
URL: https://xosodaiphat.net/static.xosodaiphat.net/resource/scss/style.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

210.211.99.15 , Viet Nam, ASN38731 (VTDC-AS-VN Vietel - CHT Compamy Ltd, VN),

Reverse DNS

Software

nginx /

Resource Hash

b2ed74f5e28a9e5e3ab9ac34f82eac892280e5fe7d9373d601e137b6046802f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /static.xosodaiphat.net/resource/fonts/Roboto-Regular.ttf
pragma: no-cache
origin: https://xosodaiphat.net
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: xosodaiphat.net
referer: https://xosodaiphat.net/static.xosodaiphat.net/resource/scss/style.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://xosodaiphat.net
Referer: https://xosodaiphat.net/static.xosodaiphat.net/resource/scss/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 15:05:37 GMT
x-content-type-options: nosniff
last-modified: Sat, 05 Oct 2019 09:08:57 GMT
server: nginx
cache-control: public, max-age=14900, s-maxage=14900
x-frame-options: SAMEORIGIN
x-cache: HIT
x-ua-device: pc
storage: gateway-vt
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
vary: User-Agent
content-length: 126072
x-xss-protection: 1; mode=block

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-149432570-1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://xosodaiphat.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 11 Aug 2021 00:32:57 GMT
server: Golfe2
age: 5317
date: Sat, 04 Sep 2021 13:32:19 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Sat, 04 Sep 2021 15:32:19 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 13ms
13ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=156683618&t=pageview&_s=1&dl=https%3A%2F%2Fxosodaiphat.net%2Fquay-thu-xsmb.html&ul=en-us&de=UTF-8&dt=Quay%20th%E1%BB%AD%20XSMB%20-%20Quay%20th%E1%BB%AD%20X%E1%BB%95%20S%E1%BB%91%20Mi%E1%BB%81n%20B%E1%BA%AFc%20h%C3%B4m%20nay%20-%20Quay%20th%E1%BB%AD%20MB&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=170878219&gjid=743393630&cid=931501573.1630767656&tid=UA-149432570-1&_gid=235210313.1630767656&_r=1&gtm=2ou910&z=2031311697

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://xosodaiphat.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 15:00:56 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://xosodaiphat.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/ 250 KB
93 KB 47ms
33ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5650397705160395&plah=xosodaiphat.net

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cb658d8af264091d320d32e952cb1756ea0145c2f6497b182a39e7ce4e466653

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xosodaiphat.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 15:00:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 95178
x-xss-protection: 0
server: cafe
etag: 9330497266985682447
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 04 Sep 2021 15:00:56 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210831/r20190131/ Frame DD54 10 KB
5 KB 6ms
5ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210831/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bf5230ffb8745d28c11ae8b743868364f9be8379300bd59d235f402a53ea96ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210831/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://xosodaiphat.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://xosodaiphat.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 03 Sep 2021 16:02:37 GMT
expires: Fri, 17 Sep 2021 16:02:37 GMT
content-type: text/html; charset=UTF-8
etag: 13836150016441684253
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4591
x-xss-protection: 0
age: 82699
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 rum_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/ 52 KB
20 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/rum_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5650397705160395&plah=xosodaiphat.net

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6389947d04e3ac6fb381b37f661c1b799fb3caa0aa02f63de131ff6a371f39c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xosodaiphat.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 23:06:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57296
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20553
x-xss-protection: 0
server: cafe
etag: 15137425023313320419
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Sep 2021 23:06:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 205 B
660 B 70ms
26ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=xosodaiphat.net&callback=_gfp_s_&client=ca-pub-5650397705160395

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

d6ca848a6cdd5ab970866dd72b168d0d1f7c6ff8107a254e8366c1183483fb3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xosodaiphat.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 15:00:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 194
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
853 B 37ms
16ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=xosodaiphat.net

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xosodaiphat.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 15:00:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
570 B 36ms
17ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=xosodaiphat.net

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xosodaiphat.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 15:00:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 64B3 96 KB
31 KB 724ms
724ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5650397705160395&output=html&adk=1812271804&adf=3025194257&lmt=1630767656&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fxosodaiphat.net%2Fquay-thu-xsmb.html&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630767656063&bpp=2&bdt=4372&idt=74&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8212161975320&rume=1&frm=20&pv=2&ga_vid=931501573.1630767656&ga_sid=1630767656&ga_hid=156683618&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31061691%2C31061692%2C31062297%2C31062312&oid=3&pvsid=3226787076400028&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=93

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

edf9bbedbc070b615ccfa2913b36e2d327ea9fe1e441e452f9f3f6f726e49121

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5650397705160395&output=html&adk=1812271804&adf=3025194257&lmt=1630767656&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fxosodaiphat.net%2Fquay-thu-xsmb.html&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630767656063&bpp=2&bdt=4372&idt=74&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8212161975320&rume=1&frm=20&pv=2&ga_vid=931501573.1630767656&ga_sid=1630767656&ga_hid=156683618&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31061691%2C31061692%2C31062297%2C31062312&oid=3&pvsid=3226787076400028&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=93
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://xosodaiphat.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://xosodaiphat.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 04 Sep 2021 15:00:56 GMT
server: cafe
content-length: 31571
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 04-Sep-2021 15:15:56 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 04 Sep 2021 15:00:56 GMT
cache-control: private

GET
H2 200 get_ads.htm Show response
qc.kqbd88.com/ads.api/ 4 KB
1 KB 717ms
685ms XHR
application/json 2606:4700:3033::6815:56d9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qc.kqbd88.com/ads.api/get_ads.htm?domain=ketquasieutoc.com&page=21&kieu=pc&trangthai=1&_=1630767656646
Requested by: Host: xosodaiphat.net
URL: https://xosodaiphat.net/static.xosodaiphat.net/resource/js/jquery-2.2.1.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:56d9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 778409f72d6939acbdee2b281898b843094f00fde232f3576835b78e47ac2fc9

Request headers

Accept: text/plain, */*; q=0.01
Referer: https://xosodaiphat.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 15:00:57 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vQhcj98LiUHD1Hw9doWajhhJPTNKRpyDuAontjySdAWLIgcCJSAGdLKj%2Bbmumh1XeuCXR4xMZMcQkgqIY6tnKi2%2FbkXsbBlfL3rmiHyaEPzjYVeXlO%2FwudTL4Ema1MaGFYwDjlXAD3bzKR4D"}],"group":"cf-nel","max_age":604800}
x-oracle-dms-ecid: c54eef35-7c50-4a70-b11c-9b1c55753476-001ecfac
access-control-allow-origin: *
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-ray: 6898171effd6d6b5-FRA
content-type: application/json; charset=UTF-8
x-oracle-dms-rid: 0

GET
H2 200 quaythu.htm Show response
xosodaiphat.net/ajax/ 16 KB
1 KB 813ms
812ms XHR
text/html 210.211.99.15
CHT Compamy Ltd

General

Check archive.org

Show headers Download Go to

Full URL

https://xosodaiphat.net/ajax/quaythu.htm?r=MB

Requested by

Host: xosodaiphat.net
URL: https://xosodaiphat.net/static.xosodaiphat.net/resource/js/jquery-2.2.1.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

210.211.99.15 , Viet Nam, ASN38731 (VTDC-AS-VN Vietel - CHT Compamy Ltd, VN),

Reverse DNS

Software

nginx /

Resource Hash

715568ccbb5fb9301a2e8e1a75c60e71b39cc7b5830ac8bfe251abbb3a051b64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
accept-encoding: gzip, deflate, br
accept-language: en-US
x-requested-with: XMLHttpRequest
sec-fetch-dest: empty
cookie: _ga=GA1.2.931501573.1630767656; _gid=GA1.2.235210313.1630767656; _gat_gtag_UA_149432570_1=1; __gads=ID=2852300bb4c82a24-22899aaaf3c80079:T=1630767656:RT=1630767656:S=ALNI_MaYVt2j2NZkonHkMCSiVSphkhtE2A
:path: /ajax/quaythu.htm?r=MB
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: */*
cache-control: no-cache
:authority: xosodaiphat.net
referer: https://xosodaiphat.net/quay-thu-xsmb.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: */*
Referer: https://xosodaiphat.net/quay-thu-xsmb.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 15:05:37 GMT
content-encoding: gzip
vary: Accept-Encoding
server: nginx
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: MISS
content-language: en-US
x-xss-protection: 1; mode=block
set-cookie: JSESSIONID=9XmxU7pRYnCNLUuck8zKsccydybwjhIql5kit0Jey1D6myRo8y4_!2087510450; path=/; HttpOnly
accept-ranges: bytes
content-type: text/html; charset=UTF-8
content-length: 1057
x-content-type-options: nosniff

GET
H2 200 xxsmb0409_3572654287240937668.jpg
static.xosodaiphat.net/upload/images/news/ 44 KB
44 KB 48ms
22ms Image
image/jpeg 2606:4700:3035::ac43:a451
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.xosodaiphat.net/upload/images/news/xxsmb0409_3572654287240937668.jpg
Requested by: Host: xosodaiphat.net
URL: https://xosodaiphat.net/quay-thu-xsmb.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:a451 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7a1a5d7b1776087e530b771f77ecc1fe9475e2ded1a681bac57a58ea3530643f

Request headers

Referer: https://xosodaiphat.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 15:00:56 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 25803
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45095
last-modified: Fri, 03 Sep 2021 07:38:58 GMT
server: cloudflare
etag: "6131d112-b027"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=51Eg6US%2FGYZct0QO73Ez5BLjJrNerxOV8kPc3BPkF16mCisNwxtuKIn%2F7Y3Z21HEUBrIOysdQg61XWthjgdnpjZ1CLm1O4eqwfLrQwEovS2g6F%2FIiss2Nhm9SVeWKuu47B3%2Fnf6nQyz8LP42tp36pfXz9xww"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6898171efc645b92-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 xxsdng0409_3377999035227156408.jpg
static.xosodaiphat.net/upload/images/news/ 44 KB
45 KB 41ms
16ms Image
image/jpeg 2606:4700:3035::ac43:a451
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.xosodaiphat.net/upload/images/news/xxsdng0409_3377999035227156408.jpg
Requested by: Host: xosodaiphat.net
URL: https://xosodaiphat.net/quay-thu-xsmb.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:a451 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d6945353c49ed8c3f15ce8378abba05423b2e516808d26f1b1feebecca89f1a

