live.xem.plus Open in urlscan Pro
2606:4700:e0::ac40:6e25 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://live.xem.plus/
Effective URL:
https://live.xem.plus/
Submission: On March 28 via manual (March 28th 2023, 4:08:45 pm UTC) from TH — Scanned from US

Summary HTTP 189 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 32 IPs in 2 countries across 20 domains to perform 189 HTTP transactions. The main IP is 2606:4700:e0::ac40:6e25, located in United States and belongs to CLOUDFLARENET, US. The main domain is live.xem.plus. The Cisco Umbrella rank of the primary domain is 361569.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on January 26th 2023. Valid for: a year.

This is the only time live.xem.plus was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:e0:... 2606:4700:e0::ac40:6f25	13335 (CLOUDFLAR...) (CLOUDFLARENET)
30	2606:4700:e0:... 2606:4700:e0::ac40:6e25	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	2607:f8b0:400... 2607:f8b0:4006:80d::2002	15169 (GOOGLE) (GOOGLE)
6	2607:f8b0:400... 2607:f8b0:4006:80e::2008	15169 (GOOGLE) (GOOGLE)
2	151.101.129.44 151.101.129.44	54113 (FASTLY) (FASTLY)
25	212.8.250.228 212.8.250.228	49981 (WORLDSTREAM) (WORLDSTREAM)
11	2607:f8b0:400... 2607:f8b0:4006:816::2002	15169 (GOOGLE) (GOOGLE)
7	2607:f8b0:400... 2607:f8b0:4006:81d::200e	15169 (GOOGLE) (GOOGLE)
1 3	18.164.96.18 18.164.96.18	16509 (AMAZON-02) (AMAZON-02)
1	2620:100:a001::c 2620:100:a001::c	19750 (AS-CRITEO) (AS-CRITEO)
10	2607:f8b0:400... 2607:f8b0:4006:824::2002	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4006:81d::2002	15169 (GOOGLE) (GOOGLE)
5	2607:f8b0:400... 2607:f8b0:4006:81e::200a	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:821::2006	15169 (GOOGLE) (GOOGLE)
7	2607:f8b0:400... 2607:f8b0:400f:802::2003	15169 (GOOGLE) (GOOGLE)
6	2607:f8b0:400... 2607:f8b0:4006:80c::2003	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:80f::200a	15169 (GOOGLE) (GOOGLE)
13	2607:f8b0:400... 2607:f8b0:4006:820::2001	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4006:81c::2002	15169 (GOOGLE) (GOOGLE)
2	2620:100:a001... 2620:100:a001::24	19750 (AS-CRITEO) (AS-CRITEO)
1	2620:100:a001::3 2620:100:a001::3	19750 (AS-CRITEO) (AS-CRITEO)
20	2620:100:a001::4 2620:100:a001::4	19750 (AS-CRITEO) (AS-CRITEO)
2	74.119.119.147 74.119.119.147	19750 (AS-CRITEO) (AS-CRITEO)
2	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2620:100:a001... 2620:100:a001::16	19750 (AS-CRITEO) (AS-CRITEO)
5	2620:100:a001::a 2620:100:a001::a	19750 (AS-CRITEO) (AS-CRITEO)
1	2607:f8b0:400... 2607:f8b0:4006:816::2004	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4009:18::7	15169 (GOOGLE) (GOOGLE)
1	167.71.9.19 167.71.9.19	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	142.251.32.102 142.251.32.102	15169 (GOOGLE) (GOOGLE)
2	142.250.80.34 142.250.80.34	15169 (GOOGLE) (GOOGLE)
4	190.2.151.7 190.2.151.7	49981 (WORLDSTREAM) (WORLDSTREAM)
189	32

1 2606:4700:e0::ac40:6f25 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

live.xem.plus	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 2606:4700:e0::ac40:6e25 (United States)

ASN13335 (CLOUDFLARENET, US)

live.xem.plus	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2607:f8b0:4006:80d::2002 (Nutley, United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4006:80e::2008 (Nutley, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.129.44 (United States)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 212.8.250.228 (Rotterdam, Netherlands)

ASN49981 (WORLDSTREAM, NL)
PTR: 212-8-250-228.hosted-by-worldstream.net

ad.vidverto.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2607:f8b0:4006:816::2002 (Nutley, United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2607:f8b0:4006:81d::200e (Nutley, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.164.96.18 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-18-164-96-18.jfk50.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:100:a001::c (United States)

ASN19750 (AS-CRITEO, US)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2607:f8b0:4006:824::2002 (Nutley, United States)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:81d::2002 (Nutley, United States)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4006:81e::200a (Nutley, United States)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:821::2006 (Nutley, United States)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2607:f8b0:400f:802::2003 (Boulder, United States)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4006:80c::2003 (Nutley, United States)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80f::200a (Nutley, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2607:f8b0:4006:820::2001 (Nutley, United States)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:81c::2002 (Nutley, United States)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:100:a001::24 (United States)

ASN19750 (AS-CRITEO, US)

ads.us.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:100:a001::3 (United States)

ASN19750 (AS-CRITEO, US)

rtb.va.us.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2620:100:a001::4 (United States)

ASN19750 (AS-CRITEO, US)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 74.119.119.147 (United States)

ASN19750 (AS-CRITEO, US)

cat.va.us.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:100:a001::16 (United States)

ASN19750 (AS-CRITEO, US)

csm.us.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:100:a001::a (United States)

ASN19750 (AS-CRITEO, US)

pix.us.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:816::2004 (Nutley, United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4009:18::7 (Gary, United States)

ASN15169 (GOOGLE, US)

rr2---sn-vgqsrnld.googlevideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 167.71.9.19 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)

bgstats.mox.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.32.102 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s77-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.80.34 (Glen Cove, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s34-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 190.2.151.7 (Naaldwijk, Netherlands)

ASN49981 (WORLDSTREAM, NL)
PTR: 190-2-151-7.hosted-by-worldstream.net

cdn.vidverto.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
31	xem.plus 1 redirects live.xem.plus — Cisco Umbrella Rank: 361569	493 KB
29	vidverto.io ad.vidverto.io — Cisco Umbrella Rank: 36257 cdn.vidverto.io — Cisco Umbrella Rank: 58720	729 KB
28	criteo.net static.criteo.net — Cisco Umbrella Rank: 642 csm.us.criteo.net — Cisco Umbrella Rank: 2574 pix.us.criteo.net — Cisco Umbrella Rank: 2585	188 KB
26	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 108 tpc.googlesyndication.com — Cisco Umbrella Rank: 135 ade.googlesyndication.com — Cisco Umbrella Rank: 275	329 KB
21	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 29 pubads.g.doubleclick.net — Cisco Umbrella Rank: 455 ad.doubleclick.net — Cisco Umbrella Rank: 166	76 KB
13	gstatic.com csi.gstatic.com www.gstatic.com fonts.gstatic.com	67 KB
6	googleapis.com imasdk.googleapis.com — Cisco Umbrella Rank: 465 fonts.googleapis.com — Cisco Umbrella Rank: 31	696 KB
6	criteo.com gum.criteo.com — Cisco Umbrella Rank: 392 ads.us.criteo.com — Cisco Umbrella Rank: 2472 rtb.va.us.criteo.com — Cisco Umbrella Rank: 5816 cat.va.us.criteo.com — Cisco Umbrella Rank: 2737	82 KB
6	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 25	40 KB
6	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	340 KB
4	google.com adservice.google.com — Cisco Umbrella Rank: 68 www.google.com — Cisco Umbrella Rank: 2	2 KB
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 187	146 KB
3	scorecardresearch.com 1 redirects sb.scorecardresearch.com — Cisco Umbrella Rank: 151	3 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 194	10 KB
2	taboola.com cdn.taboola.com — Cisco Umbrella Rank: 912	198 KB
1	youtube.com www.youtube.com — Cisco Umbrella Rank: 77
1	mox.tv bgstats.mox.tv — Cisco Umbrella Rank: 68622	66 B
1	googlevideo.com rr2---sn-vgqsrnld.googlevideo.com — Cisco Umbrella Rank: 20380	1 MB
1	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 283	17 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 886	601 B
189	20

	Domain	Requested by
31	live.xem.plus	1 redirects live.xem.plus
25	ad.vidverto.io	live.xem.plus ad.vidverto.io imasdk.googleapis.com
20	static.criteo.net	ads.us.criteo.com cdnjs.cloudflare.com static.criteo.net live.xem.plus
13	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com imasdk.googleapis.com
11	googleads.g.doubleclick.net	pagead2.googlesyndication.com live.xem.plus
11	pagead2.googlesyndication.com	live.xem.plus pagead2.googlesyndication.com www.gstatic.com tpc.googlesyndication.com www.googletagservices.com
9	pubads.g.doubleclick.net	imasdk.googleapis.com
7	csi.gstatic.com	imasdk.googleapis.com
6	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
6	www.googletagmanager.com	live.xem.plus www.googletagmanager.com ad.vidverto.io
5	pix.us.criteo.net	ads.us.criteo.com
5	imasdk.googleapis.com	ad.vidverto.io imasdk.googleapis.com
4	cdn.vidverto.io
4	www.gstatic.com	googleads.g.doubleclick.net
3	csm.us.criteo.net	ads.us.criteo.com
3	www.googletagservices.com	googleads.g.doubleclick.net
3	adservice.google.com	pagead2.googlesyndication.com imasdk.googleapis.com
3	sb.scorecardresearch.com	1 redirects cdn.taboola.com live.xem.plus
2	fonts.gstatic.com	ad.vidverto.io
2	ade.googlesyndication.com
2	cdnjs.cloudflare.com	ads.us.criteo.com
2	cat.va.us.criteo.com	ads.us.criteo.com
2	ads.us.criteo.com	googleads.g.doubleclick.net
2	cdn.taboola.com	live.xem.plus cdn.taboola.com
1	www.youtube.com
1	ad.doubleclick.net
1	bgstats.mox.tv
1	rr2---sn-vgqsrnld.googlevideo.com
1	www.google.com	tpc.googlesyndication.com
1	rtb.va.us.criteo.com	live.xem.plus
1	fonts.googleapis.com	googleads.g.doubleclick.net
1	s0.2mdn.net	imasdk.googleapis.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	gum.criteo.com	cdn.taboola.com
189	34

This site contains links to these domains. Also see Links.

Domain
vidverto.io

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-01-26` - `2024-01-26`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2022-12-08` - `2023-12-31`	a year	crt.sh
ad.vidverto.io R3	`2023-01-27` - `2023-04-27`	3 months	crt.sh
*.scorecardresearch.com Amazon RSA 2048 M02	`2023-03-01` - `2024-01-28`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-09` - `2023-06-03`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
*.us.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-16` - `2023-05-14`	3 months	crt.sh
*.va.us.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-21` - `2023-05-23`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-24` - `2023-06-18`	3 months	crt.sh
*.us.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-28` - `2023-06-26`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
*.c.docs.google.com GTS CA 1C3	`2023-03-21` - `2023-05-30`	2 months	crt.sh
bgstats.mox.tv R3	`2023-03-26` - `2023-06-24`	3 months	crt.sh
cdn.vidverto.io R3	`2023-01-26` - `2023-04-26`	3 months	crt.sh

This page contains 13 frames:

Primary Page: https://live.xem.plus/
Frame ID: B0DA6EA86473640DEE966AC6D2D195EA
Requests: 86 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230323/r20190131/zrt_lookup.html
Frame ID: A67B1056C3724FDC9499117BA9E42184
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3073985723087695&output=html&adk=1812271804&adf=3025194257&lmt=1680019718&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=188x945_l%7C188x945_r&format=0x0&url=https%3A%2F%2Flive.xem.plus%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1680019717624&bpp=4&bdt=507&idt=430&shv=r20230323&mjsv=m202303230101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2228020957589&frm=20&pv=2&ga_vid=1265166137.1680019718&ga_sid=1680019718&ga_hid=1515263870&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44777876%2C44759837%2C31073099%2C44785292%2C44786632&oid=2&pvsid=1283966359443228&tmod=1629243669&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=468
Frame ID: 313863B46FA7F9822AE9B418EF8899CC
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.566.2_en.html
Frame ID: 0E71C73EF5ABE8937599D05F46958422
Requests: 40 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230323/r20110914/zrt_lookup.html?fsb=1
Frame ID: 620D881D2E299B7C8FB52FF1E581826C
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230323/r20110914/zrt_lookup.html?fsb=1
Frame ID: CDB96F03B36231CE5CBE0959C9747C13
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230323/r20110914/zrt_lookup.html?fsb=1
Frame ID: D6F546DC93B7BFE7DBB1EDB2FA59D3AB
Requests: 8 HTTP requests in this frame

Frame: https://ads.us.criteo.com/delivery/r/afr.php?z=ZCMRBgACMkgE0ZCjAAKR31FDc6-4d3nsyFIh6w&u=%7CBZRDGtolJZc7cGenhufbo0JM587qgvCG4al7dIvEt8E%3D%7C&c1=vOXRlg0vwJfXohPe4jzvnvp1I2f_Wr_MCcHcizXAxdPlqb0G-YMAokno0p79soXrKbsFb_eKG5UTgxYXWOHTevXjBXGjGbzlLwrelTDmT5MJgVodw4EmnEbk2BWAfx8vuBghNaKQRQim59nl_KYuBd3YIbNhCi66jpvtxEV5qVWWlM7yen0KacbF3SSz__Bf4TqTAjXbn8iabVePw90-HvwggAfwVNXhpIZwzNZL4oL4GpCmSZvtOI7CY3yYfv9zVtxLJ8zsGqN8pKM-RSjjg2NumN5XkRw1DRk2vA6d58xmWifY8kpQ_M1uR_MDaS-zzrXyFRb1J--TLCAsA01Y3LNq-vLtEvu45TtRp6tvVeU7V7N3XKSH3vJwUoAjgnhJ6xNhuKNBEDzbv-2oJ79V-YOmuCtYyUtGspYecE_NKMUKoWpRdrMla01sEpckzdM4gjpzPI2F4gsTb4ASNZyFzZOnE729u8D-3UDOgBUJMtHn9ACQwuv0rS5SiQFrXbgOaRrooduda5j5ljuwPvVfLi12Uw6o2jFlWQMOKiq6I34hmugic3byFK8znRgz-9huQ0lHq8Dahc5kH9QvXKJtkwfqLmY5RB-KCLzRNSon5OgudZUJup8jYSAKsA4Hp2m5v1SdH8hY3gY&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCwCEBBhEjZMjkCKOhxtYP36OK-AGcge-wXKLKp6p0wI23ARABIABgybajiPCj7BKCARdjYS1wdWItMzA3Mzk4NTcyMzA4NzY5NcgBCagDAaoEvAFP0IlzSrpDaCtrA4OlYnGCxZrB-FJgs33ua79PTO27W9bqKWE2iEAQUIYkop7ohdRcG467E5nd9IthQHgyEkiOywvFMtijTTh_P2VrnuVqGvC4TpGJFv7rT03iQMWXkCchouCdo18RHw0lTw-YKmdeZwGceK72YmUNPxXeVENS_pnHaC2UdB7_0BpP5alEZ6YiKon6BxMv-d2GmeOPMWip6GN_dRXlbIMtRADL5ksvg4Fp_QdLtGAmsVqDxIAG9sfYx5fvjaQtoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDQiAYRABMgKKAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3ZOMEUdSyOXhzpjzCHf1Idbq_hAg%26client%3Dca-pub-3073985723087695%26adurl%3D
Frame ID: 0FF6E3B41DC4A9FBE021D03ACA4503FD
Requests: 14 HTTP requests in this frame

Frame: https://ads.us.criteo.com/delivery/r/afr.php?z=ZCMRBgACMkkE0ZCjAAKR33Ju89KmzNoqOw3P-g&u=%7CBZRDGtolJZdjPgzd%2BWa7lxXguA6f4wnh57L0rUtkpRg%3D%7C&c1=vOXRlg0vwJfXohPe4jzvnvp1I2f_Wr_M55cF6o6PKd4qriC-EIosjBIlF-7JjmWKwyOzl0Sjk60RpOTU8v9xn26rFs_LzJyGVMZ06_CHGMNUzZPMZq65nb2EGWwlzvFEh62yCbiTWIdoWuIUmwwAaYADJZeOK9hkZz9LOdMMedARcu0qjeBNqr5ft0dzgiQ44Af-C3f-1RCgG4SGPpKIVx-n0CsbAIR5lEhFXTcGpsK1_NOQz4XOTCV_8kPj6z2ubnsqd2fbFLpm4s9Gb67mjxmScLbg_K6qHwp2RsnMcYdxnA7iEzuC_Jyxbs8xNNv4L0eceF5NIf1F8YEdRijj6sGXgdsqUskkdphv-4vpcGFFugTvrfPh_8-TRJWRMNwcrhgyoG4MmxV11WL7lshgU-VgCG-BuGbosnrUxtv3zkiXq4pNTs2DYGwT9RQsA2wfCvdXRJeaVlJ-2C10CzWnmk-CnOnqN8e1bf41qzNMYsaZNYPJYTmGpszqQTEMTO34GeWM-WgYp-BTe9BFZ80HdsKjB0JBGMSBdoUJQPxqj3_FikXWT6_kxcJOk6SKWCTKFVPseR7hlngJIT0hvcpT-uogyguIHLJ5eVeFiixLtsCzcyppsp2lZ3YZ9HhCug6t9jQXHyjWzC_YasqWzFEnqw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCFBOZBhEjZMnkCKOhxtYP36OK-AGcge-wXKLKp6p0wI23ARABIABgybajiPCj7BKCARdjYS1wdWItMzA3Mzk4NTcyMzA4NzY5NcgBCagDAaoEvgFP0HLuZwcWfHaltz0RWVauxX9E9c-SLv6AmKz9mg8xpfVRYzdwhV34YXKFMo5baYPoBRJsaTXnnZ0AcMMzNE2zEjJzsE4deBeaELPwSn0CaDSDqyZZgxesqlUgSg47EjFMiWo2-QPeeWpCKHjKIxdRp4pWH2N4QvG9k8PeXWwlfC6y4JmC54brZpRZprqz2Vqcc8gjuRYG53fhvcDxR0BhqQSuO0V4GCnFSCTiH2EuBxg5SFRoxb_lPSUoW9zwgAb2x9jHl--NpC2gBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggNCIBhEAEyAooCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0Jr1o0y6dhLOCey9g0xjFTTnjFxw%26client%3Dca-pub-3073985723087695%26adurl%3D
Frame ID: 80C942872D1ECB1157BF378ACFD9E828
Requests: 20 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 3E4B9971B6BF616E621AFF73F0DEFC9E
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: AA152814417524F166DA2949FEEEF096
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/hhrtBw21.html
Frame ID: 1DCF0155823F453649A31A04C4B35B8F
Requests: 3 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.566.2_en.html
Frame ID: 6F0B955B7C5621AF8E163F77E0F8F3F3
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Blog HotNews

Page URL History Show full URLs

http://live.xem.plus/ HTTP 301
https://live.xem.plus/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon
\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

189
Requests

99 %
HTTPS

75 %
IPv6

20
Domains

34
Subdomains

32
IPs

2
Countries

4830 kB
Transfer

10229 kB
Size

17
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://vidverto.io/

Search URL Search Domain Scan URL

URL: https://vidverto.io/?utm_source=vidverto.io_branding&&utm_medium=live.xem.plus

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://live.xem.plus/ HTTP 301
https://live.xem.plus/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 45

https://sb.scorecardresearch.com/b?c1=7&c2=34354936&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1680019718021&ns_c=UTF-8&c3=1&c7=https%3A%2F%2Flive.xem.plus%2F&c8=Blog%20HotNews&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=7&c2=34354936&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1680019718021&ns_c=UTF-8&c3=1&c7=https%3A%2F%2Flive.xem.plus%2F&c8=Blog%20HotNews&c9=

189 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
live.xem.plus/
Redirect Chain

http://live.xem.plus/
https://live.xem.plus/

136 KB
42 KB

386ms
270ms

Document
text/html

2606:4700:e0::ac40:6e25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.xem.plus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e0::ac40:6e25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / DLEMP

Resource Hash

16b1118bbcedc78d0b8e66052547bc3dc9f3cee37f547c3e65bafc67af6a14be

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=3, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7af121fe5b1c6348-ORD
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 28 Mar 2023 16:08:37 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jqk2nnl2PgfMNpJK95LcGxMN7bfr2YDzHdgUmFAS3kSGk5yItLRvjc21g1u7zCMjSDsGfVmdPK019LFMatyRZjeSSkLaKRBJA9xamBSQEEooOMcIMfP2SyaWxyVYC8QtkfRFaF%2Bj51B9cw%2BA"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding Accept-Encoding, Cookie
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-powered-by: DLEMP
x-xss-protection: 1; mode=block

Redirect headers

CF-RAY: 7af121fd189622e5-ORD
Cache-Control: max-age=3600
Connection: keep-alive
Date: Tue, 28 Mar 2023 16:08:36 GMT
Expires: Tue, 28 Mar 2023 17:08:36 GMT
Location: https://live.xem.plus/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jCJ%2F%2FR1t6jbGFzBZL6hPdLKrsIn8qEgnp2NnaL3rdmTlS%2FBdcANXK8iAmVyPj9rzFNHKqxRYKcRv9fN6K1a8numb%2Fgc9XGCm%2BIlTHW31FByXhe0cWRhi8HcdsDXkjHRsNFspAx5GsUzDXgvT"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 style.min.css
live.xem.plus/wp-includes/css/dist/block-library/ 93 KB
13 KB 60ms
56ms Stylesheet
text/css 2606:4700:e0::ac40:6e25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.xem.plus/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
Requested by: Host: live.xem.plus
URL: https://live.xem.plus/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:6e25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / DLEMP
Resource Hash: c324ef26b20264369e4568dc9ef1c5cb1f325f6bc4e8b7c01f7fe93fa353276a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2131002
x-powered-by: DLEMP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 06 Dec 2022 09:35:00 GMT
server: cloudflare
etag: W/"638f0cc4-172a9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LAddYhdcB49I3NzypG2ANwdtgmawdnzFfpmh8Jkl7AJICV8g2oBhXUK6x%2BoNqTUxKG6TSjUTLeTCFmxtMGzxMUlH8jt4BgSJ2OK0GINYT8QI1zjjGniKTEKrv7QIGDelvg3Z7k%2FcuTctOT5U"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7af122001d5a6348-ORD
expires: Mon, 03 Apr 2023 00:11:55 GMT

GET
H2 200 classic-themes.min.css
live.xem.plus/wp-includes/css/ 217 B
555 B 57ms
54ms Stylesheet
text/css 2606:4700:e0::ac40:6e25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.xem.plus/wp-includes/css/classic-themes.min.css?ver=1
Requested by: Host: live.xem.plus
URL: https://live.xem.plus/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:6e25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / DLEMP
Resource Hash: 5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2131002
x-powered-by: DLEMP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 06 Dec 2022 09:35:00 GMT
server: cloudflare
etag: W/"638f0cc4-d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MAn0ru6TM4ivCg4hC26WGWHm0p%2F95iQSVU73fFDeRXRD8stI1gJBin24%2BRloKA190uHolEycQKCicGvtQX%2B8SskfyUTbl8o0J854GyzWfoR%2F2VT73mrkyqtvNviQrXCJluKcrhWfTnQM9Yrn"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7af122001d5c6348-ORD
expires: Mon, 03 Apr 2023 00:11:55 GMT

GET
H2 200 font-awesome.css
live.xem.plus/wp-content/themes/blogmn/assets/css/ 35 KB
7 KB 66ms
63ms Stylesheet
text/css 2606:4700:e0::ac40:6e25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.xem.plus/wp-content/themes/blogmn/assets/css/font-awesome.css?ver=6.1.1
Requested by: Host: live.xem.plus
URL: https://live.xem.plus/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:6e25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / DLEMP
Resource Hash: e2a387f6a7cdac265c90c59daa4f30eeb1d183b8bcce4858384ab51d33c94533

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2131002
x-powered-by: DLEMP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 16 Sep 2022 06:18:54 GMT
server: cloudflare
etag: W/"6324154e-8d64"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CSJlSNWF%2FVvpm2wELk2kwPZpD4MvPmBydV5HcMFuxSrbcz7URqw25a4zCEW1hs2caPBMY4UcsZe96gAST9%2Bb91URfwcH6jlcHGIBYgufA1gu39je1mgCFCgEl%2BH672Jj5CrhNHAIHduqICdW"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7af122001d5e6348-ORD
expires: Mon, 03 Apr 2023 00:11:55 GMT

