xosodaiphat.com Open in urlscan Pro
45.121.163.3 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://xosodaiphat.com/
Effective URL:
https://xosodaiphat.com/
Submission Tags: tranco_l324
Submission: On November 26 via api (November 26th 2021, 2:50:01 am UTC) from DE — Scanned from DE

Summary HTTP 151 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 33 IPs in 5 countries across 25 domains to perform 151 HTTP transactions. The main IP is 45.121.163.3, located in Viet Nam and belongs to INCOM-AS-VN Cong ty CP Truyen thong quoc te Incom, VN. The main domain is xosodaiphat.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on June 30th 2020. Valid for: 2 years.

This is the only time xosodaiphat.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 5	45.121.163.3 45.121.163.3	56149 (INCOM-AS-...) (INCOM-AS-VN Cong ty CP Truyen thong quoc te Incom)
3	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
7	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c1b::9a	15169 (GOOGLE) (GOOGLE)
15	103.3.252.216 103.3.252.216	56149 (INCOM-AS-...) (INCOM-AS-VN Cong ty CP Truyen thong quoc te Incom)
2	103.90.223.132 103.90.223.132	135912 (VNETWORK-...) (VNETWORK-AS-VN VNETWORK Joint Stock Company)
2	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	151.139.242.29 151.139.242.29	33438 (HIGHWINDS2) (HIGHWINDS2)
3	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:802::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
25	2a00:1450:400... 2a00:1450:4001:811::2001	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
1	2600:1901:0:7... 2600:1901:0:76b9::	15169 (GOOGLE) (GOOGLE)
12	2606:4700:303... 2606:4700:3039::6815:c08f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
6	2001:4860:480... 2001:4860:4802:32::3	15169 (GOOGLE) (GOOGLE)
1	2620:116:800d... 2620:116:800d:21:8c6e:cf2c:8d6:9fb5	16509 (AMAZON-02) (AMAZON-02)
1	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
1	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
2 2	198.47.127.19 198.47.127.19	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
1 1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1	2a05:d01c:1d8... 2a05:d01c:1d8:8102:9b42:ec:9152:470a	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:20:... 2606:4700:20::ac43:444e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:303... 2606:4700:3039::6815:c08e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	23.79.145.223 23.79.145.223	16625 (AKAMAI-AS) (AKAMAI-AS)
4 4	84.200.5.215 84.200.5.215	31400 (ACCELERAT...) (ACCELERATED-IT)
2 2	46.4.62.19 46.4.62.19	24940 (HETZNER-AS) (HETZNER-AS)
1	82.113.101.132 82.113.101.132	6805 (TDDE-ASN1) (TDDE-ASN1)
1	82.113.101.236 82.113.101.236	6805 (TDDE-ASN1) (TDDE-ASN1)
151	33

5 45.121.163.3 (Viet Nam) 1 redirects

ASN56149 (INCOM-AS-VN Cong ty CP Truyen thong quoc te Incom, VN)

xosodaiphat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c1b::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 103.3.252.216 (Viet Nam)

ASN56149 (INCOM-AS-VN Cong ty CP Truyen thong quoc te Incom, VN)

cdn.xosodaiphat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 103.90.223.132 (Viet Nam)

ASN135912 (VNETWORK-AS-VN VNETWORK Joint Stock Company, VN)

cdn1.xosodaiphat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.139.242.29 (United States)

ASN33438 (HIGHWINDS2, US)

images.dmca.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

bb34734ea2c11f7c2574edea1ad8361c.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a00:1450:4001:811::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:76b9:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

prod-rtb.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700:3039::6815:c08f (United States)

ASN13335 (CLOUDFLARENET, US)

as.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2001:4860:4802:32::3 (United States)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:8c6e:cf2c:8d6:9fb5 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.47.127.19 (United States) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.217.18.98 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s05-in-f98.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d01c:1d8:8102:9b42:ec:9152:470a (London, United Kingdom)

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:444e (United States)

ASN13335 (CLOUDFLARENET, US)

static-de.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3039::6815:c08e (United States)

ASN13335 (CLOUDFLARENET, US)

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.79.145.223 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-79-145-223.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 84.200.5.215 (Germany) 4 redirects

ASN31400 (ACCELERATED-IT, DE)

www.telefonica-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.lead-alliance.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 46.4.62.19 (Germany) 2 redirects

ASN24940 (HETZNER-AS, DE)
PTR: nonstopads4.sunbonet.de

partner.o2online.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
partner.blau.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 82.113.101.132 (Offenbach, Germany)

ASN6805 (TDDE-ASN1, DE)
PTR: portal.o2online.de

portal.o2online.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 82.113.101.236 (Offenbach, Germany)

ASN6805 (TDDE-ASN1, DE)
PTR: portal.blau.de

portal.blau.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
39	googlesyndication.com pagead2.googlesyndication.com bb34734ea2c11f7c2574edea1ad8361c.safeframe.googlesyndication.com tpc.googlesyndication.com	463 KB
22	xosodaiphat.com 1 redirects xosodaiphat.com cdn.xosodaiphat.com cdn1.xosodaiphat.com	251 KB
20	doubleclick.net securepubads.g.doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net	260 KB
15	gstatic.com www.gstatic.com fonts.gstatic.com csi.gstatic.com	164 KB
14	ad4m.at as.ad4m.at ad4m.at assets.ad4m.at	189 KB
13	ampproject.org cdn.ampproject.org	244 KB
7	google.com apis.google.com adservice.google.com www.google.com	73 KB
3	googleapis.com fonts.googleapis.com	3 KB
3	googletagservices.com www.googletagservices.com	99 KB
2	blau.de 1 redirects partner.blau.de portal.blau.de	2 KB
2	o2online.de 1 redirects partner.o2online.de portal.o2online.de	2 KB
2	lead-alliance.net 2 redirects www.lead-alliance.net	1 KB
2	telefonica-partner.de 2 redirects www.telefonica-partner.de	573 B
2	pubmatic.com 2 redirects image6.pubmatic.com	1 KB
2	ad4mat.net prod-rtb.ad4mat.net static-de.ad4mat.net	4 KB
2	google.de adservice.google.de	914 B
2	google-analytics.com www.google-analytics.com	20 KB
1	awin1.com www.awin1.com	704 B
1	innovid.com ag.innovid.com	297 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com	460 B
1	openx.net rtb.openx.net	351 B
1	mookie1.com odr.mookie1.com	324 B
1	quantserve.com cms.quantserve.com	464 B
1	dmca.com images.dmca.com	633 B
1	googleadservices.com partner.googleadservices.com	410 B
151	25

	Domain	Requested by
25	tpc.googlesyndication.com	googleads.g.doubleclick.net cdn.ampproject.org pagead2.googlesyndication.com tpc.googlesyndication.com
15	cdn.xosodaiphat.com	xosodaiphat.com
13	cdn.ampproject.org	googleads.g.doubleclick.net pagead2.googlesyndication.com
13	pagead2.googlesyndication.com	xosodaiphat.com pagead2.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com tpc.googlesyndication.com
10	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net xosodaiphat.com
6	assets.ad4m.at	as.ad4m.at
6	csi.gstatic.com	securepubads.g.doubleclick.net cdn.ampproject.org pagead2.googlesyndication.com
6	fonts.gstatic.com	fonts.googleapis.com
6	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net googleads.g.doubleclick.net
5	xosodaiphat.com	1 redirects xosodaiphat.com
4	ad4m.at	as.ad4m.at ad4m.at
4	as.ad4m.at	googleads.g.doubleclick.net as.ad4m.at ad4m.at
3	cm.g.doubleclick.net	xosodaiphat.com googleads.g.doubleclick.net
3	www.google.com	googleads.g.doubleclick.net tpc.googlesyndication.com
3	fonts.googleapis.com	googleads.g.doubleclick.net
3	www.gstatic.com	xosodaiphat.com googleads.g.doubleclick.net
3	www.googletagservices.com	xosodaiphat.com googleads.g.doubleclick.net
2	www.lead-alliance.net	2 redirects
2	www.telefonica-partner.de	2 redirects
2	image6.pubmatic.com	2 redirects
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	apis.google.com	xosodaiphat.com apis.google.com
2	cdn1.xosodaiphat.com	xosodaiphat.com
2	www.google-analytics.com	xosodaiphat.com www.google-analytics.com
1	portal.blau.de	as.ad4m.at
1	partner.blau.de	1 redirects
1	portal.o2online.de	as.ad4m.at
1	partner.o2online.de	1 redirects
1	www.awin1.com	as.ad4m.at
1	static-de.ad4mat.net	as.ad4m.at
1	ag.innovid.com	googleads.g.doubleclick.net
1	pixel.rubiconproject.com	1 redirects
1	rtb.openx.net	googleads.g.doubleclick.net
1	odr.mookie1.com	googleads.g.doubleclick.net
1	cms.quantserve.com	googleads.g.doubleclick.net
1	prod-rtb.ad4mat.net	xosodaiphat.com
1	bb34734ea2c11f7c2574edea1ad8361c.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	images.dmca.com	xosodaiphat.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	stats.g.doubleclick.net	www.google-analytics.com
151	41

This site contains links to these domains. Also see Links.

Domain
play.google.com
muvi.vn
www.dmca.com

Subject Issuer	Validity	Valid
www.xosodaiphat.com Sectigo RSA Domain Validation Secure Server CA	`2020-06-30` - `2022-07-11`	2 years	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
cdn.xosodaiphat.com Sectigo RSA Domain Validation Secure Server CA	`2021-08-09` - `2022-08-09`	a year	crt.sh
cdn1.xosodaiphat.com Sectigo RSA Domain Validation Secure Server CA	`2021-08-18` - `2022-08-18`	a year	crt.sh
*.apis.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
images.dmca.com Go Daddy Secure Certificate Authority - G2	`2020-03-13` - `2022-04-04`	2 years	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
prod-rtb.ad4mat.net GTS CA 1D4	`2021-10-22` - `2022-01-20`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-08` - `2022-07-07`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-22` - `2022-03-25`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
*.innovid.com RapidSSL RSA CA 2018	`2020-02-07` - `2022-04-07`	2 years	crt.sh
www.awin1.com DigiCert SHA2 Secure Server CA	`2021-06-11` - `2022-06-16`	a year	crt.sh

This page contains 16 frames:

Primary Page: https://xosodaiphat.com/
Frame ID: 5D42E962D7E4E2518A98089652EC77DA
Requests: 49 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20190131/zrt_lookup.html
Frame ID: F494300D80A4F0922C17CED0036E109C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7078400245394460&output=html&adk=1812271804&adf=3025194257&lmt=1637894992&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fxosodaiphat.com%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637894993834&bpp=122&bdt=97&idt=122&shv=r20211111&mjsv=m202111160101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2410851921683&rume=1&frm=20&pv=2&ga_vid=1250507266.1637894994&ga_sid=1637894994&ga_hid=1389502024&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982000%2C182982200%2C31063782%2C31061691%2C31061693&oid=2&pvsid=2804184704754586&pem=23&tmod=1725400849&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=137
Frame ID: CF6896E666BB7BA3BBDFC42A003FFC16
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5841899339949803&output=html&h=90&slotname=3691106802&adk=445279611&adf=962651467&pi=t.ma~as.3691106802&w=728&lmt=1637894992&psa=0&format=728x90&url=https%3A%2F%2Fxosodaiphat.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637894993973&bpp=1&bdt=236&idt=1&shv=r20211111&mjsv=m202111160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2410851921683&rume=1&frm=20&pv=2&ga_vid=1250507266.1637894994&ga_sid=1637894994&ga_hid=1389502024&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=642&ady=10&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982000%2C182982200%2C31063782%2C31061691%2C31061693&oid=2&pvsid=2804184704754586&pem=23&tmod=1725400849&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=vOS4RXSwcR&p=https%3A//xosodaiphat.com&dtd=8
Frame ID: D3055E5C0EBF2C5B3AF9D784289C99A8
Requests: 23 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5841899339949803&output=html&h=250&slotname=3164764943&adk=3195374438&adf=2778587218&pi=t.ma~as.3164764943&w=300&lmt=1637894992&psa=0&format=300x250&url=https%3A%2F%2Fxosodaiphat.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637894994000&bpp=1&bdt=263&idt=1&shv=r20211111&mjsv=m202111160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=2410851921683&rume=1&frm=20&pv=1&ga_vid=1250507266.1637894994&ga_sid=1637894994&ga_hid=1389502024&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=358&ady=1006&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982000%2C182982200%2C31063782%2C31061691%2C31061693&oid=2&pvsid=2804184704754586&pem=23&tmod=1725400849&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=H6LDsWYzdw&p=https%3A//xosodaiphat.com&dtd=7
Frame ID: 636A1ADABC2703E72DB717EC82B08CAF
Requests: 17 HTTP requests in this frame

Frame: https://bb34734ea2c11f7c2574edea1ad8361c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: B3018C87C112D82EA4517B1A3EEDFF05
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2201058077065954&output=html&h=600&slotname=2304122458&adk=2183641536&adf=3496389188&pi=t.ma~as.2304122458&w=150&lmt=1637894992&psa=0&format=150x600&url=https%3A%2F%2Fxosodaiphat.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637894994085&bpp=1&bdt=348&idt=0&shv=r20211111&mjsv=m202111160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C300x250&nras=1&correlator=2410851921683&rume=1&frm=20&pv=2&ga_vid=1250507266.1637894994&ga_sid=1637894994&ga_hid=1389502024&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=853&ady=1388&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982000%2C182982200%2C31063782%2C31061691%2C31061693&oid=2&pvsid=2804184704754586&pem=23&tmod=1725400849&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=tqR1w2ZcP1&p=https%3A//xosodaiphat.com&dtd=10
Frame ID: 03FBDD93A1DDE29BABD5C14E4BE30119
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5841899339949803&output=html&h=600&slotname=7770263321&adk=234424686&adf=2298740071&pi=t.ma~as.7770263321&w=300&lmt=1637894992&psa=0&format=300x600&url=https%3A%2F%2Fxosodaiphat.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637894994110&bpp=1&bdt=373&idt=1&shv=r20211111&mjsv=m202111160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C300x250%2C150x600&nras=1&correlator=2410851921683&rume=1&frm=20&pv=1&ga_vid=1250507266.1637894994&ga_sid=1637894994&ga_hid=1389502024&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1070&ady=714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982000%2C182982200%2C31063782%2C31061691%2C31061693&oid=2&pvsid=2804184704754586&pem=23&tmod=1725400849&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&fsb=1&xpc=MQnS9LD4vN&p=https%3A//xosodaiphat.com&dtd=9
Frame ID: 1D9EFFFA986407C6F265E96EF67616C6
Requests: 22 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js
Frame ID: 209DB9146325710B1381FE366740E865
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=CnnSvUkugYdHyBsXb3wPPooS4B5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMjIwMTA1ODA3NzA2NTk1NKABwq7o3QPIAQmpAmrgQwrozbI-qAMBqgTBAU_QXlCFhAOvq3YzxF6CcV6R3x1BEwWHi_wU24DL3_dnfTVN9Z9_NQqCUZP2BG4yOijcLxmcu5ZdGZzk9WJd7xFoXDZHDTiy5HjMrLWyFqEmRep9YE4DXnprZoRH_hi0k2Jzh3p6Ah9IUPGgReyqv7PS-QL6UnkiPSAbDSkpZ0RvApgogkkFQr_ESACqHz3JGopeo79DhbJSEYVn-TItAYdmLXC47UZkPUs7N9z8xqfPSA7ElWRRmDgK8anNGlqP2jGABs6lwtPbyNuX9AGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAYAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi0yMjAxMDU4MDc3MDY1OTU0GAA&sigh=sRZVlNRLaPw&uach_m=[UACH]&cid=CAQSKQCNIrLMXMeLjeFA-4Zt2jCCeSM2I0X7kopMiuGMvwECAFua7bc1BAx6GAE
Frame ID: CC1418711330F78821C6F49D87C3F8AE
Requests: 9 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/dr?ed=1j0c3fmepee4r3661ahpqtgaqqa00q20941k9s07nbm04hrf9d6tdkrj2qsgep77m4r4dfmdjd3ja2xgc271fmej94h5hzstaatg99vcky275022ypf4c03qrgwp9y5zx2be5x42kdpmepc5cq69a3y55q6e0paxhexz73vx9n76s3nt89d7e64ndpggzctnz24ynwmjerxt9a2120221gwvqn5hpnzt7pr4hca0f0yjc7r8hrvsvkw1zm9g4yzymxg0zm59477kj2gh9wjms6pg7gdegr1sx65rcrrnwdr70ayv7mhha6axcyexrndxnenv3cew2840hdgcaeshb9b7gfx7r7g15cdw1px1fj3xz9wr1w3fnd2v0aq9sj2a9s9f41rnyek718gwmqgq4qa07cd20x3j5a1683pptxph65q0e2ksqtnywnvs72jqwtd0&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC6r5EUkugYdHyBsXb3wPPooS4B5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMjIwMTA1ODA3NzA2NTk1NKABwq7o3QPIAQmpAmrgQwrozbI-qAMBqgTEAU_QXlCFhAOvq3YzxF6CcV6R3x1BEwWHi_wU24DL3_dnfTVN9Z9_NQqCUZP2BG4yOijcLxmcu5ZdGZzk9WJd7xFoXDZHDTiy5HjMrLWyFqEmRep9YE4DXnprZoRH_hi0k2Jzh3p6Ah9IUPGgReyqv7PS-QL6UnkiPSAbDSkpZ0RvApgogkkFQr_ESACqHz3JGopeo79DhbJSEYVnuzAMk1CfqjBwag7y5wKpxeXozArFZhYZFaYYCsCe74XVz4YQmvl3v0SABs6lwtPbyNuX9AGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1P7kt6DWe7uuPavAqTrcUjMbm5JA%26client%3Dca-pub-2201058077065954%26adurl%3D
Frame ID: 2E3B9E09BFB3C2783B932D3B69E40BE3
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 4C492F7D43FFF2E4126D2F7D7B0F31DF
Requests: 9 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 4E89EE6512F4C37F30E5D449D0735244
Requests: 1 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=170113%2C20833%2C166402&b=Ke2sRfE34CGG8dc5HMHktPtKWqKf8TATwx8fq%2CjBzSEfVAgTezJsYHEH2t6tRRGcKTzTDZ1f9%2CPe7sBf2XzUbK79t9HjHbtMtPPgSZT9TPxDfp&f=k6YF5f1pjUddJMU4HwHetmCXmDXukTjTp7mUR%2Cxb9UQfVY5TQXbHPHdHztDCRRgcJT6TqGKSA%2Cb4xuQfq63S5K2bfYHbHzt8CwwmsxTJT5DMuJ&c=120&d=600&e=SWIE4VMeI0wT2zb1qq2odulCFuRVYRap&g=da1a653b8d160bb8555f99b7a5ba651c%2F15925037179300048360&i=69427%2C20774%2C20773&j=16%2C14%2C14&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach94_WKZREACH&r=1637894994959&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g8yj36cdfewfge8h78h4qpjfqeqfsy0rk1aynj2s924ba8ms69edymbkm3p2gn1283hze5qmkcvs8frsmr0pktq4115g8tj5q5wzkfr4q1x8gxkfenypepbsr3xcm01ydxeqsnz9gt8nq31cj6dvyhcgy3bmakk3ff5fczwqewr1xmfasqfpj6q9c2sj0pt3ggvzzcchaktkkyayy0ng5mwgp8098cv856w12r2k5ny55f4mxf98cbfd21g7gsc7jx0d34s5cfyhn2yg75ne928%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC6r5EUkugYdHyBsXb3wPPooS4B5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMjIwMTA1ODA3NzA2NTk1NKABwq7o3QPIAQmpAmrgQwrozbI-qAMBqgTEAU_QXlCFhAOvq3YzxF6CcV6R3x1BEwWHi_wU24DL3_dnfTVN9Z9_NQqCUZP2BG4yOijcLxmcu5ZdGZzk9WJd7xFoXDZHDTiy5HjMrLWyFqEmRep9YE4DXnprZoRH_hi0k2Jzh3p6Ah9IUPGgReyqv7PS-QL6UnkiPSAbDSkpZ0RvApgogkkFQr_ESACqHz3JGopeo79DhbJSEYVnuzAMk1CfqjBwag7y5wKpxeXozArFZhYZFaYYCsCe74XVz4YQmvl3v0SABs6lwtPbyNuX9AGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1P7kt6DWe7uuPavAqTrcUjMbm5JA%252526client%25253Dca-pub-2201058077065954%252526adurl%25253D&y=1&z=0
Frame ID: 6B0A9703B4A503B8853490C7A53F159F
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: FCAED67A9138F797975391FD5817C0B0
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 75C16713FDAB8BE55E8C508D03AD51E7
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

KQXS - Xổ số kiến thiết hôm nay - Xo So

Page URL History Show full URLs

http://xosodaiphat.com/ HTTP 301
https://xosodaiphat.com/ Page URL

Page Statistics

151
Requests

97 %
HTTPS

58 %
IPv6

25
Domains

41
Subdomains

33
IPs

5
Countries

1777 kB
Transfer

4455 kB
Size

26
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://play.google.com/store/apps/details?id=com.icsoft.xosodaiphat

Search URL Search Domain Scan URL

URL: https://muvi.vn/playlist/lien-khuc-nhac-tru-tinh-luu-anh-loan-hay-nhat.KqM7ABvqK9AJ.html?utm_campaign=tin_bai&utm_medium=trangchu&utm_source=xsdp

Search URL Search Domain Scan URL

URL: https://www.dmca.com/Protection/Status.aspx?ID=2fe00d0c-59bc-4930-bde8-11153f7264ff&refurl=https://xosodaiphat.com/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://xosodaiphat.com/ HTTP 301
https://xosodaiphat.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 101

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEHIqz5QpxUbOl8iRNmi9igo&google_cver=1&google_push=AYg5qPLb1fSO0ucWyAO6wcEZ5tcrux5cU6mIwo9ELAJOyRF75EU3sYYc5U4xKng1zm67TDVsJBMWoQZ_mcFIiQWSkYE8XJ4xVgM HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEHIqz5QpxUbOl8iRNmi9igo&google_cver=1&google_push=AYg5qPLb1fSO0ucWyAO6wcEZ5tcrux5cU6mIwo9ELAJOyRF75EU3sYYc5U4xKng1zm67TDVsJBMWoQZ_mcFIiQWSkYE8XJ4xVgM&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=FFxSj8AjQBO8bPI82irj-Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLb1fSO0ucWyAO6wcEZ5tcrux5cU6mIwo9ELAJOyRF75EU3sYYc5U4xKng1zm67TDVsJBMWoQZ_mcFIiQWSkYE8XJ4xVgM

Request Chain 102

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEG4HkwUhbfLlY38HPsyBccI&google_cver=1&google_push=AYg5qPJCXsMBUsO0ECYTFTEde4t3gOfFqKqDS9LnEvJGoHGSAOf4u64eI87YiSRziAVyX2onyIwBUReiInfCfLU54PfyglY3cOU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dGU0UyRjktMVEtQkIzTA==&google_push=AYg5qPJCXsMBUsO0ECYTFTEde4t3gOfFqKqDS9LnEvJGoHGSAOf4u64eI87YiSRziAVyX2onyIwBUReiInfCfLU54PfyglY3cOU

Request Chain 103

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEKoM1w9NdJh03RfiDvE9qfQ&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm4026b7i8lPDB2_uxj-hNeA7vA HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEKoM1w9NdJh03RfiDvE9qfQ&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm4026b7i8lPDB2_uxj-hNeA7vA&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm4026b7i8lPDB2_uxj-hNeA7vA&google_gid=CAESEKoM1w9NdJh03RfiDvE9qfQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm4026b7i8lPDB2_uxj-hNeA7vA&google_gid=CAESEKoM1w9NdJh03RfiDvE9qfQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm4026b7i8lPDB2_uxj-hNeA7vA&google_gid=CAESEKoM1w9NdJh03RfiDvE9qfQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm4026b7i8lPDB2_uxj-hNeA7vA&google_gid=CAESEKoM1w9NdJh03RfiDvE9qfQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm4026b7i8lPDB2_uxj-hNeA7vA&google_gid=CAESEKoM1w9NdJh03RfiDvE9qfQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm4026b7i8lPDB2_uxj-hNeA7vA&google_gid=CAESEKoM1w9NdJh03RfiDvE9qfQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm4026b7i8lPDB2_uxj-hNeA7vA&google_gid=CAESEKoM1w9NdJh03RfiDvE9qfQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm4026b7i8lPDB2_uxj-hNeA7vA&google_gid=CAESEKoM1w9NdJh03RfiDvE9qfQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm4026b7i8lPDB2_uxj-hNeA7vA&google_gid=CAESEKoM1w9NdJh03RfiDvE9qfQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm4026b7i8lPDB2_uxj-hNeA7vA&google_gid=CAESEKoM1w9NdJh03RfiDvE9qfQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm4026b7i8lPDB2_uxj-hNeA7vA&google_gid=CAESEKoM1w9NdJh03RfiDvE9qfQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm4026b7i8lPDB2_uxj-hNeA7vA&google_gid=CAESEKoM1w9NdJh03RfiDvE9qfQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm4026b7i8lPDB2_uxj-hNeA7vA&google_gid=CAESEKoM1w9NdJh03RfiDvE9qfQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm4026b7i8lPDB2_uxj-hNeA7vA&google_gid=CAESEKoM1w9NdJh03RfiDvE9qfQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm4026b7i8lPDB2_uxj-hNeA7vA&google_gid=CAESEKoM1w9NdJh03RfiDvE9qfQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm4026b7i8lPDB2_uxj-hNeA7vA&google_gid=CAESEKoM1w9NdJh03RfiDvE9qfQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm4026b7i8lPDB2_uxj-hNeA7vA&google_gid=CAESEKoM1w9NdJh03RfiDvE9qfQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm4026b7i8lPDB2_uxj-hNeA7vA&google_gid=CAESEKoM1w9NdJh03RfiDvE9qfQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm4026b7i8lPDB2_uxj-hNeA7vA&google_gid=CAESEKoM1w9NdJh03RfiDvE9qfQ

Request Chain 119

https://www.telefonica-partner.de/tpv.php?t=117699V1226132702M&subid=oneidjBzSEfVAgTezJsYHEH2t6tRRGcKTzTDZ1f9oneid__asuidSWIE4VMeI0wT2zb1qq2odulCFuRVYRapasuid__suite_Netmix_Reach94_WKZREACH&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.lead-alliance.net/tpv.php?t=117699V1226132702M&subid=oneidjBzSEfVAgTezJsYHEH2t6tRRGcKTzTDZ1f9oneid__asuidSWIE4VMeI0wT2zb1qq2odulCFuRVYRapasuid__suite_Netmix_Reach94_WKZREACH&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=117699&s_id=2021112603495559229241833X117699V1226132702MSoneidjBzSEfVAgTezJsYHEH2t6tRRGcKTzTDZ1f9oneid__asuidSWIE4VMeI0wT2zb1qq2odulCFuRVYRapasuid__suite_Netmix_Reach94_WKZREACH&spid=2021112603495559229241833X117699V1226132702MSoneidjBzSEfVAgTezJsYHEH2t6tRRGcKTzTDZ1f9oneid__asuidSWIE4VMeI0wT2zb1qq2odulCFuRVYRapasuid__suite_Netmix_Reach94_WKZREACH&wfid=117699 HTTP 302
https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_AFF_POV_EXA_15008&mediacode=AFF_la_117699_-HTLP&utm_term=AFF_la_117699_-HTLP&utm_content=O2_AFF_POV_EXA_15008&spid=2021112603495559229241833X117699V1226132702MSoneidjBzSEfVAgTezJsYHEH2t6tRRGcKTzTDZ1f9oneid__asuidSWIE4VMeI0wT2zb1qq2odulCFuRVYRapasuid__suite_Netmix_Reach94_WKZREACH&wfid=117699&ratenzahlung=24

