urlscan.io logo urlscan.io
SecurityTrails logo

xdarom.com Open in urlscan Pro
2a06:98c1:3120::3  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.xdarom.com/
Effective URL: https://xdarom.com/
Submission: On December 16 via api from SE — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 55 IPs in 9 countries across 43 domains to perform 249 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is xdarom.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on March 14th 2022. Valid for: a year.
This is the only time xdarom.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 2a06:98c1:312... 13335 (CLOUDFLAR...)
46 2a06:98c1:312... 13335 (CLOUDFLAR...)
10 2a00:1450:400... 15169 (GOOGLE)
3 2606:4700:e6:... 13335 (CLOUDFLAR...)
16 23.62.220.135 16625 (AKAMAI-AS)
1 2600:9000:214... 16509 (AMAZON-02)
2 2620:116:800d... 16509 (AMAZON-02)
1 2600:9000:230... 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
1 23.203.125.127 16625 (AKAMAI-AS)
1 34.102.146.192 396982 (GOOGLE-CL...)
1 2a02:2638:1::3 44788 (ASN-CRITE...)
1 2a04:4e42:200... 54113 (FASTLY)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 34.96.70.87 396982 (GOOGLE-CL...)
1 99.86.240.129 16509 (AMAZON-02)
1 2600:9000:230... 16509 (AMAZON-02)
2 4 2a02:2638::1c 44788 (ASN-CRITE...)
1 2 34.120.135.53 396982 (GOOGLE-CL...)
2 141.95.98.64 16276 (OVH)
2 52.213.183.227 16509 (AMAZON-02)
2 35.190.39.111 15169 (GOOGLE)
8 2a00:1450:400... 15169 (GOOGLE)
21 2a00:1450:400... 15169 (GOOGLE)
1 19 2a00:1450:400... 15169 (GOOGLE)
3 178.250.0.157 44788 (ASN-CRITE...)
5 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
6 13 142.251.39.2 15169 (GOOGLE)
4 8 185.80.39.216 27381 (CASALE-MEDIA)
4 6 37.252.171.53 29990 (ASN-APPNEX)
4 142.250.186.162 15169 (GOOGLE)
13 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 2 2a00:1450:400... 15169 (GOOGLE)
1 35.244.159.8 15169 (GOOGLE)
1 54.77.217.9 16509 (AMAZON-02)
2 2a03:2880:f00... 32934 (FACEBOOK)
14 2606:2800:234... 15133 (EDGECAST)
2 2a02:26f0:350... 20940 (AKAMAI-ASN1)
3 104.244.42.72 13414 (TWITTER)
10 2a03:2880:f11... 32934 (FACEBOOK)
1 151.101.128.84 54113 (FASTLY)
2 54.76.72.156 16509 (AMAZON-02)
1 185.255.84.151 200271 (IGUANE-)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a02:fa8:8806... 41041 (VCLK-EU-SE)
1 1 151.101.130.49 54113 (FASTLY)
1 1 52.55.14.74 14618 (AMAZON-AES)
1 1 172.105.220.23 63949 (LINODE-AP...)
1 1 31.220.27.134 39572 (ADVANCEDH...)
1 35.227.252.103 15169 (GOOGLE)
1 54.150.84.46 16509 (AMAZON-02)
1 2a06:98c1:312... ()
1 162.19.138.83 ()
249 55
2    2a06:98c1:3120::c (United States)

ASN13335 (CLOUDFLARENET, US)
www.xdarom.com
46    2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)
xdarom.com
10    2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
securepubads.g.doubleclick.net
3    2606:4700:e6::ac40:ca05 (United States)

ASN13335 (CLOUDFLARENET, US)
go.ezodn.com
basher.ezodn.com
16    23.62.220.135 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a23-62-220-135.deploy.static.akamaitechnologies.com
s7.addthis.com
api-public.addthis.com
m.addthis.com
1    2600:9000:214f:3400:2:cb38:840:93a1 (United States)

ASN16509 (AMAZON-02, US)
go.ezoic.net
2    2620:116:800d:21:93ca:31d8:d86e:38f6 (United States)

ASN16509 (AMAZON-02, US)
secure.quantserve.com
pixel.quantserve.com
1    2600:9000:2304:5000:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
rules.quantcount.com
4    2a00:1450:400d:80a::2002 (Ireland)

ASN15169 (GOOGLE, US)
adservice.google.nl
www.googletagservices.com
4    2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
4    2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
1    23.203.125.127 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a23-203-125-127.deploy.static.akamaitechnologies.com
z.moatads.com
1    34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com
oa.openxcdn.net
1    2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
static.criteo.net
1    2a04:4e42:200::485 (United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
1    2606:4700:10::6816:3556 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.id5-sync.com
1    34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com
invstatic101.creativecdn.com
1    99.86.240.129 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-240-129.vie50.r.cloudfront.net
tags.crwdcntrl.net
1    2600:9000:2304:4600:a:e047:752:5701 (United States)

ASN16509 (AMAZON-02, US)
cdn.prod.uidapi.com
4    2a02:2638::1c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
2    34.120.135.53 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 53.135.120.34.bc.googleusercontent.com
oajs.openx.net
2    141.95.98.64 (France)

ASN16276 (OVH, FR)
PTR: ns3216658.ip-141-95-98.eu
id5-sync.com
2    52.213.183.227 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-213-183-227.eu-west-1.compute.amazonaws.com
bcp.crwdcntrl.net
id.crwdcntrl.net
2    35.190.39.111 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 111.39.190.35.bc.googleusercontent.com
esp.rtbhouse.com
8    2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
adservice.google.nl
21    2a00:1450:400d:803::2002 (Ireland)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
19    2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
3    178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
mug.criteo.com
5    2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
cdn.ampproject.org
3    2a00:1450:400d:80d::200a (Ireland)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
13    142.251.39.2 (United States)

ASN15169 (GOOGLE, US)
PTR: bud02s37-in-f2.1e100.net
cm.g.doubleclick.net
8    185.80.39.216 (Canada)

ASN27381 (CASALE-MEDIA, CA)
dsum-sec.casalemedia.com
6    37.252.171.53 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
ib.adnxs.com
4    142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net
googleads4.g.doubleclick.net
13    2a00:1450:400d:803::2006 (Ireland)

ASN15169 (GOOGLE, US)
s0.2mdn.net
3    2a00:1450:400d:802::2003 (Ireland)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    2a00:1450:400d:807::2004 (Ireland)

ASN15169 (GOOGLE, US)
www.google.com
1    35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com
google-bidout-d.openx.net
1    54.77.217.9 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-77-217-9.eu-west-1.compute.amazonaws.com
beacon.krxd.net
2    2a03:2880:f007:8:face:b00c:0:1 (Vienna, Austria)

ASN32934 (FACEBOOK, US)
connect.facebook.net
14    2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)
platform.twitter.com
2    2a02:26f0:3500:88e::1931 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
assets.pinterest.com
3    104.244.42.72 (United States)

ASN13414 (TWITTER, US)
syndication.twitter.com
10    2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    151.101.128.84 (United States)

ASN54113 (FASTLY, US)
log.pinterest.com
2    54.76.72.156 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-72-156.eu-west-1.compute.amazonaws.com
ads.yieldmo.com
1    185.255.84.151 (France)

ASN200271 (IGUANE-, FR)
hb-api.omnitagjs.com
1    2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
2    2a00:1450:400d:803::200e (Ireland)

ASN15169 (GOOGLE, US)
encrypted-tbn2.gstatic.com
2    2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
encrypted-tbn0.gstatic.com
1    2a02:fa8:8806:13::1370 (Singapore)

ASN41041 (VCLK-EU-SE, US)
dclk-match.dotomi.com
1    151.101.130.49 (United States)

ASN54113 (FASTLY, US)
sync-tm.everesttech.net
1    52.55.14.74 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-55-14-74.compute-1.amazonaws.com
fksnk.com
1    172.105.220.23 (Tokyo, Japan)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li1874-23.members.linode.com
a.c.appier.net
1    31.220.27.134 (Amsterdam, Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
s.uuidksinc.net
1    35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com
rtb.openx.net
1    54.150.84.46 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-150-84-46.ap-northeast-1.compute.amazonaws.com
cc.adingo.jp
1    2a06:98c1:3121::c (None, )

ASN- ()
id.a-mx.com
1    162.19.138.83 (None, )

ASN- ()
lb.eu-1-id5-sync.com
Apex Domain
Subdomains		 Transfer
48 xdarom.com
www.xdarom.com
xdarom.com
230 KB
44 googlesyndication.com
1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 101
tpc.googlesyndication.com — Cisco Umbrella Rank: 139
260 KB
32 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 192
googleads.g.doubleclick.net — Cisco Umbrella Rank: 34
cm.g.doubleclick.net — Cisco Umbrella Rank: 208
googleads4.g.doubleclick.net — Cisco Umbrella Rank: 297
291 KB
17 twitter.com
platform.twitter.com — Cisco Umbrella Rank: 740
syndication.twitter.com — Cisco Umbrella Rank: 1034
305 KB
16 addthis.com
s7.addthis.com — Cisco Umbrella Rank: 1678
api-public.addthis.com — Cisco Umbrella Rank: 4465
m.addthis.com — Cisco Umbrella Rank: 1627
229 KB
13 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 267
333 KB
10 facebook.com
www.facebook.com — Cisco Umbrella Rank: 110
4 KB
8 gstatic.com
fonts.gstatic.com
www.gstatic.com
encrypted-tbn2.gstatic.com
encrypted-tbn0.gstatic.com
187 KB
8 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 513
6 KB
7 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 394
mug.criteo.com — Cisco Umbrella Rank: 2835
9 KB
6 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 210
6 KB
6 google.com
adservice.google.com — Cisco Umbrella Rank: 72
www.google.com — Cisco Umbrella Rank: 2
2 KB
5 ampproject.org
cdn.ampproject.org — Cisco Umbrella Rank: 374
109 KB
4 openx.net
oajs.openx.net — Cisco Umbrella Rank: 2630
google-bidout-d.openx.net — Cisco Umbrella Rank: 2574
rtb.openx.net — Cisco Umbrella Rank: 1546
915 B
4 google.nl
adservice.google.nl — Cisco Umbrella Rank: 13489
1 KB
3 pinterest.com
assets.pinterest.com — Cisco Umbrella Rank: 2616
log.pinterest.com — Cisco Umbrella Rank: 3632
19 KB
3 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 37
2 KB
3 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 188
141 KB
3 crwdcntrl.net
tags.crwdcntrl.net — Cisco Umbrella Rank: 1230
bcp.crwdcntrl.net — Cisco Umbrella Rank: 881
id.crwdcntrl.net
10 KB
3 id5-sync.com
cdn.id5-sync.com — Cisco Umbrella Rank: 958
id5-sync.com — Cisco Umbrella Rank: 413
18 KB
3 ezodn.com
go.ezodn.com — Cisco Umbrella Rank: 8326
basher.ezodn.com — Cisco Umbrella Rank: 8771
80 KB
2 yieldmo.com
ads.yieldmo.com — Cisco Umbrella Rank: 629
221 B
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 149
87 KB
2 rtbhouse.com
esp.rtbhouse.com — Cisco Umbrella Rank: 6552
238 B
2 quantserve.com
secure.quantserve.com — Cisco Umbrella Rank: 939
pixel.quantserve.com — Cisco Umbrella Rank: 666
10 KB
1 eu-1-id5-sync.com
lb.eu-1-id5-sync.com
397 B
1 a-mx.com
id.a-mx.com
621 B
1 adingo.jp
cc.adingo.jp — Cisco Umbrella Rank: 5752
44 B
1 uuidksinc.net
s.uuidksinc.net — Cisco Umbrella Rank: 9628
287 B
1 appier.net
a.c.appier.net — Cisco Umbrella Rank: 17249
556 B
1 fksnk.com
fksnk.com — Cisco Umbrella Rank: 4004
606 B
1 everesttech.net
sync-tm.everesttech.net — Cisco Umbrella Rank: 534
535 B
1 dotomi.com
dclk-match.dotomi.com — Cisco Umbrella Rank: 2338
104 B
1 omnitagjs.com
hb-api.omnitagjs.com — Cisco Umbrella Rank: 3614
883 B
1 krxd.net
beacon.krxd.net — Cisco Umbrella Rank: 559
338 B
1 uidapi.com
cdn.prod.uidapi.com — Cisco Umbrella Rank: 2467
1 KB
1 creativecdn.com
invstatic101.creativecdn.com — Cisco Umbrella Rank: 6030
2 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 381
895 B
1 criteo.net
static.criteo.net — Cisco Umbrella Rank: 637
13 KB
1 openxcdn.net
oa.openxcdn.net — Cisco Umbrella Rank: 2875
8 KB
1 moatads.com
z.moatads.com — Cisco Umbrella Rank: 389
1 KB
1 quantcount.com
rules.quantcount.com — Cisco Umbrella Rank: 868
634 B
1 ezoic.net
go.ezoic.net — Cisco Umbrella Rank: 10311
2 KB
249 43
Domain Requested by
46 xdarom.com xdarom.com
21 pagead2.googlesyndication.com 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
googleads.g.doubleclick.net
tpc.googlesyndication.com
xdarom.com
securepubads.g.doubleclick.net
www.googletagservices.com
19 tpc.googlesyndication.com 1 redirects 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
xdarom.com
googleads.g.doubleclick.net
tpc.googlesyndication.com
securepubads.g.doubleclick.net
14 platform.twitter.com s7.addthis.com
platform.twitter.com
13 s0.2mdn.net 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
xdarom.com
s0.2mdn.net
13 cm.g.doubleclick.net 6 redirects googleads.g.doubleclick.net
1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
10 www.facebook.com connect.facebook.net
10 api-public.addthis.com s7.addthis.com
10 securepubads.g.doubleclick.net xdarom.com
securepubads.g.doubleclick.net
8 dsum-sec.casalemedia.com 4 redirects googleads.g.doubleclick.net
6 ib.adnxs.com 4 redirects googleads.g.doubleclick.net
5 cdn.ampproject.org securepubads.g.doubleclick.net
5 googleads.g.doubleclick.net 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
xdarom.com
5 s7.addthis.com xdarom.com
s7.addthis.com
4 googleads4.g.doubleclick.net googleads.g.doubleclick.net
xdarom.com
4 gum.criteo.com 2 redirects static.criteo.net
4 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com securepubads.g.doubleclick.net
4 adservice.google.com securepubads.g.doubleclick.net
4 adservice.google.nl securepubads.g.doubleclick.net
3 syndication.twitter.com platform.twitter.com
3 fonts.gstatic.com fonts.googleapis.com
3 fonts.googleapis.com securepubads.g.doubleclick.net
1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
3 mug.criteo.com xdarom.com
3 www.googletagservices.com 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
2 encrypted-tbn0.gstatic.com 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
2 encrypted-tbn2.gstatic.com 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
2 ads.yieldmo.com go.ezodn.com
2 assets.pinterest.com s7.addthis.com
assets.pinterest.com
2 connect.facebook.net s7.addthis.com
connect.facebook.net
2 www.google.com 1 redirects tpc.googlesyndication.com
2 esp.rtbhouse.com invstatic101.creativecdn.com
2 id5-sync.com cdn.id5-sync.com
go.ezodn.com
2 oajs.openx.net 1 redirects xdarom.com
2 basher.ezodn.com xdarom.com
2 www.xdarom.com 2 redirects
1 lb.eu-1-id5-sync.com go.ezodn.com
1 id.crwdcntrl.net go.ezodn.com
1 id.a-mx.com go.ezodn.com
1 cc.adingo.jp 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
1 rtb.openx.net 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
1 s.uuidksinc.net 1 redirects
1 a.c.appier.net 1 redirects
1 fksnk.com 1 redirects
1 sync-tm.everesttech.net 1 redirects
1 dclk-match.dotomi.com 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
1 www.gstatic.com 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
1 hb-api.omnitagjs.com go.ezodn.com
1 log.pinterest.com
1 m.addthis.com s7.addthis.com
1 beacon.krxd.net 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
1 google-bidout-d.openx.net oa.openxcdn.net
1 bcp.crwdcntrl.net tags.crwdcntrl.net
1 cdn.prod.uidapi.com securepubads.g.doubleclick.net
1 tags.crwdcntrl.net securepubads.g.doubleclick.net
1 invstatic101.creativecdn.com securepubads.g.doubleclick.net
1 cdn.id5-sync.com securepubads.g.doubleclick.net
1 cdn.jsdelivr.net securepubads.g.doubleclick.net
1 static.criteo.net securepubads.g.doubleclick.net
1 oa.openxcdn.net securepubads.g.doubleclick.net
1 z.moatads.com s7.addthis.com
1 pixel.quantserve.com xdarom.com
1 rules.quantcount.com secure.quantserve.com
1 secure.quantserve.com xdarom.com
1 go.ezoic.net xdarom.com
1 go.ezodn.com xdarom.com
249 65