GET
H2 200 genericons.css
live.xem.plus/wp-content/themes/blogmn/genericons/ 154 B
436 B 63ms
61ms Stylesheet
text/css 2606:4700:e0::ac40:6e25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.xem.plus/wp-content/themes/blogmn/genericons/genericons.css?ver=6.1.1
Requested by: Host: live.xem.plus
URL: https://live.xem.plus/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:6e25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / DLEMP
Resource Hash: 7e3559d6ffac7fc54d6edaa79b6e7330fab33fbdffc174a27c58b25e5b3952d2

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2131002
x-powered-by: DLEMP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 16 Sep 2022 06:18:54 GMT
server: cloudflare
etag: W/"6324154e-9a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GX7fie0I%2F6l1e1r3hvzi5X0mRvg1lCgM9HakU0wJffqD%2Bo%2BGM0uU%2B3GWRSotmhqrtYicKeRLU2dYSV1us%2FeZ1W9MUydIhnJoTw%2FOIRwi0KA%2BadjGnCl3Azz2dfp01g%2FdXqgO%2FUFzsY3%2BKpYG"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7af122001d5f6348-ORD
expires: Mon, 03 Apr 2023 00:11:55 GMT

GET
H2 200 style.css
live.xem.plus/wp-content/themes/blogmn/ 72 KB
15 KB 109ms
107ms Stylesheet
text/css 2606:4700:e0::ac40:6e25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.xem.plus/wp-content/themes/blogmn/style.css?ver=20220617
Requested by: Host: live.xem.plus
URL: https://live.xem.plus/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:6e25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / DLEMP
Resource Hash: da006cb2cacff3f3c28c3e5a427645472b3d4507cfbb1ffe2e2402f7319a7517

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 583003
x-powered-by: DLEMP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 07 Mar 2023 09:11:25 GMT
server: cloudflare
etag: W/"6406ffbd-11f23"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rwsL%2FPLy0qy5oeUq4OEfX5Lojcs2LHFx3zDHTk%2FUMAXkY%2BRZGgrlChlzcYHdxYCogeFHnaVT85R2INnqS0hUXhbaVHFEhzUaBIXBCYMgsZIj5IuE5cMW%2Fia4EcpKzJnWcKYs3wwcNozjHXVH"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7af122001d616348-ORD
expires: Thu, 20 Apr 2023 22:11:54 GMT

GET
H2 200 responsive.css
live.xem.plus/wp-content/themes/blogmn/ 9 KB
2 KB 65ms
63ms Stylesheet
text/css 2606:4700:e0::ac40:6e25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.xem.plus/wp-content/themes/blogmn/responsive.css?ver=20220617
Requested by: Host: live.xem.plus
URL: https://live.xem.plus/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:6e25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / DLEMP
Resource Hash: b81e011e0e5932a62615b2b8140ffbba3c90c0200b4b89f4a7a5792aad991c20

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2131002
x-powered-by: DLEMP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 16 Sep 2022 06:18:54 GMT
server: cloudflare
etag: W/"6324154e-24c7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N%2FKc6uxq0faJ40sRL8nsQauE2L%2B9RQTg9V3VYFDCisarKIeaAmj8VsbtI9UEyupZTBVAMkOb%2FTV%2F7PuAB6kAJN8ic33EiYbE6bKd9DdqI58yLmmVMYCOUcA8xUT7x5OBQg5fU6lZVmVH9TZy"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7af122001d636348-ORD
expires: Mon, 03 Apr 2023 00:11:55 GMT

GET
H2 200 jquery.min.js Show response
live.xem.plus/wp-includes/js/jquery/ 88 KB
32 KB 69ms
67ms Script
application/javascript 2606:4700:e0::ac40:6e25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.xem.plus/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
Requested by: Host: live.xem.plus
URL: https://live.xem.plus/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:6e25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / DLEMP
Resource Hash: cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 579905
x-powered-by: DLEMP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 06 Dec 2022 09:35:00 GMT
server: cloudflare
etag: W/"638f0cc4-15e54"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=isNDB4%2BfXCazCIrS9HZ0qc%2BgdFz1qAs7Rvul5ZIpi9vpS5w6pJVW2xuRJq9eUAGwU36b%2BHoktrd%2FHCW4uWC7IHd%2F9%2BDg250rSf24JEUYqYOLan8YQPhgANzxdYOLF2hD9zo62PTpIpOVg2K5"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7af122001d646348-ORD
expires: Thu, 20 Apr 2023 23:03:32 GMT

GET
H2 200 jquery-migrate.min.js Show response
live.xem.plus/wp-includes/js/jquery/ 11 KB
5 KB 63ms
61ms Script
application/javascript 2606:4700:e0::ac40:6e25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.xem.plus/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by: Host: live.xem.plus
URL: https://live.xem.plus/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:6e25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / DLEMP
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2131002
x-powered-by: DLEMP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 18 Nov 2020 16:06:06 GMT
server: cloudflare
etag: W/"5fb5466e-2bd8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BmWNDqIcYL73P0aPEeh9In0K8aLwFLKsL0qksS94NVFW89VqKIkAtReXASWqH%2FD3R%2FZ2QwBEdz1C9RN9sNgPEIkkTcaUIuUQLdlSTJdUis5ibQ4z5JAAS8KcvTpknOpwhild9WtkGD%2BrrLhg"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7af122001d656348-ORD
expires: Mon, 03 Apr 2023 00:11:55 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 139 KB
48 KB 238ms
97ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3073985723087695

Requested by

Host: live.xem.plus
URL: https://live.xem.plus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

187c41cfd2fde5acb42171ab6d1223dc4027404647d0095c95a25bc114be6e8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://live.xem.plus/
Origin: https://live.xem.plus
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:37 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48365
x-xss-protection: 0
server: cafe
etag: 18026905322248420479
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 28 Mar 2023 16:08:37 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 116 KB
45 KB 260ms
115ms Script
application/javascript 2607:f8b0:4006:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-203682812-16

Requested by

Host: live.xem.plus
URL: https://live.xem.plus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2008 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

76fb4324d94764cff68e8ca9b39a5f1eb5b905e5a329895c7360e66ad9e6e81f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:37 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 45904
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 28 Mar 2023 16:08:37 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 242 KB
82 KB 228ms
96ms Script
application/javascript 2607:f8b0:4006:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-V8FD1SYQLQ

Requested by

Host: live.xem.plus
URL: https://live.xem.plus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2008 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a8244c32fe3072bfc445223af01d7fd2228c2a4885d5e93f6f9853a8470c1256

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:37 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 83697
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 28 Mar 2023 16:08:37 GMT

GET
H3 200 wp-emoji-release.min.js Show response
live.xem.plus/wp-includes/js/ 18 KB
5 KB 61ms
60ms Script
application/javascript 2606:4700:e0::ac40:6e25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.xem.plus/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
Requested by: Host: live.xem.plus
URL: https://live.xem.plus/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e0::ac40:6e25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / DLEMP
Resource Hash: 5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2130960
x-powered-by: DLEMP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 12 Apr 2022 12:56:22 GMT
server: cloudflare
etag: W/"625576f6-48b9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1id%2FmxPhPxfacVTkm1c7h9hyx4njzj1%2BsXL1iNYasRfVl2a%2BFT2UXCZ1nT4HK%2FCyCRgeKQ1Ki7oGGKunwGiiZr1%2F%2FaSzKajwNl8Xa2mbCrTE5UY2cLwLxbtRLZe61t4E683PaGzsoq6wI%2FOh"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7af122014ce202a7-ORD
expires: Mon, 03 Apr 2023 00:12:37 GMT

GET
H3 200 genericons.css
live.xem.plus/wp-content/themes/blogmn/genericons/genericons/ 28 KB
16 KB 57ms
57ms Stylesheet
text/css 2606:4700:e0::ac40:6e25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.xem.plus/wp-content/themes/blogmn/genericons/genericons/genericons.css
Requested by: Host: live.xem.plus
URL: https://live.xem.plus/wp-content/themes/blogmn/genericons/genericons.css?ver=6.1.1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e0::ac40:6e25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / DLEMP
Resource Hash: 4ed10d0d64bb1515397e8666a63f484d640dbc5678fa62574e077b7aef1c3af2

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/wp-content/themes/blogmn/genericons/genericons.css?ver=6.1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2130999
x-powered-by: DLEMP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 16 Sep 2022 06:18:54 GMT
server: cloudflare
etag: W/"6324154e-6e6a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mfW%2FJZfN1tU82ENXTiYTsP%2Bx8lkNKs7A%2B%2FLFQsNOQjOCjuhoLHZIHueMNBuw6tHlH8I6h%2Bl7uyF6voF%2BzPPfIsewxs3%2FiMzFqQjRrWA7PF4HJCzwIpyJROSAcN9y9LtFvSpYwIZPEN5eGphx"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7af122007b7b02a7-ORD
expires: Mon, 03 Apr 2023 00:11:58 GMT

GET
H3 200 collage-6-117-305x200.jpg
live.xem.plus/wp-content/uploads/2023/03/ 16 KB
17 KB 1183ms
1181ms Image
image/jpeg 2606:4700:e0::ac40:6e25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.xem.plus/wp-content/uploads/2023/03/collage-6-117-305x200.jpg
Requested by: Host: live.xem.plus
URL: https://live.xem.plus/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e0::ac40:6e25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / DLEMP
Resource Hash: 5bb33df870a08bf708dc8096d1db35252e189e4aa1ba753d4457e870680481b3

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:38 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: DLEMP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 16526
last-modified: Tue, 28 Mar 2023 15:50:35 GMT
server: cloudflare
etag: "64230ccb-408e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LZEZEbEx2yz3Cros6P4TUUIWRxxNNRP57KkQ3ZfxLg9cwWxCmDgxJi8sivCA5hDlM9hpk7lOZu%2BCXyC6Y1X6JQJJtBQgFRJuVw%2FGTaqcpKdcuaGAOHBBnjvzynyMqYGKPw2CVWgGBYVl8n83"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 7af122015d0a02a7-ORD
expires: Thu, 27 Apr 2023 16:08:38 GMT

GET
H3 200 PIC-12-5-305x200.jpg
live.xem.plus/wp-content/uploads/2023/03/ 13 KB
14 KB 1087ms
1087ms Image
image/jpeg 2606:4700:e0::ac40:6e25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.xem.plus/wp-content/uploads/2023/03/PIC-12-5-305x200.jpg
Requested by: Host: live.xem.plus
URL: https://live.xem.plus/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e0::ac40:6e25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / DLEMP
Resource Hash: 8485ead05b5c05c2c507ff389ba436b9f3b965fb6f35e23c692edd364b46d846

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:38 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: DLEMP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13740
last-modified: Tue, 28 Mar 2023 15:47:01 GMT
server: cloudflare
etag: "64230bf5-35ac"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GDsYoEBQs6JUDja7cuAVB8aX97NEBKON51EaA0fgUbJhSpO%2Fx6xicT4Wqa4VLBX4AkwkxwDLviO10oxrhtaYPGmsleF63s4ogr5%2FpOskp%2B%2FZR6mUB3nvTpiP68ZUNELGU5G0FDgJD1WFYP0H"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 7af122015d0d02a7-ORD
expires: Thu, 27 Apr 2023 16:08:38 GMT

GET
H3 200 superfish.js Show response
live.xem.plus/wp-content/themes/blogmn/assets/js/ 7 KB
3 KB 64ms
60ms Script
application/javascript 2606:4700:e0::ac40:6e25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.xem.plus/wp-content/themes/blogmn/assets/js/superfish.js?ver=6.1.1
Requested by: Host: live.xem.plus
URL: https://live.xem.plus/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e0::ac40:6e25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / DLEMP
Resource Hash: 4bd938863d8e473540c7300aec8fd156822f4701cee5fb6b3328a2cc9b0a012b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 583003
x-powered-by: DLEMP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 16 Sep 2022 06:18:54 GMT
server: cloudflare
etag: W/"6324154e-1d7c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=19%2FO7ZN2%2B3uELx%2BrcifgtS%2B2oWaBFJ58Iq4rxV7yQ1TIdp6Y3ziCbevHN0uc%2FKl7AL3WmlJapeOPULL%2Fn5Fr%2FWoe8yk0BtrhXYqIEbk1RUoUewnw3Sh8sVIsXt7h5nC8lQksw%2BbDYrVoPWQy"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7af122016d1b02a7-ORD
expires: Thu, 20 Apr 2023 22:11:54 GMT

GET
H3 200 html5.js Show response
live.xem.plus/wp-content/themes/blogmn/assets/js/ 10 KB
4 KB 62ms
59ms Script
application/javascript 2606:4700:e0::ac40:6e25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.xem.plus/wp-content/themes/blogmn/assets/js/html5.js?ver=6.1.1
Requested by: Host: live.xem.plus
URL: https://live.xem.plus/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e0::ac40:6e25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / DLEMP
Resource Hash: a4b3b91b775b356ac4b5c34ac94dbcc1212ef23b5e89bfa9bfcc92e285a4447a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2130960
x-powered-by: DLEMP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 16 Sep 2022 06:18:54 GMT
server: cloudflare
etag: W/"6324154e-285a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zb65OpZnmzc4Npi%2F8PjlvjI4442ISlqDwRhysRtm7zFMsxGbjjcLLgUwVUDWuZuJWv2Qy6dA5KipvLTiVnDzu3lMeCv%2FCENRiNE%2BObyhn%2FHKQbEhGJQkHW2zgKfVDcANUlFHCmpeb4yAoKKC"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7af122016d1d02a7-ORD
expires: Mon, 03 Apr 2023 00:12:36 GMT

GET
H3 200 jquery.bxslider.js Show response
live.xem.plus/wp-content/themes/blogmn/assets/js/ 66 KB
16 KB 117ms
113ms Script
application/javascript 2606:4700:e0::ac40:6e25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.xem.plus/wp-content/themes/blogmn/assets/js/jquery.bxslider.js?ver=6.1.1
Requested by: Host: live.xem.plus
URL: https://live.xem.plus/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e0::ac40:6e25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / DLEMP
Resource Hash: d9a3e8f06cc8581fd6eeb011535e3fe287f9d38d22be1ec1f9fd9bf804adf62a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 583003
x-powered-by: DLEMP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 16 Sep 2022 06:18:54 GMT
server: cloudflare
etag: W/"6324154e-107e0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kzbbsBXrwlugiUVF1BTxcWHZZXOetW8yP8i9cmKXE9pWgIr4mW3YueJanUzLTIMxDkvNPqiEVqUoF1F40Hsaznc3oMhfEruexR7AbnhgOAvVR94Y2ovvZQPfOf1em%2BYkRVXDudQsObmCIrmm"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7af122016d1e02a7-ORD
expires: Thu, 20 Apr 2023 22:11:54 GMT

GET
H3 200 jquery.tabslet.js Show response
live.xem.plus/wp-content/themes/blogmn/assets/js/ 6 KB
2 KB 114ms
112ms Script
application/javascript 2606:4700:e0::ac40:6e25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.xem.plus/wp-content/themes/blogmn/assets/js/jquery.tabslet.js?ver=20220617
Requested by: Host: live.xem.plus
URL: https://live.xem.plus/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e0::ac40:6e25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / DLEMP
Resource Hash: a7fe9347c265a8ef227a2c0e3e0e6e62e75f14784355f556fa9ddb864c5753f6

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2130960
x-powered-by: DLEMP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 16 Sep 2022 06:18:54 GMT
server: cloudflare
etag: W/"6324154e-1701"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fz96Oui%2BTjWBEnc%2FPeDxXX94NSjcIm4FIcPxIzF1ZHyql%2Fbmv%2F6s3drz38jOAuglsGVB4VFTXh3U80tDqh7i3b%2B1zcWEj5oNJG5rcenGIodbLDwfXwOlBi%2FVDuTG96ZE7Ddtj0Ud8QvLgE5T"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7af122016d1f02a7-ORD
expires: Mon, 03 Apr 2023 00:12:36 GMT

GET
H3 200 index.js Show response
live.xem.plus/wp-content/themes/blogmn/assets/js/ 30 KB
8 KB 227ms
225ms Script
application/javascript 2606:4700:e0::ac40:6e25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.xem.plus/wp-content/themes/blogmn/assets/js/index.js?ver=20220617
Requested by: Host: live.xem.plus
URL: https://live.xem.plus/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e0::ac40:6e25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / DLEMP
Resource Hash: 85d3987a45a0fdca18652344761e0dce4f3616d51f7788ad3447c18a8eea5291

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 583003
x-powered-by: DLEMP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 16 Sep 2022 06:18:54 GMT
server: cloudflare
etag: W/"6324154e-777c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YwaAPCAM8pwO0ViSng4azJobMVEffdocbavd2g5N2R9lK7IOyw9jEsUHmp5A6xJ6t3KKdxzID1IH2Ykmmry9wtxo2vO7AJZLcqytwLyyOeoPuq0GdfhKfX8Tom6%2F8zCtWApip3KhpnYwZLTx"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7af122016d2002a7-ORD
expires: Thu, 20 Apr 2023 22:11:54 GMT

GET
H3 200 jquery.custom.js Show response
live.xem.plus/wp-content/themes/blogmn/assets/js/ 3 KB
1 KB 228ms
226ms Script
application/javascript 2606:4700:e0::ac40:6e25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.xem.plus/wp-content/themes/blogmn/assets/js/jquery.custom.js?ver=20220617
Requested by: Host: live.xem.plus
URL: https://live.xem.plus/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e0::ac40:6e25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / DLEMP
Resource Hash: d8e8b70424cd0f3f1f5a9285e3b0d2a0d5546f371544550969facf69b81a0d90

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2130960
x-powered-by: DLEMP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 16 Sep 2022 06:18:54 GMT
server: cloudflare
etag: W/"6324154e-b53"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hGELJVvibl77%2FuOwrV%2FJMd3Hf8pcmU1SHadTLBhOW%2BfPGz52rO330EbLNyZuAb%2FVtYu%2Bi4G7p5LIkkxOHjORyKLjMxjpDTtMZrpYDfuy5OG6sLB7tyVzPhVwtApSkfSuzROGipljREYutgN6"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7af122016d2102a7-ORD
expires: Mon, 03 Apr 2023 00:12:36 GMT

GET
H3 200 fontawesome-webfont.woff2
live.xem.plus/wp-content/themes/blogmn/assets/fonts/ 75 KB
76 KB 61ms
60ms Font
font/woff2 2606:4700:e0::ac40:6e25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.xem.plus/wp-content/themes/blogmn/assets/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: live.xem.plus
URL: https://live.xem.plus/wp-content/themes/blogmn/assets/css/font-awesome.css?ver=6.1.1

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:e0::ac40:6e25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / DLEMP

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://live.xem.plus/wp-content/themes/blogmn/assets/css/font-awesome.css?ver=6.1.1
Origin: https://live.xem.plus
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:37 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 673
x-powered-by: DLEMP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 77160
x-xss-protection: 1; mode=block
last-modified: Fri, 16 Sep 2022 06:18:54 GMT
server: cloudflare
etag: "6324154e-12d68"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z2KRXvc2qyGSfnOF6X71gtZvoICPLQngM5AWMH7TyUlyU3pWMZtQr3GUbAUddbiSbSwHRvhCUst2Bf1tJrseguDCoT6MWsOYttnByIAeBt3XGbVbtdV5jbYoDb1dXwzVvj1mgpVSHi8Q0mcu"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
vary: Accept-Encoding
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7af122016d2202a7-ORD

GET
H3 200 Bia-FB-4-20-305x200.jpg
live.xem.plus/wp-content/uploads/2023/03/ 15 KB
15 KB 147ms
146ms Image
image/jpeg 2606:4700:e0::ac40:6e25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.xem.plus/wp-content/uploads/2023/03/Bia-FB-4-20-305x200.jpg
Requested by: Host: live.xem.plus
URL: https://live.xem.plus/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e0::ac40:6e25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / DLEMP
Resource Hash: e711de35a3a70d2e457f76675d149e91803c3e36e4f612246492a808c4de4623

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:37 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 580
x-powered-by: DLEMP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15041
last-modified: Tue, 28 Mar 2023 15:33:47 GMT
server: cloudflare
etag: "642308db-3ac1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f0EgLmGRLjnZ11kRRPDj42AQulqIxhycroKgki7uJrfascvOdrX9tvakCRzmv4KFziuIXD84dOEmtVv4ttc%2BBGzgIjScIgGyQyCrI3lkYnzTiew2LdbM0RQqBTLtad1zcW%2FEz7HxF2AzuTeN"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 7af122018d3e02a7-ORD
expires: Thu, 27 Apr 2023 15:58:57 GMT

GET
H3 200 Untitled-21-31-305x200.jpg
live.xem.plus/wp-content/uploads/2023/03/ 10 KB
11 KB 914ms
912ms Image
image/jpeg 2606:4700:e0::ac40:6e25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.xem.plus/wp-content/uploads/2023/03/Untitled-21-31-305x200.jpg
Requested by: Host: live.xem.plus
URL: https://live.xem.plus/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e0::ac40:6e25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / DLEMP
Resource Hash: fbcf07d788241cd417cd1078f68c8b0b112f39a8b7b55e23fce2b985c73d8454

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:38 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: DLEMP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 10366
last-modified: Tue, 28 Mar 2023 15:42:22 GMT
server: cloudflare
etag: "64230ade-287e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0aMfxATaf0M9BZAiQyxazyFSyzQ34IdzsgdPqTO39isyQkkVIlZ9sDVRwb4311G8yM%2F8dDQifcbjuYxnsKRSrXsvBuOUuNQ9P32XzRKKP%2BGoODf4%2Fl046o6ke3vDrwGBOuGejncV3IrFC3%2Ff"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 7af122018d4702a7-ORD
expires: Thu, 27 Apr 2023 16:08:38 GMT

GET
H3 200 37-11-305x200.jpg
live.xem.plus/wp-content/uploads/2023/03/ 16 KB
17 KB 1215ms
1213ms Image
image/jpeg 2606:4700:e0::ac40:6e25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.xem.plus/wp-content/uploads/2023/03/37-11-305x200.jpg
Requested by: Host: live.xem.plus
URL: https://live.xem.plus/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e0::ac40:6e25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / DLEMP
Resource Hash: 962d6254f5ce5bd39d6140d2d2a1f7202035873f260b4f0b3b5735aa2ea724ea

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:38 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: DLEMP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 16464
last-modified: Tue, 28 Mar 2023 15:42:38 GMT
server: cloudflare
etag: "64230aee-4050"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0A18V%2FYcyjTn6dprczIyW9DpYeWm0BYtRw5sUYatJ1qauG%2B8%2Fa3T26PoJ67KlkRmsNpg6hScRY%2B6dbNLIxdvFi2rNKHiBs1nC%2FynRu2H1%2B5qdconR2NnQQeg6p83Yq5ciEhfpKeDeojc7l7l"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 7af122018d4802a7-ORD
expires: Thu, 27 Apr 2023 16:08:38 GMT

GET
H3 200 Thiet-ke-chua-co-ten-79-4-305x200.jpg
live.xem.plus/wp-content/uploads/2023/03/ 19 KB
20 KB 1210ms
1208ms Image
image/jpeg 2606:4700:e0::ac40:6e25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.xem.plus/wp-content/uploads/2023/03/Thiet-ke-chua-co-ten-79-4-305x200.jpg
Requested by: Host: live.xem.plus
URL: https://live.xem.plus/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e0::ac40:6e25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / DLEMP
Resource Hash: e9d382061a727ccd9373cb82f2cea99693225a2c3ca30ef994012ce9e5a7035d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:38 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: DLEMP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 19744
last-modified: Tue, 28 Mar 2023 15:40:58 GMT
server: cloudflare
etag: "64230a8a-4d20"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iBURh87V%2Bd6DeFF55%2FEUXSEPQkIbZTeJgsNC7kbVYRTT%2F6LPsy1Ji6%2BfyaRNaCbDu4fA0RgTG6n48vUvFtt%2FIG8wVvqVv5Dqhb2%2BAJrLR74TM9coyUtrQcpTH5Bx3%2F1OEwfNTTfINW27UNuh"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 7af122018d4902a7-ORD
expires: Thu, 27 Apr 2023 16:08:38 GMT

GET
H3 200 Thiet-ke-chua-co-ten-78-5-305x200.jpg
live.xem.plus/wp-content/uploads/2023/03/ 16 KB
16 KB 68ms
66ms Image
image/jpeg 2606:4700:e0::ac40:6e25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.xem.plus/wp-content/uploads/2023/03/Thiet-ke-chua-co-ten-78-5-305x200.jpg
Requested by: Host: live.xem.plus
URL: https://live.xem.plus/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e0::ac40:6e25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / DLEMP
Resource Hash: 7f81c1c736118aac7ba95fc3b08c02661efbceceaa4c432ea66b72fd4c397424