Request Chain 122

https://www.telefonica-partner.de/tpv.php?t=113752V1225131106M&subid=oneidPe7sBf2XzUbK79t9HjHbtMtPPgSZT9TPxDfponeid__asuidSWIE4VMeI0wT2zb1qq2odulCFuRVYRapasuid__suite_Netmix_Reach94_WKZREACH&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.lead-alliance.net/tpv.php?t=113752V1225131106M&subid=oneidPe7sBf2XzUbK79t9HjHbtMtPPgSZT9TPxDfponeid__asuidSWIE4VMeI0wT2zb1qq2odulCFuRVYRapasuid__suite_Netmix_Reach94_WKZREACH&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://partner.blau.de/a/?i=pview&client=blau&camp=pview&l=de&nw=lea1&affiliate=113752&s_id=2021112603495559229241831X113752V1225131106MSoneidPe7sBf2XzUbK79t9HjHbtMtPPgSZT9TPxDfponeid__asuidSWIE4VMeI0wT2zb1qq2odulCFuRVYRapasuid__suite_Netmix_Reach94_WKZREACH HTTP 302
https://portal.blau.de/nws/img/postview.gif?partnerId=BLU_AFF_POV_EXA_35008&mediacode=AFF_la_113752_-HTLP&utm_term=AFF_la_113752_-HTLP&utm_content=BLU_AFF_POV_EXA_35008&spid=2021112603495559229241831X113752V1225131106MSoneidPe7sBf2XzUbK79t9HjHbtMtPPgSZT9TPxDfponeid__asuidSWIE4VMeI0wT2zb1qq2odulCFuRVYRapasuid__suite_Netmix_Reach94_WKZREACH&wfid=113752

151 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
xosodaiphat.com/
Redirect Chain

http://xosodaiphat.com/
https://xosodaiphat.com/

122 KB
36 KB

1232ms
582ms

Document
text/html

45.121.163.3
INCOM-AS-VN Cong ...

General

Check archive.org

Show headers Download Go to

Full URL: https://xosodaiphat.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 45.121.163.3 , Viet Nam, ASN56149 (INCOM-AS-VN Cong ty CP Truyen thong quoc te Incom, VN),
Reverse DNS
Software: Microsoft-IIS/8.5 / xosodaiphat37
Resource Hash: eba6e0497d3436d47ff6249e94f74b6a1fcd57ac55925dc3cb10811a14d5c217

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Cache-Control: public, max-age=120
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: Fri, 26 Nov 2021 02:51:52 GMT
Last-Modified: Fri, 26 Nov 2021 02:49:52 GMT
Vary: *
Server: Microsoft-IIS/8.5
X-AspNetMvc-Version: 4.0
X-AspNet-Version: 4.0.30319
X-HTML-Minification-Powered-By: WebMarkupMin
X-Powered-By: xosodaiphat37
Access-Control-Allow-Origin: https://xosodaiphat.com
Date: Fri, 26 Nov 2021 02:49:52 GMT
Content-Length: 36765

Redirect headers

Content-Type: text/html; charset=UTF-8
Location: https://xosodaiphat.com/
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Fri, 26 Nov 2021 02:49:53 GMT
Content-Length: 147

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 77 KB
27 KB 37ms
14ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: xosodaiphat.com
URL: https://xosodaiphat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c02cae5b2de27b0f12598ab23cf91b1e0e99dda2821e2d17510497e23093cbe7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 02:49:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1055 / 602 of 1000 / last-modified: 1637708807"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26862
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 26 Nov 2021 02:49:53 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 144 KB
51 KB 55ms
34ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: xosodaiphat.com
URL: https://xosodaiphat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dfca2f54fc3c8a93ff22b1548a99f670a28bcf60b59aa29a922374d9d8e588f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 02:49:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51393
x-xss-protection: 0
server: cafe
etag: 6643985723401173680
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 26 Nov 2021 02:49:53 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 29ms
6ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: xosodaiphat.com
URL: https://xosodaiphat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 6526
date: Fri, 26 Nov 2021 01:01:07 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Fri, 26 Nov 2021 03:01:07 GMT

GET
H2 200 pubads_impl_2021111601.js Show response
securepubads.g.doubleclick.net/gpt/ 344 KB
116 KB 38ms
19ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js?31063798

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

sffe /

Resource Hash

3eee78aaf4f9dc8d0d36d3dddbaad9094ace5d91611f9aee6fe0b44b0ed46ccc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 02:49:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118471
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 09:34:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 26 Nov 2021 02:49:53 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 244 B
772 B 42ms
20ms XHR
application/json 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=xosodaiphat.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

c1c197d43cd9d46ad3dc1c004c8a8221f9ecd1dc4531058ee469a441d39cb522

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 26 Nov 2021 02:49:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 135
x-xss-protection: 0
expires: Fri, 26 Nov 2021 02:49:53 GMT

GET
H2 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111160101/ 272 KB
98 KB 31ms
29ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111160101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7078400245394460&plah=xosodaiphat.com&bust=31063782

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8194fbd59728c43fc1cd41181bf796f643cc3ce3f7d3356d1e01704e8fc20bcd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 02:49:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100190
x-xss-protection: 0
server: cafe
etag: 17549040477392569820
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 26 Nov 2021 02:49:53 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211111/r20190131/ Frame F494 11 KB
5 KB 137ms
5ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211111/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5cedd5abd94d64b07e3779451d057665572b89caa8b445a5e9efa42bad9c4274

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 25 Nov 2021 09:43:00 GMT
expires: Thu, 09 Dec 2021 09:43:00 GMT
content-type: text/html; charset=UTF-8
etag: 16478831307880631077
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4883
x-xss-protection: 0
age: 61613
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
208 B 14ms
13ms XHR
text/plain 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1389502024&t=pageview&_s=1&dl=https%3A%2F%2Fxosodaiphat.com%2F&ul=en-us&de=UTF-8&dt=KQXS%20-%20X%E1%BB%95%20s%E1%BB%91%20ki%E1%BA%BFn%20thi%E1%BA%BFt%20h%C3%B4m%20nay%20-%20Xo%20So&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=412897532&gjid=1258886914&cid=1250507266.1637894994&tid=UA-72080428-1&_gid=1010884714.1637894994&_r=1&_slc=1&z=1705166420

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://xosodaiphat.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 26 Nov 2021 02:49:53 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://xosodaiphat.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
438 B 122ms
15ms XHR
text/plain 2a00:1450:400c:c1b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-72080428-1&cid=1250507266.1637894994&jid=412897532&gjid=1258886914&_gid=1010884714.1637894994&_u=IEBAAEAAAAAAAC~&z=1614353767

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c1b::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://xosodaiphat.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 26 Nov 2021 02:49:53 GMT
content-type: text/plain
access-control-allow-origin: https://xosodaiphat.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ 57 KB
22 KB 21ms
6ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js?31063798

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

977f35f75dfb224977b278c01ff5bd8fb73f53fcaec7480681eb779e34177f23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 02:21:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1686
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22094
x-xss-protection: 0
server: cafe
etag: 9350601024229784641
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Fri, 26 Nov 2021 03:21:47 GMT

GET
H/1.1 200
OK logo.svg
cdn.xosodaiphat.com/assets/images/ 15 KB
15 KB 2318ms
399ms Image
image/svg+xml 103.3.252.216
INCOM-AS-VN Cong ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.xosodaiphat.com/assets/images/logo.svg
Requested by: Host: xosodaiphat.com
URL: https://xosodaiphat.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 103.3.252.216 , Viet Nam, ASN56149 (INCOM-AS-VN Cong ty CP Truyen thong quoc te Incom, VN),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: dd382a0b771572febe55bbd91bca06284a52d4ac9bc73128f114914a4b3c7e97

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 26 Nov 2021 02:49:56 GMT
Last-Modified: Mon, 25 Oct 2021 03:48:38 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "65b3fe3153c9d71:0"
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Accept-Ranges: bytes
Content-Length: 15278

GET
H/1.1 200
OK home.svg
cdn.xosodaiphat.com/assets/images/ 958 B
1 KB 2121ms
202ms Image
image/svg+xml 103.3.252.216
INCOM-AS-VN Cong ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.xosodaiphat.com/assets/images/home.svg
Requested by: Host: xosodaiphat.com
URL: https://xosodaiphat.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 103.3.252.216 , Viet Nam, ASN56149 (INCOM-AS-VN Cong ty CP Truyen thong quoc te Incom, VN),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: f1cfe4f7d3b09de9e3537f0a2303e3e1f23825a794f744340ababa5807de75e1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 26 Nov 2021 02:49:56 GMT
Last-Modified: Mon, 31 May 2021 02:41:57 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "218a7086c655d71:0"
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Accept-Ranges: bytes
Content-Length: 958

GET
H/1.1 200
OK account.svg
cdn.xosodaiphat.com/assets/images/ 825 B
1 KB 2166ms
214ms Image
image/svg+xml 103.3.252.216
INCOM-AS-VN Cong ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.xosodaiphat.com/assets/images/account.svg
Requested by: Host: xosodaiphat.com
URL: https://xosodaiphat.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 103.3.252.216 , Viet Nam, ASN56149 (INCOM-AS-VN Cong ty CP Truyen thong quoc te Incom, VN),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: c4a98a401ef89e5679dc3d31c68231fda80d842aa61d17c5c87d005f80691612

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 26 Nov 2021 02:49:56 GMT
Last-Modified: Mon, 31 May 2021 02:41:57 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "b28cfb85c655d71:0"
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Accept-Ranges: bytes
Content-Length: 825

GET
H/1.1 200
OK menu.svg
cdn.xosodaiphat.com/assets/images/ 1 KB
1 KB 2167ms
214ms Image
image/svg+xml 103.3.252.216
INCOM-AS-VN Cong ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.xosodaiphat.com/assets/images/menu.svg
Requested by: Host: xosodaiphat.com
URL: https://xosodaiphat.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 103.3.252.216 , Viet Nam, ASN56149 (INCOM-AS-VN Cong ty CP Truyen thong quoc te Incom, VN),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: c86bfeabd06ba640332347ce71c397f83fc766be7ba5cd8204d99b940e0fbcb6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 26 Nov 2021 02:49:56 GMT
Last-Modified: Mon, 31 May 2021 02:41:57 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "4e558586c655d71:0"
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Accept-Ranges: bytes
Content-Length: 1082

GET
H/1.1 200
OK app.png
cdn.xosodaiphat.com/assets/images/ 4 KB
4 KB 2172ms
215ms Image
image/png 103.3.252.216
INCOM-AS-VN Cong ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.xosodaiphat.com/assets/images/app.png
Requested by: Host: xosodaiphat.com
URL: https://xosodaiphat.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 103.3.252.216 , Viet Nam, ASN56149 (INCOM-AS-VN Cong ty CP Truyen thong quoc te Incom, VN),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 9da212f1d361cf60b62c8fa65aff456435cb01b4be76c106d0fde9a571fe37b0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 26 Nov 2021 02:49:56 GMT
Last-Modified: Mon, 23 Dec 2019 07:50:10 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "b440599a65b9d51:0"
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Accept-Ranges: bytes
Content-Length: 4056

GET
H/1.1 200
OK close.svg
cdn.xosodaiphat.com/assets/images/ 625 B
939 B 2324ms
202ms Image
image/svg+xml 103.3.252.216
INCOM-AS-VN Cong ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.xosodaiphat.com/assets/images/close.svg
Requested by: Host: xosodaiphat.com
URL: https://xosodaiphat.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 103.3.252.216 , Viet Nam, ASN56149 (INCOM-AS-VN Cong ty CP Truyen thong quoc te Incom, VN),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: f7e8843af1d90c9959c28fd895bbc658b21c63883bd348bf378526f44ee611c9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 26 Nov 2021 02:49:56 GMT
Last-Modified: Mon, 31 May 2021 02:41:57 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "f29e2786c655d71:0"
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Accept-Ranges: bytes
Content-Length: 625

GET
H/1.1 200
OK logo.png
cdn.xosodaiphat.com/assets/images/ 4 KB
4 KB 203ms
202ms Image
image/png 103.3.252.216
INCOM-AS-VN Cong ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.xosodaiphat.com/assets/images/logo.png
Requested by: Host: xosodaiphat.com
URL: https://xosodaiphat.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 103.3.252.216 , Viet Nam, ASN56149 (INCOM-AS-VN Cong ty CP Truyen thong quoc te Incom, VN),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: b619711b74745995651589b8bcaff4b40dc8dcc0112a536f1cc364490b02db53

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 26 Nov 2021 02:49:56 GMT
Last-Modified: Wed, 22 Nov 2017 06:35:59 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "ff4cc0285c63d31:0"
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Accept-Ranges: bytes
Content-Length: 3598

GET
H/1.1 200
OK lienkhucboleroluuanhloan_2211133836.jpg
cdn1.xosodaiphat.com/uploaded/Images/Standard/2021/11/22/ 15 KB
15 KB 3515ms
274ms Image
image/jpeg 103.90.223.132
VNETWORK-AS-VN VN...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.xosodaiphat.com/uploaded/Images/Standard/2021/11/22/lienkhucboleroluuanhloan_2211133836.jpg
Requested by: Host: xosodaiphat.com
URL: https://xosodaiphat.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 103.90.223.132 , Viet Nam, ASN135912 (VNETWORK-AS-VN VNETWORK Joint Stock Company, VN),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: add15135ecdfb15a414271479ac956b23aaeef2824d2f82ec05a511576bab08b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 26 Nov 2021 02:49:57 GMT
Last-Modified: Mon, 22 Nov 2021 06:38:36 GMT
Server: Microsoft-IIS/8.5
Age: 0
X-Powered-By: ASP.NET
ETag: "482d5936bdfd71:0"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Accept-Ranges: bytes
Content-Length: 15440

GET
H/1.1 200
OK thong-ke-xsmb-thu-6-ngay-26-11-2021_2511161426.png
cdn1.xosodaiphat.com/uploaded/Images/Thumb/2021/11/25/ 5 KB
6 KB 3606ms
366ms Image
image/png 103.90.223.132
VNETWORK-AS-VN VN...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.xosodaiphat.com/uploaded/Images/Thumb/2021/11/25/thong-ke-xsmb-thu-6-ngay-26-11-2021_2511161426.png
Requested by: Host: xosodaiphat.com
URL: https://xosodaiphat.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 103.90.223.132 , Viet Nam, ASN135912 (VNETWORK-AS-VN VNETWORK Joint Stock Company, VN),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 7fe94639adeea1bfa2f406b784b11fc34cdf93cc0d02737c746ef13addff0cc5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 26 Nov 2021 02:49:57 GMT
Last-Modified: Thu, 25 Nov 2021 09:14:26 GMT
Server: Microsoft-IIS/8.5
Age: 0
X-Powered-By: ASP.NET
ETag: "d9f2fdd7dce1d71:0"
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Accept-Ranges: bytes
Content-Length: 5446

GET
H/1.1 200
OK Loading_icon.gif
xosodaiphat.com/assets/images/ 664 B
1001 B 215ms
215ms Image
image/gif 45.121.163.3
INCOM-AS-VN Cong ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xosodaiphat.com/assets/images/Loading_icon.gif
Requested by: Host: xosodaiphat.com
URL: https://xosodaiphat.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 45.121.163.3 , Viet Nam, ASN56149 (INCOM-AS-VN Cong ty CP Truyen thong quoc te Incom, VN),
Reverse DNS
Software: Microsoft-IIS/8.5 / xosodaiphat37
Resource Hash: 2a72e4899e019bb6fc9cdcd7c5edf076a9f2f6ccd80ba31e83736fac06272d34

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 26 Nov 2021 02:49:52 GMT
Last-Modified: Tue, 18 Jul 2017 04:07:25 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: xosodaiphat37
ETag: "f8ed95c7bffd21:0"
Content-Type: image/gif
Access-Control-Allow-Origin: https://xosodaiphat.com
Cache-Control: max-age=604800
Accept-Ranges: bytes
Content-Length: 664

GET
H2 200 plusone.js Show response
apis.google.com/js/ 52 KB
21 KB 64ms
29ms Script
application/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/plusone.js

Requested by

Host: xosodaiphat.com
URL: https://xosodaiphat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2bd1aa13c0678aad0a21d546ec44b63d8068279e796aad9bfce2eab4f0cd4bf0

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-73jaLuEK/NMPc1pz3mLK/A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 02:49:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
etag: "8785ac17277d68515ada6b0cece79f84"
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS"}]}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
content-security-policy: script-src 'report-sample' 'nonce-73jaLuEK/NMPc1pz3mLK/A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS"
expires: Fri, 26 Nov 2021 02:49:54 GMT

GET
H3 200 rum_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/ 52 KB
20 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/rum_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111160101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7078400245394460&plah=xosodaiphat.com&bust=31063782

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cb331636b16e9d14d1848d5109039837a3a58d984a1a9b124df2904d84a81a79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 17:40:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32987
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20825
x-xss-protection: 0
server: cafe
etag: 13644742666736699536
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Dec 2021 17:40:06 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 205 B
410 B 32ms
16ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=xosodaiphat.com&callback=_gfp_s_&client=ca-pub-7078400245394460

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

398bfb3bd9d96f3e19e0db843b4f0bddbc25702a5ed80dc69a373b9434b44cb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 02:49:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 194
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 37ms
15ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=xosodaiphat.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 26 Nov 2021 02:49:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 36ms
14ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=xosodaiphat.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 26 Nov 2021 02:49:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame CF68 0
188 B 98ms
93ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7078400245394460&output=html&adk=1812271804&adf=3025194257&lmt=1637894992&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fxosodaiphat.com%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637894993834&bpp=122&bdt=97&idt=122&shv=r20211111&mjsv=m202111160101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2410851921683&rume=1&frm=20&pv=2&ga_vid=1250507266.1637894994&ga_sid=1637894994&ga_hid=1389502024&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982000%2C182982200%2C31063782%2C31061691%2C31061693&oid=2&pvsid=2804184704754586&pem=23&tmod=1725400849&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=137

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 26 Nov 2021 02:49:54 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 26 Nov 2021 02:49:54 GMT
cache-control: private

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D305 65 KB
13 KB 475ms
473ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5841899339949803&output=html&h=90&slotname=3691106802&adk=445279611&adf=962651467&pi=t.ma~as.3691106802&w=728&lmt=1637894992&psa=0&format=728x90&url=https%3A%2F%2Fxosodaiphat.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637894993973&bpp=1&bdt=236&idt=1&shv=r20211111&mjsv=m202111160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2410851921683&rume=1&frm=20&pv=2&ga_vid=1250507266.1637894994&ga_sid=1637894994&ga_hid=1389502024&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=642&ady=10&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982000%2C182982200%2C31063782%2C31061691%2C31061693&oid=2&pvsid=2804184704754586&pem=23&tmod=1725400849&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=vOS4RXSwcR&p=https%3A//xosodaiphat.com&dtd=8

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df45c2950ea5f45156e62b901bd43ba8550be10f78544756e783b695700638cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-expose-headers: x-google-amp-ad-validated-version
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 26 Nov 2021 02:49:54 GMT
server: cafe
content-length: 13447
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 26 Nov 2021 02:49:54 GMT
cache-control: private

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 143 KB
50 KB 49ms
34ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2201058077065954

Requested by

Host: xosodaiphat.com
URL: https://xosodaiphat.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fc32e9f37d967210eb619070da74d279a7015c2c7b78bf1e6b1c285d2cfcadb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xosodaiphat.com/
Origin: https://xosodaiphat.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 02:49:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51182
x-xss-protection: 0
server: cafe
etag: 90593459227815884
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 26 Nov 2021 02:49:54 GMT

GET
H/1.1 200
OK dmca.png
xosodaiphat.com/assets/images/ 2 KB
3 KB 606ms
214ms Image
image/png 45.121.163.3
INCOM-AS-VN Cong ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xosodaiphat.com/assets/images/dmca.png?ID=2fe00d0c-59bc-4930-bde8-11153f7264ff
Requested by: Host: xosodaiphat.com
URL: https://xosodaiphat.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 45.121.163.3 , Viet Nam, ASN56149 (INCOM-AS-VN Cong ty CP Truyen thong quoc te Incom, VN),
Reverse DNS
Software: Microsoft-IIS/8.5 / xosodaiphat37
Resource Hash: c139d813498e013df39eea698dab24025cee5520480588f73cac443e222a58d1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 26 Nov 2021 02:49:53 GMT
Last-Modified: Mon, 09 Dec 2019 04:16:19 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: xosodaiphat37
ETag: "2f3d1f6847aed51:0"
Content-Type: image/png
Access-Control-Allow-Origin: https://xosodaiphat.com
Cache-Control: max-age=604800
Accept-Ranges: bytes
Content-Length: 2525

GET
H2 200 DMCABadgeHelper.min.js Show response
images.dmca.com/Badges/ 465 B
633 B 44ms
9ms Script
application/javascript 151.139.242.29
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://images.dmca.com/Badges/DMCABadgeHelper.min.js
Requested by: Host: xosodaiphat.com
URL: https://xosodaiphat.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.139.242.29 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: nginx / ASP.NET
Resource Hash: e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 02:49:54 GMT
content-encoding: gzip
last-modified: Fri, 21 Jun 2019 20:14:34 GMT
server: nginx
x-powered-by: ASP.NET
etag: "26b181f16d28d51:0"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
link: <http://dmca-images.azurewebsites.net/Badges/DMCABadgeHelper.min.js>; rel="canonical"
content-length: 280
expires: Sun, 26 Dec 2021 02:49:48 GMT

GET
H/1.1 200
OK modernizr.js Show response
cdn.xosodaiphat.com/assets/js/ 10 KB
5 KB 214ms
213ms Script
application/javascript 103.3.252.216
INCOM-AS-VN Cong ...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.xosodaiphat.com/assets/js/modernizr.js
Requested by: Host: xosodaiphat.com
URL: https://xosodaiphat.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 103.3.252.216 , Viet Nam, ASN56149 (INCOM-AS-VN Cong ty CP Truyen thong quoc te Incom, VN),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: da51136796bf5af3de9904858e08de69b4c3fc239abf6d24476e92e5df411242

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 26 Nov 2021 02:49:56 GMT
Content-Encoding: gzip
ETag: "081ec8b571d41:0"
Last-Modified: Thu, 01 Nov 2018 07:37:46 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Accept-Ranges: bytes
Content-Length: 4319

GET
H/1.1 200
OK jquerylib.js Show response
cdn.xosodaiphat.com/assets/js/ 368 KB
107 KB 2110ms
398ms Script
application/javascript 103.3.252.216
INCOM-AS-VN Cong ...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.xosodaiphat.com/assets/js/jquerylib.js
Requested by: Host: xosodaiphat.com
URL: https://xosodaiphat.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 103.3.252.216 , Viet Nam, ASN56149 (INCOM-AS-VN Cong ty CP Truyen thong quoc te Incom, VN),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: bda3ba039d33faa9c4723f5cd61b53d12370678fb478c16a558944867d46d2a0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 26 Nov 2021 02:49:56 GMT
Content-Encoding: gzip
ETag: "80ea75c7b571d41:0"
Last-Modified: Thu, 01 Nov 2018 07:37:45 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Accept-Ranges: bytes
Content-Length: 108958

GET
H/1.1 200
OK xsdp.min.js Show response
cdn.xosodaiphat.com/assets/libs/jquery/ 21 KB
5 KB 214ms
214ms Script
application/javascript 103.3.252.216
INCOM-AS-VN Cong ...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.xosodaiphat.com/assets/libs/jquery/xsdp.min.js?v=12052020
Requested by: Host: xosodaiphat.com
URL: https://xosodaiphat.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 103.3.252.216 , Viet Nam, ASN56149 (INCOM-AS-VN Cong ty CP Truyen thong quoc te Incom, VN),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: eda96be0860a403ffae5c2115942be1bccbf6d14c5321b2c071962a105f04fdf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 26 Nov 2021 02:49:56 GMT
Content-Encoding: gzip
ETag: "0b5cd3a81bd71:0"
Last-Modified: Thu, 18 Mar 2021 03:43:14 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Accept-Ranges: bytes
Content-Length: 4962

GET
H/1.1 200
OK cd.min.js Show response
cdn.xosodaiphat.com/Content/js/ 51 KB
14 KB 428ms
428ms Script
application/javascript 103.3.252.216
INCOM-AS-VN Cong ...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.xosodaiphat.com/Content/js/cd.min.js?v=01102021
Requested by: Host: xosodaiphat.com
URL: https://xosodaiphat.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 103.3.252.216 , Viet Nam, ASN56149 (INCOM-AS-VN Cong ty CP Truyen thong quoc te Incom, VN),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 9b9fa51a141318d7e156e578e0f4206871dadf2550278374f1a3f24654bef2bb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 26 Nov 2021 02:49:56 GMT
Content-Encoding: gzip
ETag: "04af8b0b5b9d71:0"
Last-Modified: Tue, 05 Oct 2021 06:53:24 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Accept-Ranges: bytes
Content-Length: 14176

GET
H2 200 firebase-app.js Show response
www.gstatic.com/firebasejs/8.3.0/ 19 KB
7 KB 37ms
7ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/8.3.0/firebase-app.js

Requested by

Host: xosodaiphat.com
URL: https://xosodaiphat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b33c75d66b6115b2b04d07e509b8b5def62e5ff9a5feb52c7b4dfedb748fa8ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 19 Nov 2021 04:24:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 599103
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6476
x-xss-protection: 0
last-modified: Thu, 11 Mar 2021 00:35:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="firebase-js"
expires: Sat, 19 Nov 2022 04:24:51 GMT

GET
H2 200 firebase-messaging.js Show response
www.gstatic.com/firebasejs/8.3.0/ 40 KB
11 KB 38ms
7ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/8.3.0/firebase-messaging.js

Requested by

Host: xosodaiphat.com
URL: https://xosodaiphat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8001772f5fd68cdf6f4d82118d7d0b67cc65eb418f3994a4105837e5624894a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 19 Nov 2021 13:34:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 566112
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10873
x-xss-protection: 0
last-modified: Thu, 11 Mar 2021 00:36:01 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="firebase-js"
expires: Sat, 19 Nov 2022 13:34:42 GMT

GET
H/1.1 200
OK firebase-init.js Show response
xosodaiphat.com/Notify/js/ 12 KB
3 KB 363ms
214ms Script
application/javascript 45.121.163.3
INCOM-AS-VN Cong ...