This site contains links to these domains. Also see Links.

Domain
silktide.com
www.ezoic.com
generatepress.com
www.addthis.com
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-03-14 -
2023-03-14		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-11-28 -
2023-02-20		 3 months crt.sh
odc-addthis-prod-01.oracle.com
DigiCert SHA2 Secure Server CA		 2022-02-27 -
2023-02-28		 a year crt.sh
*.ezoic.net
Amazon		 2022-01-16 -
2023-02-14		 a year crt.sh
*.quantserve.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-08-09 -
2023-09-09		 a year crt.sh
quantserve.com
R3		 2022-11-11 -
2023-02-09		 3 months crt.sh
*.google.nl
GTS CA 1C3		 2022-11-28 -
2023-02-20		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-11-28 -
2023-02-20		 3 months crt.sh
moatads.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-11-16 -
2023-11-18		 a year crt.sh
oa.openxcdn.net
GTS CA 1D4		 2022-12-02 -
2023-03-02		 3 months crt.sh
*.criteo.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-11-08 -
2023-02-04		 3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2022 Q1		 2022-03-21 -
2023-04-22		 a year crt.sh
invstatic101.creativecdn.com
GTS CA 1D4		 2022-11-02 -
2023-01-31		 3 months crt.sh
*.crwdcntrl.net
Go Daddy Secure Certificate Authority - G2		 2022-05-01 -
2023-06-02		 a year crt.sh
cdn.prod.uidapi.com
R3		 2022-11-29 -
2023-02-27		 3 months crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-10-31 -
2023-01-26		 3 months crt.sh
*.id5-sync.com
R3		 2022-11-09 -
2023-02-07		 3 months crt.sh
esp.rtbhouse.com
GTS CA 1D4		 2022-11-23 -
2023-02-21		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2022-11-28 -
2023-02-20		 3 months crt.sh
misc-sni.google.com
GTS CA 1C3		 2022-11-28 -
2023-02-20		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-11-07 -
2023-01-30		 3 months crt.sh
*.doubleclick.net
GTS CA 1C3		 2022-11-28 -
2023-02-20		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-11-28 -
2023-02-20		 3 months crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2022-07-21 -
2023-08-21		 a year crt.sh
beacon.krxd.net
DigiCert TLS RSA SHA256 2020 CA1		 2022-10-20 -
2023-10-19		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2022-09-25 -
2022-12-24		 3 months crt.sh
*.twimg.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-10-06 -
2023-11-06		 a year crt.sh
*.pinterest.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-08-01 -
2023-08-08		 a year crt.sh
syndication.twitter.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-10-01 -
2023-10-01		 a year crt.sh
*.yieldmo.com
Amazon		 2022-04-25 -
2023-05-24		 a year crt.sh
omnitagjs.com
Sectigo RSA Domain Validation Secure Server CA		 2022-06-21 -
2023-07-21		 a year crt.sh
*.dotomi.com
GlobalSign RSA OV SSL CA 2018		 2022-08-09 -
2023-09-10		 a year crt.sh
*.adingo.jp
DigiCert TLS RSA SHA256 2020 CA1		 2022-04-06 -
2023-04-14		 a year crt.sh
*.eu-1-id5-sync.com
R3		 2022-11-09 -
2023-02-07		 3 months crt.sh

This page contains 41 frames:

Primary Page: https://xdarom.com/
Frame ID: 9BCF06C7D572F8B6445F89523C3F883A
Requests: 131 HTTP requests in this frame

Frame: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 2A3746DD8D3451EB628BD829A436878D
Requests: 1 HTTP requests in this frame

Frame: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 186006E77F1CAF7E0E22EBDA127F6AD1
Requests: 15 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=xdarom.com
Frame ID: 58C2D4EAC9A587DAAE9B8913685C045D
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL_OxN0CEL3jp5YEGJbWzdsBMAE&v=APEucNWs_FDML2uBdsB9fM8ROMQY2UBu0lkTEi1tL3rg-hxhnBhY4Unh6Pz3C-NiTv3JpgstIoSiOZNKG4m4j_p2sc7eTWYDWpbyCTi9pywDyo2OKWntf01QctRM2VJNS4obA1KUDRYZVdn7K9encOUN9BV5tbn_01Vme2yDrgUOysgS2YyPw0OOa3vtSneCb6x_hJoEcF0LWoPP1z-mLtMr9xk2CfXh3A
Frame ID: AF6D0187B69B25B05508FE7E0A4A1F5B
Requests: 5 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/022211060024000/amp4ads-v0.mjs
Frame ID: B580AF38CECC04792D9A4BFF9E131067
Requests: 15 HTTP requests in this frame

Frame: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 9C916F75F02BC15CB0619A526ED46685
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI2VFxDgh9qvAxjMidfJATAB&v=APEucNVojYurvjRBg5TmxBZLOd714IK11raTmMQHcueAjzVk0BXlSP23vOvd08dJtHpQEsg7iQnCLdZb5sCIi4-dpP-p6uVFabpVz_Waoy4aerZeEctJ6ePyXacP7_KIdSAcVABZnpzc5pFreXcxglbcgSOfZeSG5MrL-92CuEYHUrVoSDvR6_tg1NqFYEKyiUA_BPa2BAFCzewtZo_rkFSbmp8iADXHFQ
Frame ID: 2236979258E28FF3C8181FEDFA65844C
Requests: 5 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: 5554E8D6BC62DFFD2A4FCFF83483810C
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 1C19A5E0F2B6409A5CEDEA0FF3448926
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/7950924427677957422/index.html
Frame ID: C7106B0FE1D1C0367082E1F2E3A4202A
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 49CAF11B7BA16D9B24F505CCC05D5290
Requests: 3 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 584C2E1E990DC62A87D90C7D83086465
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: A5E69CFA85489C5C252E5E0BF4B210C0
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 4652D458241F932A3A8CD54CA2C2DAEC
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 8674D4963FA6D2F1A1D96CCD90E20AE4
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.644279d1635fd969e87af94a98bd232b.html?origin=https%3A%2F%2Fxdarom.com
Frame ID: 03EB07844B4DF4528758925515A95FE5
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2a8d228f5f9724%26domain%3Dxdarom.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fxdarom.com%252Ff2c0007e5297b3c%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fxdarom.com%2Fmagisk-manager%2F&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Frame ID: EF6A9115AD5333FB3E3DC57E82EA5E97
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df19e8904b15d914%26domain%3Dxdarom.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fxdarom.com%252Ff2c0007e5297b3c%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fxdarom.com%2Fsmartphone-sp-flash-tools-version-download%2F&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Frame ID: A7F8D5FE7F8790954ECF2A5BD06057A3
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df32eb58bf53aa5c%26domain%3Dxdarom.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fxdarom.com%252Ff2c0007e5297b3c%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fxdarom.com%2Fmi-account-remove-tool%2F&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Frame ID: 98BB70209A25CCE5A4CBC8540E8EA781
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df150fb35a3979ec%26domain%3Dxdarom.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fxdarom.com%252Ff2c0007e5297b3c%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fxdarom.com%2Fsamsung-tool-card-not-found%2F&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Frame ID: 43CF13A4DDAFC47110A8358B5650C00E
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1c13970df541%26domain%3Dxdarom.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fxdarom.com%252Ff2c0007e5297b3c%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fxdarom.com%2Foppo-preloader-driver%2F&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Frame ID: C1AB4FE33D98BF81C40854DB8734E93C
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2ee2f7f88fad3c%26domain%3Dxdarom.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fxdarom.com%252Ff2c0007e5297b3c%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fxdarom.com%2Fcm2-dongle-manager%2F&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Frame ID: 50AB864D708F044D9FDAC7140813E38D
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2728672acdb384%26domain%3Dxdarom.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fxdarom.com%252Ff2c0007e5297b3c%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fxdarom.com%2Fsamsung-j7-pro-frp-file-download%2F&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Frame ID: 00C1EF9E76C23BB9D38B361933E504CC
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df274a482be1fc88%26domain%3Dxdarom.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fxdarom.com%252Ff2c0007e5297b3c%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fxdarom.com%2Foppo-a3s-pattern-lock-reset-done%2F&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Frame ID: E36F5C0F5A50596733ABA1244CB864A5
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df251e5a549ef4d%26domain%3Dxdarom.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fxdarom.com%252Ff2c0007e5297b3c%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fxdarom.com%2Fmtk-client-tool%2F&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Frame ID: A354EC8F7480FB63017B9390F2CC0283
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ccda7761501bc%26domain%3Dxdarom.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fxdarom.com%252Ff2c0007e5297b3c%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fxdarom.com%2Frealme-dialer-apk%2F&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Frame ID: 5C6483B8F1A042E9228949D620A87DEB
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.644279d1635fd969e87af94a98bd232b.en.html
Frame ID: B3F242789F12266D404D9C174D093256
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.644279d1635fd969e87af94a98bd232b.en.html
Frame ID: B30E1CAEDE8A55CAE15EFB307CF083CE
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.644279d1635fd969e87af94a98bd232b.en.html
Frame ID: 6D06937185251D03335B35022F2948D9
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.644279d1635fd969e87af94a98bd232b.en.html
Frame ID: DE1038AA146BB1AF8B1FCEFB485F0160
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.644279d1635fd969e87af94a98bd232b.en.html
Frame ID: 830944E5D06BBBB3B3BE9731D0A59DEB
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.644279d1635fd969e87af94a98bd232b.en.html
Frame ID: 721F0A29DEE6DBD62202F9BE23D35535
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.644279d1635fd969e87af94a98bd232b.en.html
Frame ID: 6521F7487DCFC48E3DCE43C567A24890
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.644279d1635fd969e87af94a98bd232b.en.html
Frame ID: F71DFFCE48A89927022102F4D20B193D
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.644279d1635fd969e87af94a98bd232b.en.html
Frame ID: 458C5F6B538B734C788961C66F1CC842
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.644279d1635fd969e87af94a98bd232b.en.html
Frame ID: 47F669A1432048D031503B1E890A5225
Requests: 2 HTTP requests in this frame

Frame: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 11EA1BAE84E4B2423213101F2A5C0877
Requests: 18 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 6079C7936E3776841A1A786CD62385DA
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/GC5M5N_VN3lVd7ErmxmldCKoshgV9d2S74rLP9hyoZw.js
Frame ID: B39E28D3475AA307B4060E8C8A951292
Requests: 1 HTTP requests in this frame

Frame: https://ads.yieldmo.com/pbcas?us_privacy=&gdpr=0&gdpr_consent=&type=iframe
Frame ID: 7BC6B6C2C9D6718F78CF87E66BDC80D6
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

XDAROM.COM - Android Update News, GSM USB Drivers, Flash Tools,Unlock Tool, FRP Bypass Tools DownloadFacebookTwitterPrintEmailPinterestGmailLinkedInEmail AppTumblrAddThisFacebookTwitterPrintAddThis