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:37 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 839
x-powered-by: DLEMP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 16022
last-modified: Tue, 28 Mar 2023 15:33:38 GMT
server: cloudflare
etag: "642308d2-3e96"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=84S%2BUhX34TDU5eXqz47Di1bwcblNrFWVUoENZ4ZFhneuYFgf9QHSh1zzqLaWDxbGGS23OWADbikOA398CEWxRhwf9v27FsxNwLp5sYw7TXi9WntFsgKFUlJ0z9ipmYoVxK1ljGt7PLtynJL8"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 7af122018d4a02a7-ORD
expires: Thu, 27 Apr 2023 15:54:38 GMT

GET
H3 200 Untitled-21-30-305x200.jpg
live.xem.plus/wp-content/uploads/2023/03/ 12 KB
13 KB 971ms
969ms Image
image/jpeg 2606:4700:e0::ac40:6e25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.xem.plus/wp-content/uploads/2023/03/Untitled-21-30-305x200.jpg
Requested by: Host: live.xem.plus
URL: https://live.xem.plus/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e0::ac40:6e25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / DLEMP
Resource Hash: 0eecf02a76106ada028b8c1fec523cb290eda56bc97abc7d0940ec0c45da03a0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:38 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: DLEMP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 12452
last-modified: Tue, 28 Mar 2023 15:30:03 GMT
server: cloudflare
etag: "642307fb-30a4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CBtnULysr0KX9x7ROzft2Bwkefcv4M%2BqaQoK61LZIk%2B5la4vWIqmiMEt9aZGKVW%2F4JSHdLwu0z1Fko8AZDEZwCs2tMzPvxLWROdTVc7b4VWknB7cT0%2FASInVVjozz2WPZA5AadgW6f0AJKHF"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 7af122018d4c02a7-ORD
expires: Thu, 27 Apr 2023 16:08:38 GMT

GET
H3 200 Thiet-ke-chua-co-ten-77-5-305x200.jpg
live.xem.plus/wp-content/uploads/2023/03/ 13 KB
14 KB 219ms
217ms Image
image/jpeg 2606:4700:e0::ac40:6e25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.xem.plus/wp-content/uploads/2023/03/Thiet-ke-chua-co-ten-77-5-305x200.jpg
Requested by: Host: live.xem.plus
URL: https://live.xem.plus/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e0::ac40:6e25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / DLEMP
Resource Hash: 946a0cc93ba6aff3deb9514cee4bac84432d4bf6619395311e89cf885db5b68d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:37 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 839
x-powered-by: DLEMP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13658
last-modified: Tue, 28 Mar 2023 15:26:47 GMT
server: cloudflare
etag: "64230737-355a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bNMFCaDuhOZHmPAV7AhIqqUItq9kXeQjvUaC%2BaNOWJm63ZGlZXus5PXxK18jXPJ1M%2FOu69jFJKmrVdwz5ic2EPa2gDjDXvpwngPwbSOLx33VKh1nmJ7mDrHUCNkq49deMQKRFYDBqXfNtq5M"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 7af122018d4f02a7-ORD
expires: Thu, 27 Apr 2023 15:54:38 GMT

GET
H3 200 Bia-FB-3-18-305x200.jpg
live.xem.plus/wp-content/uploads/2023/03/ 15 KB
15 KB 1121ms
1120ms Image
image/jpeg 2606:4700:e0::ac40:6e25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.xem.plus/wp-content/uploads/2023/03/Bia-FB-3-18-305x200.jpg
Requested by: Host: live.xem.plus
URL: https://live.xem.plus/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e0::ac40:6e25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / DLEMP
Resource Hash: f34d3a095ae3a65bc4f982ed402accac05c42a63f2b24435f4cc88841f588253

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:38 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: DLEMP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 14914
last-modified: Tue, 28 Mar 2023 15:22:17 GMT
server: cloudflare
etag: "64230629-3a42"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qfrN5kKZkJBmOOdlJklrqBMn8gfWS2ZxGYnWDiOcl0Fxx9fvq5sWTGQ6hWzpDivsX5FdEVUss2H0OLgPhzlPVce8nstzcj3sWYzEZ5%2Fc3zLLpY%2FYd2QBz3A8K%2Fx5ofGK224L15Fk6w1uBv1R"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 7af122018d5302a7-ORD
expires: Thu, 27 Apr 2023 16:08:38 GMT

GET
H3 200 940.jpg
live.xem.plus/wp-content/uploads/2023/03/ 37 KB
37 KB 146ms
145ms Image
image/jpeg 2606:4700:e0::ac40:6e25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.xem.plus/wp-content/uploads/2023/03/940.jpg
Requested by: Host: live.xem.plus
URL: https://live.xem.plus/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e0::ac40:6e25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / DLEMP
Resource Hash: 603e1d9af60d4955b6b793a0f8083b01f6d735d9b59c5d0f87782c38715ff73c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:37 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 83235
x-powered-by: DLEMP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 37759
last-modified: Mon, 27 Mar 2023 16:55:07 GMT
server: cloudflare
etag: "6421ca6b-937f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oUgtJcFV8PYGZlh4hdAbWwUHtZ56plPxtgisYvcFCu8FEnN22y8WDqP4tIGg4aYKRc55DYhCr9NF0HerlPX%2FzEqlguFb8QHyT%2BwwyO96S8tyuOgghYRY1Pdg7rv8hYt8kSqre9Y0HPdmKz%2Bu"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 7af122018d5502a7-ORD
expires: Wed, 26 Apr 2023 17:01:21 GMT

GET
H3 200 collage-6-117.jpg
live.xem.plus/wp-content/uploads/2023/03/ 56 KB
57 KB 120ms
119ms Image
image/jpeg 2606:4700:e0::ac40:6e25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.xem.plus/wp-content/uploads/2023/03/collage-6-117.jpg
Requested by: Host: live.xem.plus
URL: https://live.xem.plus/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e0::ac40:6e25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / DLEMP
Resource Hash: ca566a734598888e047618d98b54c9960cc1e0f5e57f4ed066d255b63c9ca29f

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:37 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 970
x-powered-by: DLEMP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 57467
last-modified: Tue, 28 Mar 2023 15:50:35 GMT
server: cloudflare
etag: "64230ccb-e07b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KGQUAlAfK%2Ft4N8DWmvNlQ9C%2BUROp6K180DJDeKMkIab13keed%2BMjh9z%2FN4QZoGsI5tCuyLm9hIUjoRranef54afcQlkkr09rewS6J3iTNQ5u3g4iqgj%2Baa4cJnvuG6a0qiGrsbHKvrl%2BEmR4"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 7af122018d5702a7-ORD
expires: Thu, 27 Apr 2023 15:52:27 GMT

GET
H2 200 loader.js Show response
cdn.taboola.com/libtrc/xaluanau-network/ 292 KB
44 KB 155ms
50ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/xaluanau-network/loader.js
Requested by: Host: live.xem.plus
URL: https://live.xem.plus/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 91732701d01777afb67e557641cac844bcd17b84e68f988a428ad113193fafc5

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

x-amz-version-id: gVz6cJTWNg7AFQweKfy_GYuMS3I6aZRS
content-encoding: gzip
via: 1.1 varnish
date: Tue, 28 Mar 2023 16:08:37 GMT
x-amz-request-id: RN1KDV7K2Y6X21G6
age: 14316
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 44042
x-amz-id-2: +RM/ZGkFnVZ5Aeng9usBz0Bwa5/f2tgWaKf2rCtBU9gERUyKb1gdApSPqnBaFy3QcgLWG+YUioo=
x-served-by: cache-chi-klot8100178-CHI
last-modified: Tue, 28 Mar 2023 12:09:33 GMT
server: AmazonS3
x-timer: S1680019718.683371,VS0,VE0
etag: "cfc308c702aac9a4b36f505983b75ed5"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 88
access-control-allow-origin: *
cache-control: private,max-age=14401
accept-ranges: bytes
x-cache-hits: 3

GET
H2 200 invocation.js Show response
ad.vidverto.io/vidverto/js/aries/v1/ 25 KB
8 KB 618ms
141ms Script
application/javascript 212.8.250.228
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.vidverto.io/vidverto/js/aries/v1/invocation.js
Requested by: Host: live.xem.plus
URL: https://live.xem.plus/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.8.250.228 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 212-8-250-228.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 5ae2b18203325ac2876b69455e08e3eefa59a4dca46ee55b033f1fbd80b28b5b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:38 GMT
content-encoding: gzip
last-modified: Tue, 25 Oct 2022 10:57:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"6357c112-63df"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600, public, max-age=3600
expires: Tue, 28 Mar 2023 17:08:38 GMT

GET
H3 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303230101/ 350 KB
117 KB 235ms
108ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303230101/show_ads_impl_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3073985723087695

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e045468b1c395be361a64294150860d05d8e6a2e529ed49df6b3faca6ed69622

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:37 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 119861
x-xss-protection: 0
server: cafe
etag: 16874215534188721162
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 28 Mar 2023 16:08:37 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230323/r20190131/ Frame A67B 10 KB
5 KB 196ms
64ms Document
text/html 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230323/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3073985723087695

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://live.xem.plus/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 14054
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Mar 2023 12:14:23 GMT
etag: 2378337311435320485
expires: Tue, 11 Apr 2023 12:14:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 112 KB
44 KB 95ms
94ms Script
application/javascript 2607:f8b0:4006:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-203682812-5&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-203682812-16

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2008 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9acd09a048ecf1b411e6aaad781ec1cb04f50f197c2f03706688b8dcef45d41c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:37 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44847
x-xss-protection: 0
last-modified: Tue, 28 Mar 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 28 Mar 2023 16:08:37 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 201ms
68ms Script
text/javascript 2607:f8b0:4006:81d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-203682812-16

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::200e Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 28 Mar 2023 16:05:11 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 206
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Tue, 28 Mar 2023 18:05:11 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 242 KB
82 KB 121ms
120ms Script
application/javascript 2607:f8b0:4006:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-V8FD1SYQLQ&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-203682812-16

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2008 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bc9cbee711e8074c504f4584e61fe54fa730e1f0a347274585b3444262e7d045

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:37 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 83690
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 28 Mar 2023 16:08:37 GMT

POST
H2 204 collect
www.google-analytics.com/g/ 0
170 B 183ms
89ms Ping
text/plain 2607:f8b0:4006:81d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-V8FD1SYQLQ&gtm=45je33r0&_p=1515263870&cid=1265166137.1680019718&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1680019717&sct=1&seg=0&dl=https%3A%2F%2Flive.xem.plus%2F&dt=Blog%20HotNews&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-V8FD1SYQLQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:81d::200e Nutley, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Mar 2023 16:08:37 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://live.xem.plus
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 impl.20230328-15-RELEASE.js Show response
cdn.taboola.com/libtrc/ 740 KB
155 KB 48ms
48ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/impl.20230328-15-RELEASE.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/xaluanau-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: 0c68ee3dc512a881af9a5e0bbc69d2d275b8a8ca5ee7ca6c6f4b34bd1c6aa351

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

x-amz-version-id: RNh2T17ODebnBpXByXlJK4kyei3EIU1W
content-encoding: br
via: 1.1 varnish
date: Tue, 28 Mar 2023 16:08:37 GMT
x-amz-request-id: H505DYB9Y3W3VRJS
age: 15478
x-amz-server-side-encryption: AES256
x-cache: HIT
content-length: 158172
x-amz-id-2: wMHSJqIqD+Az2ZCTHuBaJTSldaseOo8QIVwMncPwnzgtMIIL/0Wfh9OqRX0EqxuMsVoowhv8LzQ=
x-served-by: cache-chi-klot8100178-CHI
last-modified: Tue, 28 Mar 2023 11:49:46 GMT
server: AmazonS3-br
x-timer: S1680019718.793514,VS0,VE0
etag: "4235a82ad617a1297cd9a42a4c73f453"
vary: Accept-Encoding
content-type: application/javascript
abp: 85
access-control-allow-origin: *
cache-control: private,max-age=31536000
accept-ranges: bytes
x-cache-hits: 974

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ 4 KB
2 KB 238ms
65ms Script
application/javascript 18.164.96.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/xaluanau-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.164.96.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-164-96-18.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1aee66e2e24e851039801c0dace90f3efb7a1a17b033f7d5bbc12ca7c1d19432

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 15:36:48 GMT
content-encoding: gzip
via: 1.1 98bc8180e0431e8f05afc9802305f1d2.cloudfront.net (CloudFront)
last-modified: Thu, 09 Mar 2023 09:22:40 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P5
age: 1909
x-amz-server-side-encryption: AES256
etag: W/"a06e7a176f40dc26aa5e9567ac9d2d5e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=86400
x-amz-cf-id: 8brvf3aQF5AxjfeubLuUwaxA3ouHOroX4BUpQ4YnpF5vdhDhoE0X9Q==

GET
H2 200 sync Show response
gum.criteo.com/ 46 B
288 B 195ms
65ms Script
text/javascript 2620:100:a001::c
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS

Requested by

Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20230328-15-RELEASE.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::c , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

189b8ed64093b12937354b2ef71ccf1df59690d90432241a10fe1cb25000acba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:37 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=3600
server-processing-duration-in-ticks: 673634
expires: 60

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
91 B 78ms
77ms XHR
text/plain 2607:f8b0:4006:81d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=1515263870&t=pageview&_s=1&dl=https%3A%2F%2Flive.xem.plus%2F&ul=en-us&de=UTF-8&dt=Blog%20HotNews&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=2015990379&gjid=1866437201&cid=1265166137.1680019718&tid=UA-203682812-16&_gid=845534729.1680019718&_r=1&gtm=457e33r0&jsscut=1&z=105678089

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::200e Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://live.xem.plus/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 28 Mar 2023 16:08:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://live.xem.plus
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
66 B 76ms
76ms XHR
text/plain 2607:f8b0:4006:81d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=1515263870&t=pageview&_s=1&dl=https%3A%2F%2Flive.xem.plus%2F&ul=en-us&de=UTF-8&dt=Blog%20HotNews&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=1985476653&gjid=1229907192&cid=1265166137.1680019718&tid=UA-203682812-5&_gid=845534729.1680019718&_r=1&gtm=457e33r0&jsscut=1&z=1420228746

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::200e Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://live.xem.plus/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 28 Mar 2023 16:08:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://live.xem.plus
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

204

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=7&c2=34354936&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1680019718021&ns_c=UTF-8&c3=1&c7=https%3A%2F%2Flive.xem.plus%2F&c8=Blog%20HotNews&c9=
https://sb.scorecardresearch.com/b2?c1=7&c2=34354936&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1680019718021&ns_c=UTF-8&c3=1&c7=https%3A%2F%2Flive.xem.plus%2F&c8=Blog%20HotNews&c9=

0
224 B

74ms
74ms

Image
text/plain

18.164.96.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=7&c2=34354936&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1680019718021&ns_c=UTF-8&c3=1&c7=https%3A%2F%2Flive.xem.plus%2F&c8=Blog%20HotNews&c9=
Requested by: Host: live.xem.plus
URL: https://live.xem.plus/
Protocol: H2
Server: 18.164.96.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-164-96-18.jfk50.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:38 GMT
via: 1.1 98bc8180e0431e8f05afc9802305f1d2.cloudfront.net (CloudFront)
accept-ch: UA, Platform, Arch, Model, Mobile
x-amz-cf-pop: JFK50-P5
x-amz-cf-id: i_5puLZlbWxsm1r7XZOld6Rpmj_NcmvNuPjH3JB63ShZ8uZ2q728kA==
x-cache: Miss from cloudfront

Redirect headers

date: Tue, 28 Mar 2023 16:08:38 GMT
via: 1.1 98bc8180e0431e8f05afc9802305f1d2.cloudfront.net (CloudFront)
accept-ch: UA, Platform, Arch, Model, Mobile
x-amz-cf-pop: JFK50-P5
x-cache: Miss from cloudfront
location: /b2?c1=7&c2=34354936&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1680019718021&ns_c=UTF-8&c3=1&c7=https%3A%2F%2Flive.xem.plus%2F&c8=Blog%20HotNews&c9=
content-length: 0
x-amz-cf-id: XhzoqKKcGJrVhbly_VpAz_d4xg3xftJ-q6SnfSZ4b68hMlP-pXxs3w==

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 383 B
601 B 220ms
81ms Script
text/javascript 2607:f8b0:4006:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=live.xem.plus&callback=_gfp_s_&client=ca-pub-3073985723087695

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303230101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ca9bc59734fbf7411e96d20251c31b0f5a342778fa1cf746faf84fd2d6589d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 250
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 235ms
86ms Script
application/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=live.xem.plus

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303230101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3138 199 KB
37 KB 946ms
945ms Document
text/html 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3073985723087695&output=html&adk=1812271804&adf=3025194257&lmt=1680019718&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=188x945_l%7C188x945_r&format=0x0&url=https%3A%2F%2Flive.xem.plus%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1680019717624&bpp=4&bdt=507&idt=430&shv=r20230323&mjsv=m202303230101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2228020957589&frm=20&pv=2&ga_vid=1265166137.1680019718&ga_sid=1680019718&ga_hid=1515263870&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44777876%2C44759837%2C31073099%2C44785292%2C44786632&oid=2&pvsid=1283966359443228&tmod=1629243669&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=468

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303230101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

06ebf0ab48fa1e2f2dd4cc4df1ab0c68e648bc24ee98148c7ff24a99810d5812

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://live.xem.plus/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 37378
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Mar 2023 16:08:39 GMT
expires: Tue, 28 Mar 2023 16:08:39 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 impress Show response
ad.vidverto.io/delivery/ 71 KB
22 KB 186ms
185ms XHR
application/json 212.8.250.228
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.vidverto.io/delivery/impress?ctype=div&width=720&height=405&tld=live.xem.plus&pzoneid=8725&in_iframe=&position=atf&screen_width=1600&screen_height=1200&top_domain=live.xem.plus&top_url=https%3A%2F%2Flive.xem.plus%2F&domain=live.xem.plus&url=https%3A%2F%2Flive.xem.plus%2F&referrer=&async=1&uid=9233483982
Requested by: Host: ad.vidverto.io
URL: https://ad.vidverto.io/vidverto/js/aries/v1/invocation.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.8.250.228 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 212-8-250-228.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 87d77cd5e17325fa2cd5263731e23f774d737bd33a78517b1a08a3519d3f2bf4

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

access-control-allow-origin: https://live.xem.plus
date: Tue, 28 Mar 2023 16:08:38 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: application/json; charset=utf-8

GET
H2 200 moxplayer.css
ad.vidverto.io/js/moxplayer/ 51 KB
8 KB 139ms
137ms Stylesheet
text/css 212.8.250.228
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.vidverto.io/js/moxplayer/moxplayer.css
Requested by: Host: ad.vidverto.io
URL: https://ad.vidverto.io/vidverto/js/aries/v1/invocation.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.8.250.228 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 212-8-250-228.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: a1fc449201f61ca3ea21d70a29c7539f8bcb19be28423a4e1258e7e1e994b042

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:38 GMT
content-encoding: gzip
last-modified: Wed, 10 Jun 2020 14:52:51 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"5ee0f3c3-cbf7"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=3600, public, max-age=3600
expires: Tue, 28 Mar 2023 17:08:38 GMT

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 361 KB
121 KB 217ms
79ms Script
text/javascript 2607:f8b0:4006:81e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: ad.vidverto.io
URL: https://ad.vidverto.io/vidverto/js/aries/v1/invocation.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::200a Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3dd3f9f6c6fb24816e23864a76aa3e52103730816a536e8fae82e264196a2f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 123698
x-xss-protection: 0
expires: Tue, 28 Mar 2023 16:08:38 GMT

GET
H2 200 inview.min.js Show response
ad.vidverto.io/js/ima2/2/ 5 KB
2 KB 140ms
138ms Script
application/javascript 212.8.250.228
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.vidverto.io/js/ima2/2/inview.min.js
Requested by: Host: ad.vidverto.io
URL: https://ad.vidverto.io/vidverto/js/aries/v1/invocation.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.8.250.228 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 212-8-250-228.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 2ebcdc45625d8bd6eb8cea62780c1128df28c86ef0e10a6369ec23c97d61d92c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:38 GMT
content-encoding: gzip
last-modified: Wed, 10 Jun 2020 14:52:51 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"5ee0f3c3-1389"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600, public, max-age=3600
expires: Tue, 28 Mar 2023 17:08:38 GMT

GET
H2 200 vast-client.min.js Show response
ad.vidverto.io/js/ima2/2/ 59 KB
13 KB 141ms
140ms Script
application/javascript 212.8.250.228
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.vidverto.io/js/ima2/2/vast-client.min.js
Requested by: Host: ad.vidverto.io
URL: https://ad.vidverto.io/vidverto/js/aries/v1/invocation.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.8.250.228 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 212-8-250-228.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 04a436758e8992373a49eb612d5b5f54a6fe9e6b1aedab24b510411630fa99b8

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:38 GMT
content-encoding: gzip
last-modified: Fri, 17 Sep 2021 18:13:12 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"6144dab8-ea58"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600, public, max-age=3600
expires: Tue, 28 Mar 2023 17:08:38 GMT

GET
H2 200 ima.min.js Show response
ad.vidverto.io/js/ima2/2/ 87 KB
23 KB 145ms
144ms Script
application/javascript 212.8.250.228
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.vidverto.io/js/ima2/2/ima.min.js
Requested by: Host: ad.vidverto.io
URL: https://ad.vidverto.io/vidverto/js/aries/v1/invocation.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.8.250.228 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 212-8-250-228.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 69e9bf8cabef87d7a120c9089bcc39139a0c79071355daae37e4a2ff223e4f66

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:38 GMT
content-encoding: gzip
last-modified: Tue, 14 Mar 2023 19:14:09 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"6410c781-15dd6"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600, public, max-age=3600
expires: Tue, 28 Mar 2023 17:08:38 GMT

GET
H2 200 vidvertoplayer.js Show response
ad.vidverto.io/vidverto/player/ 129 KB
41 KB 267ms
266ms Script
application/javascript 212.8.250.228
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.vidverto.io/vidverto/player/vidvertoplayer.js
Requested by: Host: live.xem.plus
URL: https://live.xem.plus/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.8.250.228 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 212-8-250-228.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 8387013ae7c0a3cb9f15765f5b7693e4011a26d041b9109781d554ee93031bcc

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:38 GMT
content-encoding: gzip
last-modified: Thu, 18 Aug 2022 07:44:44 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"62fdedec-205ff"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600, public, max-age=3600
expires: Tue, 28 Mar 2023 17:08:38 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 113 KB
44 KB 118ms
117ms Script
application/javascript 2607:f8b0:4006:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-93483023-9

Requested by

Host: ad.vidverto.io
URL: https://ad.vidverto.io/vidverto/js/aries/v1/invocation.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2008 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c541030db4b26c8f7e860dfaa84db17f302422d0708b0f1c40eb96dc11b38da6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:38 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44861
x-xss-protection: 0
last-modified: Tue, 28 Mar 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 28 Mar 2023 16:08:38 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 113 KB
44 KB 91ms
91ms Script
application/javascript 2607:f8b0:4006:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-93483023-9&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-203682812-16

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2008 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d1f739d6c2da4241b97127c8fcf49c33de686b2fafb4e6b6b37003ec4b8f7ca7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:38 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44813
x-xss-protection: 0
last-modified: Tue, 28 Mar 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 28 Mar 2023 16:08:38 GMT

GET
H2 200 invocation.min.css
ad.vidverto.io/vidverto/ 3 KB
850 B 397ms
397ms Stylesheet
text/css 212.8.250.228
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.vidverto.io/vidverto/invocation.min.css
Requested by: Host: ad.vidverto.io
URL: https://ad.vidverto.io/vidverto/js/aries/v1/invocation.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.8.250.228 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 212-8-250-228.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 60f74110267d386c033ca330fc5bbd7d2472c972b63b33fa8000e87c8f815de6

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:38 GMT
content-encoding: gzip
last-modified: Wed, 11 Nov 2020 16:53:37 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"5fac1711-a0a"
vary: Accept-Encoding
content-type: text/css

GET
H2 200 favicon-16px.png
ad.vidverto.io/images/ 900 B
1 KB 397ms
396ms Image
image/png 212.8.250.228
WORLDSTREAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.vidverto.io/images/favicon-16px.png
Requested by: Host: live.xem.plus
URL: https://live.xem.plus/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.8.250.228 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 212-8-250-228.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 42fe10d8382d3fb7f84308b95ae83c5959838f0aeff2cb1733bab9d394c5a2d7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:38 GMT
last-modified: Wed, 10 Jun 2020 14:52:51 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5ee0f3c3-384"
content-type: image/png
cache-control: max-age=604800, public, max-age=604800
accept-ranges: bytes
content-length: 900
expires: Tue, 04 Apr 2023 16:08:38 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 72ms
72ms XHR
text/plain 2607:f8b0:4006:81d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=1515263870&t=pageview&_s=1&dl=https%3A%2F%2Flive.xem.plus%2F&ul=en-us&de=UTF-8&dt=Blog%20HotNews&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aADAAUABAAAAACAAI~&jid=2073231132&gjid=1223211135&cid=1265166137.1680019718&tid=UA-93483023-9&_gid=845534729.1680019718&_r=1&gtm=457e33r0&jsscut=1&z=1787239617