Request headers

Referer: https://xosodaiphat.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 15:00:56 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 44992
last-modified: Fri, 03 Sep 2021 07:26:28 GMT
server: cloudflare
etag: "6131ce24-afc0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=piP1VH8Sr4OSQTf9HzZEVnBIbqyKm41SkX3VXeVUlJzve9WidHjAhydgbe3Zm2Gr8JAcAGWNAn%2Fq%2BWgLWmVyeOUJ5mm%2B2FbJ8DAti1nVmjELAP9xCjZ9VR0jqYoAQU6QSIp5ebzK7fIYt1qLD7ToSXV0WBXf"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6898171efc675b92-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 xxsmb0309_8308468258044409123.jpg
static.xosodaiphat.net/upload/images/news/ 44 KB
44 KB 47ms
22ms Image
image/jpeg 2606:4700:3035::ac43:a451
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.xosodaiphat.net/upload/images/news/xxsmb0309_8308468258044409123.jpg
Requested by: Host: xosodaiphat.net
URL: https://xosodaiphat.net/quay-thu-xsmb.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:a451 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 72b4acec2553cc1019adf8811fc3e29b0b54ea143d748f423c624abb775e03b6

Request headers

Referer: https://xosodaiphat.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 15:00:56 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45082
last-modified: Thu, 02 Sep 2021 05:09:40 GMT
server: cloudflare
etag: "61305c94-b01a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rOOOquWYruHRsp4ZC1oyCofd7OMSdHCXnJrZCvUI7NITCH%2BBi4%2BVt8lKo0L%2F0wJ%2BnFfLwgPPtEPkegG9blWW2SAx6B2aaxBQsG4qjTwo3ZYDUI8KtA65VamOhwuBBMG6071r2dcTSrXpnp9qSVJsNlhDdO6T"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6898171efc6b5b92-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 xxsgl0309_7067008885982807578.jpg
static.xosodaiphat.net/upload/images/news/ 43 KB
43 KB 46ms
21ms Image
image/jpeg 2606:4700:3035::ac43:a451
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.xosodaiphat.net/upload/images/news/xxsgl0309_7067008885982807578.jpg
Requested by: Host: xosodaiphat.net
URL: https://xosodaiphat.net/quay-thu-xsmb.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:a451 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d3b404b81460a5e71e4b178365e26e2c5f84587ed9b74c11ccb0824dfa955c80

Request headers

Referer: https://xosodaiphat.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 15:00:56 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 44133
last-modified: Thu, 02 Sep 2021 04:59:53 GMT
server: cloudflare
etag: "61305a49-ac65"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1VaHb%2FWinGF6TC0RD9FSobrWtphmrtvF80FxGspLD2j3BJgUa6%2FJKc%2FadvjtAb9TSEHQ%2BKOoV8o45gEY2C4YwhvLkKKT%2FDqvyQoGSj4lqIL%2Bdno1RrzuQs%2FsGV4ucJ3cChDaQtjGuFdzivVkXZ1jivBRizSl"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6898171efc6e5b92-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/ 145 KB
52 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/reactive_library_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

50f36dfa6fece434e88e474d214553f6dc1972a8b05f4cdcc3db65890644bd7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xosodaiphat.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 15:00:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53147
x-xss-protection: 0
server: cafe
etag: 6967682741169739163
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sat, 04 Sep 2021 15:00:56 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 29ms
15ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=xosodaiphat.net

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xosodaiphat.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 15:00:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 30ms
15ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=xosodaiphat.net

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xosodaiphat.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 15:00:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210831/r20110914/ Frame A8CC 10 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210831/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bf5230ffb8745d28c11ae8b743868364f9be8379300bd59d235f402a53ea96ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210831/r20110914/zrt_lookup.html?fsb=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://xosodaiphat.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://xosodaiphat.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 03 Sep 2021 16:14:19 GMT
expires: Fri, 17 Sep 2021 16:14:19 GMT
content-type: text/html; charset=UTF-8
etag: 13836150016441684253
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4591
x-xss-protection: 0
age: 81997
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame A8CC 0
0 30ms
29ms Fetch
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CV_unKIozYcbACqW5x_AP3PiVqAStht_jW5e9vsqPC5aCzYWIFhABIK-K5iRglQKgAZGCpPMDyAECqQK3zvaIH-6zPqgDAcgDyQSqBMoBT9DboGOn3H9wvQ_FGWk7w8ix6bV-jmAh73EK6OlKkRPDf4E1_tZ4prJLspfpez6S0Lk0uSFZARZdW8eddzKJbaZsIdvyhTLHoA138MeuTyOTh0XXd7UFVIK1ChTrnuuCaWd1Fm_LGHDL8mRGuaRLw3ep8erLEpDO3yXm9C8R03a2Lm7Uc8sYGGHqOl3pyYPPtBm_wfZhcr_7_cM6PFw6UoygwKJqUeGtFW2YEuLq6b0vbfDbGOzKzh392r-299zbgs91pOGfOJrHTcAE6dyf8ugCkgUECAQYAZIFBAgFGASgBgKAB9f92wyoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4b2AcB8gcEEJqbB9IICQiA4YAQEAEYH4AKAcgLAdgTDdAVAYAXAbIXHAoaCAASFHB1Yi01NjUwMzk3NzA1MTYwMzk1GAA&sigh=2XXlpXOVNzE

Requested by

Host: xosodaiphat.net
URL: https://xosodaiphat.net/quay-thu-xsmb.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20210831/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sat, 04 Sep 2021 15:00:56 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sat, 04 Sep 2021 15:00:56 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210831/r20110914/ Frame A8CC 18 KB
8 KB 34ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210831/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210831/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47b2e4e5ae504cbefc5c71d8bab25c4571c65321f1009411150b689dcc2901f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 14:51:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 556
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7645
x-xss-protection: 0
server: cafe
etag: 13200147268341533873
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 14:51:40 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/ Frame A8CC 2 KB
1 KB 36ms
10ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210831/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 14:35:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1543
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 14:35:13 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A8CC 122 KB
37 KB 49ms
27ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210831/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 15:00:57 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496346997469"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Sat, 04 Sep 2021 15:00:57 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/ Frame A8CC 14 KB
6 KB 30ms
9ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210831/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 14:23:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2221
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6183
x-xss-protection: 0
server: cafe
etag: 901432759052127119
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 14:23:55 GMT

GET
H2 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/ Frame A8CC 26 KB
11 KB 34ms
13ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210831/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

331c8dbc087f677d4eca8035d19626c0662a712b95d0d78bbeba05b7c3bbe7dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 06:10:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31845
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10845
x-xss-protection: 0
server: cafe
etag: 14737611871312058204
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 06:10:11 GMT

GET
H2 200 838260129028177139
tpc.googlesyndication.com/simgad/ Frame A8CC 28 KB
28 KB 35ms
15ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/838260129028177139?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qmF1H5woRiDDy6pVaCcKSvsNhTXPA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210831/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0b494ceb756ec64e73a6050124c63e08e5f809a2905970545b6087c803dd700f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 09:57:53 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 Feb 2020 11:32:12 GMT
server: sffe
age: 18183
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28789
x-xss-protection: 0
expires: Sun, 04 Sep 2022 09:57:53 GMT

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D843 143 B
163 B 7ms
6ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210831/r20110914/zrt_lookup.html?fsb=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/html/r20210831/r20110914/zrt_lookup.html?fsb=1
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUliro0qhGgNvv8CaDnMxGi5EvRlLSEMdvzp5iRJDyOlIvGbdy-XrkjPxuxo8Nc
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/html/r20210831/r20110914/zrt_lookup.html?fsb=1

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 04 Sep 2021 14:30:36 GMT
server: cafe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 1821
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D843
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

48ms
47ms

Document
text/html

2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210831/r20110914/zrt_lookup.html?fsb=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUliro0qhGgNvv8CaDnMxGi5EvRlLSEMdvzp5iRJDyOlIvGbdy-XrkjPxuxo8Nc
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 04 Sep 2021 15:00:57 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sat, 04-Sep-2021 16:00:57 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 04 Sep 2021 15:00:57 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 04 Sep 2021 15:00:57 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame A8CC 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 49d29c45961c425c9057af777352876e38c32f60f14854e5f5943f4fe56e2884

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame A8CC 56 KB
22 KB 51ms
14ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210831/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

8803cef9ab72323f0ecdf5acb9f4ef3f167e49bec41bcc4b6691d91be5bf4a2b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 14:26:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2068
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21767
x-xss-protection: 0
server: cafe
etag: 5982399312709556587
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Sat, 04 Sep 2021 15:26:29 GMT