Page URL History Show full URLs

  1. http://www.xdarom.com/ HTTP 301
    https://www.xdarom.com/ HTTP 301
    https://xdarom.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • addthis\.com/js/
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • moatads\.com
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • cookieconsent\.min\.js
Overall confidence: 100%
Detected patterns
  • //assets\.pinterest\.com/js/pinit\.js
Overall confidence: 100%
Detected patterns
  • \.quantserve\.com/quant\.js
Overall confidence: 100%
Detected patterns
  • //platform\.twitter\.com/widgets\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

249
Requests

92 %
HTTPS

54 %
IPv6

43
Domains

65
Subdomains

55
IPs

9
Countries

2396 kB
Transfer

6125 kB
Size

45
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.xdarom.com/ HTTP 301
    https://www.xdarom.com/ HTTP 301
    https://xdarom.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 60
  • https://oajs.openx.net/esp?url=https%3A%2F%2Fxdarom.com%2F&rid=esp HTTP 302
  • https://oajs.openx.net/esp?url=https%3A%2F%2Fxdarom.com%2F&rid=esp&cc=1
Request Chain 71
  • https://gum.criteo.com/sid/json?origin=publishertagids&domain=xdarom.com&sn=ChromeSyncframe&so=0&topUrl=xdarom.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
  • https://mug.criteo.com/sid?cpp=wqVnm3xVUCsvbUlLRDJ5Snl2dktOWExUTTNNbE5kemFTTi9sN3BheVQvbDY1TGlpQTlHaGVKK01SMjNZU2t1U1U4cTVGWEozTGlSUkFBTjJ6NzBsaHd6TEZMSXZJYkFvSlBiMVlaMXBXQWRKK015Zit0cklUQWVzQ1RZWGtlS1FZTmdjeHpkblZWL0hxdjRSM2dVd3NoR0QvenJydVFZNm5reVVraEFqZEZxNElFNWtQeU1sRzhnL1ROdXVUbEx5L00wMFhGVUErb0tmM29RU0ljN2RxNFA1Rm9EejB1SHl1a2o3SXptTWNLd0pPMXZsVEs3S2g3T0dpbmpZaFk1aUFCS0N2dUFMTWlabzJhVlc0VWRldWJlMHgvQT09fA&cppv=2
Request Chain 96
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMWvMx88LHWgal46LG6-0dI&google_cver=1
Request Chain 97
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y5zJqktPUTql5tJtV4DerQAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFUJG4dsHE1oOJOoHvSw0Xs&google_cver=1
Request Chain 98
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEJjeyo5dQUhygK51IFv7J1A&google_cver=1
Request Chain 99
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTUxNDQ5NDY0MjU3NDkwODQ4MA%3D%3D
Request Chain 108
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFUJG4dsHE1oOJOoHvSw0Xs&google_cver=1
Request Chain 109
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y5zJqktPUTql5tJtV4DerQAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFUJG4dsHE1oOJOoHvSw0Xs&google_cver=1
Request Chain 110
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEDfHO9XOQjCAYTkFpcZPIA8&google_cver=1
Request Chain 111
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjg4ODQ3MTM3ODg1ODc2NDg4Mw%3D%3D
Request Chain 114
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 251
  • https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKC_l8j4kAEQsAkYsAkyCJcOr4HLZ_2F HTTP 301
  • https://tpc.googlesyndication.com/simgad/15404334706985882
Request Chain 255
  • https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEK6G5n82TF-hkEwpw9nBpZ0&google_cver=1&google_push=AavPq0MroNJpbKX6qYK9cq0GRJJQyfe98p7nTMltk6Kd7Q4e5z5H8cNBfB68Zg2szx2PmI9Z9sVOsyVyqGZdHGASwK69NcZMjik HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEK6G5n82TF-hkEwpw9nBpZ0&google_push=AavPq0MroNJpbKX6qYK9cq0GRJJQyfe98p7nTMltk6Kd7Q4e5z5H8cNBfB68Zg2szx2PmI9Z9sVOsyVyqGZdHGASwK69NcZMjik
Request Chain 256
  • https://fksnk.com/cs/google?google_gid=CAESENR9-28NX6rR66GiPd8V164&google_cver=1&google_push=AavPq0NzcfAOe4x2882JUa4Vtk7j5vFcjc_4vuBNv1QhquloDHjkpt19rgb1jMxC7Np1C__cwhMYUr8ORB7SPjISUUexD1IVqXUU HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=RTBBODM5RDExMTcwNDVDRg==
Request Chain 257
  • https://a.c.appier.net/gcm?google_gid=CAESEAlLUyltY7xaL8HKQnurDtY&google_cver=1&google_push=AavPq0NBcPZ2-ekFXEP9GjBCkQeFIylLMGas5hjvQh_Kz3A-9wiQtrTB2K0gICkoC0HmF1NM0d2PTV00jyG-9FQTmMW5K7F8V0UM HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=VTRodVB0eTlDYXVOckwyZ3NNbWNZdw%3D%3D&google_push=AavPq0NBcPZ2-ekFXEP9GjBCkQeFIylLMGas5hjvQh_Kz3A-9wiQtrTB2K0gICkoC0HmF1NM0d2PTV00jyG-9FQTmMW5K7F8V0UM
Request Chain 258
  • https://s.uuidksinc.net/match/47/?remote_uid=CAESEK1lhzSpCzdn04F11a7cATA&c_param1=AavPq0OaVou4Bza9KG9lip9xXRIahy6hBY54djYxJh3QIo1GR_dLn66lc8uh4cIJrPjPXeDwgI5sVhDVGJW50SKGlKsYWw1ROrY2&gdpr=%%GDPR%%&addtl_consent=%%ADDTL_CONSENT%%&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AavPq0OaVou4Bza9KG9lip9xXRIahy6hBY54djYxJh3QIo1GR_dLn66lc8uh4cIJrPjPXeDwgI5sVhDVGJW50SKGlKsYWw1ROrY2
Request Chain 272
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fxdarom.com%2F&domain=xdarom.com&bundle=iP6tn18lMkJGRGdKZkQlMkZBZWZ5dzY4UTJIYzVxSG9MUHlkWG42UVMyQmglMkZ3ciUyQmRiRE0lMkJmM3dBUCUyRnduM0MlMkJ3OUdhUjJOJTJCd2h2WkxqMU5qdEpGQTlrTG96MFNFM0E4MXUxdm44NHNVS0VWaG1Rd28xaHNXOUtFZmZESXFjcmc1SGJoS3NIaTZBWnllJTJGTXJwdmw4SmRDMnRmblAxWGclM0QlM0Q&cw=1&pbt=1&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=e0bCFHxyYk02d2E2VENYVTBPd0dDb3lxQlRQL3c0UTJYSmw1MURCQ0xrQk5xcm1PYzFyS0xGUG5QTW9hKzB0UUJrRElCdEp6cXh2ZzJKMWsrS2t3OXpld3RqSDBoNUtrUUsxQlBtaERKYjRjK1MvQUtOend2Z3F5OC9Pb01CL0VTNG9zd3UyMVJaNmJoWHRWdGFLWmkrUkRxclA3K0RkSCtMY3ZlbEhmTTJmdWtKSEUwN2drSlBnMnpCUS9Pdm1YZUF1ZDJpeEpGSENrY1U4MmowWm1hajJVQzFkc3Z3YTRJZGY0clpOWlc3NXhJRzA3OHQ3TTJDVFBRRWxONFJYOUdYL2hvTjhUT3BhWjRFSkFaclBHQVUrb1BrR0tKMU5rZlFUWW40UklvSjBHdGRwVT18&cppv=2

249 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
xdarom.com/
Redirect Chain
  • http://www.xdarom.com/
  • https://www.xdarom.com/
  • https://xdarom.com/
156 KB
34 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4e46dc91d6c7f01d9f73b866739e2a1971589f1cd421c7b971ec21c50d3c378a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

age
3514
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
private, max-age=0, must-revalidate, no-cache, no-store
cf-cache-status
DYNAMIC
cf-ray
77a9e3f35bec1af9-AMS
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Fri, 16 Dec 2022 19:40:24 GMT
display
pub_site_sol
expires
Thu, 15 Dec 2022 19:40:24 GMT
last-modified
Fri, 16 Dec 2022 18:41:48 GMT
link
<https://xdarom.com/wp-json/>; rel="https://api.w.org/"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pagespeed
off
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jjBx9GKybCpICvmBBTXp3ikx58aYq2WPS42%2Fj3YspAhZ%2BKKO9kmTEIv%2FxcO5A92IrI8iYTiK%2FYmNq%2BO1KvrzGy%2BmSogJlJnDBORdZxN0XfvSso5jGu7IGTNeXexwGxr045rnQOFAjRid"}],"group":"cf-nel","max_age":604800}
response
200
server
cloudflare
vary
Accept-Encoding
x-cache
HIT
x-middleton-display
pub_site_sol
x-middleton-response
200
x-sol
pub_site
x-ua-compatible
IE=edge

Redirect headers

age
12306
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
max-age=0
cf-cache-status
DYNAMIC
cf-ray
77a9e3edd8571c7b-AMS
content-type
text/html; charset=UTF-8
date
Fri, 16 Dec 2022 19:40:22 GMT
display
staticcontent_sol
expires
Fri, 16 Dec 2022 16:15:15 GMT
location
https://xdarom.com/
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pagespeed
off
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n0Wo8Khg0PV9yb4rUeWdqUs3RhJbURSOnqiGu0R4Exy6SAOwx3zreLdWscPqhccbyfzqliXQpOfwy27nFZKycQu2H2TNAx2%2F0mIv9S4I6RaRalyUElBpqki6GPaCRztWY8rVuz7tk3y9muZWdA%3D%3D"}],"group":"cf-nel","max_age":604800}
response
301
server
cloudflare
vary
Accept-Encoding,Origin
x-cache
HIT
x-middleton-display
staticcontent_sol
x-middleton-response
301
x-redirect-by
WordPress
x-sol
pub_site
x-ua-compatible
IE=edge
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		80 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: xdarom.com
URL: https://xdarom.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8d4760a6aa7f6fdba7e29114a884ea592eb532db4e41b6dbbca912c464f45586
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27542
x-xss-protection
0
server
sffe
etag
"1423 / 878 of 1000 / last-modified: 1670587517"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Fri, 16 Dec 2022 19:40:24 GMT
dall.js
go.ezodn.com/hb/ 		260 KB
79 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://go.ezodn.com/hb/dall.js?b=adyoulike,yieldmo&cb=195-0-50
Requested by
Host: xdarom.com
URL: https://xdarom.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e6::ac40:ca05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
674efa4ed02ae3e7c515c39ad26891b579699d4e6c71641cb4567cecf8119cc2

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:24 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 05 Dec 2022 19:47:14 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
949990
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rzEFpaPTM5vZ%2FQhUQsTvvIwbRjb9plCbuanEBLz03Th2lU69xywNkCBQZXpqDpb7%2BY6V9l3kL865r1YvGX%2BgiGIZClWJ8h8O%2Bm720SZerF1O4Xx4CLTYSRBa4yTH9HfrQAmSJV8GAzZCiYY%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
77a9e3fd1896b828-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
fads.js
xdarom.com/porpoiseant/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/porpoiseant/fads.js?gcb=195-0&cb=6
Requested by
Host: xdarom.com
URL: https://xdarom.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f08bda7e60fadca736bd7ed81684d6dd9bd11951aada10c84e66cbeac3c52197

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:24 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Fri, 16 Dec 2022 05:40:22 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
50402
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dgG9moVTUPz2Xo%2BNbFtzAwmXvWEufmJySJcsdg4bUZQ7VZoSHifJ5YkgmV7KG3jN79xf1IiWBPSoZhGumYj%2FzpCHa%2FIw1puDI16p2iJBtQi5YOFy5nqbX9AO8ZQii7RGDq2mAnPRfOZP"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-middleton-display
sol-js
cache-control
public, max-age=31536000
x-robots-tag
noindex
cf-ray
77a9e3fcae031af9-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
banger.js
xdarom.com/porpoiseant/ 		52 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/porpoiseant/banger.js?cb=195-0&bv=169&v=68&PageSpeed=off
Requested by
Host: xdarom.com
URL: https://xdarom.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bfe1f346fdc4c58512a773da0993070cb2d4dbf33c3c3269f5ae884135690c0b

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:24 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Fri, 16 Dec 2022 04:46:25 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
53639
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9MfTTgazc%2BJwHUh4D6N73yTOxScgS4GuE3UN3Pf%2BZmQS4bgMQ370PuBxhWJ2DJsZzy3aGBNWvf7bsdtVQpHr1%2F8kEt04LB%2FXCjDczkK1pKgMXMLGO2Ffm4J2XqEe3jj%2BvR0w9G0s9lwI"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-middleton-display
sol-js
cache-control
public, max-age=31536000
x-robots-tag
noindex
cf-ray
77a9e3fd2803b725-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
a0bc1d78e6e3da37c7ea31a5f807c4c9.css
xdarom.com/wp-content/cache/min/1/ 		137 KB
21 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/wp-content/cache/min/1/a0bc1d78e6e3da37c7ea31a5f807c4c9.css
Requested by
Host: xdarom.com
URL: https://xdarom.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3265eae2ee55c90716ce5fc662a9fd0c6529ac5f2416665c7dc869990e1fc71