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::200e Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://live.xem.plus/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 28 Mar 2023 16:08:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://live.xem.plus
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 55ms
55ms Script
text/javascript 2607:f8b0:4006:81d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-93483023-9&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::200e Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 28 Mar 2023 16:05:11 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 207
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Tue, 28 Mar 2023 18:05:11 GMT

GET
H2 200 bridge3.566.2_en.html Show response
imasdk.googleapis.com/js/core/ Frame 0E71 711 KB
226 KB 51ms
50ms Document
text/html 2607:f8b0:4006:81e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.566.2_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::200a Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a139618572b9c9b5e7e0d75d62f81c0d6aa6202f72db242ed62b860e805027db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://live.xem.plus/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 68983
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 231184
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 27 Mar 2023 20:58:55 GMT
expires: Tue, 26 Mar 2024 20:58:55 GMT
last-modified: Mon, 27 Mar 2023 20:51:45 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ 44 KB
17 KB 221ms
80ms Script
text/javascript 2607:f8b0:4006:821::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2006 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16746
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 28 Mar 2023 16:08:39 GMT

GET
H2 200 video
ad.vidverto.io/delivery/rtb/ 0
0 133ms
133ms Image
text/xml 212.8.250.228
WORLDSTREAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.vidverto.io/delivery/rtb/video?data=dmd3QWtjU3lPemtybzYzeCswMm05Z2gwNGRKSDc2NVFKWEVyVU13SGh6SkJMZzllWldmMUh1c2MydmRicE1mWm1obk5uK1QyM0RGYkdqWFVOTVdkK25KQ1lDYkRDMm4yN1NIem9qajcxdnpLQXBWdG1uTEFsTzhVYzhESFNwRURYdmFhQlNBa05SYWo1U09hZzRnZ3l2VmIzVDVNZDE4aWxVMHpzamVwVVlPTkY2a1BKMC9vVjN3M1lYTFdSalB4KzNHM1RTYXZkQ0ZhTHc5ZGFrRjltLzVFMjZFU3VYUDlEb2tCK0lEaVRSR2hOR1BOYXJrVUJ2QzI3SkoyMGNoZnJvSHJNd0h1V2tBVmV2YUdldFc1TUtzN1psdmpFdkZjQXRXajA2dkpHU054Y0h5MUgyditCQ2hmWGxBRGxrNnd0cVIxbmhCTU9NSGFxSmx0UU9HV3dxdHBBOUZvZG1zc1Y0WWVzcC9ZNEtYT3JFbUE1d044cHR3UU5tVXRoSGJXMDJBdCt6N2Vsc3pveTF2eWdoampvODk4WXpZSmRZcURNbCtCUyticW9pY2x2Y2gvYldKbXMwc2FsM3VWZFpOaVRNUWFnTDBaNzZFM1ZqbmVKTk00cENOakRkelVMNHZ5bkNmdytKZnAwdlJIUmFOUG9lWWt2bFdPNnRHZktaY1F1d1l5bEZpNnVzT2toVkwrUXNPQk9ISkpUVyswZUlTQUZzS3pyZ3VnWjFRaUtBeExGSEZsbU1CVk1TR1ZoZUpKK0pkNkhzUWhlWUQ1OUJGSnZJUGZ5TzJzTktUQ2IrWFFTcWU1bllpd0grST0%3D
Requested by: Host: live.xem.plus
URL: https://live.xem.plus/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.8.250.228 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 212-8-250-228.hosted-by-worldstream.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 67ms
67ms Script
application/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=live.xem.plus

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 L2NxMllORTdGNUtLZlJEbm13WE13YWhGOWFXUlB0YmJnWXU0bUFDK2Y1VEtmZGV4Sm1KekZLanEzdk9lUkZoQTA1SUVXVmlqRmlhYnh4U09DcUpsamtIU01HVEJMbENrSTlBYzJzMVNlRHlUbWVOM29CYzVUdmZQZ2hRdjJ2TVpOaHIzNUJhSkJ1bWh4ZEpLYmQ0L... Show response
ad.vidverto.io/delivery/video/pod/ Frame 0E71 51 KB
23 KB 137ms
136ms XHR
text/xml 212.8.250.228
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.vidverto.io/delivery/video/pod/L2NxMllORTdGNUtLZlJEbm13WE13YWhGOWFXUlB0YmJnWXU0bUFDK2Y1VEtmZGV4Sm1KekZLanEzdk9lUkZoQTA1SUVXVmlqRmlhYnh4U09DcUpsamtIU01HVEJMbENrSTlBYzJzMVNlRHlUbWVOM29CYzVUdmZQZ2hRdjJ2TVpOaHIzNUJhSkJ1bWh4ZEpLYmQ0L3JMZkh6ajN3MlBIRlBsY1VkNUFwcEEzNDJaT0Fmc3d5NU5tRnlsSDR1ckRHbXJtY000YXlLR3c5bGgyZ21WU2NETUZ2eXJ5YnNxV1lZY1h4UW1nOEN4RFdrcStjYWhUcnhINTFSamw0RnRObGlBSTlGbmx3cHZleGJxcjhRV2RENjFhMnBrbk5BTm1lY1pKNCtzYmZ6Nmo5c25keUR6R1pwR3ZMNnlLdzVKcXVJVUIxckJvSXpTQWo4SS9MZVpyUmVqWTVYVlJwbWZQWVZzNThvRWlhRkk5dmQ0MEVnWEtoTml5NkIxazZ2ZTV3VjR0ZmNBNTF0anVxb3ovL3NXYm9MSFRJaFNrVWdLS2lLdUJ1VTlxVVRBa1hPYjJkek5qVjByZ05KQWJWYzRGdDJNTlQ4eVBUQ0FXZTJ5REtFZ0xYR3pmbmNiMTJzVlQ2Nmdoek1UaTJydnh5M1VnZmJVOFVSOG5wbXNydmpoZzd0dSt2WVByRE5RUjd6VDVYSHBSU3dFSlk4NGtnWlhwdGt5RGRxSnhXZE44OVFoek9TcmpyKzRrUjNKUVU4MmlIVWtnb1k5R2d6dVQ1dlBqbFZZQ3FGTjAzZ09ZeTJaMDZwbEQ5cjVOYVl3RWF0Q2JHZ3dJend5TVJnU0hJVXQyTHlRN0pUa2xuQkJhYnpsL2xLY0dSOW83QUVJdGZvekF4aFNzOUt6Sm11Z1E9
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.566.2_en.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.8.250.228 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 212-8-250-228.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: c02fb06d0d69d2e28da8f7fa7d7150cb1899d460619822fa69383504f0a16a92

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

access-control-allow-origin: https://imasdk.googleapis.com
date: Tue, 28 Mar 2023 16:08:39 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/xml;charset=UTF-8

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303230101/ 150 KB
51 KB 100ms
99ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303230101/reactive_library_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303230101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

af81088ee52db677a2c79484528ae7d1b9a7d3723e42bfa95e8077aaaf71c3f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52115
x-xss-protection: 0
server: cafe
etag: 2931472102209839246
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 28 Mar 2023 16:08:39 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 60ms
60ms Script
application/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=live.xem.plus

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303230101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230323/r20110914/ Frame 620D 10 KB
4 KB 40ms
39ms Document
text/html 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230323/r20110914/zrt_lookup.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303230101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://live.xem.plus/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 14120
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Mar 2023 12:13:19 GMT
etag: 2378337311435320485
expires: Tue, 11 Apr 2023 12:13:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230323/r20110914/ Frame CDB9 10 KB
4 KB 43ms
39ms Document
text/html 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230323/r20110914/zrt_lookup.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303230101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://live.xem.plus/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 14120
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Mar 2023 12:13:19 GMT
etag: 2378337311435320485
expires: Tue, 11 Apr 2023 12:13:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230323/r20110914/ Frame D6F5 10 KB
4 KB 43ms
42ms Document
text/html 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230323/r20110914/zrt_lookup.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303230101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://live.xem.plus/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 14120
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Mar 2023 12:13:19 GMT
etag: 2378337311435320485
expires: Tue, 11 Apr 2023 12:13:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 csi
csi.gstatic.com/ Frame 0E71 0
225 B 150ms
53ms Ping
image/gif 2607:f8b0:400f:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~lfsgd3m0&c=2228020957589&slotId=1114010478794.5&eee=missing-element&bi=missing-id&vast_v=3.0&lima_p_ich=0&lima_p_icu=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.566.2_en.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:400f:802::2003 Boulder, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Mar 2023 16:08:39 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 0E71 156 B
414 B 1110ms
1003ms XHR
text/xml 2607:f8b0:4006:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F52555387%2C22439405700%2Fxemnhanh.info_video_preroll&description_url=https%3A%2F%2Fxemnhanh.info&tfcd=0&npa=0&sz=400x300%7C640x480&max_ad_duration=30000&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=796430434045650&sdkv=h.3.566.2&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&u_so=l&ctv=0&sdki=445&ptt=20&adk=3245180042&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.566.2&sid=BA2D3C30-C3D1-43CE-A134-2D7D069F850B&nel=0&eid=44748969%2C44752996%2C44765701%2C44772139%2C44777649%2C44781409%2C44781753%2C44782991&url=https%3A%2F%2Flive.xem.plus%2F&dt=1680019719288&cookie=ID%3D622b0a83f01a00b4-2262418ae9de00e9%3AT%3D1680019718%3ART%3D1680019718%3AS%3DALNI_MaY3gWxMFc9XNg-fCgzMBEKfvehww&gpic=UID%3D00000579c96b792c%3AT%3D1680019718%3ART%3D1680019718%3AS%3DALNI_MbrJxydMRISFItp8lHojk4LbegRqg&scor=450794967367796&ged=ve4_td2_tt0_pd2_la2000_er486.640.487.641_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.566.2_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:40 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 0E71 156 B
412 B 1575ms
1471ms XHR
text/xml 2607:f8b0:4006:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F52555387%2C22439405700%2Fxonxao.com_video_preroll_3&description_url=https%3A%2F%2Fxonxao.com&tfcd=0&npa=0&sz=400x300%7C640x480&max_ad_duration=30000&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=796430434045650&sdkv=h.3.566.2&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&u_so=l&ctv=0&sdki=445&ptt=20&adk=3245180042&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.566.2&sid=BA2D3C30-C3D1-43CE-A134-2D7D069F850B&nel=0&eid=44748969%2C44752996%2C44765701%2C44772139%2C44777649%2C44781409%2C44781753%2C44782991&url=https%3A%2F%2Flive.xem.plus%2F&dt=1680019719292&cookie=ID%3D622b0a83f01a00b4-2262418ae9de00e9%3AT%3D1680019718%3ART%3D1680019718%3AS%3DALNI_MaY3gWxMFc9XNg-fCgzMBEKfvehww&gpic=UID%3D00000579c96b792c%3AT%3D1680019718%3ART%3D1680019718%3AS%3DALNI_MbrJxydMRISFItp8lHojk4LbegRqg&scor=450794967367796&ged=ve4_td2_tt0_pd2_la2000_er486.640.487.641_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.566.2_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:40 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 0E71 156 B
414 B 722ms
620ms XHR
text/xml 2607:f8b0:4006:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F52555387%2C22439405700%2Fxonxao.com_video_preroll_4&description_url=https%3A%2F%2Fxonxao.com&tfcd=0&npa=0&sz=400x300%7C640x480&max_ad_duration=30000&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=796430434045650&sdkv=h.3.566.2&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&u_so=l&ctv=0&sdki=445&ptt=20&adk=3245180042&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.566.2&sid=BA2D3C30-C3D1-43CE-A134-2D7D069F850B&nel=0&eid=44748969%2C44752996%2C44765701%2C44772139%2C44777649%2C44781409%2C44781753%2C44782991&url=https%3A%2F%2Flive.xem.plus%2F&dt=1680019719295&cookie=ID%3D622b0a83f01a00b4-2262418ae9de00e9%3AT%3D1680019718%3ART%3D1680019718%3AS%3DALNI_MaY3gWxMFc9XNg-fCgzMBEKfvehww&gpic=UID%3D00000579c96b792c%3AT%3D1680019718%3ART%3D1680019718%3AS%3DALNI_MbrJxydMRISFItp8lHojk4LbegRqg&scor=450794967367796&ged=ve4_td2_tt0_pd2_la2000_er486.640.487.641_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.566.2_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:39 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 0E71 92 KB
18 KB 1327ms
1228ms XHR
text/xml 2607:f8b0:4006:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21830442390%2C22439405700%2Fxehay9.com_%2Fvast_4&description_url=https%3A%2F%2Fxehay9.com&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=796430434045650&nofb=1&sdkv=h.3.566.2&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&u_so=l&ctv=0&sdki=445&ptt=20&adk=3245180042&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.566.2&sid=BA2D3C30-C3D1-43CE-A134-2D7D069F850B&nel=0&eid=44748969%2C44752996%2C44765701%2C44772139%2C44777649%2C44781409%2C44781753%2C44782991&url=https%3A%2F%2Flive.xem.plus%2F&dt=1680019719297&cookie=ID%3D622b0a83f01a00b4-2262418ae9de00e9%3AT%3D1680019718%3ART%3D1680019718%3AS%3DALNI_MaY3gWxMFc9XNg-fCgzMBEKfvehww&gpic=UID%3D00000579c96b792c%3AT%3D1680019718%3ART%3D1680019718%3AS%3DALNI_MbrJxydMRISFItp8lHojk4LbegRqg&scor=450794967367796&ged=ve4_td2_tt0_pd2_la2000_er486.640.487.641_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.566.2_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b905427fa20a094c9b67f319e21781f0f012d6fff60e7981b759e8521e7226d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:40 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17617
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 0E71 156 B
884 B 410ms
313ms XHR
text/xml 2607:f8b0:4006:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21830442390%2C22439405700%2Fen.xaluan.com_%2Fvast_4&description_url=https%3A%2F%2Fen.xaluan.com&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=796430434045650&nofb=1&sdkv=h.3.566.2&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&u_so=l&ctv=0&sdki=445&ptt=20&adk=3245180042&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.566.2&sid=BA2D3C30-C3D1-43CE-A134-2D7D069F850B&nel=0&eid=44748969%2C44752996%2C44765701%2C44772139%2C44777649%2C44781409%2C44781753%2C44782991&url=https%3A%2F%2Flive.xem.plus%2F&dt=1680019719299&cookie=ID%3D622b0a83f01a00b4-2262418ae9de00e9%3AT%3D1680019718%3ART%3D1680019718%3AS%3DALNI_MaY3gWxMFc9XNg-fCgzMBEKfvehww&gpic=UID%3D00000579c96b792c%3AT%3D1680019718%3ART%3D1680019718%3AS%3DALNI_MbrJxydMRISFItp8lHojk4LbegRqg&scor=450794967367796&ged=ve4_td2_tt0_pd2_la2000_er486.640.487.641_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.566.2_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:39 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 0E71 156 B
415 B 896ms
801ms XHR
text/xml 2607:f8b0:4006:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21830442390%2C22439405700%2Fxonxao.com_%2Fvast_2.0&description_url=https%3A%2F%2Fxonxao.com&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=796430434045650&nofb=1&sdkv=h.3.566.2&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&u_so=l&ctv=0&sdki=445&ptt=20&adk=3245180042&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.566.2&sid=BA2D3C30-C3D1-43CE-A134-2D7D069F850B&nel=0&eid=44748969%2C44752996%2C44765701%2C44772139%2C44777649%2C44781409%2C44781753%2C44782991&url=https%3A%2F%2Flive.xem.plus%2F&dt=1680019719302&cookie=ID%3D622b0a83f01a00b4-2262418ae9de00e9%3AT%3D1680019718%3ART%3D1680019718%3AS%3DALNI_MaY3gWxMFc9XNg-fCgzMBEKfvehww&gpic=UID%3D00000579c96b792c%3AT%3D1680019718%3ART%3D1680019718%3AS%3DALNI_MbrJxydMRISFItp8lHojk4LbegRqg&scor=450794967367796&ged=ve4_td2_tt0_pd2_la2000_er486.640.487.641_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.566.2_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:40 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 0E71 156 B
413 B 2015ms
1925ms XHR
text/xml 2607:f8b0:4006:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F52555387%2C22439405700%2Fxemnhanh.info_video_preroll_1&description_url=https%3A%2F%2Fxemnhanh.info&tfcd=0&npa=0&sz=400x300%7C640x480&max_ad_duration=30000&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=796430434045650&sdkv=h.3.566.2&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&u_so=l&ctv=0&sdki=445&ptt=20&adk=3245180042&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.566.2&sid=BA2D3C30-C3D1-43CE-A134-2D7D069F850B&nel=0&eid=44748969%2C44752996%2C44765701%2C44772139%2C44777649%2C44781409%2C44781753%2C44782991&url=https%3A%2F%2Flive.xem.plus%2F&dt=1680019719306&cookie=ID%3D622b0a83f01a00b4-2262418ae9de00e9%3AT%3D1680019718%3ART%3D1680019718%3AS%3DALNI_MaY3gWxMFc9XNg-fCgzMBEKfvehww&gpic=UID%3D00000579c96b792c%3AT%3D1680019718%3ART%3D1680019718%3AS%3DALNI_MbrJxydMRISFItp8lHojk4LbegRqg&scor=450794967367796&ged=ve4_td2_tt0_pd2_la2000_er486.640.487.641_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.566.2_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:41 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 6ad0e37510f8e3483bebad31dbd0e18a.js Show response
www.gstatic.com/mysidia/ Frame 620D 9 KB
4 KB 129ms
42ms Script
text/javascript 2607:f8b0:4006:80c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/6ad0e37510f8e3483bebad31dbd0e18a.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230323/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c320d790dba4c17895962386aa3587aff97e96a7c499f37dd47bf299431ce41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 00:47:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 55296
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4014
x-xss-protection: 0
last-modified: Mon, 27 Mar 2023 22:20:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 26 Jun 2023 00:47:03 GMT

GET
H2 200 52a81aff50ea61a9f788b3dba9fdbcd9.js Show response
www.gstatic.com/mysidia/ Frame 620D 19 KB
8 KB 166ms
79ms Script
text/javascript 2607:f8b0:4006:80c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/52a81aff50ea61a9f788b3dba9fdbcd9.js?tag=pingback

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230323/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b34a2b7f484cd61010c1639b37c2b066e0f9449ad4b0379f2fcc1d1fe12fd85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 00:04:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57834
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7971
x-xss-protection: 0
last-modified: Mon, 27 Mar 2023 22:20:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 26 Jun 2023 00:04:45 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 620D 3 KB
1010 B 153ms
55ms Stylesheet
text/css 2607:f8b0:4006:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230323/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::200a Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fb7989597f1a10a56bd83de6a26eefec44a0c704979fb5e06f02195bc9cebfce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 28 Mar 2023 16:08:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 28 Mar 2023 14:12:34 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 28 Mar 2023 16:08:39 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230323/r20110914/client/ Frame 620D 2 KB
818 B 187ms
89ms Script
text/javascript 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230323/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230323/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 06:51:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33450
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 11 Apr 2023 06:51:09 GMT

GET
H2 200 ee2c59080e5bf120007802dc0b017c3c.js Show response
www.gstatic.com/mysidia/ Frame 620D 6 KB
2 KB 139ms
54ms Script
text/javascript 2607:f8b0:4006:80c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/ee2c59080e5bf120007802dc0b017c3c.js?tag=analytics_pingback_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230323/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b977bf6527db152aec01f17b8ccdfcb28ba1526096c1af1d784cef47eab2fc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 00:12:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 575752
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2361
x-xss-protection: 0
last-modified: Tue, 21 Mar 2023 22:42:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 20 Jun 2023 00:12:47 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230323/r20110914/ Frame 620D 22 KB
9 KB 135ms
38ms Script
text/javascript 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230323/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230323/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78a0b7266f642f96b673c4065063dba46a80f651ff12352eb82aa877c23b9186

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 06:51:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33450
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9109
x-xss-protection: 0
server: cafe
etag: 16040247357158217350
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 11 Apr 2023 06:51:09 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230323/r20110914/client/ Frame 620D 3 KB
1 KB 187ms
90ms Script
text/javascript 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230323/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230323/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 06:51:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33450
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 11 Apr 2023 06:51:09 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230323/r20110914/client/ Frame 620D 20 KB
9 KB 141ms
45ms Script
text/javascript 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230323/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230323/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83dd1a8208a83ec90a9a2d7774ab28e4b93b3eba53fb6a3fd444eb7e389ecbff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 06:51:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33450
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8627
x-xss-protection: 0
server: cafe
etag: 8620137988422272387
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 11 Apr 2023 06:51:09 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 620D 158 KB
49 KB 169ms
72ms Script
text/javascript 2607:f8b0:4006:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230323/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

211b508f51e67897ed88fa49901e1ccbe5e1ddacdc43a391f699f757ce1c0a9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49596
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679917726319514"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Mar 2023 16:08:39 GMT

GET
H2 200 16f0d4cb97c8e7eb77e268815c2afdab.js Show response
www.gstatic.com/mysidia/ Frame 620D 34 KB
14 KB 127ms
44ms Script
text/javascript 2607:f8b0:4006:80c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/16f0d4cb97c8e7eb77e268815c2afdab.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230323/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ae3bb0a509cfd77e56854034c90db2e31b6436cd887965bf492f9a0cf172656

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 12:13:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14119
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14384
x-xss-protection: 0
last-modified: Mon, 27 Mar 2023 22:20:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 26 Jun 2023 12:13:20 GMT

GET
H2 200 afr.php Show response
ads.us.criteo.com/delivery/r/ Frame 0FF6 112 KB
40 KB 192ms
104ms Document
text/html 2620:100:a001::24
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.us.criteo.com/delivery/r/afr.php?z=ZCMRBgACMkgE0ZCjAAKR31FDc6-4d3nsyFIh6w&u=%7CBZRDGtolJZc7cGenhufbo0JM587qgvCG4al7dIvEt8E%3D%7C&c1=vOXRlg0vwJfXohPe4jzvnvp1I2f_Wr_MCcHcizXAxdPlqb0G-YMAokno0p79soXrKbsFb_eKG5UTgxYXWOHTevXjBXGjGbzlLwrelTDmT5MJgVodw4EmnEbk2BWAfx8vuBghNaKQRQim59nl_KYuBd3YIbNhCi66jpvtxEV5qVWWlM7yen0KacbF3SSz__Bf4TqTAjXbn8iabVePw90-HvwggAfwVNXhpIZwzNZL4oL4GpCmSZvtOI7CY3yYfv9zVtxLJ8zsGqN8pKM-RSjjg2NumN5XkRw1DRk2vA6d58xmWifY8kpQ_M1uR_MDaS-zzrXyFRb1J--TLCAsA01Y3LNq-vLtEvu45TtRp6tvVeU7V7N3XKSH3vJwUoAjgnhJ6xNhuKNBEDzbv-2oJ79V-YOmuCtYyUtGspYecE_NKMUKoWpRdrMla01sEpckzdM4gjpzPI2F4gsTb4ASNZyFzZOnE729u8D-3UDOgBUJMtHn9ACQwuv0rS5SiQFrXbgOaRrooduda5j5ljuwPvVfLi12Uw6o2jFlWQMOKiq6I34hmugic3byFK8znRgz-9huQ0lHq8Dahc5kH9QvXKJtkwfqLmY5RB-KCLzRNSon5OgudZUJup8jYSAKsA4Hp2m5v1SdH8hY3gY&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCwCEBBhEjZMjkCKOhxtYP36OK-AGcge-wXKLKp6p0wI23ARABIABgybajiPCj7BKCARdjYS1wdWItMzA3Mzk4NTcyMzA4NzY5NcgBCagDAaoEvAFP0IlzSrpDaCtrA4OlYnGCxZrB-FJgs33ua79PTO27W9bqKWE2iEAQUIYkop7ohdRcG467E5nd9IthQHgyEkiOywvFMtijTTh_P2VrnuVqGvC4TpGJFv7rT03iQMWXkCchouCdo18RHw0lTw-YKmdeZwGceK72YmUNPxXeVENS_pnHaC2UdB7_0BpP5alEZ6YiKon6BxMv-d2GmeOPMWip6GN_dRXlbIMtRADL5ksvg4Fp_QdLtGAmsVqDxIAG9sfYx5fvjaQtoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDQiAYRABMgKKAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3ZOMEUdSyOXhzpjzCHf1Idbq_hAg%26client%3Dca-pub-3073985723087695%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230323/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::24 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

a6d211d54ed4b9e2d3bfa9c6251ea99b58faf9af357e8cae6ed3306770e3045e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Tue, 28 Mar 2023 16:08:39 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.us.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.us.criteo.net/heavyad?cppv=3&cpp=KTagn4qUUIcrt96UaTCMc3wEjFUmenyprbGf62gZKQodKMl-UH5eH3qr2HTiTsP4ievt3o-yMkC56DUsxupVxPrtT-4yuRl2Db4xQGquO0za--pyu-6jc2r-jHr3g90cmsgZRU-iaOn47VPu8wAl-kt20JzMqqKWS97iEs2TnVl98xWOpANRc-uuPkrmjathssoRa_fv5V9-d5M4wLI1_9POvYkh0cZHtzCRUMVBNmpmySdg1kIMng-ohErjNtbX6WL0PA"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 52765117
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230323/r20110914/client/ Frame CDB9 3 KB
1 KB 180ms
91ms Script
text/javascript 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230323/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230323/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 06:51:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33450
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 11 Apr 2023 06:51:09 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230323/r20110914/client/ Frame CDB9 20 KB
8 KB 142ms
54ms Script
text/javascript 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230323/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230323/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83dd1a8208a83ec90a9a2d7774ab28e4b93b3eba53fb6a3fd444eb7e389ecbff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 06:51:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33450
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8627
x-xss-protection: 0
server: cafe
etag: 8620137988422272387
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 11 Apr 2023 06:51:09 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CDB9 158 KB
49 KB 247ms
160ms Script
text/javascript 2607:f8b0:4006:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230323/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