GET
H3-29 200 WyPn2IgoBqLw06x46K_q_eg8d-IpxicgJR-1ncxoZqI.js Show response
pagead2.googlesyndication.com/bg/ Frame 8BC4 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/WyPn2IgoBqLw06x46K_q_eg8d-IpxicgJR-1ncxoZqI.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210831/r20110914/zrt_lookup.html?fsb=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b23e7d8882806a2f0d3ac78e8afeafde83c77e229c62720251fb59dcc6866a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 13:27:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5595
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13351
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 04 Sep 2022 13:27:42 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame A8CC 0
348 B 788ms
275ms Ping
image/gif 2404:6800:400a:80c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~kt5wyhfr&chm=1&ctx=2&gqid=KIozYZj5CeWT9u8PrO-TsAE&qqid=CMb07fbK5fICFaXcEQgdXHwFRQ&met.4=fb.h~lb.3h~ol.41~bdt.-41w~bpp.-oe~idt.-me~dtd.-lv~dt.-og&met.3=200.g_6~555.3l~556.3m_1~735.3m_1~735.3o_1~736.3v~113.61_2~112.60_3&met.1=1.kt5wyh9r~6.0~7.0~8.0~9.0~10.0~12.1~13.7~14.8~15.c~16.3i~17.3i~18.3i~19.3y~20.3y~21.41~22.p~23.p&met.7=CAwQCBgBMAg4kQFoAXAHeIgkgAHvI4gB20-wAQG4AQM~CCEQBBgBIBMoEzAyOB9oFHAyeBWwAQG4AQM~CAkQChgBIBQoFDA3OCNAGUgZUBlYLWAeaC9wN3j0P4AB3TuIAbySAbABAbgBAw~CB4QChgBIBUoFTA8OCdoL3A5eKYLgAG7CogB4ROwAQG4AQM~CCoQChgBIBUoFTBUOD8~CBwQChgBIBUoFTA4OCRoL3A4eJExgAGnMIgB82-wAQG4AQM~CBwQChgBIBUoFTA9OChoL3A8eMpVgAHdVIgBgNABsAEBuAED~CBcQBhgBIBUoFTBBOCxoL3A9eJbiAYAB9eABiAH14AGwAQG4AQM~CCgQBRgBID0oPTBFOAloP3BFeKMBgAGRAYgBjwGwAQG4AQM~CCgQChgBIJIBKJIBMMwBODpAkwFIlAFQlAFYtwFgmgFotwFwxQF4xa4BgAGHqgGIAZ7BA7ABAbgBAw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:400a:80c::2003 Osaka, Japan, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 15:00:57 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 138 KB
49 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?_=1630767656647

Requested by

Host: xosodaiphat.net
URL: https://xosodaiphat.net/static.xosodaiphat.net/resource/js/jquery-2.2.1.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9eb37f86ae123a55a9338be74e9da597032cfb705eca5e2b4c0de305d5d8f48d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xosodaiphat.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 15:00:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49531
x-xss-protection: 0
server: cafe
etag: 16169102450127370147
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 04 Sep 2021 15:00:57 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 138 KB
48 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?_=1630767656648

Requested by

Host: xosodaiphat.net
URL: https://xosodaiphat.net/static.xosodaiphat.net/resource/js/jquery-2.2.1.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9eb37f86ae123a55a9338be74e9da597032cfb705eca5e2b4c0de305d5d8f48d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xosodaiphat.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 15:00:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49531
x-xss-protection: 0
server: cafe
etag: 16169102450127370147
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 04 Sep 2021 15:00:57 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 139 KB
49 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?_=1630767656649

Requested by

Host: xosodaiphat.net
URL: https://xosodaiphat.net/static.xosodaiphat.net/resource/js/jquery-2.2.1.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

60e89eb58052d6ed47148d9942d5f2c2ac1b513565e8165930bde22f8bf9a752

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xosodaiphat.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 15:00:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50016
x-xss-protection: 0
server: cafe
etag: 4328754436273357224
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 04 Sep 2021 15:00:57 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 15ms
14ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=xosodaiphat.net

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xosodaiphat.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 15:00:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 16ms
15ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=xosodaiphat.net

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xosodaiphat.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 15:00:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 77D3 89 KB
29 KB 457ms
456ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5650397705160395&output=html&h=250&slotname=4944322664&adk=1371069709&adf=658811037&pi=t.ma~as.4944322664&w=300&lmt=1630767657&psa=0&format=300x250&url=https%3A%2F%2Fxosodaiphat.net%2Fquay-thu-xsmb.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630767657490&bpp=1&bdt=5798&idt=-M&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1005x124&nras=2&correlator=8212161975320&rume=1&frm=20&pv=1&ga_vid=931501573.1630767656&ga_sid=1630767656&ga_hid=156683618&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=605&ady=576&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31061691%2C31061692%2C31062297%2C31062312&oid=2&psts=AGkb-H8k6uBkk3cmj1m50ecFiM5OHRkdGnUGpzy1QnWphdwFtFu71UC-MksFgAbsyrgZdS9Obc-Ly542qfQDDwJE4OpgebHX5YDk1K7o&pvsid=3226787076400028&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=EjdcQoPEW3&p=https%3A//xosodaiphat.net&dtd=8

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7c5c257be5c3557cae917bf232a97bf46d54843137fab95725e8b9c0d9ed28b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5650397705160395&output=html&h=250&slotname=4944322664&adk=1371069709&adf=658811037&pi=t.ma~as.4944322664&w=300&lmt=1630767657&psa=0&format=300x250&url=https%3A%2F%2Fxosodaiphat.net%2Fquay-thu-xsmb.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630767657490&bpp=1&bdt=5798&idt=-M&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1005x124&nras=2&correlator=8212161975320&rume=1&frm=20&pv=1&ga_vid=931501573.1630767656&ga_sid=1630767656&ga_hid=156683618&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=605&ady=576&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31061691%2C31061692%2C31062297%2C31062312&oid=2&psts=AGkb-H8k6uBkk3cmj1m50ecFiM5OHRkdGnUGpzy1QnWphdwFtFu71UC-MksFgAbsyrgZdS9Obc-Ly542qfQDDwJE4OpgebHX5YDk1K7o&pvsid=3226787076400028&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=EjdcQoPEW3&p=https%3A//xosodaiphat.net&dtd=8
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://xosodaiphat.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://xosodaiphat.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 04 Sep 2021 15:00:57 GMT
server: cafe
content-length: 29496
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 04-Sep-2021 15:15:57 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 04 Sep 2021 15:00:57 GMT
cache-control: private

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame EBED 74 KB
25 KB 401ms
401ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5650397705160395&output=html&h=600&slotname=6421055866&adk=392922152&adf=2013891403&pi=t.ma~as.6421055866&w=300&lmt=1630767657&psa=0&format=300x600&url=https%3A%2F%2Fxosodaiphat.net%2Fquay-thu-xsmb.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630767657490&bpp=1&bdt=5799&idt=1&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1005x124%2C300x250%2C300x250&nras=2&correlator=8212161975320&rume=1&frm=20&pv=1&ga_vid=931501573.1630767656&ga_sid=1630767656&ga_hid=156683618&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1085&ady=460&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31061691%2C31061692%2C31062297%2C31062312&oid=2&psts=AGkb-H8k6uBkk3cmj1m50ecFiM5OHRkdGnUGpzy1QnWphdwFtFu71UC-MksFgAbsyrgZdS9Obc-Ly542qfQDDwJE4OpgebHX5YDk1K7o&pvsid=3226787076400028&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=RxbmcUvkP1&p=https%3A//xosodaiphat.net&dtd=11

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ab5b15f63449c6333a2ff7a284980d3d365979631c24a2a60a98bef2bda7f41

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6093951902922309632/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6093951902922309632/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=COX1v_fK5fICFUhL4Aod_T0JOA&gqi=KYozYab8Ht3U7_UPqIqSiAE&layout=/sadbundle/%24csp%253Der3%24/6093951902922309632/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5650397705160395&output=html&h=600&slotname=6421055866&adk=392922152&adf=2013891403&pi=t.ma~as.6421055866&w=300&lmt=1630767657&psa=0&format=300x600&url=https%3A%2F%2Fxosodaiphat.net%2Fquay-thu-xsmb.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630767657490&bpp=1&bdt=5799&idt=1&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1005x124%2C300x250%2C300x250&nras=2&correlator=8212161975320&rume=1&frm=20&pv=1&ga_vid=931501573.1630767656&ga_sid=1630767656&ga_hid=156683618&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1085&ady=460&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31061691%2C31061692%2C31062297%2C31062312&oid=2&psts=AGkb-H8k6uBkk3cmj1m50ecFiM5OHRkdGnUGpzy1QnWphdwFtFu71UC-MksFgAbsyrgZdS9Obc-Ly542qfQDDwJE4OpgebHX5YDk1K7o&pvsid=3226787076400028&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=RxbmcUvkP1&p=https%3A//xosodaiphat.net&dtd=11
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://xosodaiphat.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://xosodaiphat.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6093951902922309632/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6093951902922309632/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=COX1v_fK5fICFUhL4Aod_T0JOA&gqi=KYozYab8Ht3U7_UPqIqSiAE&layout=/sadbundle/%24csp%253Der3%24/6093951902922309632/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 04 Sep 2021 15:00:57 GMT
server: cafe
content-length: 24960
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 04-Sep-2021 15:15:57 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 04 Sep 2021 15:00:57 GMT
cache-control: private

GET
H2 200 xo_so_truc_tiep.gif
xosodaiphat.net/resource/images/ 672 B
997 B 405ms
404ms Image
image/gif 210.211.99.15
CHT Compamy Ltd

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://xosodaiphat.net/resource/images/xo_so_truc_tiep.gif

Requested by

Host: xosodaiphat.net
URL: https://xosodaiphat.net/quay-thu-xsmb.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

210.211.99.15 , Viet Nam, ASN38731 (VTDC-AS-VN Vietel - CHT Compamy Ltd, VN),

Reverse DNS

Software

nginx /

Resource Hash

20e759e045642925ef24d225eed7897b5f0d9a5e6740c0a804b1fb6293cb3972

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /resource/images/xo_so_truc_tiep.gif
pragma: no-cache
cookie: JSESSIONID=9XmxU7pRYnCNLUuck8zKsccydybwjhIql5kit0Jey1D6myRo8y4_!2087510450
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: xosodaiphat.net
referer: https://xosodaiphat.net/quay-thu-xsmb.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xosodaiphat.net/quay-thu-xsmb.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 15:05:37 GMT
x-content-type-options: nosniff
last-modified: Fri, 11 Oct 2019 02:38:21 GMT
server: nginx
cache-control: public, max-age=14900, s-maxage=14900
x-frame-options: SAMEORIGIN
x-cache: HIT
content-type: image/gif
x-ua-device: pc
storage: gateway-vt
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
vary: User-Agent
content-length: 672
x-xss-protection: 1; mode=block