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:24 GMT
content-encoding
gzip
cf-cache-status
HIT
x-sol
orig
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display
staticcontent_sol, orig_site_sol
age
694977
x-middleton-display
staticcontent_sol, orig_site_sol
x-middleton-response
200
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
response
200
last-modified
Thu, 08 Dec 2022 18:33:57 GMT
server
cloudflare
etag
W/"63922e15-223a6-gzip"
vary
Accept-Encoding,Origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OHsN3rhpK5DG3anS1Mw%2FNib%2BCfAwfl8fHleJNNYQ3F4gIA8xarYb8QaHuKc90N3FTJwo2D0XC9H3GRrMR1f%2FWU9rJRPqHltOp7sSqQ4n5xmFAuwAZCS65bbzMATnp9Pa5tD36B6XZQvs"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=2592000
cf-ray
77a9e3fcce3a1af9-AMS
jquery.min.js
xdarom.com/wp-includes/js/jquery/ 		88 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
Requested by
Host: xdarom.com
URL: https://xdarom.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:24 GMT
content-encoding
gzip
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display
staticcontent_sol
age
334334
x-middleton-display
staticcontent_sol
x-middleton-response
200
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
response
200
last-modified
Thu, 01 Dec 2022 00:14:50 GMT
server
cloudflare
etag
W/"63625f9b-15e54-gzip"
vary
Accept-Encoding,Origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TComLl6a%2FwM946r%2F9XxpbYfJ0bLTRxCnw0mGDquqTy%2BvS8%2BmnSsLw1xp7vAa4CWg13BIB4fG3o%2BUZECIRsRkxeSitl%2B2Y7gALoLJYZfp9N%2F501hBmfNfewzVTewl8FVHhMWP7fssdFdA"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000
cf-ray
77a9e3fcde411af9-AMS
addthis_widget.js
s7.addthis.com/js/300/ 		353 KB
114 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s7.addthis.com/js/300/addthis_widget.js
Requested by
Host: xdarom.com
URL: https://xdarom.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.62.220.135 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-62-220-135.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
date
Fri, 16 Dec 2022 19:40:25 GMT
last-modified
Mon, 26 Oct 2020 18:11:48 GMT
server
nginx/1.15.8
etag
W/"5f971164-5834c"
vary
Accept-Encoding
x-distribution
99
content-type
application/javascript
cache-control
public, max-age=600
x-host
s7.addthis.com
content-length
116325
cookieconsent.min.js
xdarom.com/ezoic/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/ezoic/cookieconsent.min.js
Requested by
Host: xdarom.com
URL: https://xdarom.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
10d4b728888654e0b85c706a9310b551087d3321fb8ebfff147d07b13fa73bf0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:24 GMT
content-encoding
gzip
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
22715
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 01 Dec 2022 00:14:50 GMT
server
cloudflare
etag
"11a4-5eeb91c04f280-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HoMCw1L4ej9SEwjup1cuzqkigmAaUaCyqx32nWtAiJF769Sn73KTUhUybx2DAqf11YJ%2FrvlMpNCJklLVjk8nY5odHTs78NoBuSPXgFfk5eegsdZMbDsCU6P3AdSrPNlkcOuiwHwk7%2BNX"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
x-robots-tag
noindex
cf-ray
77a9e3fcde431af9-AMS
expires
Sat, 16 Dec 2023 13:21:49 GMT
lazyload.min.js
xdarom.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.5/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.5/lazyload.min.js
Requested by
Host: xdarom.com
URL: https://xdarom.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8ceb3992861ed1fda25855c2e500e76842ae0d788405e50e3a9f45df36499cf6

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:24 GMT
content-encoding
gzip
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display
staticcontent_sol
age
2226940
x-middleton-display
staticcontent_sol
x-middleton-response
200
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
response
200
last-modified
Wed, 16 Nov 2022 18:15:17 GMT
server
cloudflare
etag
W/"637528b5-2063-gzip"
vary
Accept-Encoding,Origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DjNMMDTWG5sVo0Vf9O%2B35zf8ycnrOZ0S6LcxJ91Ptb21Di88HWLvgBWlz%2BemE10BhCiIkma6j1Owb5zBjmMTw49ptzFMK7DT7StGWeEmah%2Fxgxy5cZxfmenPcdA7cVU%2BzbhYnoxFnDaD"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000
cf-ray
77a9e3fd2805b725-AMS
fc51b444596c4ddd14f780b507484038.js
xdarom.com/wp-content/cache/min/1/ 		27 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/wp-content/cache/min/1/fc51b444596c4ddd14f780b507484038.js
Requested by
Host: xdarom.com
URL: https://xdarom.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e1d92767b18f0058557e5d935d73112a095c798db5be4501112c227eb6b0457

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:24 GMT
content-encoding
gzip
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display
staticcontent_sol
age
204780
x-middleton-display
staticcontent_sol
x-middleton-response
200
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
response
200
last-modified
Thu, 08 Dec 2022 18:33:57 GMT
server
cloudflare
etag
W/"63922e15-6bd4-gzip"
vary
Accept-Encoding,Origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=touNhq0itv5N4jbzaWr0QQOtacjDpnxUyf4R8GOVPNV2adaw4ZQcDeufaTGhdU1wKFSdEkASpypBcBMKppnkwrZTmMSxhS0hbWHLW%2BgUIDsf5XT08KECsZp04RbxY47suspufAVsE%2Be3"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000
cf-ray
77a9e3fd2806b725-AMS
augusta.js
xdarom.com/detroitchicago/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/detroitchicago/augusta.js?cb=24
Requested by
Host: xdarom.com
URL: https://xdarom.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dcc0b6437eeec474b65774198371749c6e3f11c12b0bc14f3a971714d0d0e52b

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:24 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Fri, 16 Dec 2022 04:46:26 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
53638
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6ygGe179m5xjHnDOYdKwjZ5rzqBgNECC%2BkAe0cGW%2Bwqb%2B%2FOcbJ0JcHAEFfp2cnc7HYBZR%2BibFflvsJ3zYKfYg%2FXMHr%2Byep3P%2BwtaUPdURwHpZSNtjEREt6Cx0hJhzRsfTq%2FVrbEJgchP"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-middleton-display
sol-js
cache-control
public, max-age=31536000
x-robots-tag
noindex
cf-ray
77a9e3fd2807b725-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cmbv2.js
xdarom.com/detroitchicago/ 		47 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y0b-6y0d-21y14-4y18-5y22-3y30-4y5a-2y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x0bx0dx14x18x22x30x5ax5ex65&abt=DynamicMedDec
Requested by
Host: xdarom.com
URL: https://xdarom.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
11b02d867229718fbe9cab0046e5dd3613683de845141b99ba5017973b0bc39b

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:24 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Fri, 16 Dec 2022 19:40:24 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eQMvw863G0S9bL7VJdzLlVb9mCSISnZRHqWyyuWsYrr%2BGuJqyU2RV%2FOm85FvjIDSU0dCyeCx1yQLev33NiBIvEL6JKXJRwE92bq2XOlhvcoltiV8eTHweRPbGVArL47BJcMA%2BW8C5sM5"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-middleton-display
sol-js
cache-control
public, max-age=31536000
x-robots-tag
noindex
cf-ray
77a9e3fd2808b725-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
truncated
/ 		64 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml
generatepress.woff2
xdarom.com/wp-content/themes/generatepress/assets/fonts/ 		1 KB
2 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/wp-content/themes/generatepress/assets/fonts/generatepress.woff2
Requested by
Host: xdarom.com
URL: https://xdarom.com/wp-content/cache/min/1/a0bc1d78e6e3da37c7ea31a5f807c4c9.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ac990171fc2a8993d659ce8f10bc0a7815c43835ba1dc00c2246f3556c6eeecd

Request headers

Referer
https://xdarom.com/wp-content/cache/min/1/a0bc1d78e6e3da37c7ea31a5f807c4c9.css
Origin
https://xdarom.com
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:24 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display
staticcontent_sol
age
342718
x-middleton-display
staticcontent_sol
x-middleton-response
200
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1264
response
200
last-modified
Sun, 11 Dec 2022 17:59:11 GMT
server
cloudflare
etag
"63961a6f-4f0-gzip"
access-control-max-age
1728000
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/font-woff2
access-control-allow-origin
https://xdarom.com
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t0%2FTggancasy435HufX5eRxf65VBHpgb6ZOSR88ayMkyV0wwZzOM7P84TDHqqerfIAMmeFHNzmBlhhNLQp%2BOW%2Fl640eKeTGe1uOHeWHbiMU6lO7wykw%2BW9mB3Qu%2BG5G8UsvO4lvNC1nB"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=2592000
vary
Accept-Encoding,Origin
accept-ranges
bytes
cf-ray
77a9e3fd3812b725-AMS
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9185925985d621f388439c646b3a0fac4f43512e592840ed4879712052d5498a

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d197c23c96319df42881161b8f4f7a1869781d8f33ffd620a22cd0af32e0c370

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bc43953155ac6498e5e7ce107955dd3e5b2807fedc0f36a6bb73c64f5afe0b36

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f14e37aa81530cba139699ee6f70eb5dc3427c54dd97b3e24b114de7fe75d3ee

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
60cb9141c5c49d893985bae795f7bcc1530188cde1fdc8a83cf706f78de87df1

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1d146231180457b43c5e75b6b38d0a71d8a8b77e92c8dbce0589de947b5b7777

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
213cdc73309f973f10c0508d6169f03c205526e29b9fa4916e5e0f93fbc8507e

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d2e66b2ad63e3dc299510d35b2c0d8860bffe0629ce3ba0589e39a8e0c7dcafc

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
896a64a908337c3ed77d9bd3284b5f2a7611e85566056766b9143be502cb497b

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1b2ed9d7e8a59e44543420cc3c1572177e6e995ce7bcd5238142f4689c845ce0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml
ezoic.png
go.ezoic.net/utilcave_com/img/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://go.ezoic.net/utilcave_com/img/ezoic.png
Requested by
Host: xdarom.com
URL: https://xdarom.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:3400:2:cb38:840:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.39 (Ubuntu) /
Resource Hash
e1a156c3daa4ae0c41f21ef266131ca5a34d56695e3d860b232da142ef031234

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Sun, 11 Dec 2022 05:26:38 GMT
via
1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)
x-sol
middleton
display
staticcontent_sol
x-amz-cf-pop
FRA53-C1
age
483226
x-cache
Hit from cloudfront
x-middleton-display
staticcontent_sol
content-length
1181
last-modified
Thu, 01 Dec 2022 00:14:50 GMT
server
Apache/2.4.39 (Ubuntu)
etag
"49d-5d9576f862e00"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=604800
x-amz-cf-id
7ZS66b-0_rEu-nMRgO_c6tg-54odvrpAfkzfJGC2-n3-SzYPSo7IZA==
expires
Sun, 18 Dec 2022 05:26:38 GMT
houston.js
xdarom.com/detroitchicago/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/detroitchicago/houston.js?gcb=0&cb=33
Requested by
Host: xdarom.com
URL: https://xdarom.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
22411e2bcae3b8094e39c5b0b9e38a3257b78fe2e8b9fcf994a98e14534d9d44

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:24 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Fri, 16 Dec 2022 04:46:32 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
53632
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L5WlO3fOwGfx%2FCF1H5QfoVqg6kh63GiP3hf3uvTlSJzTpeQF1rNxocILRwGkj0PKVpqRKN8ZLocIvY5galKHLQH7T5%2F1EW3xaaYUqBu8pi6KE6Bb0OVp8OWGixXS5I0xnqbHhTnG9yMT"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-middleton-display
sol-js
cache-control
public, max-age=31536000
x-robots-tag
noindex
cf-ray
77a9e3fd884bb725-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
/
basher.ezodn.com/ 		234 B
699 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://basher.ezodn.com/?did=188513&bf=10&dc=1254144
Requested by
Host: xdarom.com
URL: https://xdarom.com/porpoiseant/banger.js?cb=195-0&bv=169&v=68&PageSpeed=off
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e6::ac40:ca05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d61ed2d6f691389596fad09cd95740f4408165d19d3c424152a68a29111b15de

Request headers

Referer
https://xdarom.com/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
X-PINGBACK
pingpong
Content-Type
application/json

Response headers

date
Fri, 16 Dec 2022 19:40:24 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
access-control-max-age
86400
vary
Origin, Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
https://xdarom.com
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jSklcqcU8T%2Bz9AmOBmXV2rn3ocs4ZrvgpiEKshhSv6fDhnAs86L0RUUhEYJttdKET1rmazZ7VMf4UvKMZ%2F2e7Dud26w%2BfHSRXG%2FqKOsaeRGqtEVX9WRZf7Nk%2F4dmvV4ROMcYqTUfvAIYDS0uPxMx"}],"group":"cf-nel","max_age":604800}
content-type
application/json
cache-control
public, max-age=84400
cf-ray
77a9e3fe6a051cb0-AMS
access-control-allow-headers
Content-Type
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
/
basher.ezodn.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://basher.ezodn.com/?did=188513&bf=10&dc=1254144
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e6::ac40:ca05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-pingback
Access-Control-Request-Method
GET
Origin
https://xdarom.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-pingback
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
https://xdarom.com
access-control-max-age
86400
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-ray
77a9e3fdf9dcb885-AMS
content-length
0
content-type
application/json
date
Fri, 16 Dec 2022 19:40:24 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0b1PzXpY3Qi5OGybF76E5XA4nJUNHn51SADYJJ6qW7JAtDi54JdygNXdxrrgweh3ZxjIab7wmq%2BvOKg84NE7EvCIBEqG4tiTORSdDcSIfUhM%2BYbKCUtrOJOj17XTj504wuc5B8prNKDYQsZq%2FuXY"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Origin, Accept-Encoding
nmash.js
xdarom.com/porpoiseant/ 		23 KB
7 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/porpoiseant/nmash.js?v=169
Requested by
Host: xdarom.com
URL: https://xdarom.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d6a7e2822c14081dc26a7f7439fcec3c1ac551f09da75ea9d8eac0966a45056a