General

Check archive.org

Show headers Download Go to

Full URL: https://xosodaiphat.com/Notify/js/firebase-init.js
Requested by: Host: xosodaiphat.com
URL: https://xosodaiphat.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 45.121.163.3 , Viet Nam, ASN56149 (INCOM-AS-VN Cong ty CP Truyen thong quoc te Incom, VN),
Reverse DNS
Software: Microsoft-IIS/8.5 / xosodaiphat37
Resource Hash: 73d111ddb8d8a9ea93324ef96b2e16e7b6d273ec597819f302c6692a3f19784d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 26 Nov 2021 02:49:53 GMT
Content-Encoding: gzip
ETag: "801ce6d443e0d71:0"
Last-Modified: Tue, 23 Nov 2021 08:26:37 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: xosodaiphat37
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: https://xosodaiphat.com
Cache-Control: max-age=604800
Accept-Ranges: bytes
Content-Length: 2335

GET
H/1.1 200
OK jqueryval.js Show response
cdn.xosodaiphat.com/assets/js/ 27 KB
9 KB 216ms
215ms Script
application/javascript 103.3.252.216
INCOM-AS-VN Cong ...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.xosodaiphat.com/assets/js/jqueryval.js
Requested by: Host: xosodaiphat.com
URL: https://xosodaiphat.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 103.3.252.216 , Viet Nam, ASN56149 (INCOM-AS-VN Cong ty CP Truyen thong quoc te Incom, VN),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 6afdbd54a64983a71441817c8a89faaef68c26aeb47c03e6dfbba9346fee1460

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 26 Nov 2021 02:49:56 GMT
Content-Encoding: gzip
ETag: "081ec8b571d41:0"
Last-Modified: Thu, 01 Nov 2018 07:37:46 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Accept-Ranges: bytes
Content-Length: 8616

GET
H/1.1 200
OK lotteryLiveMQMin-all.js Show response
cdn.xosodaiphat.com/Content/js/ 71 KB
18 KB 201ms
200ms Script
application/javascript 103.3.252.216
INCOM-AS-VN Cong ...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.xosodaiphat.com/Content/js/lotteryLiveMQMin-all.js?v=051021
Requested by: Host: xosodaiphat.com
URL: https://xosodaiphat.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 103.3.252.216 , Viet Nam, ASN56149 (INCOM-AS-VN Cong ty CP Truyen thong quoc te Incom, VN),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: c965a7afce089a2751fe9759358f854d3227d1664688808002bab7d422ebb3fe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 26 Nov 2021 02:49:56 GMT
Content-Encoding: gzip
ETag: "02a1a517d5d71:0"
Last-Modified: Tue, 09 Nov 2021 03:12:36 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Accept-Ranges: bytes
Content-Length: 18172

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 636A 92 KB
32 KB 447ms
430ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5841899339949803&output=html&h=250&slotname=3164764943&adk=3195374438&adf=2778587218&pi=t.ma~as.3164764943&w=300&lmt=1637894992&psa=0&format=300x250&url=https%3A%2F%2Fxosodaiphat.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637894994000&bpp=1&bdt=263&idt=1&shv=r20211111&mjsv=m202111160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=2410851921683&rume=1&frm=20&pv=1&ga_vid=1250507266.1637894994&ga_sid=1637894994&ga_hid=1389502024&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=358&ady=1006&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982000%2C182982200%2C31063782%2C31061691%2C31061693&oid=2&pvsid=2804184704754586&pem=23&tmod=1725400849&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=H6LDsWYzdw&p=https%3A//xosodaiphat.com&dtd=7

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9324d54eefa0cc1047a69e197c15c7c2321156b73869fb9be3e314ff664c0e89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 26 Nov 2021 02:49:54 GMT
server: cafe
content-length: 32549
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 26 Nov 2021 02:49:54 GMT
cache-control: private

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 481 B
294 B 189ms
188ms XHR
text/plain 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2804184704754586&correlator=1353196813230585&output=ldjh&impl=fif&eid=31063798%2C21068031%2C31061691%2C31061693&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211126&iu_parts=21622890900%2CVN_xosodaiphat.com_res_mid_300x250%2C336x280&enc_prev_ius=%2F0%2F1%2F%2F2&prev_iu_szs=300x250%7C336x280&prev_scp=ad_group%3Dad_opt&cookie_enabled=1&bc=31&abxe=1&lmt=1637894992&dt=1637894994046&dlt=1637894993737&idt=160&frm=20&biw=1600&bih=1200&oid=2&adxs=230&adys=1955&adks=3073914069&ucis=1&ifi=4&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fxosodaiphat.com%2F&rumc=2804184704754586&rume=1&vis=1&dmc=8&scr_x=0&scr_y=0&psz=555x37&msz=555x0&ga_vid=1250507266.1637894994&ga_sid=1637894994&ga_hid=1389502024&ga_fc=true&fws=0&ohw=0&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js?31063798

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

88177175318530eaaf6982d35ae603abfe9f6bc476d739081ca8c05f18b10797

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 02:49:54 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 264
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://xosodaiphat.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
bb34734ea2c11f7c2574edea1ad8361c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B301 6 KB
4 KB 53ms
15ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bb34734ea2c11f7c2574edea1ad8361c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js?31063798

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Fri, 26 Nov 2021 02:49:54 GMT
expires: Sat, 26 Nov 2022 02:49:54 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK arow.svg
cdn.xosodaiphat.com/assets/images/ 737 B
1 KB 216ms
215ms Image
image/svg+xml 103.3.252.216
INCOM-AS-VN Cong ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.xosodaiphat.com/assets/images/arow.svg
Requested by: Host: xosodaiphat.com
URL: https://xosodaiphat.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 103.3.252.216 , Viet Nam, ASN56149 (INCOM-AS-VN Cong ty CP Truyen thong quoc te Incom, VN),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 99984969b73a9759568e48a6e5e02f4fdc286cc3bd57f8e0fe94369b8dc920e4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 26 Nov 2021 02:49:56 GMT
Last-Modified: Mon, 31 May 2021 02:41:57 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "ede7b86c655d71:0"
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Accept-Ranges: bytes
Content-Length: 737

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 03FB 33 KB
13 KB 428ms
428ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2201058077065954&output=html&h=600&slotname=2304122458&adk=2183641536&adf=3496389188&pi=t.ma~as.2304122458&w=150&lmt=1637894992&psa=0&format=150x600&url=https%3A%2F%2Fxosodaiphat.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637894994085&bpp=1&bdt=348&idt=0&shv=r20211111&mjsv=m202111160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C300x250&nras=1&correlator=2410851921683&rume=1&frm=20&pv=2&ga_vid=1250507266.1637894994&ga_sid=1637894994&ga_hid=1389502024&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=853&ady=1388&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982000%2C182982200%2C31063782%2C31061691%2C31061693&oid=2&pvsid=2804184704754586&pem=23&tmod=1725400849&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=tqR1w2ZcP1&p=https%3A//xosodaiphat.com&dtd=10

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e9d9f5574fa3ad3e99de66c27678acf8e35194099addc3f7e3e00e3cddd3d76d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 26 Nov 2021 02:49:54 GMT
server: cafe
content-length: 12782
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 26 Nov 2021 02:49:54 GMT
cache-control: private

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 35ms
15ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=xosodaiphat.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 26 Nov 2021 02:49:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 35ms
15ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=xosodaiphat.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 26 Nov 2021 02:49:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1D9E 66 KB
13 KB 881ms
879ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5841899339949803&output=html&h=600&slotname=7770263321&adk=234424686&adf=2298740071&pi=t.ma~as.7770263321&w=300&lmt=1637894992&psa=0&format=300x600&url=https%3A%2F%2Fxosodaiphat.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637894994110&bpp=1&bdt=373&idt=1&shv=r20211111&mjsv=m202111160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C300x250%2C150x600&nras=1&correlator=2410851921683&rume=1&frm=20&pv=1&ga_vid=1250507266.1637894994&ga_sid=1637894994&ga_hid=1389502024&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1070&ady=714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982000%2C182982200%2C31063782%2C31061691%2C31061693&oid=2&pvsid=2804184704754586&pem=23&tmod=1725400849&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&fsb=1&xpc=MQnS9LD4vN&p=https%3A//xosodaiphat.com&dtd=9

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a76847b773b12bdc5a87c812ce3205d94e9f14afee561fa09cc0216205314e5b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-expose-headers: x-google-amp-ad-validated-version
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 26 Nov 2021 02:49:54 GMT
server: cafe
content-length: 13669
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 26 Nov 2021 02:49:54 GMT
cache-control: private

GET
H3 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/ 148 KB
50 KB 25ms
7ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_0

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a98d3f21c2cef2241e0ce7f4cc7fd5dd01596a3f813f5f0665efdd8496844d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 16:12:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 124643
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51670
x-xss-protection: 0
last-modified: Sat, 30 Oct 2021 15:20:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding, Origin
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 24 Nov 2022 16:12:31 GMT

GET
H/1.1 200
OK list-icon.png
cdn.xosodaiphat.com/assets/images/ 394 B
704 B 200ms
200ms Image
image/png 103.3.252.216
INCOM-AS-VN Cong ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.xosodaiphat.com/assets/images/list-icon.png
Requested by: Host: xosodaiphat.com
URL: https://xosodaiphat.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 103.3.252.216 , Viet Nam, ASN56149 (INCOM-AS-VN Cong ty CP Truyen thong quoc te Incom, VN),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 710d59cc71277c8e761e9dde1ba57bf54c4ff65f3fa912baeaff109e80ebd98c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 26 Nov 2021 02:49:56 GMT
Last-Modified: Tue, 18 Jul 2017 04:07:25 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "dcc0ca5c7bffd21:0"
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Accept-Ranges: bytes
Content-Length: 394

GET
H2 200 css
fonts.googleapis.com/ Frame 636A 4 KB
691 B 48ms
17ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5841899339949803&output=html&h=250&slotname=3164764943&adk=3195374438&adf=2778587218&pi=t.ma~as.3164764943&w=300&lmt=1637894992&psa=0&format=300x250&url=https%3A%2F%2Fxosodaiphat.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637894994000&bpp=1&bdt=263&idt=1&shv=r20211111&mjsv=m202111160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=2410851921683&rume=1&frm=20&pv=1&ga_vid=1250507266.1637894994&ga_sid=1637894994&ga_hid=1389502024&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=358&ady=1006&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982000%2C182982200%2C31063782%2C31061691%2C31061693&oid=2&pvsid=2804184704754586&pem=23&tmod=1725400849&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=H6LDsWYzdw&p=https%3A//xosodaiphat.com&dtd=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2e8fa2037c41372ddc72ea1e08a477ba37998b54b5416b8cff0554fa5b865e27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 26 Nov 2021 01:46:11 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 26 Nov 2021 02:49:54 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 26 Nov 2021 02:49:54 GMT

GET
H2 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 636A 1 KB
960 B 42ms
11ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 02:21:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1715
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 853
x-xss-protection: 0
server: cafe
etag: 7170004918125193417
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 10 Dec 2021 02:21:19 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012111011823000/ Frame D305 189 KB
54 KB 39ms
9ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5841899339949803&output=html&h=90&slotname=3691106802&adk=445279611&adf=962651467&pi=t.ma~as.3691106802&w=728&lmt=1637894992&psa=0&format=728x90&url=https%3A%2F%2Fxosodaiphat.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637894993973&bpp=1&bdt=236&idt=1&shv=r20211111&mjsv=m202111160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2410851921683&rume=1&frm=20&pv=2&ga_vid=1250507266.1637894994&ga_sid=1637894994&ga_hid=1389502024&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=642&ady=10&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982000%2C182982200%2C31063782%2C31061691%2C31061693&oid=2&pvsid=2804184704754586&pem=23&tmod=1725400849&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=vOS4RXSwcR&p=https%3A//xosodaiphat.com&dtd=8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

98ba8f881333898d751dabe4f8b4cacc4489a9f5b6b4fd1fc67c571dbfec95cf

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 184760
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55592
x-xss-protection: 0
server: sffe
date: Tue, 23 Nov 2021 23:30:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "11dee2040f5fc1d7"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 23 Nov 2022 23:30:34 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame D305 13 KB
5 KB 48ms
18ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-ad-exit-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65f6185cfe1cf88fa7981160dd6fa443e111887215b72953718ea70f8e2ba9f2

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 283058
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4992
x-xss-protection: 0
server: sffe
date: Mon, 22 Nov 2021 20:12:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "858600ba27ef7413"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 22 Nov 2022 20:12:16 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame D305 89 KB
28 KB 42ms
19ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-analytics-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e97fc43ecd2f16948c3a8d2de65e0e5483db4ed5ab174058c178ca1c8665d0b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 162607
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28555
x-xss-protection: 0
server: sffe
date: Wed, 24 Nov 2021 05:39:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "a64e482645fd262b"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 24 Nov 2022 05:39:47 GMT

GET
H2 200 amp-animation-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame D305 71 KB
16 KB 43ms
20ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-animation-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce7047f1978917a3b97a424026182cf9eebcc488c8019f0fc85bc2acf78ecd70

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 184293
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16759
x-xss-protection: 0
server: sffe
date: Tue, 23 Nov 2021 23:38:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "6f5521ec42d8a94a"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 23 Nov 2022 23:38:21 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame D305 5 KB
2 KB 41ms
18ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-fit-text-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d76ab4ac854cafef51bbbb5177ea75816df90e3c775294991a016404f2b6bb5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 186204
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1731
x-xss-protection: 0
server: sffe
date: Tue, 23 Nov 2021 23:06:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "cb4f0e89d7d37d9b"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 23 Nov 2022 23:06:30 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame D305 40 KB
14 KB 29ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-form-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a630b852e94f20cb8140704fd830bf40bfea0a2effaa67d06a0eadafbf3d508

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 186590
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12826
x-xss-protection: 0
server: sffe
date: Tue, 23 Nov 2021 23:00:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "f02165e023e70703"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 23 Nov 2022 23:00:04 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame D305 4 KB
1 KB 44ms
15ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans%7CSquada+One%7CPT+Sans+Narrow:regular

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f15e2112904da8155425b9ea7829b8fc077688936afcc55494851de12e97b28c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 26 Nov 2021 01:01:42 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 26 Nov 2021 02:49:54 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 26 Nov 2021 02:49:54 GMT

GET
H2 200 vi.png
tpc.googlesyndication.com/pagead/images/abg/ Frame D305 3 KB
3 KB 34ms
12ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/vi.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b123d3cd853f7cd9c7d7c92b0ca99a37b4fa7e654fca65be5f1a15fd9253635e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 25 Nov 2021 16:00:09 GMT
x-content-type-options: nosniff
server: cafe
age: 38985
etag: 10932518847931040692
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3099
x-xss-protection: 0
expires: Fri, 26 Nov 2021 16:00:09 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame D305 344 B
474 B 33ms
11ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 25 Nov 2021 06:46:14 GMT
x-content-type-options: nosniff
server: cafe
age: 72220
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Fri, 26 Nov 2021 06:46:14 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame D305 0
21 B 51ms
51ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CtLtLUkugYZ0bnbXeA-f7ieAL756boWbu6aGi_g6Wgs2FiBYQASDQ8IJ1YJUCoAHu3qHdA8gBCakCauBDCujNsj6oAwHIAwiqBMQBT9AgDnC4n8fdgFJLHQh83Fdw0F4dzzyGK1IerZBofQeGQ6z4v9jTzgOqli5I4BXnHdurNOlFPz3nmBXzL536qpkJNh4CaXQxrAM9v--JZ0t86t_Wjm_1G6pXHENWvAW0UwUe2ofDvlaButNAgPSAdFDy34skIBnkmEN7Y-I3t1jneRjioWvy_g45jTMXdwAeUIRvD6E4gd7MC5EEqqLKkZeZiw5LSSNa6IEeKBHWp_wN6cBFyoSZt4Gw5rOcyD9nEDtQVMAE4IHSmfsDkgUECAQYAZIFBAgFGASgBi6AB_qg3iKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHBBDggw7SCAkIgOGAEBABGF-ACgHICwHYEw3QFQGYFgGAFwGyFxwKGggAEhRwdWItNTg0MTg5OTMzOTk0OTgwMxgA&sigh=xC9_2Rwtdmc&uach_m=[UACH]&template_id=419&uap=UACH(platform)&uapv=UACH(platformVersion)&uaa=UACH(architecture)&uam=UACH(model)&uafv=UACH(uaFullVersion)&uab=UACH(bitness)

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5841899339949803&output=html&h=90&slotname=3691106802&adk=445279611&adf=962651467&pi=t.ma~as.3691106802&w=728&lmt=1637894992&psa=0&format=728x90&url=https%3A%2F%2Fxosodaiphat.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637894993973&bpp=1&bdt=236&idt=1&shv=r20211111&mjsv=m202111160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2410851921683&rume=1&frm=20&pv=2&ga_vid=1250507266.1637894994&ga_sid=1637894994&ga_hid=1389502024&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=642&ady=10&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982000%2C182982200%2C31063782%2C31061691%2C31061693&oid=2&pvsid=2804184704754586&pem=23&tmod=1725400849&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=vOS4RXSwcR&p=https%3A//xosodaiphat.com&dtd=8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Fri, 26 Nov 2021 02:49:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 26 Nov 2021 02:49:54 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/ Frame 636A 19 KB
8 KB 31ms
6ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

65623c8434f7dadaba113a4521a101729ee3e6635e4412f2ccc99fbe6412d15e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 02:46:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 222
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7840
x-xss-protection: 0
server: cafe
etag: 9525834815172239946
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 10 Dec 2021 02:46:12 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 636A 2 KB
1 KB 36ms
11ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 02:32:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1020
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 10 Dec 2021 02:32:54 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 636A 15 KB
6 KB 32ms
7ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 02:47:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 138
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6415
x-xss-protection: 0
server: cafe
etag: 16810888504096353422
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 10 Dec 2021 02:47:36 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 636A 119 KB
36 KB 37ms
21ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 02:49:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 26 Nov 2021 02:49:54 GMT

GET
H3 200 163b3e9c260ab6fd774ac5b5c6fd1d76.js Show response
www.gstatic.com/mysidia/ Frame 636A 27 KB
11 KB 29ms
6ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/163b3e9c260ab6fd774ac5b5c6fd1d76.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de418fdfa1d02a219d049bb1cd8562182c4201c67f6b9d0e2f67f21a476e1096

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:25:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 105872
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11360
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 04:29:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 22 Feb 2022 21:25:22 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/9924546890094400944/ Frame 636A 19 KB
20 KB 32ms
12ms Image
image/jpeg 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9924546890094400944/downsize_200k_v1?w=400&h=209

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

05354d0ba5799a53d6c9396a81ce5b8f1b9513226394cd1ae5c2dd2d5f32b7ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 19 Nov 2021 03:37:43 GMT
x-content-type-options: nosniff
age: 601931
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19751
x-xss-protection: 0
last-modified: Thu, 18 Nov 2021 08:04:38 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 19 Nov 2022 03:37:43 GMT

GET
DATA 200
OK truncated
/ Frame 636A 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 636A 0
0 51ms
50ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cq-r0UkugYYO7Ap213gPn-4ngC53xxdtm96aT3_cOhrOO6uUpEAEg0PCCdWCVAqABhKqyxwLIAQmpAu3LElCdi2c-qAMByAPLBKoExQFP0KCa-65yEqXGqBuJPRHj1qpVudit-GdDxsLNUT_8QkYgUJUG0ap00Iz7uv0Eiq7CoUjtSLSKMycIxGNg6Zeub5d9nklNh4Ic-2dTM-ygLY6Nodx8GXMBd_R7h0BkTJ_9enb7WlbB6cYCUGcWV_DDbHhsZJlQb1bSQpnIMOgfLOyqBcbYFUhV5lj2YJVu-TUutRLc353sGZod7ixacerNOQYPl0g7ifW1nwsK-Br6vrWkMg1Jg28Y3KCFKonCHllC2CHvbMAEr4vcg98DkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB-TVzbgBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwDyBwQQ6pkQ0ggJCIDhgBAQARhfgAoByAsBuBOIJ9gTDdAVAZgWAYAXAbIXHAoaCAASFHB1Yi01ODQxODk5MzM5OTQ5ODAzGAA&sigh=iQG07rV6s70&uach_m=[UACH]&template_id=5000

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5841899339949803&output=html&h=250&slotname=3164764943&adk=3195374438&adf=2778587218&pi=t.ma~as.3164764943&w=300&lmt=1637894992&psa=0&format=300x250&url=https%3A%2F%2Fxosodaiphat.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637894994000&bpp=1&bdt=263&idt=1&shv=r20211111&mjsv=m202111160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=2410851921683&rume=1&frm=20&pv=1&ga_vid=1250507266.1637894994&ga_sid=1637894994&ga_hid=1389502024&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=358&ady=1006&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982000%2C182982200%2C31063782%2C31061691%2C31061693&oid=2&pvsid=2804184704754586&pem=23&tmod=1725400849&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=H6LDsWYzdw&p=https%3A//xosodaiphat.com&dtd=7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Fri, 26 Nov 2021 02:49:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 26 Nov 2021 02:49:54 GMT

GET
DATA 200
OK truncated
/ Frame D305 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3545782f2c900b11b1597390003b4374f557d82423c85f54d88e25762226e6ad

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 logo-de.png
tpc.googlesyndication.com/sadbundle/16026926319546143094/ Frame D305 12 KB
12 KB 22ms
7ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/16026926319546143094/logo-de.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1559c220a5abcf68675dc5732aed02e625d8e4d9bd3181128e9fac89e962a0f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 14:21:21 GMT
x-content-type-options: nosniff
age: 304113
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12566
x-xss-protection: 0
last-modified: Thu, 04 Nov 2021 11:34:56 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 22 Nov 2022 14:21:21 GMT

GET
H3 200 bg728.jpg
tpc.googlesyndication.com/sadbundle/16026926319546143094/ Frame D305 1 KB
1 KB 25ms
10ms Image
image/jpeg 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/16026926319546143094/bg728.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cd2c7ba960200bf408a026dd9dc0e9122117a7be473f07d4c03185c1641fec50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 14:21:21 GMT
x-content-type-options: nosniff
age: 304113
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1226
x-xss-protection: 0
last-modified: Thu, 04 Nov 2021 11:34:56 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 22 Nov 2022 14:21:21 GMT

GET
H3 200 cyber.png
tpc.googlesyndication.com/sadbundle/16026926319546143094/ Frame D305 27 KB
27 KB 25ms
10ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/16026926319546143094/cyber.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b086d35c1508ffde18b6939d4f828650e10b5d2e1d1dbfaa913f891eebee7695

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 14:21:21 GMT
x-content-type-options: nosniff
age: 304113
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27766
x-xss-protection: 0
last-modified: Thu, 04 Nov 2021 11:34:56 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 22 Nov 2022 14:21:21 GMT

GET
H3 200 20prozent.png
tpc.googlesyndication.com/sadbundle/16026926319546143094/ Frame D305 9 KB
9 KB 27ms
12ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/16026926319546143094/20prozent.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc271f035f6ebbfef92cb97dd14a25f74c589be5d822329072b23df074be8e6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 14:21:21 GMT
x-content-type-options: nosniff
age: 304113
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9400
x-xss-protection: 0
last-modified: Thu, 04 Nov 2021 11:34:56 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 22 Nov 2022 14:21:21 GMT

GET
H3 200 Button.png
tpc.googlesyndication.com/sadbundle/16026926319546143094/ Frame D305 1 KB
2 KB 24ms
9ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/16026926319546143094/Button.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d4b9ea07a296feb543a187408fe7092983c17aa4266456b7377f31b0a298d05c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 14:21:21 GMT
x-content-type-options: nosniff
age: 304113
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1515
x-xss-protection: 0
last-modified: Thu, 04 Nov 2021 11:34:56 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 22 Nov 2022 14:21:21 GMT

GET
H2 200 BngRUXNadjH0qYEzV7ab-oWlsbCGwR0.woff2
fonts.gstatic.com/s/ptsansnarrow/v12/ Frame D305 35 KB
36 KB 30ms
7ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsansnarrow/v12/BngRUXNadjH0qYEzV7ab-oWlsbCGwR0.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%7CSquada+One%7CPT+Sans+Narrow:regular

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5818f55583b8a82745bf0b1d9cbc07c0411088fb5a837ff5a15b5a745ccdcd58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:43:48 GMT
x-content-type-options: nosniff
age: 241566
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36268
x-xss-protection: 0
last-modified: Thu, 10 Sep 2020 17:08:52 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 23 Nov 2022 07:43:48 GMT

GET
H2 200 memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v27/ Frame D305 16 KB
16 KB 36ms
14ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v27/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%7CSquada+One%7CPT+Sans+Narrow:regular

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cce577471c2586f3e0c2518fff84a970d33f61491fb8c629341b86f238cf07c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 19 Nov 2021 13:44:20 GMT
x-content-type-options: nosniff
age: 565534
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16692
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 00:32:10 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 19 Nov 2022 13:44:20 GMT

GET
DATA 200
OK truncated
/ Frame 636A 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b5ea170a0a49cb1845f9b11b2e221a52333a4dcd7375811615c17c42ae3a04f7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 636A 16 KB
16 KB 20ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 14:02:00 GMT
x-content-type-options: nosniff
age: 218874
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:21 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 23 Nov 2022 14:02:00 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 636A 15 KB
15 KB 16ms
8ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 19 Nov 2021 13:39:48 GMT
x-content-type-options: nosniff
age: 565806
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 19 Nov 2022 13:39:48 GMT

GET
H3 200 lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js Show response
pagead2.googlesyndication.com/bg/ Frame 209D 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94aecf77b07e1fff7205a23f352b215383978a661ecc5bb51e616e35750b39ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 11:33:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54971
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13508
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 25 Nov 2022 11:33:43 GMT

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame 636A 57 KB
22 KB 7ms
7ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

977f35f75dfb224977b278c01ff5bd8fb73f53fcaec7480681eb779e34177f23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 02:21:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1687
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22094
x-xss-protection: 0
server: cafe
etag: 9350601024229784641
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Fri, 26 Nov 2021 03:21:47 GMT

GET
H3 200 amp4ads-host-v0.js Show response
cdn.ampproject.org/rtv/012111011823000/ 20 KB
7 KB 22ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/amp4ads-host-v0.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ae9b37e892f49eba3b1fd0236469467aabd48f0d685f4b31efded3991ee0a59

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 283050
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7332
x-xss-protection: 0
server: sffe
date: Mon, 22 Nov 2021 20:12:24 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "e7aaad083a0be630"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 22 Nov 2022 20:12:24 GMT

GET
H3 200 vi.png
tpc.googlesyndication.com/pagead/images/abg/ Frame D305 3 KB
3 KB 7ms
7ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/vi.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b123d3cd853f7cd9c7d7c92b0ca99a37b4fa7e654fca65be5f1a15fd9253635e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 25 Nov 2021 16:00:09 GMT
x-content-type-options: nosniff
server: cafe
age: 38985
etag: 10932518847931040692
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3099
x-xss-protection: 0
expires: Fri, 26 Nov 2021 16:00:09 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame D305 344 B
368 B 7ms
7ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 25 Nov 2021 06:46:14 GMT
x-content-type-options: nosniff
server: cafe
age: 72220
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Fri, 26 Nov 2021 06:46:14 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame CC14 0
0 49ms
48ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CnnSvUkugYdHyBsXb3wPPooS4B5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMjIwMTA1ODA3NzA2NTk1NKABwq7o3QPIAQmpAmrgQwrozbI-qAMBqgTBAU_QXlCFhAOvq3YzxF6CcV6R3x1BEwWHi_wU24DL3_dnfTVN9Z9_NQqCUZP2BG4yOijcLxmcu5ZdGZzk9WJd7xFoXDZHDTiy5HjMrLWyFqEmRep9YE4DXnprZoRH_hi0k2Jzh3p6Ah9IUPGgReyqv7PS-QL6UnkiPSAbDSkpZ0RvApgogkkFQr_ESACqHz3JGopeo79DhbJSEYVn-TItAYdmLXC47UZkPUs7N9z8xqfPSA7ElWRRmDgK8anNGlqP2jGABs6lwtPbyNuX9AGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAYAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi0yMjAxMDU4MDc3MDY1OTU0GAA&sigh=sRZVlNRLaPw&uach_m=[UACH]&cid=CAQSKQCNIrLMXMeLjeFA-4Zt2jCCeSM2I0X7kopMiuGMvwECAFua7bc1BAx6GAE