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/ Frame EBED 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5650397705160395&output=html&h=600&slotname=6421055866&adk=392922152&adf=2013891403&pi=t.ma~as.6421055866&w=300&lmt=1630767657&psa=0&format=300x600&url=https%3A%2F%2Fxosodaiphat.net%2Fquay-thu-xsmb.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630767657490&bpp=1&bdt=5799&idt=1&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1005x124%2C300x250%2C300x250&nras=2&correlator=8212161975320&rume=1&frm=20&pv=1&ga_vid=931501573.1630767656&ga_sid=1630767656&ga_hid=156683618&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1085&ady=460&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31061691%2C31061692%2C31062297%2C31062312&oid=2&psts=AGkb-H8k6uBkk3cmj1m50ecFiM5OHRkdGnUGpzy1QnWphdwFtFu71UC-MksFgAbsyrgZdS9Obc-Ly542qfQDDwJE4OpgebHX5YDk1K7o&pvsid=3226787076400028&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=RxbmcUvkP1&p=https%3A//xosodaiphat.net&dtd=11

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 14:35:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1544
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 14:35:13 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame EBED 122 KB
37 KB 2292ms
2291ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 15:01:00 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496346997469"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Sat, 04 Sep 2021 15:01:00 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/ Frame EBED 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 14:23:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2222
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6183
x-xss-protection: 0
server: cafe
etag: 901432759052127119
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 14:23:55 GMT

GET
H3-29 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6093951902922309632/ Frame AE5F 82 KB
21 KB 22ms
7ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6093951902922309632/index.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16afd5948106c3aaf382436d2bcf111486dd2e35e3082e1b02b29e43eb2e99eb

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/6093951902922309632/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Sat, 28 Aug 2021 22:00:34 GMT
expires: Sun, 28 Aug 2022 22:00:34 GMT
last-modified: Wed, 11 Aug 2021 14:35:40 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
content-length: 21673
age: 579623
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame EBED 0
0 17ms
17ms Fetch
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CQwWRKYozYaW9H8iWgQf9-6TAA4jMobJkuOX60M0OjNCFpY0UEAEgr4rmJGCVAqAByOy05QPIAQmpArfO9ogf7rM-qAMByAMCqgTHAU_Q1Vo3ix94wMjsV9vhv8nwqQbESfY5F7aaAqJtqQH570mmaP30UB7ws0XfDzdu4fg4-53JvJ3qI15HzWbn-zcKyZg5xoqFbWIDSSzZx1HiS0CAGVWJ5CIKMuXNTv6B7f9ucoW8uB-4lzuwfnMsr9OoSHKwWCsiVemBT5W2ObgmVFfA4Ow1fqIXrgOXbGzy5maF_uDCj79mwyaZBpCWjFUafyAvUde1PDOrzljRAcrBCt2F7T2V-Y-YFyST33xT2qS9PuNZFpDABNXQ_P_AA5IFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAZdgAegk8saqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G9gHAfIHBBCe6gTSCAkIgOGAEBABGB-ACgHICwHYEw3QFQGAFwGyFxwKGggAEhRwdWItNTY1MDM5NzcwNTE2MDM5NRgA&sigh=pAFPeYSA3t4

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5650397705160395&output=html&h=600&slotname=6421055866&adk=392922152&adf=2013891403&pi=t.ma~as.6421055866&w=300&lmt=1630767657&psa=0&format=300x600&url=https%3A%2F%2Fxosodaiphat.net%2Fquay-thu-xsmb.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630767657490&bpp=1&bdt=5799&idt=1&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1005x124%2C300x250%2C300x250&nras=2&correlator=8212161975320&rume=1&frm=20&pv=1&ga_vid=931501573.1630767656&ga_sid=1630767656&ga_hid=156683618&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1085&ady=460&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31061691%2C31061692%2C31062297%2C31062312&oid=2&psts=AGkb-H8k6uBkk3cmj1m50ecFiM5OHRkdGnUGpzy1QnWphdwFtFu71UC-MksFgAbsyrgZdS9Obc-Ly542qfQDDwJE4OpgebHX5YDk1K7o&pvsid=3226787076400028&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=RxbmcUvkP1&p=https%3A//xosodaiphat.net&dtd=11
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sat, 04 Sep 2021 15:00:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sat, 04 Sep 2021 15:00:57 GMT

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame C543 143 B
163 B 6ms
5ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5650397705160395&output=html&h=600&slotname=6421055866&adk=392922152&adf=2013891403&pi=t.ma~as.6421055866&w=300&lmt=1630767657&psa=0&format=300x600&url=https%3A%2F%2Fxosodaiphat.net%2Fquay-thu-xsmb.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630767657490&bpp=1&bdt=5799&idt=1&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1005x124%2C300x250%2C300x250&nras=2&correlator=8212161975320&rume=1&frm=20&pv=1&ga_vid=931501573.1630767656&ga_sid=1630767656&ga_hid=156683618&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1085&ady=460&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31061691%2C31061692%2C31062297%2C31062312&oid=2&psts=AGkb-H8k6uBkk3cmj1m50ecFiM5OHRkdGnUGpzy1QnWphdwFtFu71UC-MksFgAbsyrgZdS9Obc-Ly542qfQDDwJE4OpgebHX5YDk1K7o&pvsid=3226787076400028&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=RxbmcUvkP1&p=https%3A//xosodaiphat.net&dtd=11
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5650397705160395&output=html&h=600&slotname=6421055866&adk=392922152&adf=2013891403&pi=t.ma~as.6421055866&w=300&lmt=1630767657&psa=0&format=300x600&url=https%3A%2F%2Fxosodaiphat.net%2Fquay-thu-xsmb.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630767657490&bpp=1&bdt=5799&idt=1&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1005x124%2C300x250%2C300x250&nras=2&correlator=8212161975320&rume=1&frm=20&pv=1&ga_vid=931501573.1630767656&ga_sid=1630767656&ga_hid=156683618&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1085&ady=460&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31061691%2C31061692%2C31062297%2C31062312&oid=2&psts=AGkb-H8k6uBkk3cmj1m50ecFiM5OHRkdGnUGpzy1QnWphdwFtFu71UC-MksFgAbsyrgZdS9Obc-Ly542qfQDDwJE4OpgebHX5YDk1K7o&pvsid=3226787076400028&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=RxbmcUvkP1&p=https%3A//xosodaiphat.net&dtd=11

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 04 Sep 2021 14:52:36 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 501
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame C543
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

15ms
14ms

Document
text/html

2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUk9v-DsiN66AXWxM3hVPdXQ9pE9GWBnxtbyQFd_fuWQVj3STgLBbsjBA-1njTQ
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 04 Sep 2021 15:00:57 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sat, 04-Sep-2021 16:00:57 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 04 Sep 2021 15:00:57 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 04 Sep 2021 15:00:57 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 css
fonts.googleapis.com/ Frame AE5F 4 KB
713 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:regular,500

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6093951902922309632/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

abc1bbfb097cfaf4715fe823adb40881f8ed35a943692d5c037945c2fcc56340

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 04 Sep 2021 14:49:41 GMT
server: ESF
date: Sat, 04 Sep 2021 15:00:57 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 04 Sep 2021 15:00:57 GMT

GET
H3-29 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame AE5F 16 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6093951902922309632/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 14:07:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3228
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sun, 05 Sep 2021 14:07:09 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame AE5F 26 KB
10 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6093951902922309632/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 20:35:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 66328
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sat, 04 Sep 2021 20:35:29 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 77D3 3 KB
651 B 17ms
15ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5650397705160395&output=html&h=250&slotname=4944322664&adk=1371069709&adf=658811037&pi=t.ma~as.4944322664&w=300&lmt=1630767657&psa=0&format=300x250&url=https%3A%2F%2Fxosodaiphat.net%2Fquay-thu-xsmb.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630767657490&bpp=1&bdt=5798&idt=-M&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1005x124&nras=2&correlator=8212161975320&rume=1&frm=20&pv=1&ga_vid=931501573.1630767656&ga_sid=1630767656&ga_hid=156683618&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=605&ady=576&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31061691%2C31061692%2C31062297%2C31062312&oid=2&psts=AGkb-H8k6uBkk3cmj1m50ecFiM5OHRkdGnUGpzy1QnWphdwFtFu71UC-MksFgAbsyrgZdS9Obc-Ly542qfQDDwJE4OpgebHX5YDk1K7o&pvsid=3226787076400028&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=EjdcQoPEW3&p=https%3A//xosodaiphat.net&dtd=8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 04 Sep 2021 13:27:50 GMT
server: ESF
date: Sat, 04 Sep 2021 15:00:57 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 04 Sep 2021 15:00:57 GMT

GET
H3-29 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210901/r20110914/client/ Frame 77D3 1 KB
857 B 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210901/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5d1f3a4ee5a02abdbc66a11aad769dd81cbe4d07f0b3799ff0940ad7b7d6cc1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 07:42:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26284
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 830
x-xss-protection: 0
server: cafe
etag: 3558876194914413708
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 07:42:53 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210901/r20110914/ Frame 77D3 18 KB
7 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210901/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47b2e4e5ae504cbefc5c71d8bab25c4571c65321f1009411150b689dcc2901f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 14:36:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1465
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7645
x-xss-protection: 0
server: cafe
etag: 13200147268341533873
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 14:36:32 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210901/r20110914/client/ Frame 77D3 2 KB
1 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210901/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 14:26:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2043
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 14:26:54 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 77D3 122 KB
37 KB 2235ms
2233ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 15:01:00 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496346997469"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Sat, 04 Sep 2021 15:01:00 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210901/r20110914/client/ Frame 77D3 14 KB
6 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210901/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 14:27:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1986
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6183
x-xss-protection: 0
server: cafe
etag: 901432759052127119
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 14:27:51 GMT