211b508f51e67897ed88fa49901e1ccbe5e1ddacdc43a391f699f757ce1c0a9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49596
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679917726319514"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Mar 2023 16:08:39 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame D6F5 0
0 64ms
64ms Fetch
text/html 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CCF5XBhEjZMnkCKOhxtYP36OK-AGcge-wXKLKp6p0wI23ARABIABgybajiPCj7BKCARdjYS1wdWItMzA3Mzk4NTcyMzA4NzY5NcgBCagDAaoEuwFP0HLuZwcWfHaltz0RWVauxX9E9c-SLv6AmKz9mg8xpfVRYzdwhV34YXKFMo5baYPoBRJsaTXnnZ0AcMMzNE2zEjJzsE4deBeaELPwSn0CaDSDqyZZgxesqlUgSg47EjFMiWo2-QPeeWpCKHjKIxdRp4pWH2N4QvG9k8PeXWwlfC6y4JmC54brZpRZprqz2Vqcc8gjuRZE5VdzFjJ4R4PoxIhFQcy7rxXtQQr62_rdfZHw9kpE3RYzrCXrgAb2x9jHl--NpC2gBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggNCIBhEAEyAooCOgKAQIAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi0zMDczOTg1NzIzMDg3Njk1GAA&sigh=iiryxYHeHD8&uach_m=[UACH]&cid=CAQSGwDUE5ymfFhPaD3JztlFOvOMREd9LJRJws0rtxgB

Requested by

Host: live.xem.plus
URL: https://live.xem.plus/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20230323/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 28 Mar 2023 16:08:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 28 Mar 2023 16:08:39 GMT

GET
H2 200 notify
rtb.va.us.criteo.com/google/auction/ Frame D6F5 0
0 121ms
39ms Fetch 2620:100:a001::3
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.va.us.criteo.com/google/auction/notify?profile=14&payload=kL6pE836RO0HfOIinRcCAAAA6v2x39hYoccQBhEjZAZS8Ud6nQwlflwAABIAAAoKQVFVQkNnRUJDZw&wp=ZCMRBgACMkkE0ZCjAAKR33Ju89KmzNoqOw3P-g

Requested by

Host: live.xem.plus
URL: https://live.xem.plus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::3 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:38 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 258782
server: Kestrel
content-length: 0

GET
H2 200 afr.php Show response
ads.us.criteo.com/delivery/r/ Frame 80C9 118 KB
41 KB 242ms
163ms Document
text/html 2620:100:a001::24
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.us.criteo.com/delivery/r/afr.php?z=ZCMRBgACMkkE0ZCjAAKR33Ju89KmzNoqOw3P-g&u=%7CBZRDGtolJZdjPgzd%2BWa7lxXguA6f4wnh57L0rUtkpRg%3D%7C&c1=vOXRlg0vwJfXohPe4jzvnvp1I2f_Wr_M55cF6o6PKd4qriC-EIosjBIlF-7JjmWKwyOzl0Sjk60RpOTU8v9xn26rFs_LzJyGVMZ06_CHGMNUzZPMZq65nb2EGWwlzvFEh62yCbiTWIdoWuIUmwwAaYADJZeOK9hkZz9LOdMMedARcu0qjeBNqr5ft0dzgiQ44Af-C3f-1RCgG4SGPpKIVx-n0CsbAIR5lEhFXTcGpsK1_NOQz4XOTCV_8kPj6z2ubnsqd2fbFLpm4s9Gb67mjxmScLbg_K6qHwp2RsnMcYdxnA7iEzuC_Jyxbs8xNNv4L0eceF5NIf1F8YEdRijj6sGXgdsqUskkdphv-4vpcGFFugTvrfPh_8-TRJWRMNwcrhgyoG4MmxV11WL7lshgU-VgCG-BuGbosnrUxtv3zkiXq4pNTs2DYGwT9RQsA2wfCvdXRJeaVlJ-2C10CzWnmk-CnOnqN8e1bf41qzNMYsaZNYPJYTmGpszqQTEMTO34GeWM-WgYp-BTe9BFZ80HdsKjB0JBGMSBdoUJQPxqj3_FikXWT6_kxcJOk6SKWCTKFVPseR7hlngJIT0hvcpT-uogyguIHLJ5eVeFiixLtsCzcyppsp2lZ3YZ9HhCug6t9jQXHyjWzC_YasqWzFEnqw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCFBOZBhEjZMnkCKOhxtYP36OK-AGcge-wXKLKp6p0wI23ARABIABgybajiPCj7BKCARdjYS1wdWItMzA3Mzk4NTcyMzA4NzY5NcgBCagDAaoEvgFP0HLuZwcWfHaltz0RWVauxX9E9c-SLv6AmKz9mg8xpfVRYzdwhV34YXKFMo5baYPoBRJsaTXnnZ0AcMMzNE2zEjJzsE4deBeaELPwSn0CaDSDqyZZgxesqlUgSg47EjFMiWo2-QPeeWpCKHjKIxdRp4pWH2N4QvG9k8PeXWwlfC6y4JmC54brZpRZprqz2Vqcc8gjuRYG53fhvcDxR0BhqQSuO0V4GCnFSCTiH2EuBxg5SFRoxb_lPSUoW9zwgAb2x9jHl--NpC2gBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggNCIBhEAEyAooCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0Jr1o0y6dhLOCey9g0xjFTTnjFxw%26client%3Dca-pub-3073985723087695%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230323/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::24 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

8af3f2858ed56f9fb007ed179c7e822753515e5ba57a3fc220b6cd67c9b4f387

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Tue, 28 Mar 2023 16:08:38 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.us.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.us.criteo.net/heavyad?cppv=3&cpp=e2whRoqUUIcrt96UfCSx3h4a1B5iXVAxuKFxfGjjqLkyo3fQTaVKTOJzpdwEUtRCqvG07t1Nuk1CHY8VCP_gHtO20yM-KhIM3dKhBXTOY_GypzIgcItPPzWeQJfoY8Buy3H6wMMMlkEcNoKPDOWxIh6G7BSzHe2RBhSndciln0qq_y-dfFCmFgM5J889dtgDRibrbAghAA5WpWiaIBLyXN_G7TTudTVv68TbLGsNr_LSCay4uzdh6-GYaOS7UyRYk_3IYw"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 72172110
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230323/r20110914/client/ Frame D6F5 3 KB
1 KB 171ms
92ms Script
text/javascript 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230323/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230323/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 06:51:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33450
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 11 Apr 2023 06:51:09 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230323/r20110914/client/ Frame D6F5 20 KB
8 KB 158ms
79ms Script
text/javascript 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230323/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230323/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83dd1a8208a83ec90a9a2d7774ab28e4b93b3eba53fb6a3fd444eb7e389ecbff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 06:51:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33450
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8627
x-xss-protection: 0
server: cafe
etag: 8620137988422272387
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 11 Apr 2023 06:51:09 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D6F5 158 KB
49 KB 210ms
132ms Script
text/javascript 2607:f8b0:4006:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230323/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

211b508f51e67897ed88fa49901e1ccbe5e1ddacdc43a391f699f757ce1c0a9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49596
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679917726319514"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Mar 2023 16:08:39 GMT

GET
DATA 200
OK truncated
/ Frame D6F5 207 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c096db2345073e220c6df6c5d3afbf7404e385bcd0da9852bd711e55b6f5347d

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 0FF6 2 KB
1 KB 119ms
38ms Image
image/svg+xml 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.us.criteo.com
URL: https://ads.us.criteo.com/delivery/r/afr.php?z=ZCMRBgACMkgE0ZCjAAKR31FDc6-4d3nsyFIh6w&u=%7CBZRDGtolJZc7cGenhufbo0JM587qgvCG4al7dIvEt8E%3D%7C&c1=vOXRlg0vwJfXohPe4jzvnvp1I2f_Wr_MCcHcizXAxdPlqb0G-YMAokno0p79soXrKbsFb_eKG5UTgxYXWOHTevXjBXGjGbzlLwrelTDmT5MJgVodw4EmnEbk2BWAfx8vuBghNaKQRQim59nl_KYuBd3YIbNhCi66jpvtxEV5qVWWlM7yen0KacbF3SSz__Bf4TqTAjXbn8iabVePw90-HvwggAfwVNXhpIZwzNZL4oL4GpCmSZvtOI7CY3yYfv9zVtxLJ8zsGqN8pKM-RSjjg2NumN5XkRw1DRk2vA6d58xmWifY8kpQ_M1uR_MDaS-zzrXyFRb1J--TLCAsA01Y3LNq-vLtEvu45TtRp6tvVeU7V7N3XKSH3vJwUoAjgnhJ6xNhuKNBEDzbv-2oJ79V-YOmuCtYyUtGspYecE_NKMUKoWpRdrMla01sEpckzdM4gjpzPI2F4gsTb4ASNZyFzZOnE729u8D-3UDOgBUJMtHn9ACQwuv0rS5SiQFrXbgOaRrooduda5j5ljuwPvVfLi12Uw6o2jFlWQMOKiq6I34hmugic3byFK8znRgz-9huQ0lHq8Dahc5kH9QvXKJtkwfqLmY5RB-KCLzRNSon5OgudZUJup8jYSAKsA4Hp2m5v1SdH8hY3gY&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCwCEBBhEjZMjkCKOhxtYP36OK-AGcge-wXKLKp6p0wI23ARABIABgybajiPCj7BKCARdjYS1wdWItMzA3Mzk4NTcyMzA4NzY5NcgBCagDAaoEvAFP0IlzSrpDaCtrA4OlYnGCxZrB-FJgs33ua79PTO27W9bqKWE2iEAQUIYkop7ohdRcG467E5nd9IthQHgyEkiOywvFMtijTTh_P2VrnuVqGvC4TpGJFv7rT03iQMWXkCchouCdo18RHw0lTw-YKmdeZwGceK72YmUNPxXeVENS_pnHaC2UdB7_0BpP5alEZ6YiKon6BxMv-d2GmeOPMWip6GN_dRXlbIMtRADL5ksvg4Fp_QdLtGAmsVqDxIAG9sfYx5fvjaQtoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDQiAYRABMgKKAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3ZOMEUdSyOXhzpjzCHf1Idbq_hAg%26client%3Dca-pub-3073985723087695%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Mar 2024 16:08:39 GMT

GET
H2 200 adchoices_en.svg
static.criteo.net/flash/icon/ Frame 0FF6 2 KB
1 KB 122ms
41ms Image
image/svg+xml 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_en.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

60bcafbd631f6fa0805e158ca3b235e76225350db6fbb423596d4c4954b27573

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-759"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Mar 2024 16:08:39 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 0FF6 308 B
636 B 118ms
40ms Image
image/svg+xml 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:39 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Fri, 22 Mar 2024 16:08:39 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 0FF6 293 B
621 B 152ms
75ms Image
image/svg+xml 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:39 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Fri, 22 Mar 2024 16:08:39 GMT

GET
H2 200 lg.php
cat.va.us.criteo.com/delivery/ Frame 0FF6 43 B
348 B 144ms
48ms Image
image/gif 74.119.119.147
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.va.us.criteo.com/delivery/lg.php?cppv=3&cpp=UznG4bvY0lGr9E0cFbBouCydtCNzfLswa70j0c8gVEAzfZRLZfoqKGG2XE28btZ-qziyiX_OY2VABLPQMAPxKLAQv3RO-Jed9c2UKyFYj6kiUPtnPjhcc9aWUNcYrjlZxDCWUnc54Lm3O1e441Yf1PkR0lyrE6PTV8x0MtPc7AqbBxAfnQnXPzVEMAfsz-2o7ZvngnHXnkaIB4r3ld1QfjFKLpgZS5oqYH5fE-tnKSXMdQP5zK3F_cKg8v73X_dG1L9XqJC6F-BBLQHbk87V_auooIThtj-p9hwxjASjrsfX9kLcu09Cm1MYVtI56jpFsHvMqhK8p5yNqD6rTWf-JE6Tusj9IJH4xWa3PCFnHklVQo4MJ8Z9iSN2-tEqECNyuQWFn79iNfFwrXVKwYnQaw9qfs_yLCF6Ragv74bYx42MeODA

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.119.147 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Mar 2023 16:08:38 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3190880
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 0FF6 12 KB
5 KB 91ms
39ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:39 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1623863
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4420
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k5jImUJDpkfKAzums4ZrKJNzftsXeaMHSmt1gSWs66j7oFTVM4hgFyFE14TYYZPXetgBDhjAF%2Fhwk%2Bptz%2FnM5rrLc%2F1XjeBqFmFOu7oGTt19a0EmeYjr4Aj%2FWgSb4TTWeTAWhdqctFrtDABhkvigrmHy"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7af1220f9fc72246-ORD
expires: Sun, 17 Mar 2024 16:08:39 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 80C9 2 KB
1 KB 58ms
43ms Image
image/svg+xml 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.us.criteo.com
URL: https://ads.us.criteo.com/delivery/r/afr.php?z=ZCMRBgACMkkE0ZCjAAKR33Ju89KmzNoqOw3P-g&u=%7CBZRDGtolJZdjPgzd%2BWa7lxXguA6f4wnh57L0rUtkpRg%3D%7C&c1=vOXRlg0vwJfXohPe4jzvnvp1I2f_Wr_M55cF6o6PKd4qriC-EIosjBIlF-7JjmWKwyOzl0Sjk60RpOTU8v9xn26rFs_LzJyGVMZ06_CHGMNUzZPMZq65nb2EGWwlzvFEh62yCbiTWIdoWuIUmwwAaYADJZeOK9hkZz9LOdMMedARcu0qjeBNqr5ft0dzgiQ44Af-C3f-1RCgG4SGPpKIVx-n0CsbAIR5lEhFXTcGpsK1_NOQz4XOTCV_8kPj6z2ubnsqd2fbFLpm4s9Gb67mjxmScLbg_K6qHwp2RsnMcYdxnA7iEzuC_Jyxbs8xNNv4L0eceF5NIf1F8YEdRijj6sGXgdsqUskkdphv-4vpcGFFugTvrfPh_8-TRJWRMNwcrhgyoG4MmxV11WL7lshgU-VgCG-BuGbosnrUxtv3zkiXq4pNTs2DYGwT9RQsA2wfCvdXRJeaVlJ-2C10CzWnmk-CnOnqN8e1bf41qzNMYsaZNYPJYTmGpszqQTEMTO34GeWM-WgYp-BTe9BFZ80HdsKjB0JBGMSBdoUJQPxqj3_FikXWT6_kxcJOk6SKWCTKFVPseR7hlngJIT0hvcpT-uogyguIHLJ5eVeFiixLtsCzcyppsp2lZ3YZ9HhCug6t9jQXHyjWzC_YasqWzFEnqw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCFBOZBhEjZMnkCKOhxtYP36OK-AGcge-wXKLKp6p0wI23ARABIABgybajiPCj7BKCARdjYS1wdWItMzA3Mzk4NTcyMzA4NzY5NcgBCagDAaoEvgFP0HLuZwcWfHaltz0RWVauxX9E9c-SLv6AmKz9mg8xpfVRYzdwhV34YXKFMo5baYPoBRJsaTXnnZ0AcMMzNE2zEjJzsE4deBeaELPwSn0CaDSDqyZZgxesqlUgSg47EjFMiWo2-QPeeWpCKHjKIxdRp4pWH2N4QvG9k8PeXWwlfC6y4JmC54brZpRZprqz2Vqcc8gjuRYG53fhvcDxR0BhqQSuO0V4GCnFSCTiH2EuBxg5SFRoxb_lPSUoW9zwgAb2x9jHl--NpC2gBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggNCIBhEAEyAooCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0Jr1o0y6dhLOCey9g0xjFTTnjFxw%26client%3Dca-pub-3073985723087695%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Mar 2024 16:08:39 GMT

GET
H2 200 adchoices_en.svg
static.criteo.net/flash/icon/ Frame 80C9 2 KB
1 KB 58ms
44ms Image
image/svg+xml 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_en.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

60bcafbd631f6fa0805e158ca3b235e76225350db6fbb423596d4c4954b27573

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-759"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Mar 2024 16:08:39 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 80C9 308 B
636 B 43ms
42ms Image
image/svg+xml 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:39 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Fri, 22 Mar 2024 16:08:39 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 80C9 293 B
621 B 44ms
43ms Image
image/svg+xml 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:39 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Fri, 22 Mar 2024 16:08:39 GMT

GET
H2 200 lg.php
cat.va.us.criteo.com/delivery/ Frame 80C9 43 B
347 B 49ms
49ms Image
image/gif 74.119.119.147
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.va.us.criteo.com/delivery/lg.php?cppv=3&cpp=1QDoEVlYhjB8rd9W1gUE0Ci_jgXSQr23Lm0Nr8wT_iPh83w95FjB1Bm3bgpMWKowgnc1Kjk4gBdH_ZM404ohGl2146DApMn3ERAaUgRoXwuF0raQGpTd4US3iMWi0mK0xHq2Pl_Kxz3lpwbGxxu_ZNqD7424RhxfwxDqWQ2TAb4DZy5dn1pe8V-VLt4RmzJEx7kre9pfu5nelWl1KM9SOFYxHNJIJdoeH4q1LcvYEdoTfMgGE68aJU2DWwFHseuSsxnzRyQJ1uoCiaMVqQekJfSjURb37I6MhJeBT5DD0hid9G7rb3Q2saXG4bCGvMD7c6bg9qADgq2EEe9adzh5I96nTRDZo9MrIP7pnZCrd9vYAVlwqMHMZ7rFpDY4kD3kad8pfJCbiV_s5mfuShs_2ytobUwip6fL9T2X7ryGmZCYY-VB

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.119.147 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Mar 2023 16:08:39 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3033536
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 0FF6 12 KB
6 KB 82ms
74ms Script
text/javascript 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Mar 2024 16:08:39 GMT

POST
H2 200 all
csm.us.criteo.net/ Frame 0FF6 0
128 B 138ms
40ms Ping
text/plain 2620:100:a001::16
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.us.criteo.net/all?cppv=3&cpp=KTagn4qUUIcrt96UaTCMc3wEjFUmenyprbGf62gZKQodKMl-UH5eH3qr2HTiTsP4ievt3o-yMkC56DUsxupVxPrtT-4yuRl2Db4xQGquO0za--pyu-6jc2r-jHr3g90cmsgZRU-iaOn47VPu8wAl-kt20JzMqqKWS97iEs2TnVl98xWOpANRc-uuPkrmjathssoRa_fv5V9-d5M4wLI1_9POvYkh0cZHtzCRUMVBNmpmySdg1kIMng-ohErjNtbX6WL0PA&sds=2&rev=85392&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::16 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.us.criteo.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 28 Mar 2023 16:08:39 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 0FF6 2 KB
1 KB 44ms
42ms Image
image/svg+xml 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Mar 2024 16:08:39 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 0FF6 2 KB
1 KB 59ms
58ms Image
image/svg+xml 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Mar 2024 16:08:39 GMT

GET
H2 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 80C9 12 KB
5 KB 31ms
29ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:39 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1623863
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4420
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lp5JKf06APzfDf2hKZKTTZ%2Bqc6azv%2FFYNuGI43KgoVk0VvaSwvnE6%2Bcg5wQfUAjYvwolp1JZyOEX55t3G%2FiAm%2FhOzZmRI8A%2BRNXbKK1xIZrtBLAEuEVsoumkeN0xxkHCdO%2FE0IUo%2BxvASBhQqTsRq6sB"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7af1221008592246-ORD
expires: Sun, 17 Mar 2024 16:08:39 GMT

GET
H2 200 71e3b7bf84e74194858937ab494cecb9_dinpro-medium.woff
static.criteo.net/design/dt/ Frame 80C9 51 KB
51 KB 154ms
77ms Font
application/octet-stream 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/71e3b7bf84e74194858937ab494cecb9_dinpro-medium.woff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

1ebf858e8d21bf36bfcd56134c93ad55c0e8e22a975dd7ebb6fdbb648e3ebbe4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.us.criteo.com/
Origin: https://ads.us.criteo.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 10 Apr 2018 20:57:20 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5acd2530-cab4"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Mar 2024 16:08:39 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 80C9 12 KB
6 KB 43ms
41ms Script
text/javascript 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Mar 2024 16:08:39 GMT

GET
H2 200 img
pix.us.criteo.net/img/ Frame 80C9 2 KB
2 KB 170ms
89ms Image
image/webp 2620:100:a001::a
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.us.criteo.net/img/img?h=244&m=0&partner=8852&q=80&r=0&u=http%3A%2F%2Fstatic.va.us.criteo.net%2Fdesign%2Fdt%2F8852%2F230110%2Fe80d37b552e046af835e5121a1db9c2d_logo_n_square.jpg&v=3&w=196&s=0hNqRqmztPCNiVXLCuXuL70x

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::a , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Finatra /

Resource Hash

9aa7f02fe9efe51b0e721702eea8dcf5f25c49615a10539bded19ff1166cc7aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:38 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29769864
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 1894
expires: Thu, 07 Mar 2024 05:33:04 GMT

GET
H2 200 img
pix.us.criteo.net/img/ Frame 80C9 5 KB
6 KB 120ms
40ms Image
image/webp 2620:100:a001::a
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.us.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=8852&q=80&r=0&u=https%3A%2F%2Fimages.puma.net%2Fimages%2F365176%2F34%2Fsv01%2Ffnd%2FPNA%2Fw%2F600%2Fh%2F600%2F&v=3&w=400&s=2l_2jwOwNQIG_Dxc4wxSRfNC&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::a , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Finatra /

Resource Hash

a8fdfd9c6c6dfb2de3ac40dde22743de13d1d98b86c2ff8eb4b777c429d84011

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:39 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=28049464
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 5388
expires: Fri, 16 Feb 2024 07:39:44 GMT

GET
H2 200 img
pix.us.criteo.net/img/ Frame 80C9 7 KB
7 KB 168ms
88ms Image
image/webp 2620:100:a001::a
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.us.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=8852&q=80&r=0&u=https%3A%2F%2Fimages.puma.net%2Fimages%2F194095%2F07%2Fsv01%2Ffnd%2FPNA%2Fw%2F600%2Fh%2F600%2F&v=3&w=400&s=en2EvnBT8xxzaA_I5iu554DH&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::a , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Finatra /

Resource Hash

fa69b186c52d48e6bb59cb2d8084e06858bbb01b3d10997f2d4691652522b39c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:39 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29590926
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 7406
expires: Tue, 05 Mar 2024 03:50:45 GMT

GET
H2 200 img
pix.us.criteo.net/img/ Frame 80C9 7 KB
7 KB 121ms
42ms Image
image/webp 2620:100:a001::a
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.us.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=8852&q=80&r=0&u=https%3A%2F%2Fimages.puma.net%2Fimages%2F194323%2F22%2Fsv01%2Ffnd%2FPNA%2Fw%2F600%2Fh%2F600%2F&v=3&w=400&s=sicBEe9NjChtDYQvq_tg8yyt&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::a , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Finatra /

Resource Hash

49083cbfbc2714afd3259302109b9178bf7eccd834324a458200f26ce7ce29c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:39 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=30197347
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 7006
expires: Tue, 12 Mar 2024 04:17:47 GMT