Requested by

Host: xosodaiphat.com
URL: https://xosodaiphat.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2201058077065954&output=html&h=600&slotname=2304122458&adk=2183641536&adf=3496389188&pi=t.ma~as.2304122458&w=150&lmt=1637894992&psa=0&format=150x600&url=https%3A%2F%2Fxosodaiphat.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637894994085&bpp=1&bdt=348&idt=0&shv=r20211111&mjsv=m202111160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C300x250&nras=1&correlator=2410851921683&rume=1&frm=20&pv=2&ga_vid=1250507266.1637894994&ga_sid=1637894994&ga_hid=1389502024&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=853&ady=1388&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982000%2C182982200%2C31063782%2C31061691%2C31061693&oid=2&pvsid=2804184704754586&pem=23&tmod=1725400849&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=tqR1w2ZcP1&p=https%3A//xosodaiphat.com&dtd=10
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Fri, 26 Nov 2021 02:49:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame CC14 0
0 358ms
317ms Fetch
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1jqdxzgjzgx50ydnvn2tjd6zkkfk9betz3zvk7dmaq59geky4t38ked21j14rh1q7eq8wga0d589ybj2tfpcqp2jgqjp3gz0gzwa0rscqyhx1zpk3tp6myhkxhn8608ry85zt2e0g0dp452rede0s1vab6vwcepj6e26zvyzfmbzxg6q9rda99rzeshs6h4dgaqthkqfn8aennfjrr6er9s9cydh50r94pehg107b6fm8ajmyywa30gf3ebypks8zaq777h7w2pw24rxycv3d4r8y8dg2r1264c7rndy1chq80qz1fcrew2xhn5c575g2bq2dkgshyf2hc8q0ac1ag48j31qt4skgnvjgfk4fxky19n9we8dewgtvz6x4cd7ndmvdnd9jaqk39cw7qqzxgzkfpxqx5s23m&b=YaBLUgABuVEKd-3FAAERTzRIottVQyL9dAYVwA
Requested by: Host: xosodaiphat.com
URL: https://xosodaiphat.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 26 Nov 2021 02:49:55 GMT
via: 1.1 google
alt-svc: clear
content-type: image/gif

GET
H2 200 dr Show response
as.ad4m.at/ad/ Frame 2E3B 2 KB
3 KB 45ms
18ms Document
text/html 2606:4700:3039::6815:c08f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/dr?ed=1j0c3fmepee4r3661ahpqtgaqqa00q20941k9s07nbm04hrf9d6tdkrj2qsgep77m4r4dfmdjd3ja2xgc271fmej94h5hzstaatg99vcky275022ypf4c03qrgwp9y5zx2be5x42kdpmepc5cq69a3y55q6e0paxhexz73vx9n76s3nt89d7e64ndpggzctnz24ynwmjerxt9a2120221gwvqn5hpnzt7pr4hca0f0yjc7r8hrvsvkw1zm9g4yzymxg0zm59477kj2gh9wjms6pg7gdegr1sx65rcrrnwdr70ayv7mhha6axcyexrndxnenv3cew2840hdgcaeshb9b7gfx7r7g15cdw1px1fj3xz9wr1w3fnd2v0aq9sj2a9s9f41rnyek718gwmqgq4qa07cd20x3j5a1683pptxph65q0e2ksqtnywnvs72jqwtd0&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC6r5EUkugYdHyBsXb3wPPooS4B5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMjIwMTA1ODA3NzA2NTk1NKABwq7o3QPIAQmpAmrgQwrozbI-qAMBqgTEAU_QXlCFhAOvq3YzxF6CcV6R3x1BEwWHi_wU24DL3_dnfTVN9Z9_NQqCUZP2BG4yOijcLxmcu5ZdGZzk9WJd7xFoXDZHDTiy5HjMrLWyFqEmRep9YE4DXnprZoRH_hi0k2Jzh3p6Ah9IUPGgReyqv7PS-QL6UnkiPSAbDSkpZ0RvApgogkkFQr_ESACqHz3JGopeo79DhbJSEYVnuzAMk1CfqjBwag7y5wKpxeXozArFZhYZFaYYCsCe74XVz4YQmvl3v0SABs6lwtPbyNuX9AGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1P7kt6DWe7uuPavAqTrcUjMbm5JA%26client%3Dca-pub-2201058077065954%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2201058077065954&output=html&h=600&slotname=2304122458&adk=2183641536&adf=3496389188&pi=t.ma~as.2304122458&w=150&lmt=1637894992&psa=0&format=150x600&url=https%3A%2F%2Fxosodaiphat.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637894994085&bpp=1&bdt=348&idt=0&shv=r20211111&mjsv=m202111160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C300x250&nras=1&correlator=2410851921683&rume=1&frm=20&pv=2&ga_vid=1250507266.1637894994&ga_sid=1637894994&ga_hid=1389502024&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=853&ady=1388&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982000%2C182982200%2C31063782%2C31061691%2C31061693&oid=2&pvsid=2804184704754586&pem=23&tmod=1725400849&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=tqR1w2ZcP1&p=https%3A//xosodaiphat.com&dtd=10

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3039::6815:c08f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

73c146ede619113d141f995f7d2e5107cdb9f88680efbb839f97ba467649d618

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Fri, 26 Nov 2021 02:49:54 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
cross-origin-embedder-policy: unsafe-none
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
cross-origin-opener-policy: unsafe-none
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6b3fce651f05694f-FRA
content-encoding: br

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame CC14 2 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 02:32:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1020
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 10 Dec 2021 02:32:54 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 4C49 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 25 Nov 2021 05:53:44 GMT
expires: Fri, 26 Nov 2021 05:53:44 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 75370
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CC14 119 KB
36 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 02:49:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 26 Nov 2021 02:49:54 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame CC14 15 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 02:47:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 138
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6415
x-xss-protection: 0
server: cafe
etag: 16810888504096353422
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 10 Dec 2021 02:47:36 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame CC14 0
0 37ms
14ms Image
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT571Ot7D6NnymdJI_IMU6qzWDH0elABMDFZSf3LJGQHSJPgqGUN9GZS2vvJI2XMDejrEWlSFXBOerfISvvL-t5bygVEQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2201058077065954&output=html&h=600&slotname=2304122458&adk=2183641536&adf=3496389188&pi=t.ma~as.2304122458&w=150&lmt=1637894992&psa=0&format=150x600&url=https%3A%2F%2Fxosodaiphat.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637894994085&bpp=1&bdt=348&idt=0&shv=r20211111&mjsv=m202111160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C300x250&nras=1&correlator=2410851921683&rume=1&frm=20&pv=2&ga_vid=1250507266.1637894994&ga_sid=1637894994&ga_hid=1389502024&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=853&ady=1388&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982000%2C182982200%2C31063782%2C31061691%2C31061693&oid=2&pvsid=2804184704754586&pem=23&tmod=1725400849&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=tqR1w2ZcP1&p=https%3A//xosodaiphat.com&dtd=10
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

POST
H2 204 csi
csi.gstatic.com/ Frame 636A 0
327 B 49ms
13ms Ping
image/gif 2001:4860:4802:32::3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~kwfse2cn&chm=1&ctx=2&gqid=UkugYYj3Ad763gPgua_QAw&qqid=CIOssqqCtfQCFZ2adwod530CvA&met.4=fb.cz~lb.e7~ol.hj~bdt.-7j~bpp.-7~idt.-7~dtd.-1~dt.-8&met.3=733.g0~742.g0_1~555.gv~556.gv_2~749.hg_3~736.i7~735.iu_1~734.ju~113.lr_2~112.lr_2&met.1=1.kwfse1qw~6.0~7.1~8.1~9.1~10.f~11.1~12.h~13.cf~14.ck~15.ci~16.gg~17.gg~18.gg~19.gx~20.gx~21.hj~22.dm~23.dm&met.7=CAUQCBgBMMQDOPcEUAFYD2ABaBJwwAN40YACgAGl_gGIAfTjBbABAbgBAw~CBIQBxgBIM8DKM8DMIAEODFA0ANI0ANQ0ANY5gNg0QNo7gNwgAR4-gaAAc4EiAGgH6oBEAoOUm9ib3RvOjQwMCw1MDCwAQG4AQM~CBwQChgBINADKNADMPoDOCpo7wNw-gN4gQmAAdUGiAHLC7ABAbgBAw~CAkQChgBINYDKNYDMPYDOCBQ1gNY6ANg1gNo7wNw9QN4zD-AAaA9iAGDlQGwAQG4AQM~CB4QChgBINYDKNYDMPsDOCVo7wNw-gN44AyAAbQKiAGeE7ABAbgBAw~CBwQChgBINYDKNYDMPoDOCRo7wNw9wN4uzSAAY8yiAGXdLABAbgBAw~CCoQChgBINcDKNcDMIYEOC8~CBsQChgBINcDKNcDMPUDOB4~CBcQAhgBINwDKNwDMP0DOCJo7wNw-wN405wBgAGnmgGIAaeaAbABAbgBAw~CCEQBBgBIOcDKOcDMKIEODto7wNwoQR4rAKwAQG4AQM~CBMQAhgBIOoEKOoEMIQFOBpQ6gRY-ARg6gRo-ARw_wR43H6AAbB8iAGwfKoBDAoGcm9ib3RvEB0YArABAbgBAw~CBMQAhgBIPAEKPAEMIMFOBNo-QRwgQV49HyAAch6iAHIeqoBDAoGcm9ib3RvEB0YArABAbgBAw~CCgQChgBIJUFKJUFMJ4FOAlolQVwnAV4-q4BgAHOrAGIAb3FA7ABAbgBAw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 26 Nov 2021 02:49:54 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame CC14 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8ca8f65ac7ae342ef5832adab3b49d5b99e7e321abbb73d59f46aa88ec5cbb8d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.14/one-ad/ Frame 2E3B 80 KB
11 KB 32ms
21ms Stylesheet
text/css 2606:4700:3039::6815:c08f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.14/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1j0c3fmepee4r3661ahpqtgaqqa00q20941k9s07nbm04hrf9d6tdkrj2qsgep77m4r4dfmdjd3ja2xgc271fmej94h5hzstaatg99vcky275022ypf4c03qrgwp9y5zx2be5x42kdpmepc5cq69a3y55q6e0paxhexz73vx9n76s3nt89d7e64ndpggzctnz24ynwmjerxt9a2120221gwvqn5hpnzt7pr4hca0f0yjc7r8hrvsvkw1zm9g4yzymxg0zm59477kj2gh9wjms6pg7gdegr1sx65rcrrnwdr70ayv7mhha6axcyexrndxnenv3cew2840hdgcaeshb9b7gfx7r7g15cdw1px1fj3xz9wr1w3fnd2v0aq9sj2a9s9f41rnyek718gwmqgq4qa07cd20x3j5a1683pptxph65q0e2ksqtnywnvs72jqwtd0&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC6r5EUkugYdHyBsXb3wPPooS4B5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMjIwMTA1ODA3NzA2NTk1NKABwq7o3QPIAQmpAmrgQwrozbI-qAMBqgTEAU_QXlCFhAOvq3YzxF6CcV6R3x1BEwWHi_wU24DL3_dnfTVN9Z9_NQqCUZP2BG4yOijcLxmcu5ZdGZzk9WJd7xFoXDZHDTiy5HjMrLWyFqEmRep9YE4DXnprZoRH_hi0k2Jzh3p6Ah9IUPGgReyqv7PS-QL6UnkiPSAbDSkpZ0RvApgogkkFQr_ESACqHz3JGopeo79DhbJSEYVnuzAMk1CfqjBwag7y5wKpxeXozArFZhYZFaYYCsCe74XVz4YQmvl3v0SABs6lwtPbyNuX9AGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1P7kt6DWe7uuPavAqTrcUjMbm5JA%26client%3Dca-pub-2201058077065954%26adurl%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3039::6815:c08f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ed135c9f441baa1c02773d6f893f8b90651ab7542eea67ce821e5ea55dad3c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1j0c3fmepee4r3661ahpqtgaqqa00q20941k9s07nbm04hrf9d6tdkrj2qsgep77m4r4dfmdjd3ja2xgc271fmej94h5hzstaatg99vcky275022ypf4c03qrgwp9y5zx2be5x42kdpmepc5cq69a3y55q6e0paxhexz73vx9n76s3nt89d7e64ndpggzctnz24ynwmjerxt9a2120221gwvqn5hpnzt7pr4hca0f0yjc7r8hrvsvkw1zm9g4yzymxg0zm59477kj2gh9wjms6pg7gdegr1sx65rcrrnwdr70ayv7mhha6axcyexrndxnenv3cew2840hdgcaeshb9b7gfx7r7g15cdw1px1fj3xz9wr1w3fnd2v0aq9sj2a9s9f41rnyek718gwmqgq4qa07cd20x3j5a1683pptxph65q0e2ksqtnywnvs72jqwtd0&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC6r5EUkugYdHyBsXb3wPPooS4B5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMjIwMTA1ODA3NzA2NTk1NKABwq7o3QPIAQmpAmrgQwrozbI-qAMBqgTEAU_QXlCFhAOvq3YzxF6CcV6R3x1BEwWHi_wU24DL3_dnfTVN9Z9_NQqCUZP2BG4yOijcLxmcu5ZdGZzk9WJd7xFoXDZHDTiy5HjMrLWyFqEmRep9YE4DXnprZoRH_hi0k2Jzh3p6Ah9IUPGgReyqv7PS-QL6UnkiPSAbDSkpZ0RvApgogkkFQr_ESACqHz3JGopeo79DhbJSEYVnuzAMk1CfqjBwag7y5wKpxeXozArFZhYZFaYYCsCe74XVz4YQmvl3v0SABs6lwtPbyNuX9AGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1P7kt6DWe7uuPavAqTrcUjMbm5JA%26client%3Dca-pub-2201058077065954%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 02:49:54 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 22065
cross-origin-embedder-policy: unsafe-none
cf-polished: origSize=82325
surrogate-control: no-store
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
expires: 0
last-modified: Thu, 25 Nov 2021 20:42:09 GMT
server: cloudflare
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=3600, must-revalidate, proxy-revalidate
cf-ray: 6b3fce65bc58dfbf-FRA
cf-bgj: minify

GET
H2 200 r62eglto.js Show response
ad4m.at/ Frame 2E3B 36 KB
13 KB 29ms
20ms Script
application/javascript 2606:4700:3039::6815:c08f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1j0c3fmepee4r3661ahpqtgaqqa00q20941k9s07nbm04hrf9d6tdkrj2qsgep77m4r4dfmdjd3ja2xgc271fmej94h5hzstaatg99vcky275022ypf4c03qrgwp9y5zx2be5x42kdpmepc5cq69a3y55q6e0paxhexz73vx9n76s3nt89d7e64ndpggzctnz24ynwmjerxt9a2120221gwvqn5hpnzt7pr4hca0f0yjc7r8hrvsvkw1zm9g4yzymxg0zm59477kj2gh9wjms6pg7gdegr1sx65rcrrnwdr70ayv7mhha6axcyexrndxnenv3cew2840hdgcaeshb9b7gfx7r7g15cdw1px1fj3xz9wr1w3fnd2v0aq9sj2a9s9f41rnyek718gwmqgq4qa07cd20x3j5a1683pptxph65q0e2ksqtnywnvs72jqwtd0&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC6r5EUkugYdHyBsXb3wPPooS4B5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMjIwMTA1ODA3NzA2NTk1NKABwq7o3QPIAQmpAmrgQwrozbI-qAMBqgTEAU_QXlCFhAOvq3YzxF6CcV6R3x1BEwWHi_wU24DL3_dnfTVN9Z9_NQqCUZP2BG4yOijcLxmcu5ZdGZzk9WJd7xFoXDZHDTiy5HjMrLWyFqEmRep9YE4DXnprZoRH_hi0k2Jzh3p6Ah9IUPGgReyqv7PS-QL6UnkiPSAbDSkpZ0RvApgogkkFQr_ESACqHz3JGopeo79DhbJSEYVnuzAMk1CfqjBwag7y5wKpxeXozArFZhYZFaYYCsCe74XVz4YQmvl3v0SABs6lwtPbyNuX9AGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1P7kt6DWe7uuPavAqTrcUjMbm5JA%26client%3Dca-pub-2201058077065954%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c08f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b98c8f3aa7cc2835be32fd3a1488ba31a3de35a3fa0dd643a092c2846c613017

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-goog-hash: crc32c=i2G9+Q==, md5=KT4B161Aam0qyQ5N1n+FMQ==
date: Fri, 26 Nov 2021 02:49:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 19336
x-guploader-uploadid: ADPycdsOKTGHIoWahD0TZTQoYWUEfcQg0132oq9AD9469QffPzMPQd5lf_jiilD5Vec202kqqI-Hxsh29ygvyTXNSQg63d9QPA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Tue, 02 Nov 2021 14:54:41 GMT
server: cloudflare
etag: W/"293e01d7ad406a6d2ac90e4dd67f8531"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e7kKBUYp7VkvMGzS5iX9jcuaTuuz0L66gtsZn6I6g3RujKGQi%2Ba2fuiAZaLJpvPcc0Kq5%2BOu7imz5BUVA0Binph3GM2MYJRNHXz9MT4Q4s8u8Gs720JDpcsC19mb%2Fs3tpIzzs%2Fg%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1635864881199576
content-type: application/javascript; charset=utf-8
expires: Thu, 25 Nov 2021 21:27:38 GMT
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
x-goog-stored-content-length: 11933
cf-ray: 6b3fce65bfad694f-FRA
cf-bgj: minify

POST
H2 204 csi
csi.gstatic.com/ Frame D305 0
54 B 14ms
14ms Ping
image/gif 2001:4860:4802:32::3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?s=ampad&ctx=2&puid=1~1637894994821&qqid=CJ2MsKqCtfQCFZ2adwod530CvA&rt=any.link.dn.1h.e.a.p.0.174k.16w8~any.script.dn.1d.1.i.0.0.430.3uo~any.script.dn.1g.3.j.0.0.m9j.m17~any.script.dn.1h.2.l.0.0.d5v.cxj~any.script.dn.1d.1.j.0.0.1kf.1c3~any.script.dn.13.2.7.0.0.a4m.9wa~any.link.dn.19.1.g.0.0.st.kh~any.img.do.16.0.c.0.0.2mf.2e3~any.img.do.15.0.c.0.0.hw.9k~any.img.do.1o.1.1f.0.0.8c.0~any.css.f8.o.2.7.f.0.9xe.9p2~any.css.f8.q.1.a.0.0.16e.y2~any.css.f8.t.4.b.0.0.lnm.lfa~any.css.f8.s.1.c.0.0.7hg.794~any.css.f9.q.1.a.0.0.1ef.163~any.css.f9.14.a.8.k.0.s7s.rzg~any.css.f9.12.2.e.0.0.d40.cvo~any.img.jn.8.1.7.0.0.2mf.2e3~any.img.jn.8.1.7.0.0.hw.9k&met.a4a=dcl.515~ol.705~nvs.1637894993982~ini.1637894994822
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012111011823000/v0/amp-analytics-0.1.mjs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 26 Nov 2021 02:49:54 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 4C49 35 B
464 B 25ms
8ms Image
image/gif 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESECilS8ZnPHsFQoFkPt9FdtY&google_cver=1&google_push=AYg5qPL3LssaS78iERHt1kf9ZtHt8EYWjris2rLbLcXzsJ0S5dHgt3PprEDjTKBbs2ovnkL5RLaOVSPSrmZaUKVh0L7FFOHAaQ

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 Nov 2021 02:49:54 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame 4C49 43 B
324 B 30ms
15ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESELEtX03IDgZFX1MqGX9gS4Y&google_push=AYg5qPKFzzm0BFHUMe2vi-3YEuRJzXsR2-gV_5okacmF0zpz_dc5jpSanwzEny3oLJo46jOeO6IxtWizk1OFHB_DwfBVBwWEeA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2201058077065954&output=html&h=600&slotname=2304122458&adk=2183641536&adf=3496389188&pi=t.ma~as.2304122458&w=150&lmt=1637894992&psa=0&format=150x600&url=https%3A%2F%2Fxosodaiphat.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637894994085&bpp=1&bdt=348&idt=0&shv=r20211111&mjsv=m202111160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C300x250&nras=1&correlator=2410851921683&rume=1&frm=20&pv=2&ga_vid=1250507266.1637894994&ga_sid=1637894994&ga_hid=1389502024&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=853&ady=1388&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982000%2C182982200%2C31063782%2C31061691%2C31061693&oid=2&pvsid=2804184704754586&pem=23&tmod=1725400849&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=tqR1w2ZcP1&p=https%3A//xosodaiphat.com&dtd=10
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 Nov 2021 02:49:54 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame 4C49 43 B
351 B 43ms
23ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEGLuy4U914hLacCAsacgaEo&google_cver=1&google_push=AYg5qPIj1vuThnrbgtarNq5K0ouWp2gveRuTHEh49RH-0JNsYKvAm9ZykMzfrGlOJSesSHppYORdl9IEnRTB7I_Vp7ph7tujUQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2201058077065954&output=html&h=600&slotname=2304122458&adk=2183641536&adf=3496389188&pi=t.ma~as.2304122458&w=150&lmt=1637894992&psa=0&format=150x600&url=https%3A%2F%2Fxosodaiphat.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637894994085&bpp=1&bdt=348&idt=0&shv=r20211111&mjsv=m202111160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C300x250&nras=1&correlator=2410851921683&rume=1&frm=20&pv=2&ga_vid=1250507266.1637894994&ga_sid=1637894994&ga_hid=1389502024&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=853&ady=1388&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982000%2C182982200%2C31063782%2C31061691%2C31061693&oid=2&pvsid=2804184704754586&pem=23&tmod=1725400849&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=tqR1w2ZcP1&p=https%3A//xosodaiphat.com&dtd=10
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 Nov 2021 02:49:54 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: d5rmpgndg3ia7mnjmeo304u8ml2jr0qn

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4C49
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=FFxSj8AjQBO8bPI82irj-Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

31ms
17ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=FFxSj8AjQBO8bPI82irj-Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLb1fSO0ucWyAO6wcEZ5tcrux5cU6mIwo9ELAJOyRF75EU3sYYc5U4xKng1zm67TDVsJBMWoQZ_mcFIiQWSkYE8XJ4xVgM

Requested by

Host: xosodaiphat.com
URL: https://xosodaiphat.com/

Protocol

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 Nov 2021 02:49:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=FFxSj8AjQBO8bPI82irj-Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLb1fSO0ucWyAO6wcEZ5tcrux5cU6mIwo9ELAJOyRF75EU3sYYc5U4xKng1zm67TDVsJBMWoQZ_mcFIiQWSkYE8XJ4xVgM
date: Fri, 26 Nov 2021 02:49:54 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 4C49
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEG4HkwUhbfLlY38HPsyBccI&google_cver=1&google_push=AYg5qPJCXsMBUsO0ECYTFTEde4t3gOfFqKqDS9LnEvJGoHGSAOf4u64eI87YiSRziAVyX2onyIw...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dGU0UyRjktMVEtQkIzTA==&google_push=AYg5qPJCXsMBUsO0ECYTFTEde4t3gOfFqKqDS9LnEvJGoHGSAOf4u64eI87YiSRziAVyX2onyIwBUReiInfCfLU54PfyglY3cOU

170 B
329 B

16ms
16ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dGU0UyRjktMVEtQkIzTA==&google_push=AYg5qPJCXsMBUsO0ECYTFTEde4t3gOfFqKqDS9LnEvJGoHGSAOf4u64eI87YiSRziAVyX2onyIwBUReiInfCfLU54PfyglY3cOU

Requested by

Protocol

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 Nov 2021 02:49:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dGU0UyRjktMVEtQkIzTA==&google_push=AYg5qPJCXsMBUsO0ECYTFTEde4t3gOfFqKqDS9LnEvJGoHGSAOf4u64eI87YiSRziAVyX2onyIwBUReiInfCfLU54PfyglY3cOU
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 4C49
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEKoM1w9NdJh03RfiDvE9qfQ&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEKoM1w9NdJh03RfiDvE9qfQ&google_push=AY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm402...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm402...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm402...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm402...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm402...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm402...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm402...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm402...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm402...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm402...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm402...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm402...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm402...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm402...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm402...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm402...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm402...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm402...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm402...