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:24 GMT
content-encoding
gzip
cf-cache-status
EXPIRED
last-modified
Fri, 16 Dec 2022 13:11:24 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NT2VH5vVfKzOzKs8kgmlow4GUsUzMz2632OooQEU%2FtTNxBw4Z3N6jkUTgqg0j2LSL4Pvwqf4H7fYV0gql2S6i2866tqmS2%2FaYap33j2v58%2BUn%2BvQFfqhNMDRDTHoPs%2Frm%2BDQAQtMuh7s"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-middleton-display
sol-js
cache-control
public, max-age=1800
x-robots-tag
noindex
cf-ray
77a9e3fd9856b725-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cropped-XDAROM-Logo.png
xdarom.com/wp-content/uploads/2022/03/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://xdarom.com/wp-content/uploads/2022/03/cropped-XDAROM-Logo.png
Requested by
Host: xdarom.com
URL: https://xdarom.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
deeee8fbc78cac2401826b8c486f4c1767a619343c9f8158ac54165874c98249

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:24 GMT
content-encoding
gzip
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display
staticcontent_sol
age
28771
x-middleton-display
staticcontent_sol
x-middleton-response
200
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
response
200
last-modified
Thu, 01 Dec 2022 00:14:50 GMT
server
cloudflare
etag
"623b7469-102d-gzip"
vary
Accept-Encoding,Origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lcCWvzJ5NI2a%2FXOaeAT%2BkhzbiHCxTR9VsTuvi7v%2BgwThRiGlUf0awdf5cIyLiGOC5o0phu5gYpkNoPFqW0WteHB1DsxewdWcElxxB5RKVPN5ooq5cKqniEmYGVM%2FdWMGegWCorhtGCPc"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
cf-ray
77a9e3fda866b725-AMS
Magisk-manager.jpg
xdarom.com/wp-content/uploads/2019/01/ 		38 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://xdarom.com/wp-content/uploads/2019/01/Magisk-manager.jpg
Requested by
Host: xdarom.com
URL: https://xdarom.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
174100392260d3ce21229f8839bab8067707979712660dfab0f9e07431d55002

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:25 GMT
content-encoding
gzip
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display
staticcontent_sol
x-middleton-display
staticcontent_sol
x-middleton-response
200
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
response
200
last-modified
Fri, 16 Dec 2022 16:32:44 GMT
server
cloudflare
etag
"6076d7c6-9759-gzip"
vary
Accept-Encoding,Origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PIDJccpJzlfUeKvXHiD5rHl%2BJ7i8B7IKedMm8cHAo%2BARcNoxbtFWhBhuxMZJ5Lpe%2B%2BKH60GHSiZ8350mISzBSoneXkR8MKe1%2FR2v%2B6pwQ%2BoDw3SmcxlXkahfG0s3czhsZOfN08cs15EQ"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
public, max-age=2592000
cf-ray
77a9e3fda867b725-AMS
Samrtphone-Flash-Tool.jpg
xdarom.com/wp-content/uploads/2017/05/ 		21 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://xdarom.com/wp-content/uploads/2017/05/Samrtphone-Flash-Tool.jpg
Requested by
Host: xdarom.com
URL: https://xdarom.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ec04fdd4815525fb6e4cca8b41073a0cc887d66f77ec49b100e806a48441cf74

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:24 GMT
content-encoding
gzip
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display
staticcontent_sol
age
12731
x-middleton-display
staticcontent_sol
x-middleton-response
200
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
response
200
last-modified
Thu, 01 Dec 2022 00:14:50 GMT
server
cloudflare
etag
"6076d7e6-534e-gzip"
vary
Accept-Encoding,Origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QniNOu9rhcPFAOwWq%2FEYD3pzSaQSovQ5SQtjy2LxzAsnY1sf2S8%2BNlS7BrBo4JF8Ydo64xyQ4mYA5tPwm1Dp74lPDX1LIX7Jh1c84iFu5UPFATIijMeoQDgqZ6WbHEdmDIbLk7ZdfnIc"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
public, max-age=2592000
cf-ray
77a9e3fda869b725-AMS
imp.gif
xdarom.com/detroitchicago/ 		43 B
553 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A1%2C%22ad_count_adjustment%22%3A1%2C%22ad_lazyload_version%22%3A3%2C%22ad_load_version%22%3A1%2C%22ad_location_ids%22%3A%225%2C0%2C1%2C4%2C4%2C4%2C34%22%2C%22ad_transform_level%22%3A0%2C%22adx_ad_count%22%3A7%2C%22bidder_method%22%3A1%2C%22bidder_version%22%3A2%2C%22city%22%3A%22Rotterdam%22%2C%22country%22%3A%22NL%22%2C%22days_since_last_visit%22%3A-1%2C%22display_ad_count%22%3A4%2C%22domain_id%22%3A188513%2C%22ds_adsize_opt_id%22%3A-1%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A0%2C%22ezcache_skip_code%22%3A0%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22has_bad_image%22%3A0%2C%22has_bad_words%22%3A0%2C%22iab_category%22%3A%22%22%2C%22is_from_recommended_pages%22%3Afalse%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A0%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A0%2C%22max_ads%22%3A3%2C%22metro_code%22%3A0%2C%22optimization_version%22%3A1%2C%22page_ad_positions%22%3A%221100%2C1102%2C1103%2C1105%2C1119%2C1119%2C1119%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%2267a00c2d-cea3-4f8d-4746-9aa00e9b44a1%22%2C%22position_selection_id%22%3A46%2C%22postal_code%22%3A%223044%22%2C%22pv_event_count%22%3A0%2C%22response_size_orig%22%3A109175%2C%22response_time_orig%22%3A1027%2C%22serverid%22%3A%223.121.78.41%3A12797%22%2C%22state%22%3A%22ZH%22%2C%22sub_page_ad_positions%22%3A%221100%2C1102%2C1103%2C1105%2C1119%2C1119%2C1119%22%2C%22t_epoch%22%3A1671219622%2C%22template_id%22%3A134%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22https%3A%2F%2Fxdarom.com%2F%22%2C%22user_id%22%3A0%2C%22word_count%22%3A1291%2C%22worst_bad_word_level%22%3A0%7D
Requested by
Host: xdarom.com
URL: https://xdarom.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y0b-6y0d-21y14-4y18-5y22-3y30-4y5a-2y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x0bx0dx14x18x22x30x5ax5ex65&abt=DynamicMedDec
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:24 GMT
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hXZcbzTLVzQJhm36r3VsmrIXhM2EWhcs4nfXP4sOfkgjXyh6qlrkWwxmEwiKuIb2M4hwpINNg07W4oeqcfDIaZoA7DRTLzdcNVTIl0Vyd4fXcj0z2mvCL3ykDajQbVrQmWwIWP19LCCH"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-middleton-display
imp_sol
cache-control
private, max-age=0, must-revalidate, no-cache, no-store
accept-ranges
bytes
cf-ray
77a9e3fdc871b725-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
Thu, 15 Dec 2022 19:40:24 GMT
quant.js
secure.quantserve.com/ 		25 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: xdarom.com
URL: https://xdarom.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y0b-6y0d-21y14-4y18-5y22-3y30-4y5a-2y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x0bx0dx14x18x22x30x5ax5ex65&abt=DynamicMedDec
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:93ca:31d8:d86e:38f6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
d854082be0173c977aad8f65cdb9b88fd005f3dd3f34f894ab9fdba5a283780f

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:24 GMT
content-encoding
gzip
etag
"StHfV9prSwQMxjKWocWEFw=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
accept-ranges
bytes
expires
Fri, 23 Dec 2022 19:40:24 GMT
cmbdv2.js
xdarom.com/detroitchicago/ 		41 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/detroitchicago/cmbdv2.js?gcb=195-0&cb=03-8y0c-6y19-5y5f-22&cmbcb=117&sj=x03x0cx19x5f&abt=DynamicMedDec
Requested by
Host: xdarom.com
URL: https://xdarom.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f30fc304efd9598611811b052d0723a0054059039d5276a45f0a345534926dd5

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:24 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Fri, 16 Dec 2022 19:40:24 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LOv1RUEflNJ3IojWj3J6JkyolD3p1XfzWTL26Dms%2FmMYDCsuWb3ihzS2%2FxevyNjN8cbiPwMbWCsIow6UsK5kC1wmCZy6cN8XVv9RjCHkTk1J5XGLvekMvb0pfR0Vax5bjpN%2FjWhdxRDL"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-middleton-display
sol-js
cache-control
public, max-age=31536000
x-robots-tag
noindex
cf-ray
77a9e3fdc874b725-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
pubads_impl_2022120501.js
securepubads.g.doubleclick.net/gpt/ 		380 KB
129 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1e288c4dc57f72a69a497baef524f41c57e1c6a414b09a5bde22cd5b2f1b7cdf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 18:53:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2800
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
131905
x-xss-protection
0
last-modified
Mon, 05 Dec 2022 09:36:10 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sat, 16 Dec 2023 18:53:44 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		108 B
99 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=xdarom.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
cae236a8ec4b7820d67c78b1682e83e1b179204e448023dd7a2ad6e9402062aa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:24 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
74
x-xss-protection
0
expires
Fri, 16 Dec 2022 19:40:24 GMT
rules-p-31iz6hfFutd16.js
rules.quantcount.com/ 		160 B
634 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-31iz6hfFutd16.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2304:5000:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4718dd9f68e969d1cb5e1b6172206b7150ad1d8cd5c5c1fe5812dd0e1646d426

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:37:27 GMT
via
1.1 8fc54d3acff9539327f4d7a6bf40a31e.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-P1
age
178
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
160
last-modified
Fri, 14 Oct 2022 00:41:49 GMT
server
AmazonS3
etag
"af15ecfe46737cb2a37226fd060f23a6"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
accept-ranges
bytes
x-amz-cf-id
--jEdwMYPGWurP5SJ32RWvyZHK3YN-TckomPhe7dFmjuSKv5-3cOrw==
integrator.js
adservice.google.nl/adsid/ 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.nl/adsid/integrator.js?domain=xdarom.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=xdarom.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
pixel;r=488577380;labels=Domain.xdarom_com%2CDomainId.188513;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Fxdarom.com%2F;uht=2;fpan=1;fpa=P0-179098142-1671219624788;pbc=;ns=0;ce=1;qjs=1;qv=bf501fc4-2022...
pixel.quantserve.com/ 		35 B
371 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel;r=488577380;labels=Domain.xdarom_com%2CDomainId.188513;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Fxdarom.com%2F;uht=2;fpan=1;fpa=P0-179098142-1671219624788;pbc=;ns=0;ce=1;qjs=1;qv=bf501fc4-20221215111636;cm=;gdpr=0;ref=;d=xdarom.com;dst=0;et=1671219624998;tzo=0;ogl=locale.en_US%2Ctype.website%2Ctitle.XDAROM%252ECOM%2Cdescription.Android%20Update%20News%252C%20GSM%20USB%20Drivers%252C%20Flash%20Tools%252CUnlock%20Tool%252C%20FRP%20Bypass%20Tools%20%2Curl.https%3A%2F%2Fxdarom%252Ecom%2F%2Csite_name.XDAROM%252ECOM;ses=13d386d0-19df-454b-90c5-e0db39f57844
Requested by
Host: xdarom.com
URL: https://xdarom.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:93ca:31d8:d86e:38f6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Dec 2022 19:40:25 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type
image/gif
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		15 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1504586407287834&correlator=4418713004797135&eid=31071094&output=ldjh&gdfp_req=1&vrg=2022120501&ptt=17&impl=fifs&iu_parts=1254144%3A22665599549%2Cxdarom_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ifi=1&adks=3179079738&didk=4278216252&sfv=1-0-40&prev_scp=a%3D%257C0%257C%26iid1%3D8196636839119155%26eid%3D8196636839119155%26t%3D134%26d%3D188513%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod59%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dxdarom_com-medrectangle-2-8196636839119155%26eb_br%3D60474211daf1dfd4d90000ea01f56c30%26eba%3D1%26bv%3D14%26bvm%3D0%26bvr%3D4%26shp%3D1%26ftsn%3D12%26ftsng%3D12%26br1%3D0%26br2%3D0%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D63%2C14%2C28%2C4%2C51%2C0%2C88%2C0%2C71%2C30%2C0%2C31%2C901%2C902%2C903%26deal1%3D17%2C18%2C19%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C1428%2C1794%2C2310%2C2339%2C2351%2C2526%2C2527%2C2610%2C2688%2C2693%2C2761%2C2763%2C2764%2C2765%2C3044%2C3045%2C3052%2C3053%2C3054%2C3154%2C3430%2C3455%2C3456%2C3457%2C3458%2C3460%2C3682%2C3683%2C3684%2C3856%2C4184%2C4185%2C4186%2C4276&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1671219625003&lmt=1671216108&dlt=1671219624403&idt=561&adxs=315&adys=1110&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fxdarom.com%2F&frm=20&vis=1&psz=970x-1&msz=970x-1&fws=512&ohw=0&ga_vid=1323725132.1671219625&ga_sid=1671219625&ga_hid=160787111&ga_fc=false
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
27413b363c0f1971ab6ce378c362623bf92782aa5c7928f04f93a2a0b38055cb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:25 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8351
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://xdarom.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 2A37 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xdarom.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 16 Dec 2022 19:40:25 GMT
expires
Sat, 16 Dec 2023 19:40:25 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		69 KB
19 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1504586407287834&correlator=4167373393349606&eid=31071094&output=ldjh&gdfp_req=1&vrg=2022120501&ptt=17&impl=fifs&iu_parts=1254144%3A22665599549%2Cxdarom_com-box-2%2Cxdarom_com-box-1%2Cxdarom_com-large-billboard-2&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3&prev_iu_szs=300x250%2C250x250%2C320x50%7C300x1050%7C320x50%7C320x100%7C234x60&fluid=0%2C0%2Cheight&ifi=2&adks=3132901458%2C3785648032%2C329616143&didk=1910504347~1910505362~3374956854&sfv=1-0-40&prev_scp=a%3D%257C0%257C%26iid1%3D1565326985117349%26eid%3D1565326985117349%26t%3D134%26d%3D188513%26t1%3D134%26pvc%3D0%26ap%3D1105%26sap%3D1105%26as%3Drevenue%26plat%3D1%26bra%3Dmod59%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dxdarom_com-box-2-1565326985117349%26eb_br%3D60474211daf1dfd4d90000ea01f56c30%26eba%3D1%26bv%3D15%26bvm%3D0%26bvr%3D5%26shp%3D1%26ftsn%3D12%26ftsng%3D12%26acptad%3D1%26br1%3D0%26br2%3D0%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D63%2C14%2C28%2C4%2C51%2C0%2C88%2C0%2C71%2C30%2C0%2C31%2C901%2C902%2C903%26deal1%3D17%2C18%2C19%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C1428%2C1794%2C2310%2C2339%2C2351%2C2526%2C2527%2C2610%2C2688%2C2693%2C2761%2C2763%2C2764%2C2765%2C3044%2C3045%2C3052%2C3053%2C3054%2C3154%2C3430%2C3455%2C3456%2C3457%2C3458%2C3460%2C3682%2C3683%2C3684%2C3856%2C4184%2C4185%2C4186%2C4276%7Ca%3D%257C0%257C%26iid1%3D3975107277132872%26eid%3D3975107277132872%26t%3D134%26d%3D188513%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26as%3Drevenue%26plat%3D1%26bra%3Dmod59%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dxdarom_com-box-1-3975107277132872%26eb_br%3D60474211daf1dfd4d90000ea01f56c30%26eba%3D1%26bv%3D26%26bvm%3D1%26bvr%3D3%26shp%3D2%26ftsn%3D12%26ftsng%3D12%26acptad%3D1%26br1%3D0%26br2%3D0%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D63%2C14%2C28%2C4%2C51%2C0%2C88%2C0%2C71%2C30%2C0%2C31%2C901%2C902%2C903%26deal1%3D17%2C18%2C19%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C1428%2C1794%2C2310%2C2339%2C2351%2C2526%2C2527%2C2610%2C2688%2C2693%2C2761%2C2763%2C2764%2C2765%2C3044%2C3045%2C3052%2C3053%2C3054%2C3154%2C3430%2C3455%2C3456%2C3457%2C3458%2C3460%2C3682%2C3683%2C3684%2C3856%2C4184%2C4185%2C4186%2C4276%7Ca%3D%257C0%257C%26iid1%3D5142574673164213%26eid%3D5142574673164213%26t%3D134%26d%3D188513%26t1%3D134%26pvc%3D0%26ap%3D1103%26sap%3D1103%26as%3Drevenue%26plat%3D1%26bra%3Dmod59%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D34%26al%3D1034%26compid%3D0%26tap%3Dxdarom_com-large-billboard-2-5142574673164213%26eb_br%3D291d27313eb66c50243129b23df8a579%26eba%3D1%26bv%3D21%26bvm%3D0%26bvr%3D7%26shp%3D2%26ftsn%3D12%26ftsng%3D12%26br1%3D10%26br2%3D6%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D63%2C14%2C28%2C4%2C51%2C0%2C88%2C0%2C71%2C30%2C0%2C31%2C901%2C902%2C903%26deal1%3D17%2C18%2C19%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C1428%2C1794%2C2310%2C2339%2C2351%2C2526%2C2527%2C2610%2C2688%2C2693%2C2761%2C2763%2C2764%2C2765%2C3044%2C3045%2C3052%2C3053%2C3054%2C3154%2C3430%2C3455%2C3456%2C3457%2C3458%2C3460%2C3682%2C3683%2C3684%2C3856%2C4184%2C4185%2C4186%2C4276&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1671219625057&lmt=1671216108&dlt=1671219624403&idt=561&adxs=463%2C1228%2C1168&adys=97%2C220%2C632&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0%7C0&ucis=2%7C3%7C4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fxdarom.com%2F&frm=20&vis=1&psz=1109x250%7C369x264%7C369x1064&msz=300x250%7C250x250%7C369x1050&fws=0%2C0%2C0&ohw=0%2C0%2C0&ga_vid=1323725132.1671219625&ga_sid=1671219625&ga_hid=160787111&ga_fc=false
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
76f6856efd23a1088c9f31317ed29d0adb87b0cd759853419bed690db406791e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:25 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19410
x-xss-protection
0
google-lineitem-id
-1,-1,-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-1,-1,-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://xdarom.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
moatframe.js
z.moatads.com/addthismoatframe568911941483/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.203.125.127 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-125-127.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