GET
H2 200 550517e8bc13b6c9510094b6b7001d9c.js Show response
www.gstatic.com/mysidia/ Frame 77D3 26 KB
11 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/550517e8bc13b6c9510094b6b7001d9c.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5469740595a44003b8884f40783d63ac3c9b57e1a00ad6f29c4fff55153717de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 02:44:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 44201
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10776
x-xss-protection: 0
last-modified: Thu, 02 Sep 2021 17:32:58 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 03 Dec 2021 02:44:16 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 77D3 0
0 31ms
30ms Fetch
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CEeskKYozYeKnH9iygAee8YiICNjMh6dixvKpsuUGsJAfEAEgr4rmJGCVAqABgpj94APIAQGpArfO9ogf7rM-qAMByAPDBKoExwFP0G8pxpLcHg2Yl9fhFMG234zXdIbB2jvPqztkQfHVzK3V0vs3DYsZU63FOIUA7j9PftvwwHylkmWYQmFiWMondsaoB_WKENTm-2hKktV94ky0JWg1LgMw6CkQ39Axt57xi5V36oHQ1eyI0WZottjHwnt1fA9qCnOopgWvdMR1xbHa_5Y-8kkhYpG6YS5hDFe96TaeNQSGE1VlTkCiBppGHFloRKgFm2MJK02ZsdhcwdPJ6hTGOc3_6QghXBlYB8vDkzmpJa1-wASp9eHQFZIFBAgEGAGSBQQIBRgEoAZRgAe58fwlqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G9gHAfIHBBDHuwjSCAkIgOGAEBABGB-ACgHICwHYEw2IFALQFQGAFwGyFxwKGggAEhRwdWItNTY1MDM5NzcwNTE2MDM5NRgA&sigh=KfOahe3XvYk

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5650397705160395&output=html&h=250&slotname=4944322664&adk=1371069709&adf=658811037&pi=t.ma~as.4944322664&w=300&lmt=1630767657&psa=0&format=300x250&url=https%3A%2F%2Fxosodaiphat.net%2Fquay-thu-xsmb.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630767657490&bpp=1&bdt=5798&idt=-M&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1005x124&nras=2&correlator=8212161975320&rume=1&frm=20&pv=1&ga_vid=931501573.1630767656&ga_sid=1630767656&ga_hid=156683618&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=605&ady=576&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31061691%2C31061692%2C31062297%2C31062312&oid=2&psts=AGkb-H8k6uBkk3cmj1m50ecFiM5OHRkdGnUGpzy1QnWphdwFtFu71UC-MksFgAbsyrgZdS9Obc-Ly542qfQDDwJE4OpgebHX5YDk1K7o&pvsid=3226787076400028&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=EjdcQoPEW3&p=https%3A//xosodaiphat.net&dtd=8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sat, 04 Sep 2021 15:00:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ Frame AE5F 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:regular,500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 10:59:45 GMT
x-content-type-options: nosniff
age: 100873
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 10:59:45 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame AE5F 16 KB
16 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:regular,500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 07:54:01 GMT
x-content-type-options: nosniff
age: 112017
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 07:54:01 GMT

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 8F4C 143 B
163 B 7ms
6ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5650397705160395&output=html&h=250&slotname=4944322664&adk=1371069709&adf=658811037&pi=t.ma~as.4944322664&w=300&lmt=1630767657&psa=0&format=300x250&url=https%3A%2F%2Fxosodaiphat.net%2Fquay-thu-xsmb.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630767657490&bpp=1&bdt=5798&idt=-M&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1005x124&nras=2&correlator=8212161975320&rume=1&frm=20&pv=1&ga_vid=931501573.1630767656&ga_sid=1630767656&ga_hid=156683618&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=605&ady=576&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31061691%2C31061692%2C31062297%2C31062312&oid=2&psts=AGkb-H8k6uBkk3cmj1m50ecFiM5OHRkdGnUGpzy1QnWphdwFtFu71UC-MksFgAbsyrgZdS9Obc-Ly542qfQDDwJE4OpgebHX5YDk1K7o&pvsid=3226787076400028&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=EjdcQoPEW3&p=https%3A//xosodaiphat.net&dtd=8
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUk9v-DsiN66AXWxM3hVPdXQ9pE9GWBnxtbyQFd_fuWQVj3STgLBbsjBA-1njTQ; test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5650397705160395&output=html&h=250&slotname=4944322664&adk=1371069709&adf=658811037&pi=t.ma~as.4944322664&w=300&lmt=1630767657&psa=0&format=300x250&url=https%3A%2F%2Fxosodaiphat.net%2Fquay-thu-xsmb.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630767657490&bpp=1&bdt=5798&idt=-M&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1005x124&nras=2&correlator=8212161975320&rume=1&frm=20&pv=1&ga_vid=931501573.1630767656&ga_sid=1630767656&ga_hid=156683618&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=605&ady=576&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31061691%2C31061692%2C31062297%2C31062312&oid=2&psts=AGkb-H8k6uBkk3cmj1m50ecFiM5OHRkdGnUGpzy1QnWphdwFtFu71UC-MksFgAbsyrgZdS9Obc-Ly542qfQDDwJE4OpgebHX5YDk1K7o&pvsid=3226787076400028&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=EjdcQoPEW3&p=https%3A//xosodaiphat.net&dtd=8

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 04 Sep 2021 14:52:36 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 502
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 rum.js Show response
tpc.googlesyndication.com/pagead/js/r20210831/r20110914/ Frame AE5F 56 KB
21 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210831/r20110914/rum.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8803cef9ab72323f0ecdf5acb9f4ef3f167e49bec41bcc4b6691d91be5bf4a2b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 18:12:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 74938
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21767
x-xss-protection: 0
server: cafe
etag: 5982399312709556587
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Sep 2021 18:12:00 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 8F4C
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

16ms
15ms

Document
text/html

2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUk9v-DsiN66AXWxM3hVPdXQ9pE9GWBnxtbyQFd_fuWQVj3STgLBbsjBA-1njTQ; test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 04 Sep 2021 15:00:58 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sat, 04-Sep-2021 16:00:58 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 04 Sep 2021 15:00:58 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 04 Sep 2021 15:00:58 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 logo-image_1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6093951902922309632/ Frame AE5F 13 KB
13 KB 7ms
6ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6093951902922309632/logo-image_1.png

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

859c73b1c255a0df742a1feaee291b6966b1e71076049d06c9dee9b844493c85

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 17986
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13386
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 14:35:40 GMT
server: sffe
date: Sat, 04 Sep 2021 10:01:12 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 04 Sep 2022 10:01:12 GMT

GET
H3-29 200 product-image_2.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6093951902922309632/ Frame AE5F 74 KB
74 KB 9ms
8ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6093951902922309632/product-image_2.jpg

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

933247953977a794be40964c0f4659e28f3006fd2f663a22cadd309fe3964906

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 4825
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 75333
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 14:35:40 GMT
server: sffe
date: Sat, 04 Sep 2021 13:40:33 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 04 Sep 2022 13:40:33 GMT

GET
DATA 200
OK truncated
/ Frame AE5F 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/gif

POST
H3-29 204 csi
csi.gstatic.com/ Frame AE5F 0
17 B 548ms
273ms Ping
image/gif 2404:6800:400a:80c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~kt5wyi4k&ctx=3&gqid=KYozYab8Ht3U7_UPqIqSiAE&qqid=COX1v_fK5fICFUhL4Aod_T0JOA&met.7=CB8QCBgBMBk4bUABSAFQAVgPYAFoD3AXeMepAYABqakBiAG6kwWwAQG4AQM~CBIQBxgBIB8oHzAuOBBoH3AueMkFgAHOBIgBoB-qARQKElJvYm90bzpyZWd1bGFyLDUwMLABAbgBAw~CBwQChgBIB8oHzAnOAhoH3AmeIQugAHqLYgB9IEBsAEBuAED~CBwQChgBIB8oHzAnOAhoIHAmeKhRgAGOUYgBmdABsAEBuAED~CBMQAhgBIF0oXTBmOAhoXnBkeLx7gAHIeogByHqqAQwKBnJvYm90bxAbGAKwAQG4AQM~CBMQAhgBIF4oXjBnOApoXnBmeKN9gAGwfIgBsHyqAQwKBnJvYm90bxAbGAKwAQG4AQM~CBgQChgBIHMoczB8OAhodHB7eKOqAYABh6oBiAGewQOwAQG4AQM~CB8QBhgBIHYodjB_OAlod3B9eORogAHKaIgBymiwAQG4AQM
Requested by: Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/js/r20210831/r20110914/rum.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2404:6800:400a:80c::2003 Osaka, Japan, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 15:00:58 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 product-image_2.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6093951902922309632/ Frame AE5F 74 KB
74 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6093951902922309632/product-image_2.jpg

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

933247953977a794be40964c0f4659e28f3006fd2f663a22cadd309fe3964906

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 4825
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 75333
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 14:35:40 GMT
server: sffe
date: Sat, 04 Sep 2021 13:40:33 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 04 Sep 2022 13:40:33 GMT

GET
H3-29 200 logo-image_1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6093951902922309632/ Frame AE5F 13 KB
13 KB 8ms
8ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6093951902922309632/logo-image_1.png

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

859c73b1c255a0df742a1feaee291b6966b1e71076049d06c9dee9b844493c85

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 17986
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13386
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 14:35:40 GMT
server: sffe
date: Sat, 04 Sep 2021 10:01:12 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 04 Sep 2022 10:01:12 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame A8CC 42 B
518 B 38ms
19ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu4Zfvzi9_OunnyFMjxv2785g913dLWhH14ZB_Sc4w5fGbNWHr6rBfV9wyX7Drddh33UXGOfAHX2FNIDcijDIP4KKgJhj6EFnUrRSbpoaelmoxjB6MaLhqU0hiQ0A&sai=AMfl-YSIzxxL5uPlazbYRQKisg95hZweKt3IeaQqbfN7gJm6wa_6je8VWXEpj1Tk6O6btrdvGXr9WzyQBjWT&sig=Cg0ArKJSzMLk1SNIlcWLEAE&id=lidar2&mcvt=1001&p=0,0,124,1005&mtos=84,754,1001,1118,1275&tos=84,670,247,117,157&v=20210901&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=4&adk=1812271801&rs=2&met=mue&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1630767656943&rpt=120&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 15:00:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 77D3 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43db89eb3dc6ef4e57dc384ff3489313cdb455a291d33588496a02e80f647cc8

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame EBED 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 39761d6557c7e669d20512d2b97d02a85d744aaf90e7fe44d9aed8b2e6a63823