0
0

GET
H2 200 trk
ag.innovid.com/ Frame 4C49 43 B
297 B 129ms
22ms Image
image/gif 2a05:d01c:1d8:8102:9b42:ec:9152:470a
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEJmqrGOMzrDPt2EQmvEA6V4&google_cver=1&google_push=AYg5qPK7R_EekpV1qq9oCyC7BEFPH9pzo7c-owfyEbuLFrtZV8l4w5GNnNrlPIrf4N6VWqQP636aro8ktOg0ioqnn1sctL3ByA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2201058077065954&output=html&h=600&slotname=2304122458&adk=2183641536&adf=3496389188&pi=t.ma~as.2304122458&w=150&lmt=1637894992&psa=0&format=150x600&url=https%3A%2F%2Fxosodaiphat.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637894994085&bpp=1&bdt=348&idt=0&shv=r20211111&mjsv=m202111160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C300x250&nras=1&correlator=2410851921683&rume=1&frm=20&pv=2&ga_vid=1250507266.1637894994&ga_sid=1637894994&ga_hid=1389502024&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=853&ady=1388&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982000%2C182982200%2C31063782%2C31061691%2C31061693&oid=2&pvsid=2804184704754586&pem=23&tmod=1725400849&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=tqR1w2ZcP1&p=https%3A//xosodaiphat.com&dtd=10
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8102:9b42:ec:9152:470a London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 Nov 2021 02:49:54 GMT
cache-control: no-cache
content-type: image/gif
content-length: 43
request-time: 1
expires: -1

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 4C49 0
232 B 35ms
14ms Image
text/html 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LKopar9QlEJy__NyhmksEXNuo4q8isOH5V-oQoGno49ge6EaLKb6c6oqKHb-AytqGNYaxS

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 02:49:54 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame 2E3B 3 KB
4 KB 41ms
16ms Image
image/png 2606:4700:20::ac43:444e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/style/0.1.14/one-ad/default.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:444e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-goog-hash: crc32c=v7nNsg==, md5=eUyE0w4hPsahRNZCFfB1UQ==
date: Fri, 26 Nov 2021 02:49:54 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6395399
x-guploader-uploadid: ADPycdu4kVh88oPygz4q2L0gysGWlMlIFE5YReoxzb2pqvToqgh3BYrLqoA2iyx1syc2mGJLpBFm-K4K9hJXRMmcJywY3ItGvg
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 3262
x-goog-meta-
last-modified: Wed, 09 Jun 2021 12:35:14 GMT
server: cloudflare
etag: "794c84d30e213ec6a144d64215f07551"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lK9sjZhbbwBJAcUBQ7J5DKe%2Fltf5xjzBn3xPz%2BQP%2BLOK3lDOMcRLtmN8%2BNfzzqFMN8SrsUHTGv7mBSkmp%2F%2BuVXByTU%2F96YP8iTpUFMq6W4Xzd0IQ%2BDHoqT8IttdU9IsmQjCyVb%2B9eV16lmy2zNvJLYtl"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1623242114099744
content-type: image/png
cache-control: public, max-age=31536000, immutable
x-goog-stored-content-length: 3262
accept-ranges: bytes
cf-ray: 6b3fce66196905d8-FRA
expires: Tue, 13 Sep 2022 02:19:55 GMT

GET
H3 200 frame.html Show response
ad4m.at/ Frame 4E89 2 KB
2 KB 17ms
17ms Document
text/html 2606:4700:3039::6815:c08f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c08f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Fri, 26 Nov 2021 02:49:54 GMT
content-type: text/html; charset=utf-8
x-guploader-uploadid: ADPycdul5Ccw7d7rhgjk4K-9bNVBIMJUbbihzRGNqm4eKjFMeeucQ20B3FnwIcyOYympdB6UUlF8mlNguKXZm3TvRLI
expires: Fri, 26 Nov 2021 03:49:54 GMT
last-modified: Wed, 06 May 2020 15:09:30 GMT
x-goog-generation: 1588777770164783
x-goog-metageneration: 3
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1681
x-goog-meta-
x-goog-custom-time: 1970-01-01T00:00:00Z
content-language: en
x-goog-hash: crc32c=iTDHew== md5=c2ZaqCqAXxKd4MgeeQDU8g==
x-goog-storage-class: MULTI_REGIONAL
age: 2498151
cache-control: public, max-age=3600
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: HIT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0le3QA0Ge1rPROlFBB2%2BqIERdSGmvSy3NxVJ0aSJHg4cfmSJAxVHKOdQIuz2KDnoJ9I1qCX%2FOAwNVTtoXQx4tE5ly1GnI88WgOwvvIwJsvj6YInVl1gHzj6isa1KCAZivPanhgk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 6b3fce65fc72dfbf-FRA
content-encoding: br

POST
H3 200 rs Show response
ad4m.at/ Frame 2E3B 2 KB
2 KB 26ms
26ms XHR
text/plain 2606:4700:3039::6815:c08e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c08e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 63240ec818179aa790e1f0fb516377ded346929437f22cbb8d1a477a27c7daf0

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/json

Response headers

cf-ray: 6b3fce666ead2c01-FRA
date: Fri, 26 Nov 2021 02:49:54 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TPmiMfmwbgpMuqLSBuVfcymOLrY7HcuWn9Ugd4iB8fOWmdycyNb665G3b2k0Jka3O7EsfSf2nQ9dHt%2F8mdGjmZmuk8nCaQnrPXuST2mHNqzZB9jMTpC2NtMMbUcnWxP2XOLekeo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://as.ad4m.at
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
access-control-allow-credentials: true
content-encoding: br
x-backend-server: aa-reachservice-group-europe-west1-bd8c

OPTIONS
H3 200 rs
ad4m.at/ Frame 0
0 36ms
26ms Preflight
text/plain 2606:4700:3039::6815:c08e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c08e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://as.ad4m.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 26 Nov 2021 02:49:54 GMT
content-type: text/plain
content-length: 24
access-control-allow-origin: https://as.ad4m.at
access-control-allow-credentials: true
access-control-max-age: 1800
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-headers: content-type
allow: HEAD,POST,GET,OPTIONS
x-backend-server: aa-reachservice-group-europe-west1-bd8c
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tmzTHCfh5z%2Bf8Tff%2FrcsC%2F5JNW8%2Fib4xp5rs3yMwOy%2Bs6YsAxilm%2FcYA%2B%2FMOHpRsH%2BVktRHHs4b56zS2O9cyrRASMpdTlnfjxHNxXyJZ2e44VFNxyf44mH0c90FFVIhBsayTqdQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6b3fce663e8c2c01-FRA

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame CC14 57 KB
22 KB 6ms
6ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

977f35f75dfb224977b278c01ff5bd8fb73f53fcaec7480681eb779e34177f23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 02:21:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1687
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22094
x-xss-protection: 0
server: cafe
etag: 9350601024229784641
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Fri, 26 Nov 2021 03:21:47 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame CC14 0
17 B 28ms
13ms Ping
image/gif 2001:4860:4802:32::3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~kwfse2ge&chm=1&ctx=2&gqid=UkugYZmmBtKPrAT9ypmwCg&qqid=CNHjtqqCtfQCFcXtdwodTxEBdw&met.4=fb.7~lb.3c~cmrload.4l~ol.61~bdt.-qn~bpp.-gy~idt.-gz~dtd.-gp~dt.-gz&met.3=735.3m~734.61~113.6e_1~112.6e_1&met.1=1.kwfse2a0~14.6~15.0~16.6~17.6~18.6~19.6~20.6~21.6&met.7=CCEQBBgBIAkoCTA7ODFoCnA6eKwCsAEBuAED~CBsQBSALOC8~CB4QChgBIAsoCzASOAdoDHAReOAMgAG0CogBnhOwAQG4AQM~CBwQBRgBIAwoDDAUOAhoDnAUeIAIgAHUBYgBlgmwAQG4AQM~CCoQChgBIAwoDDAlOBk~CBwQChgBIAwoDDAUOAdoDXATeLs0gAGPMogBl3SwAQG4AQM~CBsQBhgBIA0oDTAyOCY~CCgQChgBINoBKNoBMOIBOAho2gFw4QF4-q4BgAHOrAGIAb3FA7ABAbgBAw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 26 Nov 2021 02:49:54 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 rar Show response
as.ad4m.at/ad/ Frame 6B0A 7 KB
4 KB 29ms
28ms Document
text/html 2606:4700:3039::6815:c08f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=170113%2C20833%2C166402&b=Ke2sRfE34CGG8dc5HMHktPtKWqKf8TATwx8fq%2CjBzSEfVAgTezJsYHEH2t6tRRGcKTzTDZ1f9%2CPe7sBf2XzUbK79t9HjHbtMtPPgSZT9TPxDfp&f=k6YF5f1pjUddJMU4HwHetmCXmDXukTjTp7mUR%2Cxb9UQfVY5TQXbHPHdHztDCRRgcJT6TqGKSA%2Cb4xuQfq63S5K2bfYHbHzt8CwwmsxTJT5DMuJ&c=120&d=600&e=SWIE4VMeI0wT2zb1qq2odulCFuRVYRap&g=da1a653b8d160bb8555f99b7a5ba651c%2F15925037179300048360&i=69427%2C20774%2C20773&j=16%2C14%2C14&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach94_WKZREACH&r=1637894994959&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g8yj36cdfewfge8h78h4qpjfqeqfsy0rk1aynj2s924ba8ms69edymbkm3p2gn1283hze5qmkcvs8frsmr0pktq4115g8tj5q5wzkfr4q1x8gxkfenypepbsr3xcm01ydxeqsnz9gt8nq31cj6dvyhcgy3bmakk3ff5fczwqewr1xmfasqfpj6q9c2sj0pt3ggvzzcchaktkkyayy0ng5mwgp8098cv856w12r2k5ny55f4mxf98cbfd21g7gsc7jx0d34s5cfyhn2yg75ne928%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC6r5EUkugYdHyBsXb3wPPooS4B5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMjIwMTA1ODA3NzA2NTk1NKABwq7o3QPIAQmpAmrgQwrozbI-qAMBqgTEAU_QXlCFhAOvq3YzxF6CcV6R3x1BEwWHi_wU24DL3_dnfTVN9Z9_NQqCUZP2BG4yOijcLxmcu5ZdGZzk9WJd7xFoXDZHDTiy5HjMrLWyFqEmRep9YE4DXnprZoRH_hi0k2Jzh3p6Ah9IUPGgReyqv7PS-QL6UnkiPSAbDSkpZ0RvApgogkkFQr_ESACqHz3JGopeo79DhbJSEYVnuzAMk1CfqjBwag7y5wKpxeXozArFZhYZFaYYCsCe74XVz4YQmvl3v0SABs6lwtPbyNuX9AGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1P7kt6DWe7uuPavAqTrcUjMbm5JA%252526client%25253Dca-pub-2201058077065954%252526adurl%25253D&y=1&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/r62eglto.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3039::6815:c08f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d338f73505781c499cee314045b394a17ac33afc83f8b35b9a1493aa64599ce0

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1j0c3fmepee4r3661ahpqtgaqqa00q20941k9s07nbm04hrf9d6tdkrj2qsgep77m4r4dfmdjd3ja2xgc271fmej94h5hzstaatg99vcky275022ypf4c03qrgwp9y5zx2be5x42kdpmepc5cq69a3y55q6e0paxhexz73vx9n76s3nt89d7e64ndpggzctnz24ynwmjerxt9a2120221gwvqn5hpnzt7pr4hca0f0yjc7r8hrvsvkw1zm9g4yzymxg0zm59477kj2gh9wjms6pg7gdegr1sx65rcrrnwdr70ayv7mhha6axcyexrndxnenv3cew2840hdgcaeshb9b7gfx7r7g15cdw1px1fj3xz9wr1w3fnd2v0aq9sj2a9s9f41rnyek718gwmqgq4qa07cd20x3j5a1683pptxph65q0e2ksqtnywnvs72jqwtd0&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC6r5EUkugYdHyBsXb3wPPooS4B5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMjIwMTA1ODA3NzA2NTk1NKABwq7o3QPIAQmpAmrgQwrozbI-qAMBqgTEAU_QXlCFhAOvq3YzxF6CcV6R3x1BEwWHi_wU24DL3_dnfTVN9Z9_NQqCUZP2BG4yOijcLxmcu5ZdGZzk9WJd7xFoXDZHDTiy5HjMrLWyFqEmRep9YE4DXnprZoRH_hi0k2Jzh3p6Ah9IUPGgReyqv7PS-QL6UnkiPSAbDSkpZ0RvApgogkkFQr_ESACqHz3JGopeo79DhbJSEYVnuzAMk1CfqjBwag7y5wKpxeXozArFZhYZFaYYCsCe74XVz4YQmvl3v0SABs6lwtPbyNuX9AGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1P7kt6DWe7uuPavAqTrcUjMbm5JA%26client%3Dca-pub-2201058077065954%26adurl%3D

Response headers

date: Fri, 26 Nov 2021 02:49:54 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
cross-origin-embedder-policy: unsafe-none
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
cross-origin-opener-policy: unsafe-none
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6b3fce669cd1dfbf-FRA
content-encoding: br

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.14/one-ad/ Frame 6B0A 80 KB
11 KB 17ms
17ms Stylesheet
text/css 2606:4700:3039::6815:c08f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.14/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=170113%2C20833%2C166402&b=Ke2sRfE34CGG8dc5HMHktPtKWqKf8TATwx8fq%2CjBzSEfVAgTezJsYHEH2t6tRRGcKTzTDZ1f9%2CPe7sBf2XzUbK79t9HjHbtMtPPgSZT9TPxDfp&f=k6YF5f1pjUddJMU4HwHetmCXmDXukTjTp7mUR%2Cxb9UQfVY5TQXbHPHdHztDCRRgcJT6TqGKSA%2Cb4xuQfq63S5K2bfYHbHzt8CwwmsxTJT5DMuJ&c=120&d=600&e=SWIE4VMeI0wT2zb1qq2odulCFuRVYRap&g=da1a653b8d160bb8555f99b7a5ba651c%2F15925037179300048360&i=69427%2C20774%2C20773&j=16%2C14%2C14&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach94_WKZREACH&r=1637894994959&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g8yj36cdfewfge8h78h4qpjfqeqfsy0rk1aynj2s924ba8ms69edymbkm3p2gn1283hze5qmkcvs8frsmr0pktq4115g8tj5q5wzkfr4q1x8gxkfenypepbsr3xcm01ydxeqsnz9gt8nq31cj6dvyhcgy3bmakk3ff5fczwqewr1xmfasqfpj6q9c2sj0pt3ggvzzcchaktkkyayy0ng5mwgp8098cv856w12r2k5ny55f4mxf98cbfd21g7gsc7jx0d34s5cfyhn2yg75ne928%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC6r5EUkugYdHyBsXb3wPPooS4B5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMjIwMTA1ODA3NzA2NTk1NKABwq7o3QPIAQmpAmrgQwrozbI-qAMBqgTEAU_QXlCFhAOvq3YzxF6CcV6R3x1BEwWHi_wU24DL3_dnfTVN9Z9_NQqCUZP2BG4yOijcLxmcu5ZdGZzk9WJd7xFoXDZHDTiy5HjMrLWyFqEmRep9YE4DXnprZoRH_hi0k2Jzh3p6Ah9IUPGgReyqv7PS-QL6UnkiPSAbDSkpZ0RvApgogkkFQr_ESACqHz3JGopeo79DhbJSEYVnuzAMk1CfqjBwag7y5wKpxeXozArFZhYZFaYYCsCe74XVz4YQmvl3v0SABs6lwtPbyNuX9AGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1P7kt6DWe7uuPavAqTrcUjMbm5JA%252526client%25253Dca-pub-2201058077065954%252526adurl%25253D&y=1&z=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3039::6815:c08f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ed135c9f441baa1c02773d6f893f8b90651ab7542eea67ce821e5ea55dad3c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/rar?a=170113%2C20833%2C166402&b=Ke2sRfE34CGG8dc5HMHktPtKWqKf8TATwx8fq%2CjBzSEfVAgTezJsYHEH2t6tRRGcKTzTDZ1f9%2CPe7sBf2XzUbK79t9HjHbtMtPPgSZT9TPxDfp&f=k6YF5f1pjUddJMU4HwHetmCXmDXukTjTp7mUR%2Cxb9UQfVY5TQXbHPHdHztDCRRgcJT6TqGKSA%2Cb4xuQfq63S5K2bfYHbHzt8CwwmsxTJT5DMuJ&c=120&d=600&e=SWIE4VMeI0wT2zb1qq2odulCFuRVYRap&g=da1a653b8d160bb8555f99b7a5ba651c%2F15925037179300048360&i=69427%2C20774%2C20773&j=16%2C14%2C14&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach94_WKZREACH&r=1637894994959&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g8yj36cdfewfge8h78h4qpjfqeqfsy0rk1aynj2s924ba8ms69edymbkm3p2gn1283hze5qmkcvs8frsmr0pktq4115g8tj5q5wzkfr4q1x8gxkfenypepbsr3xcm01ydxeqsnz9gt8nq31cj6dvyhcgy3bmakk3ff5fczwqewr1xmfasqfpj6q9c2sj0pt3ggvzzcchaktkkyayy0ng5mwgp8098cv856w12r2k5ny55f4mxf98cbfd21g7gsc7jx0d34s5cfyhn2yg75ne928%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC6r5EUkugYdHyBsXb3wPPooS4B5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMjIwMTA1ODA3NzA2NTk1NKABwq7o3QPIAQmpAmrgQwrozbI-qAMBqgTEAU_QXlCFhAOvq3YzxF6CcV6R3x1BEwWHi_wU24DL3_dnfTVN9Z9_NQqCUZP2BG4yOijcLxmcu5ZdGZzk9WJd7xFoXDZHDTiy5HjMrLWyFqEmRep9YE4DXnprZoRH_hi0k2Jzh3p6Ah9IUPGgReyqv7PS-QL6UnkiPSAbDSkpZ0RvApgogkkFQr_ESACqHz3JGopeo79DhbJSEYVnuzAMk1CfqjBwag7y5wKpxeXozArFZhYZFaYYCsCe74XVz4YQmvl3v0SABs6lwtPbyNuX9AGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1P7kt6DWe7uuPavAqTrcUjMbm5JA%252526client%25253Dca-pub-2201058077065954%252526adurl%25253D&y=1&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 02:49:55 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 22066
cross-origin-embedder-policy: unsafe-none
cf-polished: origSize=82325
surrogate-control: no-store
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
expires: 0
last-modified: Thu, 25 Nov 2021 20:42:09 GMT
server: cloudflare
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=3600, must-revalidate, proxy-revalidate
cf-ray: 6b3fce66dcf9dfbf-FRA
cf-bgj: minify

GET
H2 200 E8EA317949C63E248452E31F5C06D77B3668C07614BA35610C7AB29E65B0D5794D9D340D4CA565A89D867AB72CEBED1B4E12F68BEF75520978641D7EE06F576D
assets.ad4m.at/logo/ Frame 6B0A 7 KB
8 KB 28ms
18ms Image
image/webp 2606:4700:3039::6815:c08f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/E8EA317949C63E248452E31F5C06D77B3668C07614BA35610C7AB29E65B0D5794D9D340D4CA565A89D867AB72CEBED1B4E12F68BEF75520978641D7EE06F576D
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=170113%2C20833%2C166402&b=Ke2sRfE34CGG8dc5HMHktPtKWqKf8TATwx8fq%2CjBzSEfVAgTezJsYHEH2t6tRRGcKTzTDZ1f9%2CPe7sBf2XzUbK79t9HjHbtMtPPgSZT9TPxDfp&f=k6YF5f1pjUddJMU4HwHetmCXmDXukTjTp7mUR%2Cxb9UQfVY5TQXbHPHdHztDCRRgcJT6TqGKSA%2Cb4xuQfq63S5K2bfYHbHzt8CwwmsxTJT5DMuJ&c=120&d=600&e=SWIE4VMeI0wT2zb1qq2odulCFuRVYRap&g=da1a653b8d160bb8555f99b7a5ba651c%2F15925037179300048360&i=69427%2C20774%2C20773&j=16%2C14%2C14&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach94_WKZREACH&r=1637894994959&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g8yj36cdfewfge8h78h4qpjfqeqfsy0rk1aynj2s924ba8ms69edymbkm3p2gn1283hze5qmkcvs8frsmr0pktq4115g8tj5q5wzkfr4q1x8gxkfenypepbsr3xcm01ydxeqsnz9gt8nq31cj6dvyhcgy3bmakk3ff5fczwqewr1xmfasqfpj6q9c2sj0pt3ggvzzcchaktkkyayy0ng5mwgp8098cv856w12r2k5ny55f4mxf98cbfd21g7gsc7jx0d34s5cfyhn2yg75ne928%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC6r5EUkugYdHyBsXb3wPPooS4B5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMjIwMTA1ODA3NzA2NTk1NKABwq7o3QPIAQmpAmrgQwrozbI-qAMBqgTEAU_QXlCFhAOvq3YzxF6CcV6R3x1BEwWHi_wU24DL3_dnfTVN9Z9_NQqCUZP2BG4yOijcLxmcu5ZdGZzk9WJd7xFoXDZHDTiy5HjMrLWyFqEmRep9YE4DXnprZoRH_hi0k2Jzh3p6Ah9IUPGgReyqv7PS-QL6UnkiPSAbDSkpZ0RvApgogkkFQr_ESACqHz3JGopeo79DhbJSEYVnuzAMk1CfqjBwag7y5wKpxeXozArFZhYZFaYYCsCe74XVz4YQmvl3v0SABs6lwtPbyNuX9AGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1P7kt6DWe7uuPavAqTrcUjMbm5JA%252526client%25253Dca-pub-2201058077065954%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c08f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 55875a2e63363c27cb067d5bcf21a65bd8efffccb7a4de1ef41ae8b159e7023f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-goog-hash: crc32c=dSVgDw==, md5=2m7QdREHTpqKJWqnHGEyuA==
date: Fri, 26 Nov 2021 02:49:55 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 285919
cf-polished: origFmt=png, origSize=21213
x-guploader-uploadid: ADPycdtESLJA_qrhIh_B1MqbrTnl6zz-c42XYLVj4UWAF08IOdj0JQY5EgHSU7FM4ztsmhp2KgwIhfTjmPgVJD36thE
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 7146
last-modified: Thu, 18 Nov 2021 16:09:26 GMT
server: cloudflare
etag: "da6ed07511074e9a8a256aa71c6132b8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kCmViWwWcPNNbCbSoZtAOFbpQB3SWBCN9r3XYrIxl4ZIwJfpin2KnXhXlZsFCi5IW3xxZi8qNFP9ZRRZTZR3ro6m0X6Lqs6XTa%2BJIpZ5t%2BboFibVl0%2FxQNV7yPU8fG0pJ3uAuDwFvNI7K04A"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1637251766352915
content-type: image/webp
expires: Sat, 27 Nov 2021 02:49:55 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 21213
accept-ranges: bytes
cf-ray: 6b3fce66e92e694f-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 CDEDB5A79A80EA41B0F03A849ADC491AD0FBBA3342DA081C7B49F2284DA28AB711C533EC084D268B4A6D3C0B46569455694AC901D28597561E73487E1F6BB239
assets.ad4m.at/product_image/ Frame 6B0A 24 KB
25 KB 28ms
19ms Image
image/webp 2606:4700:3039::6815:c08f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/CDEDB5A79A80EA41B0F03A849ADC491AD0FBBA3342DA081C7B49F2284DA28AB711C533EC084D268B4A6D3C0B46569455694AC901D28597561E73487E1F6BB239
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=170113%2C20833%2C166402&b=Ke2sRfE34CGG8dc5HMHktPtKWqKf8TATwx8fq%2CjBzSEfVAgTezJsYHEH2t6tRRGcKTzTDZ1f9%2CPe7sBf2XzUbK79t9HjHbtMtPPgSZT9TPxDfp&f=k6YF5f1pjUddJMU4HwHetmCXmDXukTjTp7mUR%2Cxb9UQfVY5TQXbHPHdHztDCRRgcJT6TqGKSA%2Cb4xuQfq63S5K2bfYHbHzt8CwwmsxTJT5DMuJ&c=120&d=600&e=SWIE4VMeI0wT2zb1qq2odulCFuRVYRap&g=da1a653b8d160bb8555f99b7a5ba651c%2F15925037179300048360&i=69427%2C20774%2C20773&j=16%2C14%2C14&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach94_WKZREACH&r=1637894994959&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g8yj36cdfewfge8h78h4qpjfqeqfsy0rk1aynj2s924ba8ms69edymbkm3p2gn1283hze5qmkcvs8frsmr0pktq4115g8tj5q5wzkfr4q1x8gxkfenypepbsr3xcm01ydxeqsnz9gt8nq31cj6dvyhcgy3bmakk3ff5fczwqewr1xmfasqfpj6q9c2sj0pt3ggvzzcchaktkkyayy0ng5mwgp8098cv856w12r2k5ny55f4mxf98cbfd21g7gsc7jx0d34s5cfyhn2yg75ne928%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC6r5EUkugYdHyBsXb3wPPooS4B5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMjIwMTA1ODA3NzA2NTk1NKABwq7o3QPIAQmpAmrgQwrozbI-qAMBqgTEAU_QXlCFhAOvq3YzxF6CcV6R3x1BEwWHi_wU24DL3_dnfTVN9Z9_NQqCUZP2BG4yOijcLxmcu5ZdGZzk9WJd7xFoXDZHDTiy5HjMrLWyFqEmRep9YE4DXnprZoRH_hi0k2Jzh3p6Ah9IUPGgReyqv7PS-QL6UnkiPSAbDSkpZ0RvApgogkkFQr_ESACqHz3JGopeo79DhbJSEYVnuzAMk1CfqjBwag7y5wKpxeXozArFZhYZFaYYCsCe74XVz4YQmvl3v0SABs6lwtPbyNuX9AGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1P7kt6DWe7uuPavAqTrcUjMbm5JA%252526client%25253Dca-pub-2201058077065954%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c08f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c3079788177f9ffa0349fc9f472435d15a99d4f6d865bde952529ea19cd87600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-goog-hash: crc32c=BLcMag==, md5=WCotjPi27vGScPiul+LauQ==
date: Fri, 26 Nov 2021 02:49:55 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 285010
cf-polished: qual=85, origFmt=jpeg, origSize=127009
x-guploader-uploadid: ADPycdv2VQfuhLxYnukj5NcUUA569IjyvIehrSm-6dTgFa6oXIdRwxfLFPHA5OkfUAI3voHY-C1q_ahnPcrz2FQKLvk
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 24464
last-modified: Thu, 18 Nov 2021 14:44:48 GMT
server: cloudflare
etag: "582a2d8cf8b6eef19270f8ae97e2dab9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aplc04pS7yIeklFMKNzWRz7g5pUUw324VUYs%2BbklnvHkW7o1zzJ4BNbrcT7FDCQF0XqCGBYfILq4KLH7TbyOYn2txMVHYA713fiZPD5dWL2wWJcj9tuTUfIZ4uUZuhRr85yB%2Fz%2B5vzMj766D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1637246688561479
content-type: image/webp
expires: Sat, 27 Nov 2021 02:49:55 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 127009
accept-ranges: bytes
cf-ray: 6b3fce66e92b694f-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 6B0A 43 B
704 B 44ms
12ms Image
image/gif 23.79.145.223
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2932283&v=24708&q=417689&r=412871&pv=1&ued=https%3A%2F%2Fwww.shopmate.eu%2Fde%2Fthemenwelten%2Fblack-friday%3Futm_source%3Dad4mat%26utm_medium%3Dnative%26utm_campaign%3Dblackfriday_gewinnspiel&pref3=&pref3=oneidKe2sRfE34CGG8dc5HMHktPtKWqKf8TATwx8fqoneid__asuidSWIE4VMeI0wT2zb1qq2odulCFuRVYRapasuid__suite_Netmix_Reach94_WKZREACH&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.79.145.223 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-79-145-223.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 26 Nov 2021 02:49:55 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H2 200 D694B3AB12381C049B127B34DC11A792684BA8B6EE8B598D6E4045678591B7D0DC6B2CEF7528F06BB05FC11826A1D16CF24DA68FCFC2416343996FBFC05A3155
assets.ad4m.at/logo/ Frame 6B0A 53 KB
54 KB 33ms
25ms Image
image/webp 2606:4700:3039::6815:c08f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/D694B3AB12381C049B127B34DC11A792684BA8B6EE8B598D6E4045678591B7D0DC6B2CEF7528F06BB05FC11826A1D16CF24DA68FCFC2416343996FBFC05A3155
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=170113%2C20833%2C166402&b=Ke2sRfE34CGG8dc5HMHktPtKWqKf8TATwx8fq%2CjBzSEfVAgTezJsYHEH2t6tRRGcKTzTDZ1f9%2CPe7sBf2XzUbK79t9HjHbtMtPPgSZT9TPxDfp&f=k6YF5f1pjUddJMU4HwHetmCXmDXukTjTp7mUR%2Cxb9UQfVY5TQXbHPHdHztDCRRgcJT6TqGKSA%2Cb4xuQfq63S5K2bfYHbHzt8CwwmsxTJT5DMuJ&c=120&d=600&e=SWIE4VMeI0wT2zb1qq2odulCFuRVYRap&g=da1a653b8d160bb8555f99b7a5ba651c%2F15925037179300048360&i=69427%2C20774%2C20773&j=16%2C14%2C14&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach94_WKZREACH&r=1637894994959&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g8yj36cdfewfge8h78h4qpjfqeqfsy0rk1aynj2s924ba8ms69edymbkm3p2gn1283hze5qmkcvs8frsmr0pktq4115g8tj5q5wzkfr4q1x8gxkfenypepbsr3xcm01ydxeqsnz9gt8nq31cj6dvyhcgy3bmakk3ff5fczwqewr1xmfasqfpj6q9c2sj0pt3ggvzzcchaktkkyayy0ng5mwgp8098cv856w12r2k5ny55f4mxf98cbfd21g7gsc7jx0d34s5cfyhn2yg75ne928%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC6r5EUkugYdHyBsXb3wPPooS4B5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMjIwMTA1ODA3NzA2NTk1NKABwq7o3QPIAQmpAmrgQwrozbI-qAMBqgTEAU_QXlCFhAOvq3YzxF6CcV6R3x1BEwWHi_wU24DL3_dnfTVN9Z9_NQqCUZP2BG4yOijcLxmcu5ZdGZzk9WJd7xFoXDZHDTiy5HjMrLWyFqEmRep9YE4DXnprZoRH_hi0k2Jzh3p6Ah9IUPGgReyqv7PS-QL6UnkiPSAbDSkpZ0RvApgogkkFQr_ESACqHz3JGopeo79DhbJSEYVnuzAMk1CfqjBwag7y5wKpxeXozArFZhYZFaYYCsCe74XVz4YQmvl3v0SABs6lwtPbyNuX9AGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1P7kt6DWe7uuPavAqTrcUjMbm5JA%252526client%25253Dca-pub-2201058077065954%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c08f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7cdf71044448cb736733f5163fff96081d51ba4101567d61d22ee5998a7a399