unused62
8096267
date
Fri, 16 Dec 2022 19:40:25 GMT
content-encoding
gzip
last-modified
Fri, 08 Nov 2019 20:13:52 GMT
server
AmazonS3
x-amz-request-id
3DA20F33DFB043F4
etag
"f14b4e1f799b14f798a195f43cf58376"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=22939
accept-ranges
bytes
content-length
948
x-amz-id-2
g7+QTkfgFpKXdjIV1ns3PedgNVHG4mi9TLupYfjziOmGieTRD5DTu0V21U3C4oqBbTG5njMGxL0=
layers.fa6cd1947ce26e890d3d.js
s7.addthis.com/static/ 		263 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.62.220.135 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-62-220-135.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
6121ca306ad1045453d52517b8f436eb5a68055c82aefa46a9a77de36996a3df
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
date
Fri, 16 Dec 2022 19:40:25 GMT
last-modified
Mon, 26 Oct 2020 18:11:48 GMT
server
nginx/1.15.8
etag
W/"5f971164-41cf5"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=86313600
x-host
s7.addthis.com
timing-allow-origin
*
content-length
77662
esp.js
oa.openxcdn.net/ 		24 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://oa.openxcdn.net/esp.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.146.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 25 Nov 2022 06:12:03 GMT
content-encoding
gzip
age
1862902
x-guploader-uploadid
ADPycdsaYuUgcs1WyTu83f1PVMVtp4MG2XDBuJ3b8jqrkpRO0tYw63jZMtFtmSvXoqlHW8qMpXQmjo7dUCMTyGyjoV6bKptKGlnE
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7927
last-modified
Thu, 27 May 2021 18:30:51 GMT
server
UploadServer
etag
"df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation
1622140251693895
x-goog-hash
crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type
application/javascript
cache-control
no-transform
x-goog-stored-content-length
7927
accept-ranges
bytes
expires
Sat, 25 Nov 2023 06:12:03 GMT
publishertag.ids.js
static.criteo.net/js/ld/ 		39 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.ids.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
f066a6392f3732829e95d97ac2a3dfb7dc7d35fc88d71a4ef62ff8f70399326c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:25 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Mon, 24 Oct 2022 11:21:19 GMT
server
nginx
etag
W/"6356752f-9c1f"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sat, 17 Dec 2022 19:40:25 GMT
pubcid.min.js
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 		732 B
895 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Fri, 16 Dec 2022 19:40:26 GMT
x-content-type-options
nosniff
content-encoding
gzip
age
11531
x-jsd-version
master
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
437
x-served-by
cache-fra-eddf8230064-FRA, cache-maa10221-MAA
x-jsd-version-type
branch
etag
W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
esp.js
cdn.id5-sync.com/api/1.0/ 		58 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.id5-sync.com/api/1.0/esp.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3556 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a97afd769b3d774563606be9e943789398af5a1bf3583c2bc9a81f99832aa2b2
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:25 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 24 Nov 2022 12:48:29 GMT
server
cloudflare
x-amz-request-id
YMFZEZYBJKEKRNPV
age
943
etag
W/"91dadf6b1eddd8d91a5cc2e3be5ea8cf"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
text/javascript;charset=utf-8
cache-control
public, max-age=3600
cf-ray
77a9e40479da6958-FRA
x-amz-id-2
rR7sHzWBBNucr3XhEuqI/nIptBfNR4Bk4gz/tZK0aI7ojtEYwwSH/6l9FgWTrmHoO3CAY8xfMq0=
encrypted-tag-g.js
invstatic101.creativecdn.com/encrypted-signals/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
87.70.96.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
23bc1d893ce2d2f30b68e549aa3cb991c2a7b7dd87e3df67d9fbb6a8dd113bf8

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:25:17 GMT
via
1.1 google
age
908
x-guploader-uploadid
ADPycdt2nP6OiqfiyFT_VGhsDJaezl2_cV8ScQMwyNjojUmfuz-oiFrjXFASimDuvtF6ZAXEcpTsIKzgwrUXHu_OClQAXw
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1258
last-modified
Fri, 29 Jul 2022 16:55:09 GMT
server
UploadServer
etag
"f5bc066f146e3dbb049aa6c86c7012e6"
x-goog-generation
1659113709880056
x-goog-hash
crc32c=6QojvA==, md5=9bwGbxRuPbsEmqbIbHAS5g==
content-type
text/javascript
cache-control
public, max-age=3600
x-goog-stored-content-length
1258
accept-ranges
bytes
expires
Fri, 16 Dec 2022 20:25:17 GMT
sync.min.js
tags.crwdcntrl.net/lt/c/16589/ 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.240.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-240-129.vie50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
66a8dfcc4572e000bf5b4351bae2a763b3357a65ed373ff27a7e7b38ec9486ae

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 06:30:00 GMT
content-encoding
gzip
via
1.1 cc6cd0f2b9d4d88785ea5a737059a4fe.cloudfront.net (CloudFront)
last-modified
Mon, 21 Nov 2022 18:55:41 GMT
server
AmazonS3
x-amz-cf-pop
VIE50-C1
age
47426
x-amz-server-side-encryption
AES256
etag
W/"2c5f4a319c3d99310927955777b5abe3"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
max-age: 86400
x-amz-cf-id
zdPMGMB33wg1rDMnP1htz70ZM5nspfaTkwuzlTL8kKB7pIiiJfg43A==
uid2SecureSignal.js
cdn.prod.uidapi.com/ 		983 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2304:4600:a:e047:752:5701 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e5a098542163dc535e0e3c4ed1bca8fcc8a13f0b827027385af73b8d3db5fa38

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Fri, 16 Dec 2022 16:50:52 GMT
Via
1.1 ac02b9a9a93754a9f85004c4c9792fee.cloudfront.net (CloudFront)
Last-Modified
Tue, 13 Dec 2022 01:20:08 GMT
Server
AmazonS3
X-Amz-Cf-Pop
VIE50-P1
Age
10173
ETag
"0e5a5daa4df15b9fd6c9195ac991749e"
X-Cache
Hit from cloudfront
Content-Type
text/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
983
X-Amz-Cf-Id
bOadp8KmOeUvgvWwRQj6uZf0k6f4S8mMiaa1QT_x2MF7d2pX2x-u-w==
container.html
1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 1860 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xdarom.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