GET
H2 200 img
pix.us.criteo.net/img/ Frame 80C9 6 KB
6 KB 160ms
81ms Image
image/webp 2620:100:a001::a
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.us.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=8852&q=80&r=0&u=https%3A%2F%2Fimages.puma.net%2Fimages%2F376961%2F01%2Fsv01%2Ffnd%2FPNA%2Fw%2F600%2Fh%2F600%2F&v=3&w=400&s=mpU1feqGoOCDHdC_CXtnsXoQ&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::a , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Finatra /

Resource Hash

1686841a20956d0a4bd55d171620fc18702e3605b4668dc07188c24a9f39b83e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:39 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29322295
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 5890
expires: Sat, 02 Mar 2024 01:13:35 GMT

POST
H2 200 all
csm.us.criteo.net/ Frame 80C9 0
127 B 45ms
41ms Ping
text/plain 2620:100:a001::16
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.us.criteo.net/all?cppv=3&cpp=e2whRoqUUIcrt96UfCSx3h4a1B5iXVAxuKFxfGjjqLkyo3fQTaVKTOJzpdwEUtRCqvG07t1Nuk1CHY8VCP_gHtO20yM-KhIM3dKhBXTOY_GypzIgcItPPzWeQJfoY8Buy3H6wMMMlkEcNoKPDOWxIh6G7BSzHe2RBhSndciln0qq_y-dfFCmFgM5J889dtgDRibrbAghAA5WpWiaIBLyXN_G7TTudTVv68TbLGsNr_LSCay4uzdh6-GYaOS7UyRYk_3IYw&sds=2&rev=85392&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::16 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.us.criteo.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 28 Mar 2023 16:08:39 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 80C9 2 KB
1 KB 40ms
40ms Image
image/svg+xml 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Mar 2024 16:08:39 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 80C9 2 KB
1 KB 40ms
40ms Image
image/svg+xml 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Mar 2024 16:08:39 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 0E71 0
54 B 55ms
53ms Ping
image/gif 2607:f8b0:400f:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=2~lfsgd3sb&c=2228020957589&slotId=1114010478794.5&ghmsh_eids=44748969%2C44752996%2C44765701%2C44772139%2C44777649%2C44781409%2C44781753%2C44782991&vast_v=4.0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.566.2_en.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:400f:802::2003 Boulder, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Mar 2023 16:08:39 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel.gif Show response
ad.vidverto.io/vidverto/test/ Frame 0E71 42 B
175 B 368ms
139ms Fetch
image/gif 212.8.250.228
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.vidverto.io/vidverto/test/pixel.gif
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.566.2_en.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.8.250.228 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 212-8-250-228.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:40 GMT
last-modified: Mon, 26 Oct 2020 16:14:05 GMT
server: nginx/1.14.0 (Ubuntu)
accept-ranges: bytes
etag: "5f96f5cd-2a"
content-length: 42
content-type: image/gif

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 620D 0
20 B 60ms
60ms Ping
image/gif 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=mys&d=Cg4IByoKd2ViX2Jhbm5lcgoHCAgqA2x0cgojCAEqH3RoaW4tY3RhLXdoaXRlc3BhY2UtdW5jbGlja2FibGUKCggCKgZzZXJ2ZXIKMQgEKi1teXNpZGlhX2FuYWx5dGljc19leHAzLG15c2lkaWFfcmVsZWFzZV9jYW5hcnkKDRArIQAAAAAAABhAMAQKDRADIQAAAM7M9HBAMAQKDRANIQAAAAAAAAAAMAQKCRAeKgMweDAwBAoJEBkqAzB4MDAECg0QKyEAAAAAAAAgQDAECg0QECEAAAAAAPGyQDAECg0QESEAAAAAYEnxQDAECg0QEiEAAAAAAAAgQDAECg0QEyEAAAAAAAAIQDAECg0QFyEAAAA0M1t4QDAECg0QFCEAAAAA8H_xQDAECg0QFSEAAAAAAAAkQDAECg0QFiEAAAAAAAAQQDAECg0QGCEAAAAAAGB4QDAECg0QMiEAAAAAODPTPzAECg0QMyEAAAAAmpnxPzAECg0QNCEAAAAAmpnxPzAECg0QNSEAAAAAmpnxPzAECg0QNiEAAAAAmpnxPzAECg0QNyEAAAAAmpnxPzAECg0QOCEAAAAAAAD4PzAECg0QOSEAAABwZmZEQDAECg0QOiEAAADQzAxFQDAECg0QOyEAAAAAACh4QDAECg0QPCEAAAAAACh4QDAECg0QPSEAAAA0M1t4QDAECg0QPiEAAADOzFx4QDAECg0QPyEAAADOzFx4QDAECg0QQCEAAABmZn54QDAEEhpDTWZfajVTQl9fMENGYU9RMFFRZDM1RUNIdyIWZ3BhL21heGltYWxfc2luZ2xlX2N0YSgI

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/52a81aff50ea61a9f788b3dba9fdbcd9.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Mar 2023 16:08:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 robotocondensed-400.css
static.criteo.net/design/googlefont/robotocondensed/ Frame 0FF6 2 KB
854 B 41ms
41ms Stylesheet
text/css 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/robotocondensed/robotocondensed-400.css

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

66d5e835f06be29e8b5112ee84def9f11eeef96f164d624ca3ba8bd8d3e2cefe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:14:23 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391f13f-8cb"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Mar 2024 16:08:39 GMT

GET
H2 200 robotocondensed-400.css
static.criteo.net/design/googlefont/robotocondensed/ Frame 80C9 2 KB
854 B 40ms
39ms Stylesheet
text/css 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/robotocondensed/robotocondensed-400.css

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

66d5e835f06be29e8b5112ee84def9f11eeef96f164d624ca3ba8bd8d3e2cefe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:14:23 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391f13f-8cb"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Mar 2024 16:08:39 GMT

GET
H2 200 robotocondensed-400-latin.woff2
static.criteo.net/design/googlefont/robotocondensed/ Frame 0FF6 15 KB
16 KB 109ms
108ms Font
application/octet-stream 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/robotocondensed/robotocondensed-400-latin.woff2

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/design/googlefont/robotocondensed/robotocondensed-400.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

d0b9c05ce31708c1061e034b60c217a0d35afd201434c06d03ba5b20a19cee4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://static.criteo.net/design/googlefont/robotocondensed/robotocondensed-400.css
Origin: https://ads.us.criteo.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:14:23 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391f13f-3d54"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Mar 2024 16:08:39 GMT

GET
H2 200 71e3b7bf84e74194858937ab494cecb9_dinpro-medium.woff
static.criteo.net/design/dt/ Frame 0FF6 51 KB
51 KB 76ms
75ms Font
application/octet-stream 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/71e3b7bf84e74194858937ab494cecb9_dinpro-medium.woff

Requested by

Host: live.xem.plus
URL: https://live.xem.plus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

1ebf858e8d21bf36bfcd56134c93ad55c0e8e22a975dd7ebb6fdbb648e3ebbe4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.us.criteo.com/
Origin: https://ads.us.criteo.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 10 Apr 2018 20:57:20 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5acd2530-cab4"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Mar 2024 16:08:39 GMT

GET
H2 200 robotocondensed-400-latin.woff2
static.criteo.net/design/googlefont/robotocondensed/ Frame 80C9 15 KB
16 KB 107ms
107ms Font
application/octet-stream 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/robotocondensed/robotocondensed-400-latin.woff2

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/design/googlefont/robotocondensed/robotocondensed-400.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

d0b9c05ce31708c1061e034b60c217a0d35afd201434c06d03ba5b20a19cee4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://static.criteo.net/design/googlefont/robotocondensed/robotocondensed-400.css
Origin: https://ads.us.criteo.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:14:23 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391f13f-3d54"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Mar 2024 16:08:39 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 68ms
66ms XHR
application/json 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230323&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303230101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37f7b2eee4eed140af22047d2118d2396d8fd2ec4b509c912deb5644e5e30570

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:39 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11236
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 90ms
89ms Script
text/javascript 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303230101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 28 Mar 2023 16:08:40 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 0E71 0
17 B 52ms
52ms Ping
image/gif 2607:f8b0:400f:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=3~lfsgd45s&c=2228020957589&slotId=1114010478794.5&faa=1
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.566.2_en.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:400f:802::2003 Boulder, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Mar 2023 16:08:40 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel.gif Show response
ad.vidverto.io/vidverto/test/ Frame 0E71 42 B
174 B 160ms
160ms Fetch
image/gif 212.8.250.228
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.vidverto.io/vidverto/test/pixel.gif
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.566.2_en.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.8.250.228 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 212-8-250-228.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:40 GMT
last-modified: Mon, 26 Oct 2020 16:14:05 GMT
server: nginx/1.14.0 (Ubuntu)
accept-ranges: bytes
etag: "5f96f5cd-2a"
content-length: 42
content-type: image/gif

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 3E4B 13 KB
5 KB 40ms
40ms Document
text/html 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://live.xem.plus/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 8340
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 28 Mar 2023 13:49:40 GMT
expires: Wed, 27 Mar 2024 13:49:40 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame AA15 783 B
1 KB 149ms
60ms Document
text/html 2607:f8b0:4006:816::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2004 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

fd623296725e7946c5ef58545c21ac636a7b4fa3d0629150d72511563048a74a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-pySH0EOBhQrDGjFxOD02Dw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://live.xem.plus/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-pySH0EOBhQrDGjFxOD02Dw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 28 Mar 2023 16:08:40 GMT
expires: Tue, 28 Mar 2023 16:08:40 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H3 204 csi
csi.gstatic.com/ Frame 0E71 0
17 B 53ms
52ms Ping
image/gif 2607:f8b0:400f:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=4~lfsgd4d6&c=2228020957589&slotId=1114010478794.5&fas=1
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.566.2_en.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:400f:802::2003 Boulder, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Mar 2023 16:08:40 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js Show response
pagead2.googlesyndication.com/bg/ Frame 3E4B 36 KB
14 KB 39ms
39ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b78fda59eb8b6bf04ef48190dd1dc7701d13685368111fd6ecf42b979445815d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:50:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 429465
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14115
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 22 Mar 2024 16:50:55 GMT

GET
H2 200 pixel.gif Show response
ad.vidverto.io/vidverto/test/ Frame 0E71 42 B
174 B 115ms
115ms Fetch
image/gif 212.8.250.228
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.vidverto.io/vidverto/test/pixel.gif
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.566.2_en.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.8.250.228 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 212-8-250-228.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:40 GMT
last-modified: Mon, 26 Oct 2020 16:14:05 GMT
server: nginx/1.14.0 (Ubuntu)
accept-ranges: bytes
etag: "5f96f5cd-2a"
content-length: 42
content-type: image/gif

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame AA15 0
0 58ms
57ms Image
text/html 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230323&jk=1283966359443228&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:80d::2002 Nutley, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 3E4B 0
10 B 40ms
39ms Image
text/plain 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?9b6i7w
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:820::2001 Nutley, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:40 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 pixel.gif Show response
ad.vidverto.io/vidverto/test/ Frame 0E71 42 B
174 B 113ms
113ms Fetch
image/gif 212.8.250.228
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.vidverto.io/vidverto/test/pixel.gif
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.566.2_en.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.8.250.228 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 212-8-250-228.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:40 GMT
last-modified: Mon, 26 Oct 2020 16:14:05 GMT
server: nginx/1.14.0 (Ubuntu)
accept-ranges: bytes
etag: "5f96f5cd-2a"
content-length: 42
content-type: image/gif

POST
H3 204 csi
csi.gstatic.com/ Frame 0E71 0
17 B 52ms
52ms Ping
image/gif 2607:f8b0:400f:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=5~lfsgd4hf&c=2228020957589&slotId=1114010478794.5&icc=1&icrh=0&icri=0&icrs=1&icru=0&icp=GoogleWhyThisAd&icdi=18x18&vmfc=2&vhc=0&wta=1&hghme=1
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.566.2_en.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:400f:802::2003 Boulder, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Mar 2023 16:08:40 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D6F5 42 B
64 B 59ms
58ms Fetch
image/gif 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstjx6_DY7OEoU3t7HFMBkJVScRGvOut_xuEN12bs0PNOYtrOfscMiZyY4IU7r82QamOqDjxRj3RwimSNqSzo-ohwF8&sig=Cg0ArKJSzOBagdIB6U_8EAE&id=lidar2&mcvt=1000&p=0,0,124,1005&mtos=156,843,1000,1000,1000&tos=156,687,157,0,0&v=20230327&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1680019719249&rpt=410&met=ie&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Mar 2023 16:08:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 all
csm.us.criteo.net/ Frame 80C9 0
127 B 38ms
37ms Ping
text/plain 2620:100:a001::16
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::16 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.us.criteo.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 28 Mar 2023 16:08:40 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 61ms
60ms Image
text/html 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230323&jk=1283966359443228&bg=!9Pel96PNAAbO2UOH7tk7ADkAdvg8Wg42BRObMTi20K9oKTvqOHOFmvrfe_1FDmCDJySxnl2jcFnBi3iPuzNocD-pI9QQnZxAnM8CAAAAelIAAAACaAEHmQKp7YSDFJ9tGivhf28jm3jLHKWaKHbIQMpF3soy6brdwk1QAil_GrzSEhSYK0WKcYXUcqFj6l-07s_rAaqMRMMbQ5nX8V-qjiWndiPUjUmZhjC-Nb4xBCpmzYpZprZUDjERywYUvtC_fvLNlSxoqJu5vdhSe8qMr4ddS-x_dsdPrsyjak6AMZJS2Nx-CTFnuXnQxYPJxVjV2QVrqC-UiKHneqwGWre2E7odW5L6mcDBEVDmDI7wxChLmROXBd3SuTxcO5nfN3SGc8ArYtTAE4yo4VJtP706YI0tkRUX4nO7LV-mlL4DUXZT-ud9rotqgqddtaqgFfvdk_c_7pLBlNic27EZuPLSKs8MwZOXJoMFp1qDnTabfW03WwW88qX2ghTAJ1tdOicmHpF8v_R5UsI0bjvheOXfNpCckdoZWvoEWgGzycUhI0xXCO1gPZHWL8O2JPVln9BDLaZrSF7IN_1VlWk6aB89T6LtDv3U1XpcJ2e7vhQsOId3VhzUfaTT2cukX7HEld8kMXFy90L4uYG65K0wPXroQA_L4XyuuCyJozAJquM5BQdobU4RAScIuDoRn5LPMzcCWAlzLvyY4AbPurCQ-HGQYWcJAaJ5SpJ-pclpiDmjuSXz-atiSLyXbdmmFGRxeEfRb0O6Ha5926J44DySy1i93CQZ5cqtv7epxHDk3FOqA5XT83v7gzYT5SnlIqwctNqwtwP5p_l-bQT5VR61BQbFKiLT1KpSI2f9_6bJSQCPCEPhu1mJ2xaFlDmu6Af8eRU2Jgeh32v77FvbFyqM_FV1fTgCHshZll5lZlwTlhFCFY4xxGQaKakEwanBpu3Q5JdB5bP5-241HN2GESNLoPuPMLVTmlzHZuqB8oFbfkxPtLHTTPTSct38P6IpqsJkJQc-SdrN
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:80d::2002 Nutley, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

POST
H3 204 csi
csi.gstatic.com/ Frame 0E71 0
17 B 52ms
52ms Ping
image/gif 2607:f8b0:400f:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=6~lfsgd4ug&c=2228020957589&slotId=1114010478794.5&met.4=ghmsh_s.lfsgd4ui~ghmsh_s.lfsgd4uj~ghmsh_s.lfsgd4uk&ghmsh_mi=22%2C18%2C&ghmsh_vi=134%2C136%2C243%2C247%2C396%2C398%2C&ghmsh_ai=139%2C140%2C250%2C&ghmsh_gvt=0&ams=1&vs=1280x720&vc=avc1.64001F&mt=video%2Fmp4&vsrc=youtube&bit=22&cpn=rBuKYvssISlH0k0S
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.566.2_en.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:400f:802::2003 Boulder, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Mar 2023 16:08:40 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel.gif Show response
ad.vidverto.io/vidverto/test/ Frame 0E71 42 B
174 B 142ms
142ms Fetch
image/gif 212.8.250.228
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.vidverto.io/vidverto/test/pixel.gif
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.566.2_en.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.8.250.228 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 212-8-250-228.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:40 GMT
last-modified: Mon, 26 Oct 2020 16:14:05 GMT
server: nginx/1.14.0 (Ubuntu)
accept-ranges: bytes
etag: "5f96f5cd-2a"
content-length: 42
content-type: image/gif

GET
H2 200 pixel.gif Show response
ad.vidverto.io/vidverto/test/ Frame 0E71 42 B
174 B 123ms
122ms Fetch
image/gif 212.8.250.228
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.vidverto.io/vidverto/test/pixel.gif
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.566.2_en.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.8.250.228 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 212-8-250-228.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:41 GMT
last-modified: Mon, 26 Oct 2020 16:14:05 GMT
server: nginx/1.14.0 (Ubuntu)
accept-ranges: bytes
etag: "5f96f5cd-2a"
content-length: 42
content-type: image/gif

GET
H2 200 video_playlist.js Show response
ad.vidverto.io/vidverto/player/ui/js/ 111 KB
32 KB 245ms
244ms Script
application/javascript 212.8.250.228
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.vidverto.io/vidverto/player/ui/js/video_playlist.js?v=1653047028
Requested by: Host: ad.vidverto.io
URL: https://ad.vidverto.io/vidverto/player/vidvertoplayer.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.8.250.228 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 212-8-250-228.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: c252a63cc3245c852e13332a77220c033b56a952344862770bfe104e76a0d436

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:41 GMT
content-encoding: gzip
last-modified: Thu, 18 Aug 2022 08:21:47 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"62fdf69b-1bc07"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600, public, max-age=3600
expires: Tue, 28 Mar 2023 17:08:41 GMT

GET
H2 200 video_playlist.css
ad.vidverto.io/vidverto/player/ui/css/ 61 KB
9 KB 362ms
361ms Stylesheet
text/css 212.8.250.228
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.vidverto.io/vidverto/player/ui/css/video_playlist.css?v=1653047028
Requested by: Host: ad.vidverto.io
URL: https://ad.vidverto.io/vidverto/player/vidvertoplayer.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.8.250.228 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 212-8-250-228.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 79e5889c36479f99096a96a61cbfa92fc35ecf12d233635e0224b2c415859de1

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:41 GMT
content-encoding: gzip
last-modified: Sun, 28 Feb 2021 22:32:40 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"603c1a08-f52f"
vary: Accept-Encoding
content-type: text/css

GET
DATA 200
OK truncated
/ 212 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d34083a65ff0e36a3d645ece2161f69414caf9f8aed2d21e288e7607c5ddd6dc

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 56f90a84ab6429264698fd0480ef391cb63c524b8326fc61cb42e773d4e81e99

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 help_outline_white_24dp_with_3px_trbl_padding.png
imasdk.googleapis.com/formats/wta/ Frame 0E71 453 B
478 B 41ms
39ms Image
image/png 2607:f8b0:4006:81e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imasdk.googleapis.com/formats/wta/help_outline_white_24dp_with_3px_trbl_padding.png?wp=ca-video-pub-3132893725603935

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::200a Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e519cc4b7b8fdc64a7aaafc1b808cde266a234205aac0d6c55589c12446d565e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/js/core/bridge3.566.2_en.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:01:55 GMT
x-content-type-options: nosniff
age: 406
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 453
x-xss-protection: 0
last-modified: Wed, 13 Oct 2021 14:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: image/png
cache-control: public, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Mar 2023 16:51:55 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 0E71 42 B
64 B 63ms
61ms Image
image/gif 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=C_L5aCBEjZO_OCsT3zwXI5KDoDbqyxN1v3ZjZ7pARsJAfEAEgw5W3dmDJtqOI8KPsEqAB5Oq3wyjIAQXgAgCoAwGYBACqBJcCT9CwANXxAk3nDAG76To-guzTMOc3T1utVYg2H0VPMAsUwYjUGdCQ48Cgd0J2UR4CcJdJrC2077Jg_WDfHRKuGJcwX7YFtzELQsw7HtyL9EoL0W77W2CLbfqf43qNoBBeMFeo6ZIdrskZ9LSKIsFc2nztD6utO9Sb3Ebm4WlqAmtCCkXkruwCZ2D4t5tsC_2q0aLwOeRS4U_RXZGapqx0F2WMTKzCxLNWh1OaTXXafIy3bDT588C7npxmABCZZYsIpGg9H8ddrTMCHEP6TKbtarEP3vLVp6ZMW4rBAarYwMVJNoLAc1aHRwSWXGheE1dNsTaTjJ3cgyD4Fs982Cv1VnYjXLxvl0ZNYggFKL-E_jz-QGzQYBPywAT1udzbogTgBAGIBYyM9PVJkgUICAMQARgBUAGgBlSAB-SiiKMDqAeOzhuoB5PYG6gHnNwbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcBqAgB0ggPCIBhEAEYHTICigI6AoBAsQnCCRJU1QyakIAKA5gLAcgLAdALD7gMAZoNAQ-wE7zC1BLYExPYFAHQFQGoFgH4FgGAFwE&sigh=5hFELL0jFJM&label=show_ad&sdkv=h.3.566.2&vci=Ck0IAhIOYWQudmlkdmVydG8uaW8aElZpZHZlcnRvIEFkIFNlcnZlciADKiBjOGZlZDFkZmEyYjliMWYzNDI0Mzc2ODA4ODA3NjIwM0ChAQprCAESGHB1YmFkcy5nLmRvdWJsZWNsaWNrLm5ldBoHQWRTZW5zZSAEKgw1ODg2NDI2Njc2MTMyDDY1MTg1NzI4MzI4MUDAClIjEA8lAADwQSgBOgt5NDUzZ2RUdHVGd0IJZ29vZ2xlYWRzUAAYAQ..