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-goog-hash: crc32c=V11ayA==, md5=Cid9We/KA2mmmDZF4nNlng==
date: Fri, 26 Nov 2021 02:49:55 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 285157
cf-polished: origFmt=png, origSize=115129
x-guploader-uploadid: ADPycdsKWIlEPq31w3iwE7Ti4SSYc2uRMpnK3dms0BZPdOU3U581-PLnFSwm1EUeI-6pr7z9HgipYtmJJ2Olr5Yo-4M
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 54564
last-modified: Tue, 09 Feb 2021 15:11:24 GMT
server: cloudflare
etag: "0a277d59efca0369a6983645e273659e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zSaJH8rmM1RAHBdigW0s%2FOKUN0O0NEItd3TtiK9LwsnqfeSAXTT8CD7I1B22c%2BU4N25HGeYpiEiW0MlMgDhROJ0s%2FbnHTNFdW381rr4SF6ygGGU2r0iptTGk0GogvjcmMLOsDvHhNH4vM2bA"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1612883484779402
content-type: image/webp
expires: Sat, 27 Nov 2021 02:49:55 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 115129
accept-ranges: bytes
cf-ray: 6b3fce66e929694f-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 8D3AFD46DE6A8A4192546FA8CB9819FEA65F690B1ADB7E4317EDFF4CD6CF187CD66698DBA4854E239376743992A0A8E44FBC317DBABB2B29F6F314312465F6E9
assets.ad4m.at/product_image/ Frame 6B0A 30 KB
31 KB 44ms
37ms Image
image/webp 2606:4700:3039::6815:c08f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/8D3AFD46DE6A8A4192546FA8CB9819FEA65F690B1ADB7E4317EDFF4CD6CF187CD66698DBA4854E239376743992A0A8E44FBC317DBABB2B29F6F314312465F6E9
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=170113%2C20833%2C166402&b=Ke2sRfE34CGG8dc5HMHktPtKWqKf8TATwx8fq%2CjBzSEfVAgTezJsYHEH2t6tRRGcKTzTDZ1f9%2CPe7sBf2XzUbK79t9HjHbtMtPPgSZT9TPxDfp&f=k6YF5f1pjUddJMU4HwHetmCXmDXukTjTp7mUR%2Cxb9UQfVY5TQXbHPHdHztDCRRgcJT6TqGKSA%2Cb4xuQfq63S5K2bfYHbHzt8CwwmsxTJT5DMuJ&c=120&d=600&e=SWIE4VMeI0wT2zb1qq2odulCFuRVYRap&g=da1a653b8d160bb8555f99b7a5ba651c%2F15925037179300048360&i=69427%2C20774%2C20773&j=16%2C14%2C14&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach94_WKZREACH&r=1637894994959&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g8yj36cdfewfge8h78h4qpjfqeqfsy0rk1aynj2s924ba8ms69edymbkm3p2gn1283hze5qmkcvs8frsmr0pktq4115g8tj5q5wzkfr4q1x8gxkfenypepbsr3xcm01ydxeqsnz9gt8nq31cj6dvyhcgy3bmakk3ff5fczwqewr1xmfasqfpj6q9c2sj0pt3ggvzzcchaktkkyayy0ng5mwgp8098cv856w12r2k5ny55f4mxf98cbfd21g7gsc7jx0d34s5cfyhn2yg75ne928%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC6r5EUkugYdHyBsXb3wPPooS4B5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMjIwMTA1ODA3NzA2NTk1NKABwq7o3QPIAQmpAmrgQwrozbI-qAMBqgTEAU_QXlCFhAOvq3YzxF6CcV6R3x1BEwWHi_wU24DL3_dnfTVN9Z9_NQqCUZP2BG4yOijcLxmcu5ZdGZzk9WJd7xFoXDZHDTiy5HjMrLWyFqEmRep9YE4DXnprZoRH_hi0k2Jzh3p6Ah9IUPGgReyqv7PS-QL6UnkiPSAbDSkpZ0RvApgogkkFQr_ESACqHz3JGopeo79DhbJSEYVnuzAMk1CfqjBwag7y5wKpxeXozArFZhYZFaYYCsCe74XVz4YQmvl3v0SABs6lwtPbyNuX9AGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1P7kt6DWe7uuPavAqTrcUjMbm5JA%252526client%25253Dca-pub-2201058077065954%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c08f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 48de2e96c59ade9a6909479fa8c3348cc639b2ec4137bede0dd555445bc7c8e7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-goog-hash: crc32c=9edqkg==, md5=Nad3L7CXTHogAlrhn0T8fw==
date: Fri, 26 Nov 2021 02:49:55 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 291021
cf-polished: qual=85, origFmt=jpeg, origSize=126254
x-guploader-uploadid: ADPycduGWpH62vZorL3mcHHxa3aoc6KpmBDm3ylWRmKgfCUPgsmJz-wI8k6vmE92ons6iY-ZdMQlW8KXiJ6E_jLD0rQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 30756
last-modified: Tue, 19 Oct 2021 11:44:31 GMT
server: cloudflare
etag: "35a7772fb0974c7a20025ae19f44fc7f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eWVxy1PPg%2B2XwcnAPv0MfBEwmOeW4zsRJNepTBFJZGi4eonZ6TGbN3L7exsF9QA%2ByBs3sl63yGePNPn%2FMhS7cG3ofkQrh3PRqbhCZzSUvJXmdTei2eHJaDNKDC4JZCiXyQiFpsBowsMrzH4n"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1634643871094003
content-type: image/webp
expires: Sat, 27 Nov 2021 02:49:55 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 126254
accept-ranges: bytes
cf-ray: 6b3fce66e92d694f-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1

200
OK

postview.gif
portal.o2online.de/nws/img/ Frame 6B0A
Redirect Chain

https://www.telefonica-partner.de/tpv.php?t=117699V1226132702M&subid=oneidjBzSEfVAgTezJsYHEH2t6tRRGcKTzTDZ1f9oneid__asuidSWIE4VMeI0wT2zb1qq2odulCFuRVYRapasuid__suite_Netmix_Reach94_WKZREACH&gdpr_co...
https://www.lead-alliance.net/tpv.php?t=117699V1226132702M&subid=oneidjBzSEfVAgTezJsYHEH2t6tRRGcKTzTDZ1f9oneid__asuidSWIE4VMeI0wT2zb1qq2odulCFuRVYRapasuid__suite_Netmix_Reach94_WKZREACH&gdpr_consen...
https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=117699&s_id=2021112603495559229241833X117699V1226132702MSoneidjBzSEfVAgTezJsYHEH2t6tRRGcKTzTDZ1f9oneid__asuidSWIE4...
https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_AFF_POV_EXA_15008&mediacode=AFF_la_117699_-HTLP&utm_term=AFF_la_117699_-HTLP&utm_content=O2_AFF_POV_EXA_15008&spid=202111260349555922924...

43 B
803 B

29ms
8ms

Image
image/gif

82.113.101.132
TDDE-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_AFF_POV_EXA_15008&mediacode=AFF_la_117699_-HTLP&utm_term=AFF_la_117699_-HTLP&utm_content=O2_AFF_POV_EXA_15008&spid=2021112603495559229241833X117699V1226132702MSoneidjBzSEfVAgTezJsYHEH2t6tRRGcKTzTDZ1f9oneid__asuidSWIE4VMeI0wT2zb1qq2odulCFuRVYRapasuid__suite_Netmix_Reach94_WKZREACH&wfid=117699&ratenzahlung=24
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=170113%2C20833%2C166402&b=Ke2sRfE34CGG8dc5HMHktPtKWqKf8TATwx8fq%2CjBzSEfVAgTezJsYHEH2t6tRRGcKTzTDZ1f9%2CPe7sBf2XzUbK79t9HjHbtMtPPgSZT9TPxDfp&f=k6YF5f1pjUddJMU4HwHetmCXmDXukTjTp7mUR%2Cxb9UQfVY5TQXbHPHdHztDCRRgcJT6TqGKSA%2Cb4xuQfq63S5K2bfYHbHzt8CwwmsxTJT5DMuJ&c=120&d=600&e=SWIE4VMeI0wT2zb1qq2odulCFuRVYRap&g=da1a653b8d160bb8555f99b7a5ba651c%2F15925037179300048360&i=69427%2C20774%2C20773&j=16%2C14%2C14&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach94_WKZREACH&r=1637894994959&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g8yj36cdfewfge8h78h4qpjfqeqfsy0rk1aynj2s924ba8ms69edymbkm3p2gn1283hze5qmkcvs8frsmr0pktq4115g8tj5q5wzkfr4q1x8gxkfenypepbsr3xcm01ydxeqsnz9gt8nq31cj6dvyhcgy3bmakk3ff5fczwqewr1xmfasqfpj6q9c2sj0pt3ggvzzcchaktkkyayy0ng5mwgp8098cv856w12r2k5ny55f4mxf98cbfd21g7gsc7jx0d34s5cfyhn2yg75ne928%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC6r5EUkugYdHyBsXb3wPPooS4B5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMjIwMTA1ODA3NzA2NTk1NKABwq7o3QPIAQmpAmrgQwrozbI-qAMBqgTEAU_QXlCFhAOvq3YzxF6CcV6R3x1BEwWHi_wU24DL3_dnfTVN9Z9_NQqCUZP2BG4yOijcLxmcu5ZdGZzk9WJd7xFoXDZHDTiy5HjMrLWyFqEmRep9YE4DXnprZoRH_hi0k2Jzh3p6Ah9IUPGgReyqv7PS-QL6UnkiPSAbDSkpZ0RvApgogkkFQr_ESACqHz3JGopeo79DhbJSEYVnuzAMk1CfqjBwag7y5wKpxeXozArFZhYZFaYYCsCe74XVz4YQmvl3v0SABs6lwtPbyNuX9AGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1P7kt6DWe7uuPavAqTrcUjMbm5JA%252526client%25253Dca-pub-2201058077065954%252526adurl%25253D&y=1&z=0
Protocol: HTTP/1.1
Server: 82.113.101.132 Offenbach, Germany, ASN6805 (TDDE-ASN1, DE),
Reverse DNS: portal.o2online.de
Software: Apache /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 26 Nov 2021 02:49:55 GMT
Last-Modified: Wed, 26 Aug 2020 10:11:24 GMT
Server: Apache
ETag: "2b-5adc50abeeb00"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: close
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43

Redirect headers

Date: Fri, 26 Nov 2021 02:49:55 GMT
X-NODEIP: 46.4.62.19
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
RM-PrivacyPolicy: https://www.nonstoppartner.net/
P3P: policyref="https://a.nonstoppartner.net/w3c/p3p.a.xml", CP="NOI CUR OUR STP"
Location: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_AFF_POV_EXA_15008&mediacode=AFF_la_117699_-HTLP&utm_term=AFF_la_117699_-HTLP&utm_content=O2_AFF_POV_EXA_15008&spid=2021112603495559229241833X117699V1226132702MSoneidjBzSEfVAgTezJsYHEH2t6tRRGcKTzTDZ1f9oneid__asuidSWIE4VMeI0wT2zb1qq2odulCFuRVYRapasuid__suite_Netmix_Reach94_WKZREACH&wfid=117699&ratenzahlung=24
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Keep-Alive: timeout=10

GET
H2 200 DF9A32151D42BCC835EC0C9BE62CF0094313EE46FD4E5D3DC0F1217B7F8F1AD49F0F4DDF5D50AE1511A12D11F97A6BCA3DF8CE9D056CE7A3DC11AF6ED1255D71
assets.ad4m.at/logo/ Frame 6B0A 9 KB
10 KB 31ms
24ms Image
image/webp 2606:4700:3039::6815:c08f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/DF9A32151D42BCC835EC0C9BE62CF0094313EE46FD4E5D3DC0F1217B7F8F1AD49F0F4DDF5D50AE1511A12D11F97A6BCA3DF8CE9D056CE7A3DC11AF6ED1255D71
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=170113%2C20833%2C166402&b=Ke2sRfE34CGG8dc5HMHktPtKWqKf8TATwx8fq%2CjBzSEfVAgTezJsYHEH2t6tRRGcKTzTDZ1f9%2CPe7sBf2XzUbK79t9HjHbtMtPPgSZT9TPxDfp&f=k6YF5f1pjUddJMU4HwHetmCXmDXukTjTp7mUR%2Cxb9UQfVY5TQXbHPHdHztDCRRgcJT6TqGKSA%2Cb4xuQfq63S5K2bfYHbHzt8CwwmsxTJT5DMuJ&c=120&d=600&e=SWIE4VMeI0wT2zb1qq2odulCFuRVYRap&g=da1a653b8d160bb8555f99b7a5ba651c%2F15925037179300048360&i=69427%2C20774%2C20773&j=16%2C14%2C14&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach94_WKZREACH&r=1637894994959&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g8yj36cdfewfge8h78h4qpjfqeqfsy0rk1aynj2s924ba8ms69edymbkm3p2gn1283hze5qmkcvs8frsmr0pktq4115g8tj5q5wzkfr4q1x8gxkfenypepbsr3xcm01ydxeqsnz9gt8nq31cj6dvyhcgy3bmakk3ff5fczwqewr1xmfasqfpj6q9c2sj0pt3ggvzzcchaktkkyayy0ng5mwgp8098cv856w12r2k5ny55f4mxf98cbfd21g7gsc7jx0d34s5cfyhn2yg75ne928%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC6r5EUkugYdHyBsXb3wPPooS4B5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMjIwMTA1ODA3NzA2NTk1NKABwq7o3QPIAQmpAmrgQwrozbI-qAMBqgTEAU_QXlCFhAOvq3YzxF6CcV6R3x1BEwWHi_wU24DL3_dnfTVN9Z9_NQqCUZP2BG4yOijcLxmcu5ZdGZzk9WJd7xFoXDZHDTiy5HjMrLWyFqEmRep9YE4DXnprZoRH_hi0k2Jzh3p6Ah9IUPGgReyqv7PS-QL6UnkiPSAbDSkpZ0RvApgogkkFQr_ESACqHz3JGopeo79DhbJSEYVnuzAMk1CfqjBwag7y5wKpxeXozArFZhYZFaYYCsCe74XVz4YQmvl3v0SABs6lwtPbyNuX9AGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1P7kt6DWe7uuPavAqTrcUjMbm5JA%252526client%25253Dca-pub-2201058077065954%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c08f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5eeedf9055f9efab9127642b4c44135be9f404caa7ce08e51a5ea734dfd28828

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-goog-hash: crc32c=euqM8A==, md5=F0uw3DVkfiBLCaoSCWVgSg==
date: Fri, 26 Nov 2021 02:49:55 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 284961
cf-polished: origFmt=png, origSize=24833
x-guploader-uploadid: ADPycdtGheUqamGqTXYbltZGreVe8X9ixA1WLeN1H7RRqfnZt9FAD9LQvCHzJu0M9vObtJjYgRW6jIEw3aQMsIGrnxySjGZWow
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 9258
last-modified: Tue, 09 Feb 2021 15:11:57 GMT
server: cloudflare
etag: "174bb0dc35647e204b09aa120965604a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wLflJuhOYYBpychzzWgiWzce3gN7j%2FTYTZ6LOJ5QE1ZwlKude1jhyPIxBT4MplUlIIqqQxGqy4FBtUgtNgQiDW4vOAOEVJTU%2BUfpyDyogEGk6RznZFmntwNVU1NgNMLqoEFI7cvgoYSH9AVT"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1612883517528266
content-type: image/webp
expires: Sat, 27 Nov 2021 02:49:55 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 24833
accept-ranges: bytes
cf-ray: 6b3fce66e92a694f-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 0AC0DD533161B07A3BB2D72DC66FF10DF997383C63884E78FDBEF4BEDA8ED904DC259BD68D098814FB574FED8B566E90A3C1272EA9C368275203F9D628BB015E
assets.ad4m.at/product_image/ Frame 6B0A 19 KB
19 KB 26ms
19ms Image
image/webp 2606:4700:3039::6815:c08f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/0AC0DD533161B07A3BB2D72DC66FF10DF997383C63884E78FDBEF4BEDA8ED904DC259BD68D098814FB574FED8B566E90A3C1272EA9C368275203F9D628BB015E
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=170113%2C20833%2C166402&b=Ke2sRfE34CGG8dc5HMHktPtKWqKf8TATwx8fq%2CjBzSEfVAgTezJsYHEH2t6tRRGcKTzTDZ1f9%2CPe7sBf2XzUbK79t9HjHbtMtPPgSZT9TPxDfp&f=k6YF5f1pjUddJMU4HwHetmCXmDXukTjTp7mUR%2Cxb9UQfVY5TQXbHPHdHztDCRRgcJT6TqGKSA%2Cb4xuQfq63S5K2bfYHbHzt8CwwmsxTJT5DMuJ&c=120&d=600&e=SWIE4VMeI0wT2zb1qq2odulCFuRVYRap&g=da1a653b8d160bb8555f99b7a5ba651c%2F15925037179300048360&i=69427%2C20774%2C20773&j=16%2C14%2C14&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach94_WKZREACH&r=1637894994959&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g8yj36cdfewfge8h78h4qpjfqeqfsy0rk1aynj2s924ba8ms69edymbkm3p2gn1283hze5qmkcvs8frsmr0pktq4115g8tj5q5wzkfr4q1x8gxkfenypepbsr3xcm01ydxeqsnz9gt8nq31cj6dvyhcgy3bmakk3ff5fczwqewr1xmfasqfpj6q9c2sj0pt3ggvzzcchaktkkyayy0ng5mwgp8098cv856w12r2k5ny55f4mxf98cbfd21g7gsc7jx0d34s5cfyhn2yg75ne928%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC6r5EUkugYdHyBsXb3wPPooS4B5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMjIwMTA1ODA3NzA2NTk1NKABwq7o3QPIAQmpAmrgQwrozbI-qAMBqgTEAU_QXlCFhAOvq3YzxF6CcV6R3x1BEwWHi_wU24DL3_dnfTVN9Z9_NQqCUZP2BG4yOijcLxmcu5ZdGZzk9WJd7xFoXDZHDTiy5HjMrLWyFqEmRep9YE4DXnprZoRH_hi0k2Jzh3p6Ah9IUPGgReyqv7PS-QL6UnkiPSAbDSkpZ0RvApgogkkFQr_ESACqHz3JGopeo79DhbJSEYVnuzAMk1CfqjBwag7y5wKpxeXozArFZhYZFaYYCsCe74XVz4YQmvl3v0SABs6lwtPbyNuX9AGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1P7kt6DWe7uuPavAqTrcUjMbm5JA%252526client%25253Dca-pub-2201058077065954%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c08f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 769996a987ead923de78ded8af9ebbc0125bfdca436dfadfdc9755fd54270371

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-goog-hash: crc32c=1aKs/g==, md5=nBaxji7Rcg1LrHhoV5P3TA==
date: Fri, 26 Nov 2021 02:49:55 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 290491
cf-polished: qual=85, origFmt=jpeg, origSize=84530
x-guploader-uploadid: ADPycdsLBcmMNa-LqLWpjLfNEf31ggW4MpqYWxXmWVmQhJ6L5cqZJ9JzsdfHQKgBwgWoD4vJvMxYpqUI3KExlZkAYcE
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 19022
last-modified: Wed, 10 Nov 2021 15:00:52 GMT
server: cloudflare
etag: "9c16b18e2ed1720d4bac78685793f74c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BH133ddSGwMQfxpqBuCsyIbgTjTByJxgxrdM9cV4s9m6jLguG5dvc6zz04bx9QL%2FsFmr7MViT1LMCbd65Jz0m4CQQhUlqJzf%2BdOgQJm36QZCva7XoZIn481FwoV%2BJ0E9hud3tUPgcJuW8N0m"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1636556452656256
content-type: image/webp
expires: Sat, 27 Nov 2021 02:49:55 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 84530
accept-ranges: bytes
cf-ray: 6b3fce66e930694f-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1

200
OK

postview.gif
portal.blau.de/nws/img/ Frame 6B0A
Redirect Chain

https://www.telefonica-partner.de/tpv.php?t=113752V1225131106M&subid=oneidPe7sBf2XzUbK79t9HjHbtMtPPgSZT9TPxDfponeid__asuidSWIE4VMeI0wT2zb1qq2odulCFuRVYRapasuid__suite_Netmix_Reach94_WKZREACH&gdpr_c...
https://www.lead-alliance.net/tpv.php?t=113752V1225131106M&subid=oneidPe7sBf2XzUbK79t9HjHbtMtPPgSZT9TPxDfponeid__asuidSWIE4VMeI0wT2zb1qq2odulCFuRVYRapasuid__suite_Netmix_Reach94_WKZREACH&gdpr_conse...
https://partner.blau.de/a/?i=pview&client=blau&camp=pview&l=de&nw=lea1&affiliate=113752&s_id=2021112603495559229241831X113752V1225131106MSoneidPe7sBf2XzUbK79t9HjHbtMtPPgSZT9TPxDfponeid__asuidSWIE4V...
https://portal.blau.de/nws/img/postview.gif?partnerId=BLU_AFF_POV_EXA_35008&mediacode=AFF_la_113752_-HTLP&utm_term=AFF_la_113752_-HTLP&utm_content=BLU_AFF_POV_EXA_35008&spid=20211126034955592292418...

43 B
786 B

31ms
8ms

Image
image/gif

82.113.101.236
TDDE-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.blau.de/nws/img/postview.gif?partnerId=BLU_AFF_POV_EXA_35008&mediacode=AFF_la_113752_-HTLP&utm_term=AFF_la_113752_-HTLP&utm_content=BLU_AFF_POV_EXA_35008&spid=2021112603495559229241831X113752V1225131106MSoneidPe7sBf2XzUbK79t9HjHbtMtPPgSZT9TPxDfponeid__asuidSWIE4VMeI0wT2zb1qq2odulCFuRVYRapasuid__suite_Netmix_Reach94_WKZREACH&wfid=113752
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=170113%2C20833%2C166402&b=Ke2sRfE34CGG8dc5HMHktPtKWqKf8TATwx8fq%2CjBzSEfVAgTezJsYHEH2t6tRRGcKTzTDZ1f9%2CPe7sBf2XzUbK79t9HjHbtMtPPgSZT9TPxDfp&f=k6YF5f1pjUddJMU4HwHetmCXmDXukTjTp7mUR%2Cxb9UQfVY5TQXbHPHdHztDCRRgcJT6TqGKSA%2Cb4xuQfq63S5K2bfYHbHzt8CwwmsxTJT5DMuJ&c=120&d=600&e=SWIE4VMeI0wT2zb1qq2odulCFuRVYRap&g=da1a653b8d160bb8555f99b7a5ba651c%2F15925037179300048360&i=69427%2C20774%2C20773&j=16%2C14%2C14&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach94_WKZREACH&r=1637894994959&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g8yj36cdfewfge8h78h4qpjfqeqfsy0rk1aynj2s924ba8ms69edymbkm3p2gn1283hze5qmkcvs8frsmr0pktq4115g8tj5q5wzkfr4q1x8gxkfenypepbsr3xcm01ydxeqsnz9gt8nq31cj6dvyhcgy3bmakk3ff5fczwqewr1xmfasqfpj6q9c2sj0pt3ggvzzcchaktkkyayy0ng5mwgp8098cv856w12r2k5ny55f4mxf98cbfd21g7gsc7jx0d34s5cfyhn2yg75ne928%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC6r5EUkugYdHyBsXb3wPPooS4B5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMjIwMTA1ODA3NzA2NTk1NKABwq7o3QPIAQmpAmrgQwrozbI-qAMBqgTEAU_QXlCFhAOvq3YzxF6CcV6R3x1BEwWHi_wU24DL3_dnfTVN9Z9_NQqCUZP2BG4yOijcLxmcu5ZdGZzk9WJd7xFoXDZHDTiy5HjMrLWyFqEmRep9YE4DXnprZoRH_hi0k2Jzh3p6Ah9IUPGgReyqv7PS-QL6UnkiPSAbDSkpZ0RvApgogkkFQr_ESACqHz3JGopeo79DhbJSEYVnuzAMk1CfqjBwag7y5wKpxeXozArFZhYZFaYYCsCe74XVz4YQmvl3v0SABs6lwtPbyNuX9AGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1P7kt6DWe7uuPavAqTrcUjMbm5JA%252526client%25253Dca-pub-2201058077065954%252526adurl%25253D&y=1&z=0
Protocol: HTTP/1.1
Server: 82.113.101.236 Offenbach, Germany, ASN6805 (TDDE-ASN1, DE),
Reverse DNS: portal.blau.de
Software: Apache /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 26 Nov 2021 02:49:55 GMT
Last-Modified: Wed, 26 Aug 2020 10:11:24 GMT
Server: Apache
ETag: "2b-5adc50abeeb00"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: close
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43

Redirect headers

Date: Fri, 26 Nov 2021 02:49:55 GMT
X-NODEIP: 46.4.62.19
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
RM-PrivacyPolicy: https://www.nonstoppartner.net/
P3P: policyref="https://a.nonstoppartner.net/w3c/p3p.a.xml", CP="NOI CUR OUR STP"
Location: https://portal.blau.de/nws/img/postview.gif?partnerId=BLU_AFF_POV_EXA_35008&mediacode=AFF_la_113752_-HTLP&utm_term=AFF_la_113752_-HTLP&utm_content=BLU_AFF_POV_EXA_35008&spid=2021112603495559229241831X113752V1225131106MSoneidPe7sBf2XzUbK79t9HjHbtMtPPgSZT9TPxDfponeid__asuidSWIE4VMeI0wT2zb1qq2odulCFuRVYRapasuid__suite_Netmix_Reach94_WKZREACH&wfid=113752
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Keep-Alive: timeout=10