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 77D3 21 KB
21 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 18:10:03 GMT
x-content-type-options: nosniff
age: 247857
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21660
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:07:18 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Sep 2022 18:10:03 GMT

GET
H2 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 77D3 21 KB
21 KB 23ms
23ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 18:10:03 GMT
x-content-type-options: nosniff
age: 247857
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21424
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:08:24 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Sep 2022 18:10:03 GMT

GET
H2 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame EBED 56 KB
21 KB 14ms
14ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

8803cef9ab72323f0ecdf5acb9f4ef3f167e49bec41bcc4b6691d91be5bf4a2b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 14:26:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2071
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21767
x-xss-protection: 0
server: cafe
etag: 5982399312709556587
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Sat, 04 Sep 2021 15:26:29 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 20ms
19ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210831&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6106e687083c9c1317e5ade767d615a8b4d5f52483db8c4f98d9fcc86860d730

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xosodaiphat.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 15:01:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8444
x-xss-protection: 0

GET
H2 200 WyPn2IgoBqLw06x46K_q_eg8d-IpxicgJR-1ncxoZqI.js Show response
pagead2.googlesyndication.com/bg/ Frame 256E 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/WyPn2IgoBqLw06x46K_q_eg8d-IpxicgJR-1ncxoZqI.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b23e7d8882806a2f0d3ac78e8afeafde83c77e229c62720251fb59dcc6866a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 13:27:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5598
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13351
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 04 Sep 2022 13:27:42 GMT

GET
H3-29 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame 77D3 56 KB
21 KB 37ms
13ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

8803cef9ab72323f0ecdf5acb9f4ef3f167e49bec41bcc4b6691d91be5bf4a2b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 14:26:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2071
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21767
x-xss-protection: 0
server: cafe
etag: 5982399312709556587
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Sat, 04 Sep 2021 15:26:29 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame EBED 0
54 B 278ms
278ms Ping
image/gif 2404:6800:400a:80c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~kt5wyjvb&chm=1&ctx=2&gqid=KYozYab8Ht3U7_UPqIqSiAE&qqid=COX1v_fK5fICFUhL4Aod_T0JOA&met.4=fb.bd~lb.24e~ol.24e~bdt.-4hf~bpp.-b~idt.-b~dtd.-1~dt.-c&met.3=736.24l~735.25g_1~113.262_1~112.262_2&met.1=1.kt5wyhpa~6.0~7.0~8.0~9.0~10.0~12.1~13.b5~14.b9~15.b9~16.24d~17.24d~18.24d~19.24e~20.24e~21.24e~22.24o~23.24o&met.7=CAUQCBgBMJYDOL4VaAFwkgN48sgBgAGAwwGIAbnMBLABAbgBAw~CB4QChgBIJ0DKJ0DMKUDOAhongNwpQN4_AqAAbsKiAHhE7ABAbgBAw~CCoQChgBIJ0DKJ0DMJUVOPgR~CBwQChgBIJ0DKJ0DMKUDOAdongNwpAN46DCAAacwiAHzb7ABAbgBAw~CB8QBRgBIKYDKKYDML8DOBlApwNIpwNQpwNYtQNgpwNotQNwvQN4x6kBgAGpqQGIAbqTBbABAbgBAw~CCEQBBgBIKcDKKcDMLkDOBJoqANwuQN4FbABAbgBAw~CCgQBRgBIKgDKKgDMLADOAhoqgNwrwN4owGAAZEBiAGPAbABAbgBAw~CCgQChgBIOUVKOUVMPYVOBFo5hVw9BV40KoBgAGHqgGIAZ7BA7ABAbgBAw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:400a:80c::2003 Osaka, Japan, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 15:01:00 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xosodaiphat.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 15:01:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Sat, 04 Sep 2021 15:01:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 77D3 0
54 B 272ms
272ms Ping
image/gif 2404:6800:400a:80c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~kt5wyjx7&chm=1&ctx=2&gqid=KYozYdXlHoG9lQeu-aSgBA&qqid=CKLgv_fK5fICFVgZ4AodnjgCgQ&met.4=fb.cy~lb.23y~ol.25u~bdt.-4ha~bpp.-7~dtd.0~dt.-8&met.3=555.25d~556.25d_2~749.25r_3~736.25w~735.260_1~734.27y~113.281_2~112.281_2&met.1=1.kt5wyhp6~6.1~7.1~8.1~9.1~10.1~12.2~13.cq~14.cu~15.ct~16.23z~17.23z~18.23z~19.25o~20.25o~21.25u~22.dz~23.dz&met.7=CAUQCBgBMM0DOPIVaAFwygN47ecBgAG45gGIAa3LBbABAbgBAw~CBIQBxgBIM4DKM4DMOADOBJo0ANw3wN4iwWAAacEiAHzGKoBFQoTR29vZ2xlIFNhbnM6NDAwLDUwMLABAbgBAw~CBwQChgBIM8DKM8DMNgDOAlo0QNw2AN42QaAAb4GiAH_CrABAbgBAw~CAkQChgBINUDKNUDMOADOAto2ANw3gN4-DuAAd07iAG8kgGwAQG4AQM~CB4QChgBINUDKNUDMOEDOAxo2QNw4AN41gqAAbsKiAHhE7ABAbgBAw~CCoQChgBINYDKNYDMJYVOMER~CBwQChgBINYDKNYDMOEDOAto2QNw4AN4wjCAAacwiAHzb7ABAbgBAw~CBsQChgBINYDKNYDMN8DOAk~CCEQBBgBIPIDKPIDMJIEOCBo8wNwkgR4EbABAbgBAw~CCgQBRgBIIkEKIkEMJEEOAhoiwRwkQR4owGAAZEBiAGPAbABAbgBAw~CBMQAhgBIMUVKMUVMN4VOBloxRVwyxV4maoBgAGcqQGIAZypAaoBEAoKZ29vZ2xlc2FucxAkGAKwAQG4AQM~CBMQAhgBIMcVKMcVMN8VOBhoxxVw3hV4kKgBgAGwpwGIAbCnAaoBEAoKZ29vZ2xlc2FucxAkGAKwAQG4AQM~CCgQChgBIPgVKPgVMKIWOCpQ-BVYjxZg-BVojxZwnRZ4o6oBgAGHqgGIAZ7BA7ABAbgBAw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:400a:80c::2003 Osaka, Japan, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 15:01:00 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 4064 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://xosodaiphat.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://xosodaiphat.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5029
date: Sat, 04 Sep 2021 14:46:43 GMT
expires: Sun, 04 Sep 2022 14:46:43 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 857
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame EEF5 783 B
829 B 19ms
19ms Document
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

6326efbd691e6c5b9f52d97aafe085e9bcab1edd5d21afa73c5cd00176ea6bad

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ztg4p2HKvb2dkKVZoC4qJg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://xosodaiphat.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://xosodaiphat.net/

Response headers

expires: Sat, 04 Sep 2021 15:01:00 GMT
date: Sat, 04 Sep 2021 15:01:00 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-ztg4p2HKvb2dkKVZoC4qJg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 WyPn2IgoBqLw06x46K_q_eg8d-IpxicgJR-1ncxoZqI.js Show response
pagead2.googlesyndication.com/bg/ Frame 4064 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/WyPn2IgoBqLw06x46K_q_eg8d-IpxicgJR-1ncxoZqI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b23e7d8882806a2f0d3ac78e8afeafde83c77e229c62720251fb59dcc6866a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 13:27:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5598
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13351
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 04 Sep 2022 13:27:42 GMT

GET
H3-29 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 37ms
37ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&t=2&li=gda_r20210831&jk=3226787076400028&bg=!pKelp-PNAAYJpm41CaY7ACkAdvg8WtsiB31dRyU-Xs54DH38PpPs_yp9cumpKsOQn9n_73kQS7WfPQIAAABMUgAAAA1oAQcKAALtgZkCewnPK-BM5SWqgUNxQbXoeNtkrPyuoBj0Ax0MEuxSJeAZC8ow-rRdc1PPjPlo5b2rJ4CNvj8zTZkJJM0bEu1qBgfuUyUjsek-xLbGzuXBIbhp1pR61WleMXfMDObgVtgdjlF-NFIYYPGNwjI2Pd_Uf0X7s2lhg9zGwu0-HKvLyYlYAGR37MyQgiQCrvobPZV6RpefVafyVi8l03fUZQXs_gLghYwHJ8uO1FAs1deKN6V_19WR0wtddqQwv4ZjHShFuDenr-ryeqwS3xhap-IvkWynm9r8I-KsBtPnleNzIlPICI5tLTcPmOLKFipn57sFrtaT_ojNoDBR3QuBY-X5zF5M2cF5WqQ6L7OL4XoYPExzKedXrBqkxxbjeB3UIcDpv8iLgZZiOyMErTZA1d7PWhlXXkRJm-3I425esYYui4E5zNeW5DzQOVhj9_fGRkOwmynGK2zWjOCv_c50tLtFbl0OFHk7LrXid0LX476zTguYl5GQ1ML6cXV2QqZHm4Jr8nil1apzRbCori9hwsAdDm3h-fqpsTwBQFZ5iCpAjBa8Kgx915rLGAyaLKX6CNrbYon7JW5cxjr6vCHeKwbrzFhpPFVD6W5-yztxCVbnbhlMVm74HvunrislbHFz20W5V2LgT73oYK95ooK96uAlZ3GNLcNETYBx4nwODtVYVln0grmp5HnhCUSVWTRRgnp5i3TOc5pxrB9_31ur5w1GQujBN-W2RJNCJN42G52NTjKflIzVnZelya9tflO-zup-e_YaEs1qaSt6r1ct_gRSooADWzRi_23cmPFHfLO3wODXHibjeX0nAPvRAVmyBP2EoFo6zgUvL-fiWX1w
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://xosodaiphat.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