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Mar 2023 16:08:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adview
pubads.g.doubleclick.net/pagead/ Frame 0E71 0
0 64ms
62ms Image
text/html 2607:f8b0:4006:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubads.g.doubleclick.net/pagead/adview?ai=C6jARCBEjZO_OCsT3zwXI5KDoDbqyxN1v3ZjZ7pARsJAfEAEgw5W3dmDJtqOI8KPsEqAB5Oq3wyjIAQXgAgCoAwGYBACqBJQCT9CwANXxAk3nDAG76To-guzTMOc3T1utVYg2H0VPMAsUwYjUGdCQ48Cgd0J2UR4CcJdJrC2077Jg_WDfHRKuGJcwX7YFtzELQsw7HtyL9EoL0W77W2CLbfqf43qNoBBeMFeo6ZIdrskZ9LSKIsFc2nztD6utO9Sb3Ebm4WlqAmtCCkXkruwCZ2D4t5tsC_2q0aLwOeRS4U_RXZGapqx0F2WMTKzCxLNWh1OaTXXafIy3bDT588C7npxmABCZZYsIpGg9H8ddrTMCHEP6TKbtarEP3vLVp6ZMW9LAs8DQ6iV7pEdZpSczkTZ4tjaM-VuvLTRxOM3_iaTxP9f4K9mrhL75dpJ3QYLJYOq7_JWo5vtSjh1kwAT1udzbogTgBAGSBQ0IIhAFGCRI_pLvAVABoAZUgAfkooijA6gHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwUQlKSIAqgIAdIIDwiAYRABGB0yAooCOgKAQIAKA8gLAbATvMLUEsITBhjk6rfDKNgTE9gUAdAVAagWAYAXAbIXHgocCAASFHB1Yi04NjEwMDUwNjE0NjQ1MjYzGO2-cQ&sigh=U9Q6UomkAIc&cmd=Ch1jYS12aWRlby1wdWItMzEzMjg5MzcyNTYwMzkzNRAAGAI&uach_m=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&cid=CAQSOwDUE5ym6gIAX2rVhMsqed_ldDKW9WS-vJTsvqEHjB1CeWmTaKkQ-eXwh-HAVr2l9W_m4s6FUFBL8fuSGAE&vt=10&sdkv=h.3.566.2&vci=Ck0IAhIOYWQudmlkdmVydG8uaW8aElZpZHZlcnRvIEFkIFNlcnZlciADKiBjOGZlZDFkZmEyYjliMWYzNDI0Mzc2ODA4ODA3NjIwM0ChAQprCAESGHB1YmFkcy5nLmRvdWJsZWNsaWNrLm5ldBoHQWRTZW5zZSAEKgw1ODg2NDI2Njc2MTMyDDY1MTg1NzI4MzI4MUDAClIjEA8lAADwQSgBOgt5NDUzZ2RUdHVGd0IJZ29vZ2xlYWRzUAAYAQ..
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:824::2002 Nutley, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

POST
H3 204 csi
csi.gstatic.com/ 0
17 B 52ms
51ms Ping
image/gif 2607:f8b0:400f:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&top=1&puid=1~lfsgd3ea&c=2228020957589&slotId=1114010478794.5&eee=missing-element&bi=missing-id
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:400f:802::2003 Boulder, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Mar 2023 16:08:41 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 206
Partial Content videoplayback
rr2---sn-vgqsrnld.googlevideo.com/ 1 MB
1 MB 100ms
25ms Media
video/mp4 2607:f8b0:4009:18::7
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rr2---sn-vgqsrnld.googlevideo.com/videoplayback?expire=1680048520&ei=CBEjZJe6IY_DhgaPmLnYBQ&ip=2602:ffc8:1:1::4&id=cb8e7781d4edb85c&itag=22&source=youtube&requiressl=yes&mh=vK&mm=31&mn=sn-vgqsrnld&ms=au&mv=m&mvi=2&pl=48&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=30.093&lmt=1679744264697831&mt=1680019264&txp=5532434&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRQIhAKL5VhxSnp7TU2oTefkTFO1DJUyjGZRoADgArHZ7YGkjAiBNs_ZhIE6Edsiw5-6qnNwOcGdIXpkennAZFSHM6DOsaw==&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgbLuT6tEuCG9bVJhCPs_yq7iIZbSogKvTy0vU68Sf4foCIDRcj9sUeM61iCYrFfKTR7PL8KXq6EqzkJAOtqq0pazo&cpn=rBuKYvssISlH0k0S

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4009:18::7 Gary, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

19337aa00c664a811463a4551dc66083e1641899b5e98275371022e692d100a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://live.xem.plus/
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Range: bytes=0-

Response headers

Date: Tue, 28 Mar 2023 16:08:41 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sat, 25 Mar 2023 11:37:44 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Content-Range: bytes 0-1448119/1448120
Cache-Control: private, max-age=28499
Cross-Origin-Resource-Policy: cross-origin
Connection: close
Accept-Ranges: bytes
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 1448120
Expires: Tue, 28 Mar 2023 16:08:41 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 0E71 42 B
64 B 60ms
59ms Image
image/gif 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=C_L5aCBEjZO_OCsT3zwXI5KDoDbqyxN1v3ZjZ7pARsJAfEAEgw5W3dmDJtqOI8KPsEqAB5Oq3wyjIAQXgAgCoAwGYBACqBJcCT9CwANXxAk3nDAG76To-guzTMOc3T1utVYg2H0VPMAsUwYjUGdCQ48Cgd0J2UR4CcJdJrC2077Jg_WDfHRKuGJcwX7YFtzELQsw7HtyL9EoL0W77W2CLbfqf43qNoBBeMFeo6ZIdrskZ9LSKIsFc2nztD6utO9Sb3Ebm4WlqAmtCCkXkruwCZ2D4t5tsC_2q0aLwOeRS4U_RXZGapqx0F2WMTKzCxLNWh1OaTXXafIy3bDT588C7npxmABCZZYsIpGg9H8ddrTMCHEP6TKbtarEP3vLVp6ZMW4rBAarYwMVJNoLAc1aHRwSWXGheE1dNsTaTjJ3cgyD4Fs982Cv1VnYjXLxvl0ZNYggFKL-E_jz-QGzQYBPywAT1udzbogTgBAGIBYyM9PVJkgUICAMQARgBUAGgBlSAB-SiiKMDqAeOzhuoB5PYG6gHnNwbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcBqAgB0ggPCIBhEAEYHTICigI6AoBAsQnCCRJU1QyakIAKA5gLAcgLAdALD7gMAZoNAQ-wE7zC1BLYExPYFAHQFQGoFgH4FgGAFwE&sigh=5hFELL0jFJM&label=video_ad_loaded&sdkv=h.3.566.2&vci=Ck0IAhIOYWQudmlkdmVydG8uaW8aElZpZHZlcnRvIEFkIFNlcnZlciADKiBjOGZlZDFkZmEyYjliMWYzNDI0Mzc2ODA4ODA3NjIwM0ChAQprCAESGHB1YmFkcy5nLmRvdWJsZWNsaWNrLm5ldBoHQWRTZW5zZSAEKgw1ODg2NDI2Njc2MTMyDDY1MTg1NzI4MzI4MUDAClIjEA8lAADwQSgBOgt5NDUzZ2RUdHVGd0IJZ29vZ2xlYWRzUAAYAQ..

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Mar 2023 16:08:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Oy6hyfNY.js Show response
tpc.googlesyndication.com/sodar/ Frame 0E71 41 KB
15 KB 42ms
42ms Script
text/javascript 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Oy6hyfNY.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.566.2_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b2ea1c9f3587781b58285cf64279e67f6329a3924fb93f81529f1826e2f4d16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 06:48:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 33626
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15406
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Mar 2024 06:48:15 GMT

GET
H2 200 magic.png
bgstats.mox.tv/ Frame 0E71 0
66 B 707ms
133ms Image
image/png 167.71.9.19
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bgstats.mox.tv/magic.png
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 167.71.9.19 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:42 GMT
server: nginx/1.14.0 (Ubuntu)
content-length: 0
content-type: image/png

GET
H2 200 tracking
ad.vidverto.io/delivery/video/ Frame 0E71 51 B
51 B 151ms
147ms Image
text/html 212.8.250.228
WORLDSTREAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.vidverto.io/delivery/video/tracking?vast=tracker&vsp=ZzZDQ1VuaUFGNEhrdnNOYnhYZmVIZ043cFZFOUtlUDdYdmZYVmdHNTdyWm0rVXZHRWwweFlPS1dwQ0ttVEU1dC9BR1AwNlVaM3RqeE5ETWRRaklYREw0ZXN2S25iaUxjSzVXaWhkTzZML29ESVpSWWtqR0ZCbmFOak83eklRb0x0K0kxUXpRMnk2ZmVtY3Jud2V5cXFJUGtSaHJ3cXl2ME54QVpGV0VaZmNwNjdJSmVpK2FRS1hnei9OY0ZObXJRd1lVVnRUL2VwZDRnTEd2akxQV0haeGRPL0dhNjc2dm5DSkozMG1kdFJabGxJMXZ4Lzd6QW56WWVXdWtKNSs3bg%3D%3D&cb=1680019719
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.8.250.228 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 212-8-250-228.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 28 Mar 2023 16:08:41 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H3 200 adview
pubads.g.doubleclick.net/pagead/ Frame 0E71 0
0 116ms
113ms Image
text/html 2607:f8b0:4006:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubads.g.doubleclick.net/pagead/adview?ai=C6jARCBEjZO_OCsT3zwXI5KDoDbqyxN1v3ZjZ7pARsJAfEAEgw5W3dmDJtqOI8KPsEqAB5Oq3wyjIAQXgAgCoAwGYBACqBJQCT9CwANXxAk3nDAG76To-guzTMOc3T1utVYg2H0VPMAsUwYjUGdCQ48Cgd0J2UR4CcJdJrC2077Jg_WDfHRKuGJcwX7YFtzELQsw7HtyL9EoL0W77W2CLbfqf43qNoBBeMFeo6ZIdrskZ9LSKIsFc2nztD6utO9Sb3Ebm4WlqAmtCCkXkruwCZ2D4t5tsC_2q0aLwOeRS4U_RXZGapqx0F2WMTKzCxLNWh1OaTXXafIy3bDT588C7npxmABCZZYsIpGg9H8ddrTMCHEP6TKbtarEP3vLVp6ZMW9LAs8DQ6iV7pEdZpSczkTZ4tjaM-VuvLTRxOM3_iaTxP9f4K9mrhL75dpJ3QYLJYOq7_JWo5vtSjh1kwAT1udzbogTgBAGSBQ0IIhAFGCRI_pLvAVABoAZUgAfkooijA6gHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwUQlKSIAqgIAdIIDwiAYRABGB0yAooCOgKAQIAKA8gLAbATvMLUEsITBhjk6rfDKNgTE9gUAdAVAagWAYAXAbIXHgocCAASFHB1Yi04NjEwMDUwNjE0NjQ1MjYzGO2-cQ&sigh=U9Q6UomkAIc&cmd=Ch1jYS12aWRlby1wdWItMzEzMjg5MzcyNTYwMzkzNRAAGAI&uach_m=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&cid=CAQSOwDUE5ym6gIAX2rVhMsqed_ldDKW9WS-vJTsvqEHjB1CeWmTaKkQ-eXwh-HAVr2l9W_m4s6FUFBL8fuSGAE&sdkv=h.3.566.2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:824::2002 Nutley, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H2 200 B29540401.362133817;dc_trk_aid=552951795;dc_trk_cid=188523092;dc_dbm_token=AD1EzRQAAAA8CjQKDAgAFQAAAAAdAAAAABIMCAAVAAAAAB0AAAAAIhQIjIz09UmoAtOz_6UDsALHsZTiA0A7EMSygaID-KfFlpcRVWyXjpKJhSbFTw==;ord=6...
ad.doubleclick.net/ddm/trackimp/N1798324.3665442DV360/ Frame 0E71 42 B
440 B 199ms
75ms Image
image/gif 142.251.32.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N1798324.3665442DV360/B29540401.362133817;dc_trk_aid=552951795;dc_trk_cid=188523092;dc_dbm_token=AD1EzRQAAAA8CjQKDAgAFQAAAAAdAAAAABIMCAAVAAAAAB0AAAAAIhQIjIz09UmoAtOz_6UDsALHsZTiA0A7EMSygaID-KfFlpcRVWyXjpKJhSbFTw==;ord=618091223;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;ltd=;dc_exteid=13845138281622506401;dc_av=66056;dc_sk=1;dc_ctype=84;dc_ref=;dc_pubid=3;dc_btype=23?gclid=EAIaIQobChMI7_KLlYH__QIVxPuzCh1IMgjdEAEYASAAEgLNYPD_BwE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.32.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Mar 2023 16:08:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 0E71 42 B
64 B 85ms
82ms Image
image/gif 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CwZtGCBEjZO_OCsT3zwXI5KDoDbqyxN1v3ZjZ7pARsJAfEAEgw5W3dmDJtqOI8KPsEqAB5Oq3wyjIAQXgAgCoAwGYBACqBJQCT9CwANXxAk3nDAG76To-guzTMOc3T1utVYg2H0VPMAsUwYjUGdCQ48Cgd0J2UR4CcJdJrC2077Jg_WDfHRKuGJcwX7YFtzELQsw7HtyL9EoL0W77W2CLbfqf43qNoBBeMFeo6ZIdrskZ9LSKIsFc2nztD6utO9Sb3Ebm4WlqAmtCCkXkruwCZ2D4t5tsC_2q0aLwOeRS4U_RXZGapqx0F2WMTKzCxLNWh1OaTXXafIy3bDT588C7npxmABCZZYsIpGg9H8ddrTMCHEP6TKbtarEP3vLVp6ZMW9LAs8DQ6iV7pEdZpSczkTZ4tjaM-VuvLTRxOM3_iaTxP9f4K9mrhL75dpJ3QYLJYOq7_JWo5vtSjh1kwAT1udzbogTgBAGIBYyM9PVJoAZUgAfkooijA6gHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHAagIAdIIDwiAYRABGB0yAooCOgKAQIAKA8gLAbATvMLUEtgTE9gUAdAVAagWAfgWAYAXAQ&sigh=xvCSGGXBpTI&cmd=Ch1jYS12aWRlby1wdWItMzEzMjg5MzcyNTYwMzkzNRAAGAI&label=vast_creativeview&ad_mt=0&sdkv=h.3.566.2&vci=Ck0IAhIOYWQudmlkdmVydG8uaW8aElZpZHZlcnRvIEFkIFNlcnZlciADKiBjOGZlZDFkZmEyYjliMWYzNDI0Mzc2ODA4ODA3NjIwM0ChAQpuCAESGHB1YmFkcy5nLmRvdWJsZWNsaWNrLm5ldBoHQWRTZW5zZSAEKgw1ODg2NDI2Njc2MTMyDDY1MTg1NzI4MzI4MUDAClImEA8lAADwQSgBOgt5NDUzZ2RUdHVGd0IJZ29vZ2xlYWRzSKsBUAAYAQ..

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Mar 2023 16:08:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 tracking
ad.vidverto.io/delivery/video/ Frame 0E71 51 B
51 B 152ms
149ms Image
text/html 212.8.250.228
WORLDSTREAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.vidverto.io/delivery/video/tracking?vast=events&token=QXN6dzJBMHY1eExNS2JpYnFVelo2emFrbTBnRmxnTHpVZ0dVZTBzOHNFNmxVNS8wUllUNTFSbUZ1eHU2akRQQjg0MDRRdGIrVGN6SGVJaE1ZSzhVbkdlTTR1dUc0WWFkRUlQd0phTG9MaE5HS3dVOVk3TElPUW1FWlRhMG9xWWoyL1ZOTW1JRW5UVW5aUEQycnhQUDNQanBHb0F2em9VaU1XVk1DNExBVWx5RGVXWHFQM2xScURtN0VHN3FiVG1zZHBuZjUrVEo1K0R2QUNTeVdzb1MrUT09&cb=1680019719
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.8.250.228 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 212-8-250-228.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 28 Mar 2023 16:08:41 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 tracking
ad.vidverto.io/delivery/video/ Frame 0E71 51 B
51 B 150ms
147ms Image
text/html 212.8.250.228
WORLDSTREAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.vidverto.io/delivery/video/tracking?vast=events&token=d3NQZFJZRWhHcUF4aWJDaXgyYzQwaEswWHBmVzRwTFBHYmw2MWtpbm53YWFnZ0N3SzJ2NmNOUHovYmJYT0U2Qks0bGk2ZDB6bkhNTDBVdzIxaFBuUyt4MW8zaDREUXA5SitFM1FXL3FxcHI4V1l4Z3ZnWFNLdVpZY1hQcFJYSkRyZjZRdms3UlVHNkxJb0pJbXRMcGp4ZFRSQWVxU3k1YjNwaUM5VW1iNVV0VSt4YjdpT0dSZTlGZ004V0ZGK01aUzBKVzR4em8vRUROL1h4SGl6WWVFNGozZ2V5TU85TlUweGVIWFBrWlIrdz0%3D&cb=1680019719
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.8.250.228 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 212-8-250-228.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 28 Mar 2023 16:08:41 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 0E71 42 B
64 B 87ms
85ms Image
image/gif 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CwZtGCBEjZO_OCsT3zwXI5KDoDbqyxN1v3ZjZ7pARsJAfEAEgw5W3dmDJtqOI8KPsEqAB5Oq3wyjIAQXgAgCoAwGYBACqBJQCT9CwANXxAk3nDAG76To-guzTMOc3T1utVYg2H0VPMAsUwYjUGdCQ48Cgd0J2UR4CcJdJrC2077Jg_WDfHRKuGJcwX7YFtzELQsw7HtyL9EoL0W77W2CLbfqf43qNoBBeMFeo6ZIdrskZ9LSKIsFc2nztD6utO9Sb3Ebm4WlqAmtCCkXkruwCZ2D4t5tsC_2q0aLwOeRS4U_RXZGapqx0F2WMTKzCxLNWh1OaTXXafIy3bDT588C7npxmABCZZYsIpGg9H8ddrTMCHEP6TKbtarEP3vLVp6ZMW9LAs8DQ6iV7pEdZpSczkTZ4tjaM-VuvLTRxOM3_iaTxP9f4K9mrhL75dpJ3QYLJYOq7_JWo5vtSjh1kwAT1udzbogTgBAGIBYyM9PVJoAZUgAfkooijA6gHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHAagIAdIIDwiAYRABGB0yAooCOgKAQIAKA8gLAbATvMLUEtgTE9gUAdAVAagWAfgWAYAXAQ&sigh=xvCSGGXBpTI&cmd=Ch1jYS12aWRlby1wdWItMzEzMjg5MzcyNTYwMzkzNRAAGAI&label=part2viewed&ad_mt=0&sdkv=h.3.566.2&vci=Ck0IAhIOYWQudmlkdmVydG8uaW8aElZpZHZlcnRvIEFkIFNlcnZlciADKiBjOGZlZDFkZmEyYjliMWYzNDI0Mzc2ODA4ODA3NjIwM0ChAQpuCAESGHB1YmFkcy5nLmRvdWJsZWNsaWNrLm5ldBoHQWRTZW5zZSAEKgw1ODg2NDI2Njc2MTMyDDY1MTg1NzI4MzI4MUDAClImEA8lAADwQSgBOgt5NDUzZ2RUdHVGd0IJZ29vZ2xlYWRzSKsBUAAYAQ..

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Mar 2023 16:08:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pubid=3;dc_exteid=13845138281622506401;met=1;ecn1=1;etm1=0;eid1=11;acvw=sv%3D950%26cb%3Dima%26e%3D0%26nas%3D1%26sdk%3Dh%26p%3D486,280,891,1000%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,...
ade.googlesyndication.com/ddm/activity_ext/ Frame 0E71 42 B
401 B 185ms
62ms Image
image/gif 142.250.80.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid=3;dc_exteid=13845138281622506401;met=1;ecn1=1;etm1=0;eid1=11;acvw=sv%3D950%26cb%3Dima%26e%3D0%26nas%3D1%26sdk%3Dh%26p%3D486,280,891,1000%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D30046%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D33554707%26i0%3D33554707%26ic%3D0%26cs%3D33554706%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D2328%26femvt%3D0%26emc%3D2%26emuc%3D0%26emb%3D1,0,0,0,0%26avms%3Dexc%26qi%3D447838899%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D-2147483648%26psa%3D0%26ptlt%3D2767%26pngs%3D9,14,15s%26veid%3Dfmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.15%26t%3D1680019721358?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.34 Glen Cove, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Mar 2023 16:08:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 tracking
ad.vidverto.io/delivery/video/ Frame 0E71 51 B
51 B 150ms
148ms Image
text/html 212.8.250.228
WORLDSTREAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.vidverto.io/delivery/video/tracking?vast=events&token=SHg4NnBJc0x4WG5naEZWODJBRlp1ZTdCditxNk9QTVF1OGlMMlpjdFB3NCttVENxNzFVSG01TklQYVMrcTlDU25rQ1FOenA0VWpuYUZ0Z2NVblQyZGJvTjV5NjRHTThvU1kzSE43azZzbTVMaEZWcngyRDNZVkJzdDFoTzRycnF2d1EzRFFCQnF4TG1ESlJuUWs4Z3FJTkVac2xmdUV6LzJYMFRjUFhFODJuQUF2ZmtLR0xlVzNGbVd3TGpZYlNYQzI1SURyVEYzUHVTQVJ6ZzAvZjZDQT09&cb=1680019719
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.8.250.228 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 212-8-250-228.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 28 Mar 2023 16:08:41 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 0E71 42 B
64 B 88ms
86ms Image
image/gif 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CwZtGCBEjZO_OCsT3zwXI5KDoDbqyxN1v3ZjZ7pARsJAfEAEgw5W3dmDJtqOI8KPsEqAB5Oq3wyjIAQXgAgCoAwGYBACqBJQCT9CwANXxAk3nDAG76To-guzTMOc3T1utVYg2H0VPMAsUwYjUGdCQ48Cgd0J2UR4CcJdJrC2077Jg_WDfHRKuGJcwX7YFtzELQsw7HtyL9EoL0W77W2CLbfqf43qNoBBeMFeo6ZIdrskZ9LSKIsFc2nztD6utO9Sb3Ebm4WlqAmtCCkXkruwCZ2D4t5tsC_2q0aLwOeRS4U_RXZGapqx0F2WMTKzCxLNWh1OaTXXafIy3bDT588C7npxmABCZZYsIpGg9H8ddrTMCHEP6TKbtarEP3vLVp6ZMW9LAs8DQ6iV7pEdZpSczkTZ4tjaM-VuvLTRxOM3_iaTxP9f4K9mrhL75dpJ3QYLJYOq7_JWo5vtSjh1kwAT1udzbogTgBAGIBYyM9PVJoAZUgAfkooijA6gHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHAagIAdIIDwiAYRABGB0yAooCOgKAQIAKA8gLAbATvMLUEtgTE9gUAdAVAagWAfgWAYAXAQ&sigh=xvCSGGXBpTI&cmd=Ch1jYS12aWRlby1wdWItMzEzMjg5MzcyNTYwMzkzNRAAGAI&label=admute&ad_mt=0&sdkv=h.3.566.2&vci=Ck0IAhIOYWQudmlkdmVydG8uaW8aElZpZHZlcnRvIEFkIFNlcnZlciADKiBjOGZlZDFkZmEyYjliMWYzNDI0Mzc2ODA4ODA3NjIwM0ChAQpuCAESGHB1YmFkcy5nLmRvdWJsZWNsaWNrLm5ldBoHQWRTZW5zZSAEKgw1ODg2NDI2Njc2MTMyDDY1MTg1NzI4MzI4MUDAClImEA8lAADwQSgBOgt5NDUzZ2RUdHVGd0IJZ29vZ2xlYWRzSKsBUAAYAQ..

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Mar 2023 16:08:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pubid=3;dc_exteid=13845138281622506401;met=1;ecn1=1;etm1=0;eid1=16;acvw=sv%3D950%26cb%3Dima%26e%3D10%26nas%3D1%26sdk%3Dh%26p%3D486,280,891,1000%26tos%3D18,0,0,0,0%26mtos%3D18,18,18,18,18%26amtos...
ade.googlesyndication.com/ddm/activity_ext/ Frame 0E71 42 B
107 B 188ms
66ms Image
image/gif 142.250.80.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid=3;dc_exteid=13845138281622506401;met=1;ecn1=1;etm1=0;eid1=16;acvw=sv%3D950%26cb%3Dima%26e%3D10%26nas%3D1%26sdk%3Dh%26p%3D486,280,891,1000%26tos%3D18,0,0,0,0%26mtos%3D18,18,18,18,18%26amtos%3D0,0,0,0,0%26mcvt%3D18%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D18%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D18%26pst%3D-1%26dur%3D30046%26vmtime%3D-1%26dvs%3D18%26dfvs%3D18%26dvpt%3D18%26is%3D33554707%26i0%3D33554707%26ic%3D4096%26cs%3D33558802%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D2328%26femvt%3D0%26emc%3D2%26emuc%3D0%26emb%3D1,0,0,0,0%26avms%3Dexc%26qi%3D447838899%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D-2147483648%26psa%3D0%26ptlt%3D2774%26pngs%3D9,14,15s%26veid%3Dfmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,18,0;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.15%26t%3D1680019721358?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.34 Glen Cove, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Mar 2023 16:08:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ 427 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b7d818c698d26d9d34c00c94853c93b34abb2fd53e97c415fafb9e84df993f31

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 415 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9c51b3bb0c5188de2571ed94d9432b85693241de3e05e5e82247dd8a45d4d03f

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 414 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8d5d4d2769bdb28802f4309747ef6a358007eeb37daadc66a78ba0ca81cd4bce

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 hhrtBw21.html Show response
tpc.googlesyndication.com/sodar/ Frame 1DCF 23 KB
9 KB 55ms
55ms Document
text/html 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/hhrtBw21.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Oy6hyfNY.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

861aed070db50ce0da9928455deff784c115b44540b09450f225ff7cff0c7429

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 505523
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8727
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 22 Mar 2023 19:43:18 GMT
expires: Thu, 21 Mar 2024 19:43:18 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js Show response
pagead2.googlesyndication.com/bg/ Frame 1DCF 36 KB
14 KB 44ms
43ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/hhrtBw21.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b78fda59eb8b6bf04ef48190dd1dc7701d13685368111fd6ecf42b979445815d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:50:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 429466
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14115
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 22 Mar 2024 16:50:55 GMT

GET
H2 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v12/ 18 KB
18 KB 148ms
55ms Font
font/woff2 2607:f8b0:4006:80c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v12/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: ad.vidverto.io
URL: https://ad.vidverto.io/js/moxplayer/moxplayer.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ab7918478793ceb022d3f5449e401b44b78d87bc4429058ebb8b64163640da2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.vidverto.io/
Origin: https://live.xem.plus
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 09:55:50 GMT
x-content-type-options: nosniff
age: 454371
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18684
x-xss-protection: 0
last-modified: Tue, 07 Nov 2017 15:24:32 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 22 Mar 2024 09:55:50 GMT

GET
H2 200 JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v12/ 19 KB
19 KB 134ms
42ms Font
font/woff2 2607:f8b0:4006:80c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v12/JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2

Requested by

Host: ad.vidverto.io
URL: https://ad.vidverto.io/js/moxplayer/moxplayer.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

746589ecfb4406519933a6aea5f1149224afcba81e3c3ef0541e7ad6c8111b7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.vidverto.io/
Origin: https://live.xem.plus
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 11:08:11 GMT
x-content-type-options: nosniff
age: 18030
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18956
x-xss-protection: 0
last-modified: Tue, 07 Nov 2017 15:27:08 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Mar 2024 11:08:11 GMT