GET
H3 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012111011823000/ Frame 1D9E 189 KB
54 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5841899339949803&output=html&h=600&slotname=7770263321&adk=234424686&adf=2298740071&pi=t.ma~as.7770263321&w=300&lmt=1637894992&psa=0&format=300x600&url=https%3A%2F%2Fxosodaiphat.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637894994110&bpp=1&bdt=373&idt=1&shv=r20211111&mjsv=m202111160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C300x250%2C150x600&nras=1&correlator=2410851921683&rume=1&frm=20&pv=1&ga_vid=1250507266.1637894994&ga_sid=1637894994&ga_hid=1389502024&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1070&ady=714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982000%2C182982200%2C31063782%2C31061691%2C31061693&oid=2&pvsid=2804184704754586&pem=23&tmod=1725400849&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&fsb=1&xpc=MQnS9LD4vN&p=https%3A//xosodaiphat.com&dtd=9

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

98ba8f881333898d751dabe4f8b4cacc4489a9f5b6b4fd1fc67c571dbfec95cf

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 184761
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55592
x-xss-protection: 0
server: sffe
date: Tue, 23 Nov 2021 23:30:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "11dee2040f5fc1d7"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 23 Nov 2022 23:30:34 GMT

GET
H3 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame 1D9E 13 KB
5 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-ad-exit-0.1.mjs

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65f6185cfe1cf88fa7981160dd6fa443e111887215b72953718ea70f8e2ba9f2

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 283059
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4992
x-xss-protection: 0
server: sffe
date: Mon, 22 Nov 2021 20:12:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "858600ba27ef7413"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 22 Nov 2022 20:12:16 GMT

GET
H3 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame 1D9E 89 KB
28 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-analytics-0.1.mjs

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e97fc43ecd2f16948c3a8d2de65e0e5483db4ed5ab174058c178ca1c8665d0b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 162608
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28555
x-xss-protection: 0
server: sffe
date: Wed, 24 Nov 2021 05:39:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "a64e482645fd262b"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 24 Nov 2022 05:39:47 GMT

GET
H3 200 amp-animation-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame 1D9E 71 KB
16 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-animation-0.1.mjs

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce7047f1978917a3b97a424026182cf9eebcc488c8019f0fc85bc2acf78ecd70

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 184294
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16759
x-xss-protection: 0
server: sffe
date: Tue, 23 Nov 2021 23:38:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "6f5521ec42d8a94a"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 23 Nov 2022 23:38:21 GMT

GET
H3 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame 1D9E 5 KB
2 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-fit-text-0.1.mjs

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d76ab4ac854cafef51bbbb5177ea75816df90e3c775294991a016404f2b6bb5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 186205
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1731
x-xss-protection: 0
server: sffe
date: Tue, 23 Nov 2021 23:06:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "cb4f0e89d7d37d9b"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 23 Nov 2022 23:06:30 GMT

GET
H3 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame 1D9E 40 KB
13 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-form-0.1.mjs

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a630b852e94f20cb8140704fd830bf40bfea0a2effaa67d06a0eadafbf3d508

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 186591
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12826
x-xss-protection: 0
server: sffe
date: Tue, 23 Nov 2021 23:00:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "f02165e023e70703"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 23 Nov 2022 23:00:04 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 1D9E 4 KB
765 B 32ms
16ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Squada+One%7COpen+Sans%7CPT+Sans+Narrow:regular

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f15e2112904da8155425b9ea7829b8fc077688936afcc55494851de12e97b28c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 26 Nov 2021 02:49:55 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 26 Nov 2021 02:49:55 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 26 Nov 2021 02:49:55 GMT

GET
H3 200 vi.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 1D9E 3 KB
3 KB 7ms
6ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/vi.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b123d3cd853f7cd9c7d7c92b0ca99a37b4fa7e654fca65be5f1a15fd9253635e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 25 Nov 2021 16:00:09 GMT
x-content-type-options: nosniff
server: cafe
age: 38986
etag: 10932518847931040692
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3099
x-xss-protection: 0
expires: Fri, 26 Nov 2021 16:00:09 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 1D9E 344 B
368 B 7ms
6ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 25 Nov 2021 06:46:14 GMT
x-content-type-options: nosniff
server: cafe
age: 72221
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Fri, 26 Nov 2021 06:46:14 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 1D9E 0
0 33ms
15ms Image
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSefXSW4WtP7NPevFase63Nlg-o7hhOtzmwlAhsM0wzAD6WhkdIsaLkI4L-2gP_Smw3dw1ncatJSGg9FiKnB7E1GvGL7A
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5841899339949803&output=html&h=600&slotname=7770263321&adk=234424686&adf=2298740071&pi=t.ma~as.7770263321&w=300&lmt=1637894992&psa=0&format=300x600&url=https%3A%2F%2Fxosodaiphat.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637894994110&bpp=1&bdt=373&idt=1&shv=r20211111&mjsv=m202111160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C300x250%2C150x600&nras=1&correlator=2410851921683&rume=1&frm=20&pv=1&ga_vid=1250507266.1637894994&ga_sid=1637894994&ga_hid=1389502024&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1070&ady=714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982000%2C182982200%2C31063782%2C31061691%2C31061693&oid=2&pvsid=2804184704754586&pem=23&tmod=1725400849&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&fsb=1&xpc=MQnS9LD4vN&p=https%3A//xosodaiphat.com&dtd=9
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 1D9E 0
17 B 51ms
50ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C40HWUkugYaHOCN2q3gPln6GoD--em6Fmzu2hov4OloLNhYgWEAEg0PCCdWCVAqAB7t6h3QPIAQmpAnniYRstzrI-qAMByAMIqgTLAU_Q7lvhOi0dIu6oUq0_iC60GQD3fd-OVVW-bf-7uJ96Fqcj9gsNXqiXCjAlMhlyPUtGI7NaGLA9gRidg56siUCQ5KjsnGknBQFEt4uChXYUtGZhcUyeiYRiMptgTz1I-A-OwBsTUagUQo7ux6UlLq070cDbCTDTnQmmYaP2PbItjmw_3rAMnZxIIj7YmVi6ccUotwyF3JaGfGW-ZQVhKHNKIaI4LEGHhgs5WIGUZ_ZHvlVfqcag3wuSRL4RvsmC0Hc0j8KB6s2uVp4LwATggdKZ-wOSBQQIBBgBkgUECAUYBKAGLoAH-qDeIqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcA8gcEELnyTNIICQiA4YAQEAEYX4AKAcgLAdgTDdAVAZgWAYAXAbIXHAoaCAASFHB1Yi01ODQxODk5MzM5OTQ5ODAzGAA&sigh=6liyqeV9Ta4&uach_m=[UACH]&template_id=419&uap=UACH(platform)&uapv=UACH(platformVersion)&uaa=UACH(architecture)&uam=UACH(model)&uafv=UACH(uaFullVersion)&uab=UACH(bitness)

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5841899339949803&output=html&h=600&slotname=7770263321&adk=234424686&adf=2298740071&pi=t.ma~as.7770263321&w=300&lmt=1637894992&psa=0&format=300x600&url=https%3A%2F%2Fxosodaiphat.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637894994110&bpp=1&bdt=373&idt=1&shv=r20211111&mjsv=m202111160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C300x250%2C150x600&nras=1&correlator=2410851921683&rume=1&frm=20&pv=1&ga_vid=1250507266.1637894994&ga_sid=1637894994&ga_hid=1389502024&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1070&ady=714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982000%2C182982200%2C31063782%2C31061691%2C31061693&oid=2&pvsid=2804184704754586&pem=23&tmod=1725400849&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&fsb=1&xpc=MQnS9LD4vN&p=https%3A//xosodaiphat.com&dtd=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Fri, 26 Nov 2021 02:49:55 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 1D9E 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7bb62ef5551c264c16fc46bb146099bdbdee776af4de302689a59c7be69d7476

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 logo-de.png
tpc.googlesyndication.com/sadbundle/6913050998060196708/ Frame 1D9E 12 KB
12 KB 9ms
7ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/6913050998060196708/logo-de.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1559c220a5abcf68675dc5732aed02e625d8e4d9bd3181128e9fac89e962a0f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 08:19:32 GMT
x-content-type-options: nosniff
age: 325823
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12566
x-xss-protection: 0
last-modified: Thu, 04 Nov 2021 11:35:08 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 22 Nov 2022 08:19:32 GMT

GET
H3 200 bg300.jpg
tpc.googlesyndication.com/sadbundle/6913050998060196708/ Frame 1D9E 3 KB
4 KB 9ms
8ms Image
image/jpeg 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/6913050998060196708/bg300.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d10aca716be9c71a2b2fc13c2da708aa2b1d6a533f20218be5c9cccd9fded0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 08:19:32 GMT
x-content-type-options: nosniff
age: 325823
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3559
x-xss-protection: 0
last-modified: Thu, 04 Nov 2021 11:35:08 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 22 Nov 2022 08:19:32 GMT

GET
H3 200 cyber.png
tpc.googlesyndication.com/sadbundle/6913050998060196708/ Frame 1D9E 44 KB
44 KB 11ms
10ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/6913050998060196708/cyber.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d12a905b586a40a63c4819b2cc7ae4ab553e0a5f031e8209f201219cd63f069e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 08:19:32 GMT
x-content-type-options: nosniff
age: 325823
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44735
x-xss-protection: 0
last-modified: Thu, 04 Nov 2021 11:35:08 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 22 Nov 2022 08:19:32 GMT

GET
H3 200 20prozent.png
tpc.googlesyndication.com/sadbundle/6913050998060196708/ Frame 1D9E 26 KB
26 KB 12ms
11ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/6913050998060196708/20prozent.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

def4bcc86bbc1a25273cff2fad054d9cf38c8c69ffab6ae4314eb38017d541f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 08:19:32 GMT
x-content-type-options: nosniff
age: 325823
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26395
x-xss-protection: 0
last-modified: Thu, 04 Nov 2021 11:35:08 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 22 Nov 2022 08:19:32 GMT

GET
H3 200 Button.png
tpc.googlesyndication.com/sadbundle/6913050998060196708/ Frame 1D9E 1 KB
2 KB 12ms
11ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/6913050998060196708/Button.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d4b9ea07a296feb543a187408fe7092983c17aa4266456b7377f31b0a298d05c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 08:19:32 GMT
x-content-type-options: nosniff
age: 325823
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1515
x-xss-protection: 0
last-modified: Thu, 04 Nov 2021 11:35:08 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 22 Nov 2022 08:19:32 GMT

GET
H3 200 BngRUXNadjH0qYEzV7ab-oWlsbCGwR0.woff2
fonts.gstatic.com/s/ptsansnarrow/v12/ Frame 1D9E 35 KB
35 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsansnarrow/v12/BngRUXNadjH0qYEzV7ab-oWlsbCGwR0.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Squada+One%7COpen+Sans%7CPT+Sans+Narrow:regular

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5818f55583b8a82745bf0b1d9cbc07c0411088fb5a837ff5a15b5a745ccdcd58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:43:48 GMT
x-content-type-options: nosniff
age: 241567
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36268
x-xss-protection: 0
last-modified: Thu, 10 Sep 2020 17:08:52 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 23 Nov 2022 07:43:48 GMT

GET
H3 200 memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v27/ Frame 1D9E 16 KB
16 KB 10ms
10ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v27/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Squada+One%7COpen+Sans%7CPT+Sans+Narrow:regular

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cce577471c2586f3e0c2518fff84a970d33f61491fb8c629341b86f238cf07c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 19 Nov 2021 13:44:20 GMT
x-content-type-options: nosniff
age: 565535
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16692
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 00:32:10 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 19 Nov 2022 13:44:20 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 1D9E 0
17 B 14ms
13ms Ping
image/gif 2001:4860:4802:32::3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?s=ampad&ctx=2&puid=1~1637894995161&qqid=CKG_uKqCtfQCFV2Vdwod5U8I9Q&rt=any.link.oz.g.8.8.0.0.174k.16w8~any.script.oz.i.2.g.0.0.430.3uo~any.script.oz.l.5.e.0.0.m9j.m17~any.script.oz.l.3.f.0.0.d5v.cxj~any.script.p0.k.1.f.0.0.1kf.1c3~any.script.p0.l.1.f.0.0.a4m.9wa~any.link.p0.w.1.h.e.0.st.kh~any.img.p0.b.1.6.0.0.2mf.2e3~any.img.p0.b.1.6.0.0.hw.9k~any.img.p0.10.q0.0.0.0.0.0~any.img.p0.1j.1.1e.0.0.8c.0~any.css.pv.d.3.8.0.0.9xe.9p2~any.css.pv.d.2.8.0.0.2z7.2qv~any.css.pv.f.3.a.0.0.yqz.yin~any.css.pv.f.1.b.0.0.klj.kd7~any.css.pv.f.1.b.0.0.1ef.163~any.css.qh.a.3.7.0.0.s7s.rzg~any.css.qi.c.2.a.0.0.d40.cvo&met.a4a=dcl.905~ol.969~nvs.1637894994120~ini.1637894995161
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012111011823000/v0/amp-analytics-0.1.mjs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 26 Nov 2021 02:49:55 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 636A 42 B
64 B 42ms
41ms Fetch
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssMeYUCIJh1C0D27FCigC_nbuNc84NhlHNAQWzqGtNyRFTGnOvvW2QRPD-qToQW0YDX3adGgg9mlXRD1LONB73LcwZ_eU5GbVgTrmDEsDgIS3Py56jnqw&sai=AMfl-YRPonmGFDNTTbG82zPRc0XIGM6FtJzTosP8DOZGpe9QEierEBCr8KDhyqF314R_zAT_VVTF3ax7NIV5&sig=Cg0ArKJSzICFVDBYhUw_EAE&id=lidar2&mcvt=1000&p=0,0,250,300&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20211110&bin=7&avms=nio&bs=0,0&mc=0.78&if=1&app=0&itpl=22&adk=3195374438&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1637894994008&rpt=628&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 Nov 2021 02:49:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame D305 42 B
64 B 41ms
41ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu6GvGqUp--qFhz7Qyz65XVW05dC9i4ob1lFt7xiFn7DJIVJl7iYV5BADmWp2IDJiRsVD2XnvyIV04yXWJ3m-Tx8ObYAxBmqvRwwgAo2fKH3kGW9H1Rdg&sai=AMfl-YRmjvkd2s5v24d28oSQi8ilXv9_OPqkDmwx7Tj__z-Pi1hKDg8GIK85_f6JMsNL3_isoGIPDLjGbcDm&sig=Cg0ArKJSzAopZMQsVky7EAE&id=ampim&o=642,10&d=728,90&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=175&tls=1175&g=100&h=100&tt=1176&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&adk=445279611

Requested by

Host: xosodaiphat.com
URL: https://xosodaiphat.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 Nov 2021 02:49:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 1D9E 42 B
64 B 46ms
46ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss3mwPKk2S8S1z__WeuxuDZF5GhMfyvHlrETMg4lCk17vq6f661HdKEmOn6W-ZhJgANPwsobEp3YoeZNg3TqhYJf7Aki4xL8K5cXeal0cQelZGuEy2lJQ&sai=AMfl-YRWDNw8a_HFp-AJM_rhGW-OLV8q30co4S9lhQ5rcD_LejOq09ukJGek1DsItlSnBvsm5loQ0A3dq7y8WtAGBwKod6OK5aekiG4&sig=Cg0ArKJSzA7y75wuLziZEAE&cid=CAASF-Roaroa353ZrDbtjgqWqPP5Zq5LeAoK&id=ampim&o=1070,714&d=300,600&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,1001,1001,1001&tos=0,0,1001,0,0&tfs=112&tls=1113&g=81.00000023841858&h=81.00000023841858&tt=1113&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&adk=234424686

Requested by

Host: xosodaiphat.com
URL: https://xosodaiphat.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 Nov 2021 02:49:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 12 KB
9 KB 17ms
17ms XHR
application/json 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211111&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

413a3b3c55a07020def194b7fb153bc26a64fdcc166de0da68c37d77bc4c7ee9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 26 Nov 2021 02:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9144
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 02:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Fri, 26 Nov 2021 02:49:57 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame FCAE 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Thu, 25 Nov 2021 20:35:24 GMT
expires: Fri, 25 Nov 2022 20:35:24 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 22473
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 75C1 783 B
535 B 21ms
21ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

bb2c3c83494ed2cd6a2b632c84bb5086b4e759afbca0673f57ca859891be7e93

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-aAAwMcVka34jPt3SNKzm0g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Fri, 26 Nov 2021 02:49:57 GMT
date: Fri, 26 Nov 2021 02:49:57 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-aAAwMcVka34jPt3SNKzm0g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js Show response
pagead2.googlesyndication.com/bg/ Frame FCAE 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94aecf77b07e1fff7205a23f352b215383978a661ecc5bb51e616e35750b39ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 11:33:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54974
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13508
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 25 Nov 2022 11:33:43 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 75C1 0
0 30ms
30ms Image
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20211111&jk=2804184704754586&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 42ms
42ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20211111&jk=2804184704754586&bg=!zs2lzYnNAAZQLpa_UC47ACkAdvg8WgnryO51V6LIxETATSLqUbiTBuJj7EB233IgEeWr2FMExMKhmgIAAABaUgAAAApoAQcKACuz3fSHXwLvP-y3lE3oyLemuwkZlCdSbvFQw5PVGqq9ZrBOx7p92vq0XUNLmQJ6RdAC31mVqk4KheXfONfOj3EnLDu28Lgyk7_R39xeKiepXKG7gfh5wdvSqcvwQzqFogKwQQ2wGW85MdOs_kDZG9MGYJuWYC86O8bSFPzGSxcJBjyuF0MPAnGdMUWBqa2RNTspEKyNI2Rm6wTMljkSlzXoaw23wAF8u8jmSnRKGK4D3U85JIxoNpUB5IGvPZhKvAiyHf1ecJrkcy5pMMXuMeNfN6pW8suAhp27ZbxcrCkmkDipXCZ0n3tNTujfjtEvu9QFk-aLMx6YpZZwSZZFI9RKI_XGgov-iB2EcTI3CepyeMaYKVBttISol_JvUrchfPJAcembe7ctT7BeRSw1LbRbSEDfcQzX47k7e5f3xJEgRVNRvltLh9rL3YNJ3ZzH6WFnjU-ISrUKdCjs1pN3t3s-IKMIAT00NKoW84Cpo3HjHxAMmnPP0WOxdxtPru9FuO7sFbEF1elCGXthQL5ph3D-Fy3kgYT5brESFBXHrUgwHFfzmyZMKX9n7epFN7kirkX1IxhvxWMOe8VvAeVngYAZAd2XX4OU4BZ0lxQJrFsjX7f6U0tJdzuvt76rviCo-_5ElLsq9Vl9zqJEnXuSPJyj39QZlATRGcAAEcoLRhWaAr_h-ajLtKM_0JIs5cqzpRFai51ydQNTdrNIQVO1d9G2h0PhbytRFAja0UlMKzm27Y0pShsq6RKj-BXU7v2Yifoqux7qEhgaWIy8kiGuqsNe9eMXf-Hql3YbZoNYE3qso966L0EbgSLdV-hmzudupOzDKm0mWNzqicYzVD_3s8ZtTzE29rNpsoPkDNwu4bOzkZbpXM3b-HtWxs4nY5Dz0UbAUIiHfQwUew