POST
H3-29 204 csi
csi.gstatic.com/ 0
17 B 271ms
271ms Ping
image/gif 2404:6800:400a:80c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&top=1&puid=1~kt5wygo4&c=3226787076400028&e=31061691%2C31061692%2C31062297&ctx=1&met.3=779.629_1~164.62e_1~165.62b_3~166.623_l~326.64g_2~216.64d_4~215.64d_4~843.64c_5~161.64i_2~868.64n~889.64u~639.64z~160.64z~914.64z~189.652~112.655_2~629.66o_1~429.6pj_1~210.6ql~326.6qp~164.6qo~165.6qm_3~466.6ql_3~522.6ql_3~161.6qp~868.6qq~525.6qr_8~639.6r0~160.6r0~914.6r0~264.6r1~189.6r3~264.6re~264.6rx~264.6sa~264.6sq~264.6t7~264.6ub~168.6uc~168.6uc~168.6uc~168.6uc~168.6uc~264.6uf~264.6um~273.6ut~264.6v2~264.6wn~264.6wo~264.6wx~264.6xd~264.6xu~264.6ya~264.6ys~264.6z8~264.6zp~264.705~264.70m~264.712~264.71j~264.720~264.72h~264.72y~264.73e~264.73v~264.74b~264.74t~264.759~264.75p~326.75v~164.75u_1~165.75t_2~326.75y~164.75x_1~165.75w_2~326.760~164.760_1~165.75z_1~161.761~161.761~161.761~868.762~868.762~868.762~889.764~889.768~889.769~639.76b~160.76b~914.76b~639.76c~160.76c~914.76c~639.76c~160.76c~914.76c~264.76c~189.76e~189.76e~189.76e~264.76m~779.772_1~166.76z_6~264.785~779.78d_1~166.789_6~779.78j_1~166.78h_4~264.78m~264.78r~264.790~264.79f~264.79v~264.7ac~264.7as~264.7b9~264.7bq~264.7c6~264.7cn~264.7d4~264.7dl~264.7e1~264.7ei~264.7ez~264.7ff~264.7fv~264.7gc~264.7gu~264.7ha~264.7ht~264.7i7~264.7io~264.7ja~264.7k8~264.7kp~264.7l4~264.7lh~264.7lz~264.7me~264.7mu~264.7nb~264.7nr~264.7o8~264.7op~264.7p5~264.7pm~264.7q3~264.7qj~264.7r5~264.7rh~264.7rx~264.7sf~264.7su~264.7tb~264.7tx~264.7u9~264.7up~264.7v6~264.7vm~264.7w3~264.7wk~264.7x1~264.7xi~257.7xz~264.7xz_1~264.7ye~168.9bi~168.9bh~168.9bi~168.9bi~168.9bi~168.9bi~168.9bi~168.9bi~168.9bi~168.9bi~168.9bi~168.9bi~168.9bi~168.9bi~168.9bi~168.9bj~168.9bj~168.9bj~168.9bj~168.9bj~168.9bj~168.9bj~168.9bj~168.9bo~168.9bo~168.9bp~168.9bp~168.9bp~168.9bp~168.9bp~168.9bp~168.9bp~168.9bp~168.9bp~168.9bp~168.9bp~168.9bp~168.9bp~168.9bp~168.9bp~168.9bp~168.9bp~168.9bp~168.9bp~168.9bp~168.9bp~113.9c8_1&met.1=1.kt5wyaiz~6.1~7.2~8.l~9.l~10.1fw~11.r~12.1fw~13.2ot~14.2ov~15.2ow~16.6lq~17.6lq~18.6lu~19.9c1~20.9c1~21.9c2~22.5xp~23.5xp
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/rum_fy2019.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2404:6800:400a:80c::2003 Osaka, Japan, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://xosodaiphat.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 15:01:01 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame EBED 42 B
64 B 31ms
17ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuVeEr-CFeqhzogyLar8hcXYGhbr0TV-fvtPoJhVfhiE2f8egcLxOc2LsUmTN6-9W8Y9Ox379GqTyJQyx2Zh7VO3CIh2b8B0zoP0470yNc5fJxnJF83L01sKwFRag&sai=AMfl-YSE-W432ClbciQ34oGq89brkR2-P1NPHTb3bAiSkCnAFaigLgo4j5SbXcKGWR7JIzhg7y0lWUuMIK3Y&sig=Cg0ArKJSzEgVqSeqfLF3EAE&id=lidar2&mcvt=1002&p=0,0,600,300&mtos=1002,1002,1002,1002,1002&tos=1002,0,0,0,0&v=20210901&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=392922152&rs=2&met=mue&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1630767657502&rpt=2747&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 15:01:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 77D3 42 B
64 B 17ms
17ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstiJcAYf4mrooKMEa-S14P6dBL9CBvukgkYOYivbRIa4mMkFtTDbZwC3izH1ElmUut_je4_P0fvy2nbhRh0r2g07zR78EBIMG04mNl23SIGrtpn2CHEIapVGUrlHg&sai=AMfl-YSzLDSxEVLYKbUlX9DBA4jwAfAazvMFHz8tDkCqlTmrQVOjBOz405w3bcdEChAguAkpq1QKa_BlXBDe&sig=Cg0ArKJSzLc1mln6DossEAE&id=lidar2&mcvt=1001&p=0,0,250,300&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20210901&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=1371069709&rs=2&met=mue&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1630767657498&rpt=2799&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 15:01:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame AE5F 0
121 B 39ms
39ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=html5-mon&a0=layout&f0=layout&s0=0&d0=124.0000&a1=https&f1=layout_html&s1=0&d1=25.0000&i=538615463963&t=419&c=p&gqi=KYozYab8Ht3U7_UPqIqSiAE&qqi=COX1v_fK5fICFUhL4Aod_T0JOA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 15:01:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

109 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

15 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://xosodaiphat.net/static.xosodaiphat.net/resource/js/countdown.js?v=1(Line 40) Message: counter
console-api	log	URL: https://xosodaiphat.net/static.xosodaiphat.net/resource/js/countdown.js?v=1(Line 41) Message: null
console-api	log	URL: https://xosodaiphat.net/static.xosodaiphat.net/resource/js/countdown.js?v=1(Line 40) Message: counter
console-api	log	URL: https://xosodaiphat.net/static.xosodaiphat.net/resource/js/countdown.js?v=1(Line 41) Message: null
console-api	log	URL: https://xosodaiphat.net/static.xosodaiphat.net/resource/js/countdown.js?v=1(Line 40) Message: counter
console-api	log	URL: https://xosodaiphat.net/static.xosodaiphat.net/resource/js/countdown.js?v=1(Line 41) Message: null
console-api	log	URL: https://xosodaiphat.net/static.xosodaiphat.net/resource/js/ads.js?v=2(Line 15) Message: domain...ketquasieutoc.com
console-api	log	URL: https://xosodaiphat.net/static.xosodaiphat.net/resource/js/ads.js?v=2(Line 16) Message: page...21
console-api	log	URL: https://xosodaiphat.net/static.xosodaiphat.net/resource/js/ads.js?v=2(Line 53) Message: https://qc.kqbd88.com/ads.api/get_ads.htm?domain=ketquasieutoc.com&page=21&kieu=pc&trangthai=1
console-api	log	URL: https://xosodaiphat.net/static.xosodaiphat.net/resource/js/ads.js?v=2(Line 33) Message: null
console-api	log	URL: https://xosodaiphat.net/static.xosodaiphat.net/resource/js/ads.js?v=2(Line 60) Message: data...[{"_id":{"timestamp":1559635443,"machineIdentifier":4776894,"processIdentifier":23154,"counter":7954884},"page":"21","kichthuoc":"qc_riengads","kieu":"pc","maquangcao":"\u003ccenter style \u003d\"padding-top:10px\"\u003e\n\u003cscript async src\u003d\"//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js\"\u003e\u003c/script\u003e\n\u003c!-- ND_300x250_Web --\u003e\n\u003cins class\u003d\"adsbygoogle\"\n style\u003d\"display:inline-block;width:300px;height:250px\"\n data-ad-client\u003d\"ca-pub-5650397705160395\"\n data-ad-slot\u003d\"4944322664\"\u003e\u003c/ins\u003e\n\u003cscript\u003e\n(adsbygoogle \u003d window.adsbygoogle \|\| []).push({});\n\u003c/script\u003e\n\u003c/center\u003e","thoigian":"2019-06-04 2019-06-05","title":"vị trí 0","trangthai":"1","vitri":"0","loai":"quangcao"},{"_id":{"timestamp":1559636677,"machineIdentifier":4776894,"processIdentifier":23154,"counter":7955799},"page":"21","kichthuoc":"qc_riengads","kieu":"pc","maquangcao":"\u003ccenter\u003e\n\u003cscript async src\u003d\"//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js\"\u003e\u003c/script\u003e\n\u003c!-- ND_300x250_Web --\u003e\n\u003cins class\u003d\"adsbygoogle\"\n style\u003d\"display:inline-block;width:300px;height:250px\"\n data-ad-client\u003d\"ca-pub-5650397705160395\"\n data-ad-slot\u003d\"4944322664\"\u003e\u003c/ins\u003e\n\u003cscript\u003e\n(adsbygoogle \u003d window.adsbygoogle \|\| []).push({});\n\u003c/script\u003e\n\u003c/center\u003e","thoigian":"2019-06-04 2019-09-26","title":"Vị trí 1","trangthai":"1","vitri":"1","loai":"quangcao"},{"_id":{"timestamp":1559636686,"machineIdentifier":4776894,"processIdentifier":23154,"counter":7955808},"page":"21","kichthuoc":"qc_riengads","kieu":"pc","maquangcao":"","thoigian":"2019-06-04 + 2019-09-26","title":"Vị trí 1","trangthai":"1","vitri":"1","loai":"quangcao"},{"_id":{"timestamp":1559705468,"machineIdentifier":4776894,"processIdentifier":23154,"counter":7958664},"page":"pageall","kichthuoc":"qc_chungads","kieu":"pc","maquangcao":"","thoigian":"","title":"Header_PC","trangthai":"1","vitri":"0","loai":"quangcao"},{"_id":{"timestamp":1559787280,"machineIdentifier":4776894,"processIdentifier":23154,"counter":6141638},"page":"pageall","kichthuoc":"qc_chungads","kieu":"pc","maquangcao":"","thoigian":"","title":"Dưới Menu_PC","trangthai":"1","vitri":"1","loai":"quangcao"},{"_id":{"timestamp":1560845837,"machineIdentifier":14681809,"processIdentifier":30479,"counter":8170922},"page":"pageall","kichthuoc":"qc_chungads","kieu":"pc","maquangcao":"11111","thoigian":"","title":"QC11","trangthai":"1","vitri":"11","loai":"quangcao"},{"_id":{"timestamp":1562205186,"machineIdentifier":14681809,"processIdentifier":17260,"counter":2702851},"page":"pageall","kichthuoc":"qc_chungads","kieu":"pc","maquangcao":"8888","thoigian":"","title":"VT8","trangthai":"1","vitri":"8","loai":"quangcao"},{"_id":{"timestamp":1562215694,"machineIdentifier":14681809,"processIdentifier":17260,"counter":2465386},"page":"pageall","kichthuoc":"qc_chungads","kieu":"pc","maquangcao":"\u003ccenter style \u003d\"padding-botton:10px\"\u003e\n\u003cscript async src\u003d\"//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js\"\u003e\u003c/script\u003e\n\u003c!-- ND_300x600 --\u003e\n\u003cins class\u003d\"adsbygoogle\"\n style\u003d\"display:inline-block;width:300px;height:600px\"\n data-ad-client\u003d\"ca-pub-5650397705160395\"\n data-ad-slot\u003d\"6421055866\"\u003e\u003c/ins\u003e\n\u003cscript\u003e\n(adsbygoogle \u003d window.adsbygoogle \|\| []).push({});\n\u003c/script\u003e\n\u003c/center\u003e","thoigian":"","title":"QC2","trangthai":"1","vitri":"2","loai":"quangcao"},{"_id":{"timestamp":1562215730,"machineIdentifier":14681809,"processIdentifier":17260,"counter":2465402},"page":"pageall","kichthuoc":"qc_chungads","kieu":"pc","maquangcao":"","thoigian":"","title":"QC Dưới Dự đoán","trangthai":"1","vitri":"4","loai":"quangcao"},{"_id":{"timestamp":1562216298,"machineIdentifier":14681809,"processIdentifier":17260,"counter":2465446},"page":"pageall","kichthuoc":"qc_chungads","kieu":"pc","maquangcao":"666","thoigian":"","title":"QC6","trangthai":"1","vitri":"6","loai":"quangcao"}]
console-api	log	URL: https://xosodaiphat.net/static.xosodaiphat.net/resource/js/ads.js?v=2(Line 82) Message: show quang cao vi tri...0
console-api	log	URL: https://xosodaiphat.net/static.xosodaiphat.net/resource/js/ads.js?v=2(Line 82) Message: show quang cao vi tri...1
console-api	log	URL: https://xosodaiphat.net/static.xosodaiphat.net/resource/js/ads.js?v=2(Line 82) Message: show quang cao vi tri...2
console-api	log	URL: https://xosodaiphat.net/static.xosodaiphat.net/resource/js/ads.js?v=2(Line 82) Message: show quang cao vi tri...4