GET
H2 200 logo.svg
ad.vidverto.io/vidverto/player/ 414 B
551 B 120ms
119ms Image
image/svg+xml 212.8.250.228
WORLDSTREAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.vidverto.io/vidverto/player/logo.svg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.8.250.228 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 212-8-250-228.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 8d5d4d2769bdb28802f4309747ef6a358007eeb37daadc66a78ba0ca81cd4bce

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:41 GMT
last-modified: Wed, 04 May 2022 14:39:21 GMT
server: nginx/1.14.0 (Ubuntu)
accept-ranges: bytes
etag: "62729019-19e"
content-length: 414
content-type: image/svg+xml

GET
H3 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 361 KB
121 KB 73ms
72ms Script
text/javascript 2607:f8b0:4006:81e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: ad.vidverto.io
URL: https://ad.vidverto.io/vidverto/player/vidvertoplayer.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::200a Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3dd3f9f6c6fb24816e23864a76aa3e52103730816a536e8fae82e264196a2f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://live.xem.plus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 16:08:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 123698
x-xss-protection: 0
expires: Tue, 28 Mar 2023 16:08:41 GMT

GET
H/1.1 206
Partial Content 480_650.mp4
cdn.vidverto.io/data/F2lrOjSCREQbmiP/1226/video/1934/ 40 KB
0 446ms
118ms Media
video/mp4 190.2.151.7
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.vidverto.io/data/F2lrOjSCREQbmiP/1226/video/1934/480_650.mp4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.7 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-7.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash

Request headers

Referer: https://live.xem.plus/
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Range: bytes=0-

Response headers

Date: Tue, 28 Mar 2023 16:08:42 GMT
Last-Modified: Thu, 02 Sep 2021 16:30:03 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "6130fc0b-3de803f"
Content-Type: video/mp4
Access-Control-Allow-Origin: *
Content-Range: bytes 0-64913470/64913471
Connection: keep-alive
Content-Length: 64913471

GET
H2 204 playback
www.youtube.com/api/stats/ Frame 0E71 0
0 150ms
60ms Image
text/html 2607:f8b0:4006:81d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/api/stats/playback?ns=yt&fexp=44748969%2C44752996%2C44765701%2C44772139%2C44777649%2C44781409%2C44781753%2C44782991&el=adunit&cpn=rBuKYvssISlH0k0S&docid=y453gdTtuFw&visitordata=CgtmS1prLVhHU1JQdw%253D%253D&of=wbAUJoLFDaeeOSJrHXH1sg&ver=2&cmt=0.212&fmt=18&rt=0.000&adformat=2_2_1&euri=https%3A%2F%2Flive.xem.plus%2F&len=30.047&vtype=gvp&c=web_gvp_ads&cver=h.0.0.0&cbr=Chrome&cbrver=111.0.5563.110&cos=Win32&cosver=537.36&cplatform=desktop&mos=1&volume=0&delay=28&rtn=10
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:81d::200e Nutley, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1DCF 0
20 B 61ms
60ms Image
image/gif 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=36&t=2&li=v_h.3.566.2&bgai=BNzhtCBEjZO_OCsT3zwXI5KDoDQAAAAA4AboFEwjist6Ugf_9AhVMorMKHc8xC6s&bg=!5-Sl5LDNAAbO2UOH7tk7ADkAdvg8Wq9_Ml_xu8PeD6ZSzYfKI6hvM33rEMetdIITURUS-DDKCrznmZpqp1EAQCUwCYQoHlqkmTkCAAAAd1IAAAADaAEHCgCRnqGV-7kbMsALlFxzlph5XpErV_thklta5cRRn27ByMpXfyCgAeHqkunzde8cgqHI3Jh0sdhRqiya9yhIRbBwLO2xVrq7nPeaD9ZxMif80rKAEu4Skxpk3ixEqntf1i4tOvjvnQJ5pIyFNe682VFbVyQPLuyRMvsb8o0iogbH6pOg9fNfeiVE6XZeIRyJT9QdhJkCN4rQVi-eWNR9DZNW1j6UqJb4BDd54dJc6MgMpkCRQSaPIRFKYbMAlpDa9YLX8ogt0ptn1ls2-moFjZ68AtJfEiKpk7MKOSqV-B95J-XhoA-tyZ-noAcNWOmGmJgTVgNN6u0vlYVEyJIS4Ldd-bHqiEMMG5UjVoUCxBf_Ej0H2XMeOfqPynawM_nimN6Mmhyaz8mnGrpWqVd5Po6x5L_5rlLVfXhPCKyOzSUnDjGHaabGF1IYX6Ot0lrWzpatiEVB7WJOIoWxV_Ns_pzbhnrnLPC922hWxYkfY__xjOxSaMP7dP8qGgqJIBG4yqROWMztxfeDisFn0iperpd3uRrBJZR81mJxP_Eu4KCU2JRBc1vnRRJO2Bs-iMJPCL9Ky-9zQJ5SQ4YFD-1C4c4TMuQkjqv4A5_UkWzwUThrPoKRkc_HNWrmEMdHJWKABoDkA--u06eESAAGVMlzoso5DCoROimYD4ZUzwFrEPbU33N36NgVxcfJ44HD8T6OnznpV8fvZdIXE_xJY6i85oXicjWgAZr1r4NUz9LCX2qaSErZBX3T3wzapZD5X8svq3fDru2MQ1em3XqOWkpUs0cqbTNDOZo_Tof48sRYBUgylUzCW0cr8PhwoSap2OrW0lJ0PeYGaRWTMz1ZXlSOubGVrTT9xFkYIT9rhbBLAC4jIaUGAKL8ToEgyEHjxOICxl1VHWSlWqNCyPAb7_XEGjJHxVsFMO2-7gmbTZQvLr0r6UJSfacp-ukuZb9XBA

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Mar 2023 16:08:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 bridge3.566.2_en.html Show response
imasdk.googleapis.com/js/core/ Frame 6F0B 711 KB
226 KB 41ms
40ms Document
text/html 2607:f8b0:4006:81e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.566.2_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::200a Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a139618572b9c9b5e7e0d75d62f81c0d6aa6202f72db242ed62b860e805027db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://live.xem.plus/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 68986
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 231184
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 27 Mar 2023 20:58:55 GMT
expires: Tue, 26 Mar 2024 20:58:55 GMT
last-modified: Mon, 27 Mar 2023 20:51:45 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 206
Partial Content 480_650.mp4
cdn.vidverto.io/data/F2lrOjSCREQbmiP/1226/video/1934/ 544 KB
544 KB 348ms
115ms Media
video/mp4 190.2.151.7
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.vidverto.io/data/F2lrOjSCREQbmiP/1226/video/1934/480_650.mp4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.7 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-7.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 45ee0b739f1e2b9f26c17943e0f5c64aeca8793daadf4fd17a07c9db0ad15861

Request headers

Referer: https://live.xem.plus/
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Range: bytes=64356352-

Response headers

Date: Tue, 28 Mar 2023 16:08:42 GMT
Last-Modified: Thu, 02 Sep 2021 16:30:03 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "6130fc0b-3de803f"
Content-Type: video/mp4
Access-Control-Allow-Origin: *
Content-Range: bytes 64356352-64913470/64913471
Connection: keep-alive
Content-Length: 557119

GET
H2 200 tracking
ad.vidverto.io/delivery/video/ Frame 0E71 51 B
51 B 127ms
127ms Image
text/html 212.8.250.228
WORLDSTREAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.vidverto.io/delivery/video/tracking?vast=events&token=Vnp4OEFBV2cyaXRpa01VQlRVckVQZzdTaVJRdlFPdmx0N0hXR2VMOHdPckVMaG1IMTBVOTRTazBZdmI5TGMwK0lENS84eG9QbmYrT1ZVVUNzb2djNE5ld1oyVlVmRE9tTTd6a3JoR0d5WGI2UVZOaCtoa1g0dnRmbGFZZlZWeHhtR3hYZ2REVFp0WEhCTTNreGtHKzRMRjYzbnc4N1kxRFhnZzFHaGtSdHFFU0NxWFRxQlExUUxoTWhnNHJESkxrTHE4NTYrRXgvM2ZERWpMNEpyeUdYRVp2MStWNFVadWlOek1oZ1hrLzVyRT0%3D&cb=1680019719
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.8.250.228 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 212-8-250-228.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 28 Mar 2023 16:08:43 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H/1.1 206
Partial Content 480_650.mp4
cdn.vidverto.io/data/F2lrOjSCREQbmiP/1226/video/1934/ 68 KB
0 117ms
116ms Media
video/mp4 190.2.151.7
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.vidverto.io/data/F2lrOjSCREQbmiP/1226/video/1934/480_650.mp4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.7 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-7.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash

Request headers

Referer: https://live.xem.plus/
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Range: bytes=32768-

Response headers

Date: Tue, 28 Mar 2023 16:08:43 GMT
Last-Modified: Thu, 02 Sep 2021 16:30:03 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "6130fc0b-3de803f"
Content-Type: video/mp4
Access-Control-Allow-Origin: *
Content-Range: bytes 32768-64913470/64913471
Connection: keep-alive
Content-Length: 64880703

GET
H/1.1 206
Partial Content 480_650.mp4
cdn.vidverto.io/data/F2lrOjSCREQbmiP/1226/video/1934/ 36 KB
0 341ms
116ms Media
video/mp4 190.2.151.7
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.vidverto.io/data/F2lrOjSCREQbmiP/1226/video/1934/480_650.mp4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.7 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-7.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash

Request headers

Referer: https://live.xem.plus/
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Range: bytes=98304-

Response headers

Date: Tue, 28 Mar 2023 16:08:44 GMT
Last-Modified: Thu, 02 Sep 2021 16:30:03 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "6130fc0b-3de803f"
Content-Type: video/mp4
Access-Control-Allow-Origin: *
Content-Range: bytes 98304-64913470/64913471
Connection: keep-alive
Content-Length: 64815167

Verdicts & Comments Add Verdict or Comment

175 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

17 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.xem.plus/	1970-01-20 20:16:19	Name: _ga_V8FD1SYQLQ Value: GS1.1.1680019717.1.0.1680019717.0.0.0
.xem.plus/	1970-01-20 20:16:19	Name: _ga Value: GA1.2.1265166137.1680019718
.xem.plus/	1970-01-20 10:41:46	Name: _gid Value: GA1.2.845534729.1680019718
.xem.plus/	1970-01-20 10:40:19	Name: _gat_gtag_UA_203682812_16 Value: 1
.xem.plus/	1970-01-20 10:40:19	Name: _gat_gtag_UA_203682812_5 Value: 1
.scorecardresearch.com/	1970-01-20 20:16:19	Name: UID Value: 184157ce44c03ff5b969fda1680019718
.xem.plus/	1970-01-20 20:01:55	Name: __gpi Value: UID=00000579c96b792c:T=1680019718:RT=1680019718:S=ALNI_MbrJxydMRISFItp8lHojk4LbegRqg
ad.vidverto.io/	1970-01-20 20:16:19	Name: moxuuid Value: ec93c2ac-f111-4827-a775-6288669d3be5
ad.vidverto.io/	1970-01-20 10:41:46	Name: _mwayss_zone_imp[8725][count] Value: 0
ad.vidverto.io/	1970-01-20 10:41:46	Name: _mwayss_zone_imp[8725][frequencyPeriodEnd] Value: 1680106118
.xem.plus/	1970-01-20 10:40:19	Name: _gat_gtag_UA_93483023_9 Value: 1
.doubleclick.net/	1970-01-20 20:16:19	Name: IDE Value: AHWqTUmUG1HsAj2CrjTc74nKWyho4F76DjD4bNCAfAMql0ks1prWHC-no5MDEHPoEec
.xem.plus/	1970-01-20 20:01:55	Name: __gads Value: ID=622b0a83f01a00b4-2262418ae9de00e9:T=1680019718:S=ALNI_MaY3gWxMFc9XNg-fCgzMBEKfvehww
ad.vidverto.io/	1970-01-20 10:41:46	Name: _mwayss_imp[19288][count] Value: 0
ad.vidverto.io/	1970-01-20 10:41:46	Name: _mwayss_imp[19288][frequencyPeriodEnd] Value: 1680106121
ad.vidverto.io/	1970-01-20 10:41:46	Name: _mwayss_camp_imp[7552][count] Value: 0
ad.vidverto.io/	1970-01-20 10:41:46	Name: _mwayss_camp_imp[7552][frequencyPeriodEnd] Value: 1680106121

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js(Line 467) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.
other	warning	URL: https://googleads.g.doubleclick.net/pagead/html/r20230323/r20110914/zrt_lookup.html?fsb=1(Line 21) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
security	warning	URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js(Line 467) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.
javascript	warning	URL: https://googleads.g.doubleclick.net/pagead/html/r20230323/r20110914/zrt_lookup.html?fsb=1#RS-1-&adk=1812271803&client=ca-pub-3073985723087695&fa=3&ifi=2&uci=a!2&btvi=1&xpc=mrj1mvEtBw&p=https%3A//live.xem.plus Message: The resource https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400%2C500 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
ad.vidverto.io
ade.googlesyndication.com
ads.us.criteo.com
adservice.google.com
bgstats.mox.tv
cat.va.us.criteo.com
cdn.taboola.com
cdn.vidverto.io
cdnjs.cloudflare.com
csi.gstatic.com
csm.us.criteo.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
gum.criteo.com
imasdk.googleapis.com
live.xem.plus
pagead2.googlesyndication.com
partner.googleadservices.com
pix.us.criteo.net
pubads.g.doubleclick.net
rr2---sn-vgqsrnld.googlevideo.com
rtb.va.us.criteo.com
s0.2mdn.net
sb.scorecardresearch.com
static.criteo.net
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.youtube.com
142.250.80.34
142.251.32.102
151.101.129.44
167.71.9.19
18.164.96.18
190.2.151.7
212.8.250.228
2606:4700::6811:180e
2606:4700:e0::ac40:6e25
2606:4700:e0::ac40:6f25
2607:f8b0:4006:80c::2003
2607:f8b0:4006:80d::2002
2607:f8b0:4006:80e::2008
2607:f8b0:4006:80f::200a
2607:f8b0:4006:816::2002
2607:f8b0:4006:816::2004
2607:f8b0:4006:81c::2002
2607:f8b0:4006:81d::2002
2607:f8b0:4006:81d::200e
2607:f8b0:4006:81e::200a
2607:f8b0:4006:820::2001
2607:f8b0:4006:821::2006
2607:f8b0:4006:824::2002
2607:f8b0:4009:18::7
2607:f8b0:400f:802::2003
2620:100:a001::16
2620:100:a001::24
2620:100:a001::3
2620:100:a001::4
2620:100:a001::a
2620:100:a001::c
74.119.119.147
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
04a436758e8992373a49eb612d5b5f54a6fe9e6b1aedab24b510411630fa99b8
06ebf0ab48fa1e2f2dd4cc4df1ab0c68e648bc24ee98148c7ff24a99810d5812
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0c320d790dba4c17895962386aa3587aff97e96a7c499f37dd47bf299431ce41
0c68ee3dc512a881af9a5e0bbc69d2d275b8a8ca5ee7ca6c6f4b34bd1c6aa351
0eecf02a76106ada028b8c1fec523cb290eda56bc97abc7d0940ec0c45da03a0
1686841a20956d0a4bd55d171620fc18702e3605b4668dc07188c24a9f39b83e
16b1118bbcedc78d0b8e66052547bc3dc9f3cee37f547c3e65bafc67af6a14be
187c41cfd2fde5acb42171ab6d1223dc4027404647d0095c95a25bc114be6e8b
189b8ed64093b12937354b2ef71ccf1df59690d90432241a10fe1cb25000acba
19337aa00c664a811463a4551dc66083e1641899b5e98275371022e692d100a2
1aee66e2e24e851039801c0dace90f3efb7a1a17b033f7d5bbc12ca7c1d19432
1ebf858e8d21bf36bfcd56134c93ad55c0e8e22a975dd7ebb6fdbb648e3ebbe4
211b508f51e67897ed88fa49901e1ccbe5e1ddacdc43a391f699f757ce1c0a9c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2b34a2b7f484cd61010c1639b37c2b066e0f9449ad4b0379f2fcc1d1fe12fd85
2ebcdc45625d8bd6eb8cea62780c1128df28c86ef0e10a6369ec23c97d61d92c
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
37f7b2eee4eed140af22047d2118d2396d8fd2ec4b509c912deb5644e5e30570
3b2ea1c9f3587781b58285cf64279e67f6329a3924fb93f81529f1826e2f4d16
3dd3f9f6c6fb24816e23864a76aa3e52103730816a536e8fae82e264196a2f4f
42fe10d8382d3fb7f84308b95ae83c5959838f0aeff2cb1733bab9d394c5a2d7
45ee0b739f1e2b9f26c17943e0f5c64aeca8793daadf4fd17a07c9db0ad15861
49083cbfbc2714afd3259302109b9178bf7eccd834324a458200f26ce7ce29c5
4ab7918478793ceb022d3f5449e401b44b78d87bc4429058ebb8b64163640da2
4b977bf6527db152aec01f17b8ccdfcb28ba1526096c1af1d784cef47eab2fc6
4bd938863d8e473540c7300aec8fd156822f4701cee5fb6b3328a2cc9b0a012b
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4ed10d0d64bb1515397e8666a63f484d640dbc5678fa62574e077b7aef1c3af2
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56f90a84ab6429264698fd0480ef391cb63c524b8326fc61cb42e773d4e81e99
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
5ae2b18203325ac2876b69455e08e3eefa59a4dca46ee55b033f1fbd80b28b5b
5bb33df870a08bf708dc8096d1db35252e189e4aa1ba753d4457e870680481b3
603e1d9af60d4955b6b793a0f8083b01f6d735d9b59c5d0f87782c38715ff73c
60bcafbd631f6fa0805e158ca3b235e76225350db6fbb423596d4c4954b27573
60f74110267d386c033ca330fc5bbd7d2472c972b63b33fa8000e87c8f815de6
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
66d5e835f06be29e8b5112ee84def9f11eeef96f164d624ca3ba8bd8d3e2cefe
69e9bf8cabef87d7a120c9089bcc39139a0c79071355daae37e4a2ff223e4f66
6ae3bb0a509cfd77e56854034c90db2e31b6436cd887965bf492f9a0cf172656
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
746589ecfb4406519933a6aea5f1149224afcba81e3c3ef0541e7ad6c8111b7e
76fb4324d94764cff68e8ca9b39a5f1eb5b905e5a329895c7360e66ad9e6e81f
78a0b7266f642f96b673c4065063dba46a80f651ff12352eb82aa877c23b9186
79e5889c36479f99096a96a61cbfa92fc35ecf12d233635e0224b2c415859de1
7e3559d6ffac7fc54d6edaa79b6e7330fab33fbdffc174a27c58b25e5b3952d2
7f81c1c736118aac7ba95fc3b08c02661efbceceaa4c432ea66b72fd4c397424
8387013ae7c0a3cb9f15765f5b7693e4011a26d041b9109781d554ee93031bcc
83dd1a8208a83ec90a9a2d7774ab28e4b93b3eba53fb6a3fd444eb7e389ecbff
8485ead05b5c05c2c507ff389ba436b9f3b965fb6f35e23c692edd364b46d846
85d3987a45a0fdca18652344761e0dce4f3616d51f7788ad3447c18a8eea5291
861aed070db50ce0da9928455deff784c115b44540b09450f225ff7cff0c7429
87d77cd5e17325fa2cd5263731e23f774d737bd33a78517b1a08a3519d3f2bf4
8af3f2858ed56f9fb007ed179c7e822753515e5ba57a3fc220b6cd67c9b4f387
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
8d5d4d2769bdb28802f4309747ef6a358007eeb37daadc66a78ba0ca81cd4bce
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
91732701d01777afb67e557641cac844bcd17b84e68f988a428ad113193fafc5
946a0cc93ba6aff3deb9514cee4bac84432d4bf6619395311e89cf885db5b68d
962d6254f5ce5bd39d6140d2d2a1f7202035873f260b4f0b3b5735aa2ea724ea
9aa7f02fe9efe51b0e721702eea8dcf5f25c49615a10539bded19ff1166cc7aa
9acd09a048ecf1b411e6aaad781ec1cb04f50f197c2f03706688b8dcef45d41c
9c51b3bb0c5188de2571ed94d9432b85693241de3e05e5e82247dd8a45d4d03f
9ca9bc59734fbf7411e96d20251c31b0f5a342778fa1cf746faf84fd2d6589d6
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a139618572b9c9b5e7e0d75d62f81c0d6aa6202f72db242ed62b860e805027db
a1fc449201f61ca3ea21d70a29c7539f8bcb19be28423a4e1258e7e1e994b042
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4b3b91b775b356ac4b5c34ac94dbcc1212ef23b5e89bfa9bfcc92e285a4447a
a6d211d54ed4b9e2d3bfa9c6251ea99b58faf9af357e8cae6ed3306770e3045e
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a7fe9347c265a8ef227a2c0e3e0e6e62e75f14784355f556fa9ddb864c5753f6
a8244c32fe3072bfc445223af01d7fd2228c2a4885d5e93f6f9853a8470c1256
a8fdfd9c6c6dfb2de3ac40dde22743de13d1d98b86c2ff8eb4b777c429d84011
af81088ee52db677a2c79484528ae7d1b9a7d3723e42bfa95e8077aaaf71c3f7
b78fda59eb8b6bf04ef48190dd1dc7701d13685368111fd6ecf42b979445815d
b7d818c698d26d9d34c00c94853c93b34abb2fd53e97c415fafb9e84df993f31
b81e011e0e5932a62615b2b8140ffbba3c90c0200b4b89f4a7a5792aad991c20
b905427fa20a094c9b67f319e21781f0f012d6fff60e7981b759e8521e7226d6
bc9cbee711e8074c504f4584e61fe54fa730e1f0a347274585b3444262e7d045
c02fb06d0d69d2e28da8f7fa7d7150cb1899d460619822fa69383504f0a16a92
c096db2345073e220c6df6c5d3afbf7404e385bcd0da9852bd711e55b6f5347d
c252a63cc3245c852e13332a77220c033b56a952344862770bfe104e76a0d436
c324ef26b20264369e4568dc9ef1c5cb1f325f6bc4e8b7c01f7fe93fa353276a
c541030db4b26c8f7e860dfaa84db17f302422d0708b0f1c40eb96dc11b38da6
ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93
ca566a734598888e047618d98b54c9960cc1e0f5e57f4ed066d255b63c9ca29f
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981
d0b9c05ce31708c1061e034b60c217a0d35afd201434c06d03ba5b20a19cee4d
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d1f739d6c2da4241b97127c8fcf49c33de686b2fafb4e6b6b37003ec4b8f7ca7
d34083a65ff0e36a3d645ece2161f69414caf9f8aed2d21e288e7607c5ddd6dc
d8e8b70424cd0f3f1f5a9285e3b0d2a0d5546f371544550969facf69b81a0d90
d9a3e8f06cc8581fd6eeb011535e3fe287f9d38d22be1ec1f9fd9bf804adf62a
da006cb2cacff3f3c28c3e5a427645472b3d4507cfbb1ffe2e2402f7319a7517
e045468b1c395be361a64294150860d05d8e6a2e529ed49df6b3faca6ed69622
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e2a387f6a7cdac265c90c59daa4f30eeb1d183b8bcce4858384ab51d33c94533
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e519cc4b7b8fdc64a7aaafc1b808cde266a234205aac0d6c55589c12446d565e
e711de35a3a70d2e457f76675d149e91803c3e36e4f612246492a808c4de4623
e9d382061a727ccd9373cb82f2cea99693225a2c3ca30ef994012ce9e5a7035d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f34d3a095ae3a65bc4f982ed402accac05c42a63f2b24435f4cc88841f588253
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
fa69b186c52d48e6bb59cb2d8084e06858bbb01b3d10997f2d4691652522b39c
fb7989597f1a10a56bd83de6a26eefec44a0c704979fb5e06f02195bc9cebfce
fbcf07d788241cd417cd1078f68c8b0b112f39a8b7b55e23fce2b985c73d8454
fd623296725e7946c5ef58545c21ac636a7b4fa3d0629150d72511563048a74a

live.xem.plus Open in urlscan Pro 2606:4700:e0::ac40:6e25 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

189 Requests

99 %HTTPS

75 %IPv6

20 Domains

34 Subdomains

32 IPs

2 Countries

4830 kBTransfer

10229 kBSize

17 Cookies

2 Outgoing links

Page URL History

Redirected requests

189 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

live.xem.plus Open in urlscan Pro
2606:4700:e0::ac40:6e25 Public Scan

Screenshot
Live screenshot

Full Image

189
Requests

99 %
HTTPS

75 %
IPv6

20
Domains

34
Subdomains

32
IPs

2
Countries

4830 kB
Transfer

10229 kB
Size

17
Cookies

189 HTTP transactions
6 data transactions