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://xosodaiphat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 Nov 2021 02:49:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ 0
17 B 14ms
14ms Ping
image/gif 2001:4860:4802:32::3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&top=1&puid=1~kwfse1u5&c=2804184704754586&e=182982000%2C182982200%2C31063782%2C31061691%2C31061693&ctx=1&met.9=1.3n1~13.3ol~2.3pj~3_1.3tr~7_1.0&met.3=779.3nn~165.3nr_3~166.3nh_n~831.3pl~827.3pn~77.3pn~895.3pq~894.3pq~215.3qc~843.3qb_1~326.3r6_1~164.3r4_4~191.3r3_5~161.3r8~868.3rb~889.3ri~639.3rm~914.3rm~326.3rn~164.3rn~165.3rm_2~161.3rn~868.3ro~889.3rr~639.3rw~914.3rw~326.3se~164.3sd_1~165.3sd_1~161.3se~868.3sh~889.3si~639.3sl~914.3sl~779.3t4~166.3t2_3~90.3t8~88.3t8~88.3t8~88.3t8~89.3t8~74.3t8_1~44.3t9~49.3t9~43.3t9~91.3ta~95.3ta_1~76.3t8_4~724.3tb_1~724.3tc~724.3tc~872.3tc~895.3te~907.3tg_1~831.3tr~808.3tr~808.3tr~326.3ur~164.3uq_1~165.3uq_1~161.3ur~868.3uu~889.3uz~639.3v1~914.3v1~326.3vh~164.3vg_1~165.3vg_1~161.3vh~868.3vk~889.3vn~639.3vq~914.3vq~629.3vr_1~112.3vu_2&met.10=1_1.IIEnEAAIABiAmHUoAA&met.7=CBsQCMAB2_L-2Ag~CA0QChgBILYkKLYkMOAkOCtAtiRItiRQtiRYyyRgtyRozCRw2iR4mtQBgAHu0QGIAZLqBLABAbgBA8AB4dvm3Qs~CAEQChgBILYkKLYkMPckOEFAtiRItiRQtiRYyiRgtyRoyyRw7CR47ZMDgAHBkQOIAZ39CLABAbgBA8AB3o6_mwE~CBsQCiC4JDhMwAHZ67DzCg~CA4QChgBIO4kKO4kMLQlOEZQ-yRYjiVg_CRojiVwoSV4858HgAHHnQeIAY_BFbABAbgBA8ABsZLg_QE~CDwQDRgBIPEkKPEkMJslOCtA8SRI8iRQ8iRYhyVg8iRohyVwmyV4swOAAYcBiAH0AbABAbgBA8AB6NSvzQk~CAMQChgBIIklKIklMMklOEBonCVwuiV4ipEGgAHejgaIAcL_ELABAbgBA8ABsJaQuA4~CAwQBRgBIJQlKJQlMKQmOJABQJwlSJwlUJwlWJwmYJ0laJ0mcKMmeL8ogAGTJogBs1WwAQG4AQPAAaPDgs8H~CBsQDSCkJTgOwAGAkfKHCA~CCgQDRgBILMlKLMlMK8mOHvAAeKygLkD~CCgQChgBIM0lKM0lMOUlOBlQzyVY3SVgzyVo3SVw4yV4-q4BgAHOrAGIAb3FA7ABAbgBA8ABm-H6cA~CBsQChgBIP4lKP4lMMMmOEZAgCZIjiZQjiZYoiZgjiZooiZwviZ4j6ABgAHjnQGIAe6gA7ABAbgBA8ABoNj1Fg~CBwQChgBIIQmKIQmMI0mOAlohCZwiyZ4haUBgAHZogGIAbiiA7ABAbgBA8ABvK2evQk~CBsQChgBIIgmKIgmMKkmOCFomCZwqCZ47gOAAcIBiAHNAbABAbgBA8AB5Krg8AI~CC8QBxgBIIsmKIsmMLEmOCZAjCZIjSZQjSZYoSZgjSZooiZwsSZ4kAOAAWSIAWuwAQG4AQPAAe21srAK~CC8QBxgBIIsmKIsmMLEmOCVAjSZIjSZQjSZYoSZgjSZooiZwsCZ4kAOAAWSIAWuwAQG4AQPAAZv_iccH~CAEQChgBIKcmKKcmMOAmODlQpyZYtiZgqCZotiZw2CZ4mpIDgAHujwOIAZb6CLABAbgBA8AB3o6_mwE~CBsQCiCnJjgtwAGhi8PyDA~CBsQChgBIKgmKKgmMNAmOCjAAcW4wtsF~CBsQChgBIKgmKKgmMNQmOCzAAc3ar_UH~CAUQBRgBIJEmKJEmMPsmOGponSZw-yZ4rAKwAQG4AQPAAZDHsvAI~CBsQBRgBIOAmKOAmMJcnODZA4SZI8SZQ8SZYhydg8SZoiCdwlid40BqAAaQYiAHOL7ABAbgBA8ABud6X0As~CC8QBxgBIKEnKKEnMMQnOCNQoidYsidgoidotSdwxCd4kAOAAWSIAWuwAQG4AQPAAe21srAK~CC8QBxgBIKEnKKEnMMcnOCVQoydYsydgoydotydwxid4kAOAAWSIAWuwAQG4AQPAAZv_iccH~CBsQBiD8JTjcAcABqpmanAk~CBsQChgBILQnKLQnMNcnOCPAAZfhm4gI~CA8QDRgBIN8mKN8mMJ0oOL4BaOAmcJwoeLQEgAGIAogB4QOwAQG4AQPAAb_emusG~CBsQCiCoJjiIA8ABs4W25go~CAUQBRgBILUmKLUmMPkpOMQDULYmWMQmYLYmaMYmcPUpeNGAAoABpf4BiAH04wWwAQG4AQPAAZDHsvAI~CAUQBRgBIJsmKJsmMPopON8DaJ4mcPcpeLNrgAGHaYgBpYoEsAEBuAEDwAGQx7LwCA~CBsQBiCnJjjgBMAB5o_M5gw~CAUQBRgBII0nKI0nMLsqOK4DaI4ncLoqeJpmgAHuY4gBl4YCsAEBuAEDwAGQx7LwCA~CDEQChgBIMwrKMwrMOQrOBhQzCtY2itgzCto2ytw4it40DuAAaQ5iAHSowGwAQG4AQPAAaOOlacM~CAUQBRgBIKUnKKUnMJkuOPQGaKkncJgueJFtgAHlaogBlY0EsAEBuAEDwAGQx7LwCA~CBsQBiD7JTjOEMABtsnC0Qs~CBsQBiD7JTj7EMAB-Y6BgQg~CBsQBiD7JTj8EMABxfTs0Q0~CBsQBiD7JTiAEcABiZbfsg8~CBsQBiD6JTiPEsAB55Tpew~CBsQBiD7JTiYEsABxuSSswk~CBsQCiCoJjikEsABnYy_4ws~CBsQCiCoJjirEsAB9sSZeA~CBsQCiCoJjiqE8ABg_WunQ8~CBsQBiD7JTjjE8ABnMzlew~CBsQCiCnJjj7E8AB0sv3qQs~CBsQCiCoJjj7E8ABmsbAgAo~CBsQAiDsJjjAE8ABhPjL5wM~CBsQAiDAJzjbE8ABu-jPxAQ~CBsQCiCnJjixFsAB_JuTmww~CBsQBiD7JTjAG8ABsrXy5gQ~CBsQBiD8JTiaHMAB-86szgg~CBsQCDiYQsAB2_L-2Ag~CCcQDRgBIJdCKJdCMKpCOBJomEJwqUJ45EmAAbhHiAGAXrABAbgBA8AB8_LLrgs~CCcQChgBIKxCKKxCMMJCOBbAAeLBm9oF~CCcQBRgBIMlCKMlCMNFCOAjAAdT_u6UH~CBsQBRgBIMtCKMtCMOFCOBfAAc_G2uIB~CBwQBhgBIN5DKN5DMIlEOCto30NwiUR4rAKwAQG4AQPAAZSE4rUO&met.1=1.kwfsdxyb~6.2mr~7.2ms~8.2ms~9.2ms~10.34u~11.2ms~12.34u~13.3l0~14.3qx~15.3l2~16.60q~17.60q~18.60z~19.6jb~20.6jb~21.6jc~22.3si~23.3si&qqid.1=CLGhtKqCtfQCFatM5QodhrYAog
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://xosodaiphat.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 26 Nov 2021 02:49:58 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ 0
17 B 14ms
14ms Ping
image/gif 2001:4860:4802:32::3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&top=1&puid=1~kwfse1u8&c=2804184704754586&e=182982000%2C182982200%2C31063782%2C31061691%2C31061693&ctx=1&met.3=112.3vx_1~779.3wd~779.3wn~166.3wm_2~646.3z1_1~800.3z3~800.3z3~800.3z4~800.3z4~800.3z4~801.3z4~825.3z4~801.3z4~355.3z5~825.3z4~647.3z5~168.46x_1~168.46x_1~168.46y~168.46y~168.46y~168.46y~168.46y~168.46y~168.46y~168.46y~168.46y~168.46y~168.46y~168.46y~168.46y~168.46y~168.46y~168.46y~168.46y~168.46y~168.46y~168.46y~168.46y~168.46y~168.46y~168.46y~168.4fa~168.4fa~168.4fa~168.4fa~168.4fa~168.4fa~168.4fa~168.4fa~168.4fa~168.4fa~168.4fa~168.4fa~168.4fa~168.4fa~168.4fa~168.4fa~168.4fa~168.4fa~168.4fa~168.4fa~168.4fa~168.4fa~168.4fa~168.4fa~168.4fa~168.4fa~334.60w~94.6jb~113.6je_1~113.6je_1&met.7=CBsQCMAB2_L-2Ag~CA0QChgBILYkKLYkMOAkOCtAtiRItiRQtiRYyyRgtyRozCRw2iR4mtQBgAHu0QGIAZLqBLABAbgBA8AB4dvm3Qs~CAEQChgBILYkKLYkMPckOEFAtiRItiRQtiRYyiRgtyRoyyRw7CR47ZMDgAHBkQOIAZ39CLABAbgBA8AB3o6_mwE~CBsQCiC4JDhMwAHZ67DzCg~CA4QChgBIO4kKO4kMLQlOEZQ-yRYjiVg_CRojiVwoSV4858HgAHHnQeIAY_BFbABAbgBA8ABsZLg_QE~CDwQDRgBIPEkKPEkMJslOCtA8SRI8iRQ8iRYhyVg8iRohyVwmyV4swOAAYcBiAH0AbABAbgBA8AB6NSvzQk~CAMQChgBIIklKIklMMklOEBonCVwuiV4ipEGgAHejgaIAcL_ELABAbgBA8ABsJaQuA4~CAwQBRgBIJQlKJQlMKQmOJABQJwlSJwlUJwlWJwmYJ0laJ0mcKMmeL8ogAGTJogBs1WwAQG4AQPAAaPDgs8H~CBsQDSCkJTgOwAGAkfKHCA~CCgQDRgBILMlKLMlMK8mOHvAAeKygLkD~CCgQChgBIM0lKM0lMOUlOBlQzyVY3SVgzyVo3SVw4yV4-q4BgAHOrAGIAb3FA7ABAbgBA8ABm-H6cA~CBsQChgBIP4lKP4lMMMmOEZAgCZIjiZQjiZYoiZgjiZooiZwviZ4j6ABgAHjnQGIAe6gA7ABAbgBA8ABoNj1Fg~CBwQChgBIIQmKIQmMI0mOAlohCZwiyZ4haUBgAHZogGIAbiiA7ABAbgBA8ABvK2evQk~CBsQChgBIIgmKIgmMKkmOCFomCZwqCZ47gOAAcIBiAHNAbABAbgBA8AB5Krg8AI~CC8QBxgBIIsmKIsmMLEmOCZAjCZIjSZQjSZYoSZgjSZooiZwsSZ4kAOAAWSIAWuwAQG4AQPAAe21srAK~CC8QBxgBIIsmKIsmMLEmOCVAjSZIjSZQjSZYoSZgjSZooiZwsCZ4kAOAAWSIAWuwAQG4AQPAAZv_iccH~CAEQChgBIKcmKKcmMOAmODlQpyZYtiZgqCZotiZw2CZ4mpIDgAHujwOIAZb6CLABAbgBA8AB3o6_mwE~CBsQCiCnJjgtwAGhi8PyDA~CBsQChgBIKgmKKgmMNAmOCjAAcW4wtsF~CBsQChgBIKgmKKgmMNQmOCzAAc3ar_UH~CAUQBRgBIJEmKJEmMPsmOGponSZw-yZ4rAKwAQG4AQPAAZDHsvAI~CBsQBRgBIOAmKOAmMJcnODZA4SZI8SZQ8SZYhydg8SZoiCdwlid40BqAAaQYiAHOL7ABAbgBA8ABud6X0As~CC8QBxgBIKEnKKEnMMQnOCNQoidYsidgoidotSdwxCd4kAOAAWSIAWuwAQG4AQPAAe21srAK~CC8QBxgBIKEnKKEnMMcnOCVQoydYsydgoydotydwxid4kAOAAWSIAWuwAQG4AQPAAZv_iccH~CBsQBiD8JTjcAcABqpmanAk~CBsQChgBILQnKLQnMNcnOCPAAZfhm4gI~CA8QDRgBIN8mKN8mMJ0oOL4BaOAmcJwoeLQEgAGIAogB4QOwAQG4AQPAAb_emusG~CBsQCiCoJjiIA8ABs4W25go~CAUQBRgBILUmKLUmMPkpOMQDULYmWMQmYLYmaMYmcPUpeNGAAoABpf4BiAH04wWwAQG4AQPAAZDHsvAI~CAUQBRgBIJsmKJsmMPopON8DaJ4mcPcpeLNrgAGHaYgBpYoEsAEBuAEDwAGQx7LwCA~CBsQBiCnJjjgBMAB5o_M5gw~CAUQBRgBII0nKI0nMLsqOK4DaI4ncLoqeJpmgAHuY4gBl4YCsAEBuAEDwAGQx7LwCA~CDEQChgBIMwrKMwrMOQrOBhQzCtY2itgzCto2ytw4it40DuAAaQ5iAHSowGwAQG4AQPAAaOOlacM~CAUQBRgBIKUnKKUnMJkuOPQGaKkncJgueJFtgAHlaogBlY0EsAEBuAEDwAGQx7LwCA~CBsQBiD7JTjOEMABtsnC0Qs~CBsQBiD7JTj7EMAB-Y6BgQg~CBsQBiD7JTj8EMABxfTs0Q0~CBsQBiD7JTiAEcABiZbfsg8~CBsQBiD6JTiPEsAB55Tpew~CBsQBiD7JTiYEsABxuSSswk~CBsQCiCoJjikEsABnYy_4ws~CBsQCiCoJjirEsAB9sSZeA~CBsQCiCoJjiqE8ABg_WunQ8~CBsQBiD7JTjjE8ABnMzlew~CBsQCiCnJjj7E8AB0sv3qQs~CBsQCiCoJjj7E8ABmsbAgAo~CBsQAiDsJjjAE8ABhPjL5wM~CBsQAiDAJzjbE8ABu-jPxAQ~CBsQCiCnJjixFsAB_JuTmww~CBsQBiD7JTjAG8ABsrXy5gQ~CBsQBiD8JTiaHMAB-86szgg~CBsQCDiYQsAB2_L-2Ag~CCcQDRgBIJdCKJdCMKpCOBJomEJwqUJ45EmAAbhHiAGAXrABAbgBA8AB8_LLrgs~CCcQChgBIKxCKKxCMMJCOBbAAeLBm9oF~CCcQBRgBIMlCKMlCMNFCOAjAAdT_u6UH~CBsQBRgBIMtCKMtCMOFCOBfAAc_G2uIB~CBwQBhgBIN5DKN5DMIlEOCto30NwiUR4rAKwAQG4AQPAAZSE4rUO&met.9=4_1.3z2~5_1.3z4&met.1=1.kwfsdxyb~6.2mr~7.2ms~8.2ms~9.2ms~10.34u~11.2ms~12.34u~13.3l0~14.3qx~15.3l2~16.60q~17.60q~18.60z~19.6jb~20.6jb~21.6jc~22.3si~23.3si
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/rum_fy2019.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://xosodaiphat.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 26 Nov 2021 02:49:58 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm4026b7i8lPDB2_uxj-hNeA7vA&google_gid=CAESEKoM1w9NdJh03RfiDvE9qfQ

Verdicts & Comments Add Verdict or Comment

222 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

26 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.xosodaiphat.com/	1970-01-20 16:29:26	Name: _ga Value: GA1.2.1250507266.1637894994
.xosodaiphat.com/	1970-01-19 22:59:41	Name: _gid Value: GA1.2.1010884714.1637894994
.xosodaiphat.com/	1970-01-19 22:58:15	Name: _gat Value: 1
.google.com/	1970-01-20 03:21:46	Name: NID Value: 511=kBJg_x1u3lmLHtYUSqouOY3g4Ci8hbN50Xa-2bGox6yQzWlLrNk-Oa_LIzVHgTq5pFCQ3HOJdbph9WljM1YTKUxfPVY0-gHY4I9Iggl0tQa8kHK6QYMPM-22ehKWTdNvqIxxujAYm7XYLK2zx2_1jYmwEazdzNBprcm5xY005EQ
.xosodaiphat.com/	1970-01-20 08:19:50	Name: __gads Value: ID=1d5ef22ae54391f6-2208c81ffbcb00d3:T=1637894994:S=ALNI_MaexrgWR6gJMskbY5eDHWk5XkGLcA
.quantserve.com/	1970-01-20 01:07:50	Name: d Value: EFQBCQHoJIEA
.quantserve.com/	1970-01-20 08:28:29	Name: mc Value: 61a04b52-d6aed-fe551-6cde5
.pubmatic.com/	1970-01-19 22:59:41	Name: KTPCACOOKIE Value: YES
.pubmatic.com/	1970-01-20 01:07:50	Name: KADUSERCOOKIE Value: 145C528F-C023-4013-BC6C-F23CDA2AE3F9
.casalemedia.com/	1970-01-20 07:43:50	Name: CMID Value: YaBLUpG2DuFqE1BnQi8IRwAA
.casalemedia.com/	1970-01-20 01:07:50	Name: CMPS Value: 5233
.casalemedia.com/	1970-01-20 01:07:50	Name: CMPRO Value: 1121
.casalemedia.com/	1970-01-19 22:59:41	Name: CMST Value: YaBLUmGgS1IA
.innovid.com/	1970-01-20 01:07:50	Name: uuid Value: 1bcfbdbf-9eeb-4b4e-8f5c-cf6108fbcdc0-20211125 21:49:54
.doubleclick.net/	1970-01-20 08:19:50	Name: IDE Value: AHWqTUlnW5JkEP47WDAgd6ajHCl2S_q_OsRdeCxli40un-g1q4YGqP4SrqYmYZ3-krI
.awin1.com/	1970-01-19 22:59:41	Name: awpv24708 Value: 412871\|1637894995\|891a1700-4e63-11ec-9d39-2236c0dc0c5d
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 417689:2932283
.lead-alliance.net/	1970-01-19 23:08:19	Name: ppv1225 Value: 2021112603495559229241831X113752V1225131106MSoneidPe7sBf2XzUbK79t9HjHbtMtPPgSZT9TPxDfponeid__asuidSWIE4VMeI0wT2zb1qq2odulCFuRVYRapasuid__suite_Netmix_Reach94_WKZREACH
www.lead-alliance.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: rpot6vblc77acuhn8i9qkm2u22
.lead-alliance.net/	1970-01-19 23:08:19	Name: ppv1226 Value: 2021112603495559229241833X117699V1226132702MSoneidjBzSEfVAgTezJsYHEH2t6tRRGcKTzTDZ1f9oneid__asuidSWIE4VMeI0wT2zb1qq2odulCFuRVYRapasuid__suite_Netmix_Reach94_WKZREACH
.blau.de/	1970-01-19 23:08:19	Name: nscT486 Value: v01MTQyMTExMzExMTExMTExMTEwMTQyMTY2MDAwMDAwMDA2MTYzNzg5NDk5NXZsZWExZGUyMDIxMTEyNjAzNDk1NTU5MjI5MjQxODMxWDExMzc1MlYxMjI1MTMxMTA2TVNvbmVpZFBlN3NCZjJYelViSzc5dDlIakhidE10UFBnU1pUOVRQeERmcG9uZWlkX19hc3VpZFNXSUU0Vk1lSTB3VDJ6YjFxcTJvZHVsQ0Z1UlZZUmFwYXN1aWRfX3N1aXRlX05ldG1peF9SZWFjaDk0X1dLWlJFQUNIMTEzNzUy
.blau.de/	1970-01-19 23:08:19	Name: nscQ486 Value: V
.o2online.de/	1970-01-19 23:08:19	Name: nscT485 Value: v01MTQyMTExMzExMTExMTExMTEwMTQyMTY1MDAwMDAwMDA2MTYzNzg5NDk5NXZsZWExZGUyMDIxMTEyNjAzNDk1NTU5MjI5MjQxODMzWDExNzY5OVYxMjI2MTMyNzAyTVNvbmVpZGpCelNFZlZBZ1RlekpzWUhFSDJ0NnRSUkdjS1R6VERaMWY5b25laWRfX2FzdWlkU1dJRTRWTWVJMHdUMnpiMXFxMm9kdWxDRnVSVllSYXBhc3VpZF9fc3VpdGVfTmV0bWl4X1JlYWNoOTRfV0taUkVBQ0gxMTc2OTk
.o2online.de/	1970-01-19 23:08:19	Name: nscQ485 Value: V
.blau.de/	1970-01-19 23:08:19	Name: webShopPV Value: ?partnerId=BLU_AFF_POV_EXA_35008&mediacode=AFF_la_113752_-HTLP&utm_term=AFF_la_113752_-HTLP&utm_content=BLU_AFF_POV_EXA_35008&spid=2021112603495559229241831X113752V1225131106MSoneidPe7sBf2XzUbK79t9HjHbtMtPPgSZT9TPxDfponeid__asuidSWIE4VMeI0wT2zb1qq2odulCFuRVYRapasuid__suite_Netmix_Reach94_WKZREACH&wfid=113752
.o2online.de/	1970-01-19 23:08:19	Name: webShopPV Value: ?partnerId=O2_AFF_POV_EXA_15008&mediacode=AFF_la_117699_-HTLP&utm_term=AFF_la_117699_-HTLP&utm_content=O2_AFF_POV_EXA_15008&spid=2021112603495559229241833X117699V1226132702MSoneidjBzSEfVAgTezJsYHEH2t6tRRGcKTzTDZ1f9oneid__asuidSWIE4VMeI0wT2zb1qq2odulCFuRVYRapasuid__suite_Netmix_Reach94_WKZREACH&wfid=117699&ratenzahlung=24

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://xosodaiphat.com/ Message: The value "160dpi" for key "target-densitydpi" was truncated to its numeric prefix.
rendering	warning	URL: https://xosodaiphat.com/ Message: The key "target-densitydpi" is not supported.
other	warning	URL: https://cdn.ampproject.org/rtv/012111011823000/v0/amp-ad-exit-0.1.mjs(Line 2) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://cdn.ampproject.org/rtv/012111011823000/v0/amp-ad-exit-0.1.mjs(Line 2) Message: Unrecognized feature: 'attribution-reporting'.
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YaBLUpG2DuFqE1BnQi8IRwAABGEAAAAB&google_cver=1&google_push=AYg5qPL2vFfiET32QcoqU1gVQYW2HuxBGbfLoHZlSxU5htzkCnJLN5IfrDq-G6FuAHAZ--iwm4026b7i8lPDB2_uxj-hNeA7vA&google_gid=CAESEKoM1w9NdJh03RfiDvE9qfQ Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad4m.at
adservice.google.com
adservice.google.de
ag.innovid.com
apis.google.com
as.ad4m.at
assets.ad4m.at
bb34734ea2c11f7c2574edea1ad8361c.safeframe.googlesyndication.com
cdn.ampproject.org
cdn.xosodaiphat.com
cdn1.xosodaiphat.com
cm.g.doubleclick.net
cms.quantserve.com
csi.gstatic.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
image6.pubmatic.com
images.dmca.com
odr.mookie1.com
pagead2.googlesyndication.com
partner.blau.de
partner.googleadservices.com
partner.o2online.de
pixel.rubiconproject.com
portal.blau.de
portal.o2online.de
prod-rtb.ad4mat.net
rtb.openx.net
securepubads.g.doubleclick.net
static-de.ad4mat.net
stats.g.doubleclick.net
tpc.googlesyndication.com
www.awin1.com
www.google-analytics.com
www.google.com
www.googletagservices.com
www.gstatic.com
www.lead-alliance.net
www.telefonica-partner.de
xosodaiphat.com
cm.g.doubleclick.net
103.3.252.216
103.90.223.132
142.250.185.98
151.139.242.29
172.217.18.98
198.47.127.19
2001:4860:4802:32::3
23.79.145.223
2600:1901:0:76b9::
2606:4700:20::ac43:444e
2606:4700:3039::6815:c08e
2606:4700:3039::6815:c08f
2620:116:800d:21:8c6e:cf2c:8d6:9fb5
2a00:1450:4001:802::2001
2a00:1450:4001:802::2003
2a00:1450:4001:809::2002
2a00:1450:4001:80e::200e
2a00:1450:4001:810::200a
2a00:1450:4001:811::2001
2a00:1450:4001:811::2002
2a00:1450:4001:812::2001
2a00:1450:4001:827::2002
2a00:1450:4001:829::2004
2a00:1450:4001:82a::2002
2a00:1450:4001:830::2003
2a00:1450:4001:830::200e
2a00:1450:400c:c1b::9a
2a05:d01c:1d8:8102:9b42:ec:9152:470a
34.98.67.61
35.227.252.103
45.121.163.3
46.4.62.19
69.173.144.165
82.113.101.132
82.113.101.236
84.200.5.215
05354d0ba5799a53d6c9396a81ce5b8f1b9513226394cd1ae5c2dd2d5f32b7ed
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
1559c220a5abcf68675dc5732aed02e625d8e4d9bd3181128e9fac89e962a0f8
1ae9b37e892f49eba3b1fd0236469467aabd48f0d685f4b31efded3991ee0a59
2a72e4899e019bb6fc9cdcd7c5edf076a9f2f6ccd80ba31e83736fac06272d34
2bd1aa13c0678aad0a21d546ec44b63d8068279e796aad9bfce2eab4f0cd4bf0
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e8fa2037c41372ddc72ea1e08a477ba37998b54b5416b8cff0554fa5b865e27
2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e
3545782f2c900b11b1597390003b4374f557d82423c85f54d88e25762226e6ad
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
398bfb3bd9d96f3e19e0db843b4f0bddbc25702a5ed80dc69a373b9434b44cb8
3d10aca716be9c71a2b2fc13c2da708aa2b1d6a533f20218be5c9cccd9fded0a
3d76ab4ac854cafef51bbbb5177ea75816df90e3c775294991a016404f2b6bb5
3ed135c9f441baa1c02773d6f893f8b90651ab7542eea67ce821e5ea55dad3c8
3eee78aaf4f9dc8d0d36d3dddbaad9094ace5d91611f9aee6fe0b44b0ed46ccc
413a3b3c55a07020def194b7fb153bc26a64fdcc166de0da68c37d77bc4c7ee9
48de2e96c59ade9a6909479fa8c3348cc639b2ec4137bede0dd555445bc7c8e7
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
55875a2e63363c27cb067d5bcf21a65bd8efffccb7a4de1ef41ae8b159e7023f
5818f55583b8a82745bf0b1d9cbc07c0411088fb5a837ff5a15b5a745ccdcd58
5a98d3f21c2cef2241e0ce7f4cc7fd5dd01596a3f813f5f0665efdd8496844d8
5cedd5abd94d64b07e3779451d057665572b89caa8b445a5e9efa42bad9c4274
5eeedf9055f9efab9127642b4c44135be9f404caa7ce08e51a5ea734dfd28828
63240ec818179aa790e1f0fb516377ded346929437f22cbb8d1a477a27c7daf0
65623c8434f7dadaba113a4521a101729ee3e6635e4412f2ccc99fbe6412d15e
65f6185cfe1cf88fa7981160dd6fa443e111887215b72953718ea70f8e2ba9f2
6afdbd54a64983a71441817c8a89faaef68c26aeb47c03e6dfbba9346fee1460
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
710d59cc71277c8e761e9dde1ba57bf54c4ff65f3fa912baeaff109e80ebd98c
73c146ede619113d141f995f7d2e5107cdb9f88680efbb839f97ba467649d618
73d111ddb8d8a9ea93324ef96b2e16e7b6d273ec597819f302c6692a3f19784d
769996a987ead923de78ded8af9ebbc0125bfdca436dfadfdc9755fd54270371
7bb62ef5551c264c16fc46bb146099bdbdee776af4de302689a59c7be69d7476
7fc32e9f37d967210eb619070da74d279a7015c2c7b78bf1e6b1c285d2cfcadb
7fe94639adeea1bfa2f406b784b11fc34cdf93cc0d02737c746ef13addff0cc5
8194fbd59728c43fc1cd41181bf796f643cc3ce3f7d3356d1e01704e8fc20bcd
88177175318530eaaf6982d35ae603abfe9f6bc476d739081ca8c05f18b10797
8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8
8ca8f65ac7ae342ef5832adab3b49d5b99e7e321abbb73d59f46aa88ec5cbb8d
9324d54eefa0cc1047a69e197c15c7c2321156b73869fb9be3e314ff664c0e89
94aecf77b07e1fff7205a23f352b215383978a661ecc5bb51e616e35750b39ef
977f35f75dfb224977b278c01ff5bd8fb73f53fcaec7480681eb779e34177f23
98ba8f881333898d751dabe4f8b4cacc4489a9f5b6b4fd1fc67c571dbfec95cf
99984969b73a9759568e48a6e5e02f4fdc286cc3bd57f8e0fe94369b8dc920e4
9a630b852e94f20cb8140704fd830bf40bfea0a2effaa67d06a0eadafbf3d508
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b9fa51a141318d7e156e578e0f4206871dadf2550278374f1a3f24654bef2bb
9da212f1d361cf60b62c8fa65aff456435cb01b4be76c106d0fde9a571fe37b0
9e97fc43ecd2f16948c3a8d2de65e0e5483db4ed5ab174058c178ca1c8665d0b
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a76847b773b12bdc5a87c812ce3205d94e9f14afee561fa09cc0216205314e5b
add15135ecdfb15a414271479ac956b23aaeef2824d2f82ec05a511576bab08b
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b086d35c1508ffde18b6939d4f828650e10b5d2e1d1dbfaa913f891eebee7695
b123d3cd853f7cd9c7d7c92b0ca99a37b4fa7e654fca65be5f1a15fd9253635e
b33c75d66b6115b2b04d07e509b8b5def62e5ff9a5feb52c7b4dfedb748fa8ba
b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e
b5ea170a0a49cb1845f9b11b2e221a52333a4dcd7375811615c17c42ae3a04f7
b619711b74745995651589b8bcaff4b40dc8dcc0112a536f1cc364490b02db53
b98c8f3aa7cc2835be32fd3a1488ba31a3de35a3fa0dd643a092c2846c613017
bb2c3c83494ed2cd6a2b632c84bb5086b4e759afbca0673f57ca859891be7e93
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bda3ba039d33faa9c4723f5cd61b53d12370678fb478c16a558944867d46d2a0
c02cae5b2de27b0f12598ab23cf91b1e0e99dda2821e2d17510497e23093cbe7
c139d813498e013df39eea698dab24025cee5520480588f73cac443e222a58d1
c1c197d43cd9d46ad3dc1c004c8a8221f9ecd1dc4531058ee469a441d39cb522
c3079788177f9ffa0349fc9f472435d15a99d4f6d865bde952529ea19cd87600
c4a98a401ef89e5679dc3d31c68231fda80d842aa61d17c5c87d005f80691612
c86bfeabd06ba640332347ce71c397f83fc766be7ba5cd8204d99b940e0fbcb6
c965a7afce089a2751fe9759358f854d3227d1664688808002bab7d422ebb3fe
cb331636b16e9d14d1848d5109039837a3a58d984a1a9b124df2904d84a81a79
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cce577471c2586f3e0c2518fff84a970d33f61491fb8c629341b86f238cf07c0
cd2c7ba960200bf408a026dd9dc0e9122117a7be473f07d4c03185c1641fec50
ce7047f1978917a3b97a424026182cf9eebcc488c8019f0fc85bc2acf78ecd70
d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4
d12a905b586a40a63c4819b2cc7ae4ab553e0a5f031e8209f201219cd63f069e
d338f73505781c499cee314045b394a17ac33afc83f8b35b9a1493aa64599ce0
d4b9ea07a296feb543a187408fe7092983c17aa4266456b7377f31b0a298d05c
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
da51136796bf5af3de9904858e08de69b4c3fc239abf6d24476e92e5df411242
dd382a0b771572febe55bbd91bca06284a52d4ac9bc73128f114914a4b3c7e97
de418fdfa1d02a219d049bb1cd8562182c4201c67f6b9d0e2f67f21a476e1096
def4bcc86bbc1a25273cff2fad054d9cf38c8c69ffab6ae4314eb38017d541f2
df45c2950ea5f45156e62b901bd43ba8550be10f78544756e783b695700638cb
dfca2f54fc3c8a93ff22b1548a99f670a28bcf60b59aa29a922374d9d8e588f9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839
e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00
e8001772f5fd68cdf6f4d82118d7d0b67cc65eb418f3994a4105837e5624894a
e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0
e9d9f5574fa3ad3e99de66c27678acf8e35194099addc3f7e3e00e3cddd3d76d
eba6e0497d3436d47ff6249e94f74b6a1fcd57ac55925dc3cb10811a14d5c217
eda96be0860a403ffae5c2115942be1bccbf6d14c5321b2c071962a105f04fdf
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f15e2112904da8155425b9ea7829b8fc077688936afcc55494851de12e97b28c
f1cfe4f7d3b09de9e3537f0a2303e3e1f23825a794f744340ababa5807de75e1
f7cdf71044448cb736733f5163fff96081d51ba4101567d61d22ee5998a7a399
f7e8843af1d90c9959c28fd895bbc658b21c63883bd348bf378526f44ee611c9
fc271f035f6ebbfef92cb97dd14a25f74c589be5d822329072b23df074be8e6c

xosodaiphat.com Open in urlscan Pro 45.121.163.3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

151 Requests

97 %HTTPS

58 %IPv6

25 Domains

41 Subdomains

33 IPs

5 Countries

1777 kBTransfer

4455 kBSize

26 Cookies

3 Outgoing links

Page URL History

Redirected requests

151 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

xosodaiphat.com Open in urlscan Pro
45.121.163.3 Public Scan

Screenshot
Live screenshot

Full Image

151
Requests

97 %
HTTPS

58 %
IPv6

25
Domains

41
Subdomains

33
IPs

5
Countries

1777 kB
Transfer

4455 kB
Size

26
Cookies

151 HTTP transactions
5 data transactions