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
csi.gstatic.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
img.icons8.com
pagead2.googlesyndication.com
partner.googleadservices.com
qc.kqbd88.com
securepubads.g.doubleclick.net
static.xosodaiphat.net
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
xosodaiphat.net
142.250.185.130
142.250.186.130
210.211.99.15
2404:6800:400a:80c::2003
2606:4700:3033::6815:56d9
2606:4700:3035::ac43:a451
2a00:1450:4001:802::2003
2a00:1450:4001:802::2004
2a00:1450:4001:80f::2008
2a00:1450:4001:80f::200e
2a00:1450:4001:811::2002
2a00:1450:4001:812::2002
2a00:1450:4001:827::2002
2a00:1450:4001:82a::2001
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::2003
2a00:1450:4001:82f::200a
2a00:1450:4001:831::2004
2a02:6ea0:c700::10
0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467
037e64fc78a418047f98a7204b73650df48a03ee3675c8ea5c9d57a35240d9e3
0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b
0b494ceb756ec64e73a6050124c63e08e5f809a2905970545b6087c803dd700f
114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5
1375f9f1fc45e71ecb0d9df8774bd130b7adaf3367acab60a5ba82f91479122d
16afd5948106c3aaf382436d2bcf111486dd2e35e3082e1b02b29e43eb2e99eb
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d
20e759e045642925ef24d225eed7897b5f0d9a5e6740c0a804b1fb6293cb3972
247a64693b38ff04db57ff8b3b5fc308e593957d0bea794ab66aa2a47e3536ca
2d6945353c49ed8c3f15ce8378abba05423b2e516808d26f1b1feebecca89f1a
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
331c8dbc087f677d4eca8035d19626c0662a712b95d0d78bbeba05b7c3bbe7dc
39761d6557c7e669d20512d2b97d02a85d744aaf90e7fe44d9aed8b2e6a63823
39b089c00ecf8de9796c641924c012fcbb54fd5866ff7aec540319b323bfed19
429f40dd6ebd3230aeb9f7579bdfc3b45a08eb5df14718d6fa81f08adfaa0096
43db89eb3dc6ef4e57dc384ff3489313cdb455a291d33588496a02e80f647cc8
47b2e4e5ae504cbefc5c71d8bab25c4571c65321f1009411150b689dcc2901f5
49d29c45961c425c9057af777352876e38c32f60f14854e5f5943f4fe56e2884
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
50f36dfa6fece434e88e474d214553f6dc1972a8b05f4cdcc3db65890644bd7a
5469740595a44003b8884f40783d63ac3c9b57e1a00ad6f29c4fff55153717de
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
5b23e7d8882806a2f0d3ac78e8afeafde83c77e229c62720251fb59dcc6866a2
5d1f3a4ee5a02abdbc66a11aad769dd81cbe4d07f0b3799ff0940ad7b7d6cc1a
5dfcb510b01456c9783283ee80b9ec6c1860a8fd96f045dc9bc14b9b98cd31db
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
60e89eb58052d6ed47148d9942d5f2c2ac1b513565e8165930bde22f8bf9a752
6106e687083c9c1317e5ade767d615a8b4d5f52483db8c4f98d9fcc86860d730
6326efbd691e6c5b9f52d97aafe085e9bcab1edd5d21afa73c5cd00176ea6bad
6389947d04e3ac6fb381b37f661c1b799fb3caa0aa02f63de131ff6a371f39c5
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
710d59cc71277c8e761e9dde1ba57bf54c4ff65f3fa912baeaff109e80ebd98c
715568ccbb5fb9301a2e8e1a75c60e71b39cc7b5830ac8bfe251abbb3a051b64
72b4acec2553cc1019adf8811fc3e29b0b54ea143d748f423c624abb775e03b6
778409f72d6939acbdee2b281898b843094f00fde232f3576835b78e47ac2fc9
7a1a5d7b1776087e530b771f77ecc1fe9475e2ded1a681bac57a58ea3530643f
7c5c257be5c3557cae917bf232a97bf46d54843137fab95725e8b9c0d9ed28b4
859c73b1c255a0df742a1feaee291b6966b1e71076049d06c9dee9b844493c85
8803cef9ab72323f0ecdf5acb9f4ef3f167e49bec41bcc4b6691d91be5bf4a2b
880de7665b1aaa840303313deca3352af257d55aed4584d5e17f0fbffe0fde01
8d30da4c6152075f8a2c18311345702bbfcbff36d8d0d204f68b002980658f62
925abb03f4100152b16eaee3da6a86a5783b1db06b07c7e3ddf0f3120630ef06
933247953977a794be40964c0f4659e28f3006fd2f663a22cadd309fe3964906
9ab5b15f63449c6333a2ff7a284980d3d365979631c24a2a60a98bef2bda7f41
9eb37f86ae123a55a9338be74e9da597032cfb705eca5e2b4c0de305d5d8f48d
a049c00e18fc64bcf0c54a6ce085ba472627d955a4982909c5b67cecc713a36c
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a8c42c3f38da979aadc38c647d7d219e9369145e982f8f421e837e88ec40f64a
abc1bbfb097cfaf4715fe823adb40881f8ed35a943692d5c037945c2fcc56340
b2ed74f5e28a9e5e3ab9ac34f82eac892280e5fe7d9373d601e137b6046802f8
b3a0996bebbf4ae763970d18c21034a53c5850862b5bb49472afb2d0ef5bd181
b4d587efacfde9ba385121031802c1e89bc365fab285051e9c377a835dcc0edb
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
b778cac28c30c893ebde673bf88a79a1f9a5995903987a89b064e73287e23178
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bf5230ffb8745d28c11ae8b743868364f9be8379300bd59d235f402a53ea96ee
c0c0680f1e64e139c1c6c160cd8e7b559a217c391bc594372b4e6de27d4636d2
c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f
cb658d8af264091d320d32e952cb1756ea0145c2f6497b182a39e7ce4e466653
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cef0f0f177b1d93e6df1667c73aa00465481bfd823e1d9d06ba9a2c18e2e0aaa
d3b404b81460a5e71e4b178365e26e2c5f84587ed9b74c11ccb0824dfa955c80
d6ca848a6cdd5ab970866dd72b168d0d1f7c6ff8107a254e8366c1183483fb3d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
edf9bbedbc070b615ccfa2913b36e2d327ea9fe1e441e452f9f3f6f726e49121
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

xosodaiphat.net Open in urlscan Pro 210.211.99.15 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

105 Requests

100 %HTTPS

84 %IPv6

13 Domains

19 Subdomains

19 IPs

4 Countries

1848 kBTransfer

4029 kBSize

0 Cookies

4 Outgoing links

Redirected requests

105 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

xosodaiphat.net Open in urlscan Pro
210.211.99.15 Public Scan

Screenshot
Live screenshot

Full Image

105
Requests

100 %
HTTPS

84 %
IPv6

13
Domains

19
Subdomains

19
IPs

4
Countries

1848 kB
Transfer

4029 kB
Size

0
Cookies

105 HTTP transactions
4 data transactions