accept-ranges
bytes
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 16 Dec 2022 19:40:25 GMT
expires
Sat, 16 Dec 2023 19:40:25 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
greenoaks.gif
xdarom.com/detroitchicago/ 		0
520 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2N2EwMGMyZC1jZWEzLTRmOGQtNDc0Ni05YWEwMGU5YjQ0YTEiLCJkb21haW5faWQiOiIxODg1MTMiLCJ0X2Vwb2NoIjoxNjcxMjE5NjIyLCJkYXRhIjpbeyJuYW1lIjoiZGV2aWNlX3dpZHRoIiwidmFsIjoiMTYwMCJ9LHsibmFtZSI6ImRldmljZV9oZWlnaHQiLCJ2YWwiOiIxMjAwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiNjdhMDBjMmQtY2VhMy00ZjhkLTQ3NDYtOWFhMDBlOWI0NGExIiwiZG9tYWluX2lkIjoiMTg4NTEzIiwidF9lcG9jaCI6MTY3MTIxOTYyMiwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjItMTItMTYifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIxOSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiI1In0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6IjAifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2N2EwMGMyZC1jZWEzLTRmOGQtNDc0Ni05YWEwMGU5YjQ0YTEiLCJkb21haW5faWQiOiIxODg1MTMiLCJ0X2Vwb2NoIjoxNjcxMjE5NjIyLCJkYXRhIjpbeyJuYW1lIjoibGFuZ3VhZ2VfdGFnIiwidmFsIjoiZW4tVVMifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2N2EwMGMyZC1jZWEzLTRmOGQtNDc0Ni05YWEwMGU5YjQ0YTEiLCJkb21haW5faWQiOiIxODg1MTMiLCJ0X2Vwb2NoIjoxNjcxMjE5NjIyLCJkYXRhIjpbeyJuYW1lIjoibGFuZ3VhZ2VfcHJpbWFyeV9zdWJ0YWciLCJ2YWwiOiJlbiJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInRfZXBvY2giOjE2NzEyMTk2MjIsImRhdGEiOlt7Im5hbWUiOiJ0aW1lcl9maXJzdF9hZF9yZXF1ZXN0IiwidmFsIjoiMTE1MiJ9XX1d
Requested by
Host: xdarom.com
URL: https://xdarom.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y0b-6y0d-21y14-4y18-5y22-3y30-4y5a-2y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x0bx0dx14x18x22x30x5ax5ex65&abt=DynamicMedDec
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:25 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wd0dSS9ZCaJzaA0cGt9vZF7zKgDYaUu62ytCXlN1%2BYhZeT2eb32sLNfVVRsLn2vQpX10PBdniBGlXmLEJNzSpLtIUqPuE82heR%2BEcqjHi00nsJQyW2oBlWmj8GvTpQ7baFeJ92%2FD0XFp"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://xdarom.com
x-middleton-display
ezp_sol
cache-control
private, max-age=0, must-revalidate, no-cache, no-store
cf-ray
77a9e403fdfcb725-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 15 Dec 2022 19:40:24 GMT
greenoaks.gif
xdarom.com/detroitchicago/ 		0
504 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2N2EwMGMyZC1jZWEzLTRmOGQtNDc0Ni05YWEwMGU5YjQ0YTEiLCJkb21haW5faWQiOiIxODg1MTMiLCJ0X2Vwb2NoIjoxNjcxMjE5NjIyLCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfbG9hZCIsInZhbCI6IjExNTcifV19XQ==
Requested by
Host: xdarom.com
URL: https://xdarom.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y0b-6y0d-21y14-4y18-5y22-3y30-4y5a-2y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x0bx0dx14x18x22x30x5ax5ex65&abt=DynamicMedDec
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:25 GMT
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0Clf8qdp9Gwn34y0RryP2NWhZWQ0JEhuMakpfTQREXcmJIeGDDUsTn3CpgqKZLih1phQm6EHRVw2SJwd54VwU5DABCZFLchGwlOL8Ke5mm25ZdPcmU%2B1B8W%2BRS2vfrREINyi9nMl8IB9"}],"group":"cf-nel","max_age":604800}
x-middleton-display
ezp_sol
cache-control
private, max-age=0, must-revalidate, no-cache, no-store
cf-ray
77a9e4040e0ab725-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 15 Dec 2022 19:40:26 GMT
army.gif
xdarom.com/porpoiseant/ 		0
504 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiODE5NjYzNjgzOTExOTE1NSIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiODE5NjYzNjgzOTExOTE1NSIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiI2MDQ3NDIxMWRhZjFkZmQ0ZDkwMDAwZWEwMWY1NmMzMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiODE5NjYzNjgzOTExOTE1NSIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDAwMiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLjAwMDAwMiwiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI4MTk2NjM2ODM5MTE5MTU1IiwiZG9tYWluX2lkIjoiMTg4NTEzIiwidW5pdCI6ImRpdi1ncHQtYWQteGRhcm9tX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTY3MTIxOTYyMiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiNjdhMDBjMmQtY2VhMy00ZjhkLTQ3NDYtOWFhMDBlOWI0NGExIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDM0NTkxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI4MTk2NjM2ODM5MTE5MTU1IiwiZG9tYWluX2lkIjoiMTg4NTEzIiwidW5pdCI6ImRpdi1ncHQtYWQteGRhcm9tX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTY3MTIxOTYyMiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiNjdhMDBjMmQtY2VhMy00ZjhkLTQ3NDYtOWFhMDBlOWI0NGExIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiMjg2ODcyNzQifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by
Host: xdarom.com
URL: https://xdarom.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y0b-6y0d-21y14-4y18-5y22-3y30-4y5a-2y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x0bx0dx14x18x22x30x5ax5ex65&abt=DynamicMedDec
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:25 GMT
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FmazI%2FnoxHx2lzg81irXJsouCAFfBkaSzgEcCJtL8bX6WDtfRl0tOQhYVZvH33BXFwnc12negXnTEHJEuOubu6eppAMFX5gvACOwS61CAb46zDkKQtxInkt1ukN10jAR%2Fahx1BumPuNn"}],"group":"cf-nel","max_age":604800}
x-middleton-display
ezp_sol
cache-control
private, max-age=0, must-revalidate, no-cache, no-store
cf-ray
77a9e4040e0eb725-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 15 Dec 2022 19:40:25 GMT
army.gif
xdarom.com/porpoiseant/ 		0
510 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiODE5NjYzNjgzOTExOTE1NSIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIyLTEyLTE2In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiMTkifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiNSJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiIwIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by
Host: xdarom.com
URL: https://xdarom.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y0b-6y0d-21y14-4y18-5y22-3y30-4y5a-2y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x0bx0dx14x18x22x30x5ax5ex65&abt=DynamicMedDec
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:25 GMT
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bd8Txb224lyIgAn2rE5EakcHwRSyVxWImagNkw7oDtmKZKdKQ6SRu%2BZ3xwj%2FCqFYOd%2BE%2FtLX27HwiuW%2B6NJ68s2dbJ731SqVMg2zBUtNTqnTXGqk6hI3ESjJsepNx0sgHPTNq6kD0t9l"}],"group":"cf-nel","max_age":604800}
x-middleton-display
ezp_sol
cache-control
private, max-age=0, must-revalidate, no-cache, no-store
cf-ray
77a9e4040e10b725-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 15 Dec 2022 19:40:23 GMT
army.gif
xdarom.com/porpoiseant/ 		0
521 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiODE5NjYzNjgzOTExOTE1NSIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsImF1Y3Rpb25fZXBvY2giOjE2NzEyMTk2MjYsImFkX3Bvc2l0aW9uIjoxMTAwLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiNjdhMDBjMmQtY2VhMy00ZjhkLTQ3NDYtOWFhMDBlOWI0NGExIiwiYmlkX2Zsb29yX2luaXRpYWwiOjAsImJpZF9mbG9vcl9wcmV2IjpudWxsLCJiaWRfZmxvb3JfZmlsbGVkIjowLCJhdWN0aW9uX2NvdW50IjoxLCJyZWZyZXNoX2FkX2NvdW50IjowLCJhdWN0aW9uX2R1cmF0aW9uIjo1NzYsIm11bHRpX2FkX3VuaXQiOjAsIm11bHRpX2FkX2NvdW50IjowLCJuZXR3b3JrX2NvZGUiOjEyNTQxNDQsImRhdGEiOlt7Im5hbWUiOiIiLCJ2YWwiOiIifV0sImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzR9XQ==
Requested by
Host: xdarom.com
URL: https://xdarom.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y0b-6y0d-21y14-4y18-5y22-3y30-4y5a-2y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x0bx0dx14x18x22x30x5ax5ex65&abt=DynamicMedDec
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:25 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1050Ch0lJl6al%2FEJxXQsE0ZVVhaDpCUgn7g5aWB769rSXF9G%2BgU8zDISetEqu%2F7Icxma6pnTyr0fJypknma3mJduqfRSs7c7KiVG8DqIfFk2Sa5OpeuOGwuO8%2BzRQogPVfsP54UmVOIQ"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://xdarom.com
x-middleton-display
ezp_sol
cache-control
private, max-age=0, must-revalidate, no-cache, no-store
cf-ray
77a9e4040e12b725-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 15 Dec 2022 19:40:24 GMT
syncframe
gum.criteo.com/ Frame 58C2 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=xdarom.com
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
aeb779d96af4bfa1b664c203d52fbd9ef573b84a31b34314668325fc784e1b13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://xdarom.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

cache-control
private, max-age=3600
content-encoding
gzip
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Fri, 16 Dec 2022 19:40:25 GMT
server
Kestrel
server-processing-duration-in-ticks
970409
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
esp
oajs.openx.net/
Redirect Chain
  • https://oajs.openx.net/esp?url=https%3A%2F%2Fxdarom.com%2F&rid=esp
  • https://oajs.openx.net/esp?url=https%3A%2F%2Fxdarom.com%2F&rid=esp&cc=1
85 B
103 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://oajs.openx.net/esp?url=https%3A%2F%2Fxdarom.com%2F&rid=esp&cc=1
Requested by
Host: xdarom.com
URL: https://xdarom.com/
Protocol
H3
Server
34.120.135.53 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
53.135.120.34.bc.googleusercontent.com
Software
/ Express
Resource Hash
e5cee22f85b52f926dce4e95080b16790ac5639fa40b4ce410a9a2cc3fa0cc43

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:26 GMT
via
1.1 google
x-powered-by
Express
etag
W/"55-885UqUF0pairO2AKxkTsvVnHH1k"
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://xdarom.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
85

Redirect headers

date
Fri, 16 Dec 2022 19:40:25 GMT
via
1.1 google
x-powered-by
Express
vary
Origin
access-control-allow-origin
https://xdarom.com
location
/esp?url=https%3A%2F%2Fxdarom.com%2F&rid=esp&cc=1
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
increment
id5-sync.com/api/esp/ 		0
319 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/api/esp/increment?counter=no-config
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
141.95.98.64 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3216658.ip-141-95-98.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://xdarom.com/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://xdarom.com
date
Fri, 16 Dec 2022 19:40:25 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
map
bcp.crwdcntrl.net/6/ 		60 B
331 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bcp.crwdcntrl.net/6/map
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.213.183.227 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-213-183-227.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
cbb902604c82ee121392e4a250e9eb49b5dbb1b71cdd2ec6a0362e921ed5f8a0

Request headers

Referer
https://xdarom.com/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Fri, 16 Dec 2022 19:40:25 GMT
server
Jetty(9.4.38.v20210224)
content-type
application/json;charset=utf-8
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
https://xdarom.com
cache-control
no-cache
x-server
10.45.26.180
access-control-allow-credentials
true
content-length
60
expires
0
encrypt
esp.rtbhouse.com/ 		221 B
238 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://esp.rtbhouse.com/encrypt
Requested by
Host: invstatic101.creativecdn.com
URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.39.111 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
111.39.190.35.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
cc7aba6a7b03056b699ac6b3cdd1708f9876aaee2f995302196cb53b28acbb78

Request headers

Referer
https://xdarom.com/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 16 Dec 2022 19:40:25 GMT
via
1.1 google
server
Google Frontend
content-type
application/json
access-control-allow-origin
*
x-cloud-trace-context
d40dcae661c4deec0a8e2ce45d39527a
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
221
encrypt
esp.rtbhouse.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://esp.rtbhouse.com/encrypt
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.39.111 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
111.39.190.35.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://xdarom.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
POST, GET
access-control-allow-origin
https://xdarom.com
access-control-max-age
600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
content-type
text/plain; charset=utf-8
date
Fri, 16 Dec 2022 19:40:25 GMT
server
Google Frontend
vary
Origin
via
1.1 google
x-cloud-trace-context
ce1e701f93712fd11ee6975241047f5c
pixel
googleads.g.doubleclick.net/xbbe/ Frame AF6D 		624 B
919 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CL_OxN0CEL3jp5YEGJbWzdsBMAE&v=APEucNWs_FDML2uBdsB9fM8ROMQY2UBu0lkTEi1tL3rg-hxhnBhY4Unh6Pz3C-NiTv3JpgstIoSiOZNKG4m4j_p2sc7eTWYDWpbyCTi9pywDyo2OKWntf01QctRM2VJNS4obA1KUDRYZVdn7K9encOUN9BV5tbn_01Vme2yDrgUOysgS2YyPw0OOa3vtSneCb6x_hJoEcF0LWoPP1z-mLtMr9xk2CfXh3A
Requested by
Host: 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
URL: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
br
content-length
222
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 16 Dec 2022 19:40:25 GMT
expires
Fri, 16 Dec 2022 19:40:25 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame 1860 		67 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CheDGKy43CQTCpxxPLppGj9wINjJcxgRZg3dv8hTp0yL3pRDqIrDIMFOKdJhf1tzIA-MrWWQMT1wsQfPmXepcyfjdURemDgfc64UymcEhoqsS4u1jE1Nwx6Dyt2nb8hB6_x2tOV-PEg5N2fgY7M1XydShAHfJpwwyd2Ylnhm6RmZB9aXE&dbm_d=AKAmf-CaBb7stON_TvZDG_6u2ug-eho_fKz_9baO83vXihVA_stfrJpHepkHU5YXjFwOs4Qfq8HW_xmtS8s4ZwO9jQHiHPmDe93hM4x8jaJ9FjnszDbhso9vzAVa-Ud0ZIWdlSSZMvlalQ_Nd40FI4rcHKrVMcqE1GOIPTCREvLUP3obrIF0VnC8UOFzPLneRgHlLUgKAtuLGjX-1DEgR2gyEHaEUY4xoDjPomXJAhJpQmq7DHcIvQpTE_JwB-OHVmsDVRjo2ePkg8kX2-GmmmaVjQfi7Dduvlz5uw5x2nzTT3GGZMYruabR9ChauDs97CAtVFEEPCKnfGCJ74U7Wi8F0SyPztA8TU2vFsRrwJ9jhjj2QkHfAP49MmP1UeOHzziJmOPAEjBBjSoMyl49ZsDjQzzt3cPcLS0OiopLPHfQMuNkYrs_p69wNnNam0DgxHg6LMUOnQEiLPm5VjZpJnuftE_Q5VWyp3Qi0FqbpBpNB1nUPO27yjEDQMBPJ1QpSFqE55VSFf082ij_l-wYIYiNS0RrHsapzBKXMyqYPmpDcUeQ4T72il-zSatVKJVrVuPCFyxS1N5dmn23nz86nJsmySJB6XzNNStDFnxm8Ch3tssH0fUkR5aJb1BGI_UzSsNIh0102s7LGQCIktlPf42KyKb9BOX5kwlr_NmyhgjHdAOMcnF69qRUG0evqPG9FNFGnJ3qgF9CYHFL1dK5br_EC13w1bncYd8UwiOLj8rYlgzqmTo27WPOCiUF3DDtvxN7dwT0n2vSXsiz839wpSjLpuK2pgqov9JYIepoEf2CCgPlIutyfNOJ1pszQ-LnV7U5f_vJI1Hs3tyIF3cpEt4mFfX4rXEVNKkDAHibUMe2xF6MzokIvgHchWxCMlb4_23hs-m2nDn3tHYsvNUarnX4y8j20C4YG2gfkrdqGa48SX3FGBCSfkZxaqBaLpuTQD4n34u46Uf7-ZV1QKUcWW9BkZWTyTZMWBM-8Ql8Nx-0AeR6tIqAA2RLEjo_FFtEpfEMqtCKXD8JPgytAEWxvs3jqckK64-Tq9ui0PXFE0lipv0wNfKSw8RYXBhnUGYujw3XPU3ZW5mjsM0HhLcpudPnqvrCshyidYr3Pd9qbX60ZPVwY13Wd73SujZXtofCCYajMUrFDxctYIIKL1CsHp6BAq0ihOt-2aPYg-NRgp-_z6lS85NC9xg1zRftfmkrHGKG5Sfr-bDdizgdfmlZ6VAiFGjF6tce6lwNXsq-LG9PJrUKCumXbOb4-GadhtgaYcXu7GxWpvPqQNRk3KRnLuTm6cjJWJihvAkNLL2We6oyh4xeET-UR3hwLwE696T9-E5l_b7PVs4GBxKp9IUHt_A1LGKa3rEEvQRobR40wgeEeg68U9hGFbYGXKTay-qJu2TpngtK5w4d--ufWl4In84bUYQS2hEybf98KfjnjEa0rjCeYfNlrrE2eIa0bg0HUb49cwcBx9edZCR2W04-dccQGLc4GIK8fK2Tob0i3ohFNGcXGxOjITGRgM1qhxdnDXoHtAb916NS6ZxH5JlkPDtKJfPI6BQXbVE2Kw2asosq6S0sY5VWRnFEk8yEW5k4CzWR8LVwngaV58zdJBjI5PctoBIu9STHvNt0LtBOiuznz9UafGKYMZ6QNaQoQbBV2tDR7UfMd00tEmuB1528Aanv9FI3DxKoRGWVqy1n9mDc-oEVZ0lM5Fj4HImLdlKsKpytapjbqP5JXx3AvVQcPwZrN1VPefBvjhN4yVJ7zb0JvYAkUMKy3ysd0DsmzXjsleXkdsFVjOygQraUKtpiWxO52Zlf9JMVwo1jgNVs0-jp8dlyL1jnrDM6bGvqRtWbF2mnqC3SRqsiAgHCJqL1OKrqe14qnveoSyjBj9Hdi_FpEe1zxxGdt1xA64MvEy8r98hDpNgp3t9WJ7qSSyiTK4WKcWhwbIz1BYf7gfBLTxEuW6umNEyHqKrjv2f9nNGJX_NOmGKW7ES3BWnT9bbDF7IhkYBEyeA8aF5_20x6KMYG0_CLS41Zt1tjgV1-6TR7YHNDUFs9tYfp5XuWJd99EZCRvmeE44B2hFeMn84LckWv9EGoFcSf2-C_NGFNnhmb_ehCIeJqf60d7BUhThSYQxsX3gPFOibR7unXTbygtWmFOgmpU1sb4AbEggO07KwcGy9KyFlx4py6l58ArmB1u6zmOT7Wj6Fsufj83Y-Q4rBp8Xs2-ol_AfK6yrht36xaDN212-ASJErpiIZ_qOM2h5cmmQ9Sgly7KGkwmMPfi3NO3xkzL80tIP6mSSZfAlTwcRoygisBehkxsCZjTGmmQ6sCMCd41WuRNtAh0FHDabIY44Zz4ZUma-byINUKoUkKTTiA9pKWdhpMzWzxaV69NO5oPuQqm9vJj0GMRrJaD8JYzGpIYACb6xst-YW1vg7-Q50wyTA5YM6JzKl0R8Upsppu-PEUL27MNjJWqJw32-eH_wd1pfphYntWIV3yVJuQAjNR0Bvvy20RV3jWH8B_PDSmYesH2rF0K-9IponsXa2Ml4gnC5CpNYtywua348uio7T_62Mo8pKXoi8tLSH6nEpGghgc6FNqSUDxEr7FROpa5b0u27dDwHjqZ2tZUtjAs2iTOD0k24W5A3FVyeXixz5fX1b4nJ55L6WARIDvO8ZFm5motwy0UMr86USInNIDBifHmZwA9P0JYP1iWIXNQyrS3ejmlxs04-CKlULk3V4JDa4jcjllI3C30_SGk4sVTIkhsv5MlOgu5kv3JtnOMwJeHNqHmBhXNhAlqy5J482wUC8HD5il05A7dJgHyoT232oQf9BDZrm0p3tYdQ7KIFfD9G1-Wf7aSyermlbzmLR_H8jogoCz36PJoifHgEi8MT9wVSMHnnYwOYkjZsUV0H2l0KF0duqrmBaiZ7TFzDUvQap4EVL-Pjqy801LeiI55D9statjrvGOZekg4kLdgk5UDM5mlE2RcnVJQkz0UgQa5Sk-nW-Z8I4ZWPrcjzh6JTPJtEaG-YtwL79Of3zXFhxijb_lBWtVd4Gl9ohOeDa8p7EG7yMupxnNKuO5F5_4eEMDMD7zj--jgi_5FQ25wzV8nEeOSwAJRryEhlJC5U0gRHogci5r0fBou3eco9_QqHXYi4vuR_8m_yR1k22YDjrkjDb9GaKLgMVq0OuLOvc2mkeTxD1XyGb3m7NAw6u1D_m6yObnFttwZ8Lhazmho4aPzMtu8qDAL5AGZm5CGF5StdS8RXbN3KtLjX-grVJRlcGOlCMh4syc&cid=CAQSTADq26N9q3wdBDXLchuRq0cvvTYrGSoAyb6uEvGtgXp4EXdcM02t_827obj_-xe5AN6BRXB9gaFBPooVWK4QTQIwl2KdLVX_x4Yuw1sYASAT&rfl=1%2Chttps%253A%252F%252Fxdarom.com%252F%240
Requested by
Host: xdarom.com
URL: https://xdarom.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
783e66087c6c2ac7ba1a2c006a9f87af0e6453131295c0d58522696633dc2d4b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Dec 2022 19:40:25 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33109
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 1860 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Cv0STt7NBJ5EnWNgLjJ_KMxDPep0Chyxap946qUz2OXk6hDJ8rkoGrRhplDZHY0IhdYvuCIJb3iWS1b50Vi1TyDGzjzw4x5g9hcoCIKRCEFGqWsx8
Requested by
Host: 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
URL: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:803::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Dec 2022 19:40:25 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame 1860 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/window_focus_fy2021.js
Requested by
Host: 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
URL: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 12:28:35 GMT
content-encoding
br
x-content-type-options
nosniff
age
25910
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 30 Dec 2022 12:28:35 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame 1860 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
URL: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 09:24:42 GMT
content-encoding
br
x-content-type-options
nosniff
age
36943
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7480
x-xss-protection
0
server
cafe
etag
15631949847000551034
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 30 Dec 2022 09:24:42 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 1860 		153 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
URL: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47725
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1670417373259609"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 16 Dec 2022 19:40:26 GMT
sid
mug.criteo.com/ Frame 58C2
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=publishertagids&domain=xdarom.com&sn=ChromeSyncframe&so=0&topUrl=xdarom.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0
  • https://mug.criteo.com/sid?cpp=wqVnm3xVUCsvbUlLRDJ5Snl2dktOWExUTTNNbE5kemFTTi9sN3BheVQvbDY1TGlpQTlHaGVKK01SMjNZU2t1U1U4cTVGWEozTGlSUkFBTjJ6NzBsaHd6TEZMSXZJYkFvSlBiMVlaMXBXQWRKK015Zit0cklUQWVzQ1RZWG...
457 B
674 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=wqVnm3xVUCsvbUlLRDJ5Snl2dktOWExUTTNNbE5kemFTTi9sN3BheVQvbDY1TGlpQTlHaGVKK01SMjNZU2t1U1U4cTVGWEozTGlSUkFBTjJ6NzBsaHd6TEZMSXZJYkFvSlBiMVlaMXBXQWRKK015Zit0cklUQWVzQ1RZWGtlS1FZTmdjeHpkblZWL0hxdjRSM2dVd3NoR0QvenJydVFZNm5reVVraEFqZEZxNElFNWtQeU1sRzhnL1ROdXVUbEx5L00wMFhGVUErb0tmM29RU0ljN2RxNFA1Rm9EejB1SHl1a2o3SXptTWNLd0pPMXZsVEs3S2g3T0dpbmpZaFk1aUFCS0N2dUFMTWlabzJhVlc0VWRldWJlMHgvQT09fA&cppv=2
Requested by
Host: xdarom.com
URL: https://xdarom.com/
Protocol
H2
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4b6401d619d6c3856f68f15e68d25a538cb817939fd39ace661cd5e38da99672
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://gum.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Dec 2022 19:40:25 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://gum.criteo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
2614677
expires
0

Redirect headers

pragma
no-cache
date
Fri, 16 Dec 2022 19:40:25 GMT
strict-transport-security
max-age=31536000; preload;
server
Kestrel
location
https://mug.criteo.com/sid?cpp=wqVnm3xVUCsvbUlLRDJ5Snl2dktOWExUTTNNbE5kemFTTi9sN3BheVQvbDY1TGlpQTlHaGVKK01SMjNZU2t1U1U4cTVGWEozTGlSUkFBTjJ6NzBsaHd6TEZMSXZJYkFvSlBiMVlaMXBXQWRKK015Zit0cklUQWVzQ1RZWGtlS1FZTmdjeHpkblZWL0hxdjRSM2dVd3NoR0QvenJydVFZNm5reVVraEFqZEZxNElFNWtQeU1sRzhnL1ROdXVUbEx5L00wMFhGVUErb0tmM29RU0ljN2RxNFA1Rm9EejB1SHl1a2o3SXptTWNLd0pPMXZsVEs3S2g3T0dpbmpZaFk1aUFCS0N2dUFMTWlabzJhVlc0VWRldWJlMHgvQT09fA&cppv=2
cache-control
no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
596432
content-length
0
expires
0
amp4ads-v0.mjs
cdn.ampproject.org/rtv/022211060024000/ Frame B580 		221 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/022211060024000/amp4ads-v0.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
dce9f5afda30bc387f9f1090b155cbb90596e3c7c1374ea9e135b7184c8fc707
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 14 Dec 2022 00:19:56 GMT
age
242429
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
61620
x-xss-protection
0
server
sffe
etag
"011de7b3056fa7b4"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Thu, 14 Dec 2023 00:19:56 GMT
amp-ad-exit-0.1.mjs
cdn.ampproject.org/rtv/022211060024000/v0/ Frame B580 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/022211060024000/v0/amp-ad-exit-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d89cb9800cc62dcc44a0ba866b4a080ad06f735f60a6afecbd6d691d2e8939dd
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 14 Dec 2022 00:19:56 GMT
age
242429
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5218
x-xss-protection
0
server
sffe
etag
"abd4378f71571d78"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Thu, 14 Dec 2023 00:19:56 GMT
amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/022211060024000/v0/ Frame B580 		94 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/022211060024000/v0/amp-analytics-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8ee5f53d3752309af021002b2199a06523b1fd03f3ea1cdaf5d59e911d4d8178
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 14 Dec 2022 00:19:56 GMT
age
242429
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28809
x-xss-protection
0
server
sffe
etag
"dd6615029de85e23"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Thu, 14 Dec 2023 00:19:56 GMT
amp-fit-text-0.1.mjs
cdn.ampproject.org/rtv/022211060024000/v0/ Frame B580 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/022211060024000/v0/amp-fit-text-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c3f73b989e0620a4d2e12ed57a0d538e4580b8fefaa1fefbad73e0abad6d227f
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Fri, 09 Dec 2022 20:57:35 GMT
age
600170
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1913
x-xss-protection
0
server
sffe
etag
"403438c4d550ee88"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Sat, 09 Dec 2023 20:57:35 GMT
amp-form-0.1.mjs
cdn.ampproject.org/rtv/022211060024000/v0/ Frame B580 		40 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/022211060024000/v0/amp-form-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1b1c3ea8b3d9fec1913ac70c81c83f2172acc41988e747bd24d22bf779fd19a0
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Fri, 16 Dec 2022 06:45:55 GMT
age
46470
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12946
x-xss-protection
0
server
sffe
etag
"0bacd3f1ce38a7db"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Sat, 16 Dec 2023 06:45:55 GMT
css
fonts.googleapis.com/ Frame B580 		8 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:300|Roboto:400,500,700&lang=en
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80d::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
684dfe949ae87a38c2afbcee199f51b0025dd9121b524d62e881cf40846cdd21
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 16 Dec 2022 19:40:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 16 Dec 2022 19:14:43 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 16 Dec 2022 19:40:26 GMT
css
fonts.googleapis.com/ Frame B580 		6 KB
740 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,500,700&text=
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80d::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7099b0a5636275b29bf77167ad5d60c566b1162e67cb1fe6e790a82a4cf9e791
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 16 Dec 2022 19:40:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 16 Dec 2022 19:01:32 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 16 Dec 2022 19:40:26 GMT
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame B580 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: xdarom.com
URL: https://xdarom.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 09:39:53 GMT
x-content-type-options
nosniff
server
cafe
age
36032
etag
14819457070020093239
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2502
x-xss-protection
0
expires
Sat, 17 Dec 2022 09:39:53 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame B580 		295 B
757 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: xdarom.com
URL: https://xdarom.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 11:55:19 GMT
x-content-type-options
nosniff
server
cafe
age
27906
etag
426692510519060060
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Sat, 17 Dec 2022 11:55:19 GMT
adview
securepubads.g.doubleclick.net/pagead/ Frame B580 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=Cw1kKqcmcY_64CbT87_UPr4CD0ASEgbX-bZXozJq8EN-uwN2dDhABIPT5xiVgkYSghYwYoAG3mIGiKMgBBqkCP45w_KM_ez7gAgCoAwHIAwqqBOYBT9BOOKeJ-D_HV11d1eRQO_S5UGXSbTQdcWnAKf7T1MrPhwVKJ6EisbDR5FX3bnwfk10LaiRG0aV-oPH3ahiwURhz_dvzthSOvPpg33vcZMEjZEFbOpJCDt3Ww6DL3dzi05fLZm5bJXwNNotaRV8xvoAC847uIaw6Vg2lkSNCqdaAB3552Z8nJdR2VMm7_aAxC0jsZuFfeipIzy2CTlAHpXn24juPiSAaxHcFVM44S9H8tE8mLBXSYWiM39Cp_Z2KPuPBh2byHYbTR5-ZUo5OcFLE1e-n4am5WFHBHVnie3S9qyrXTKbABPeko7eVBOAEAZIFBAgEGAGSBQQIBRgEoAY3gAeU2qStA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcDEPAu0ggRCIDhgBAQARgdMgKqAjoCgECACgPICwHYEwzQFQGAFwGyFx4KHAgAEhRwdWItNjM5Njg0NDc0MjQ5NzIwOBi-yQc&sigh=10zMplaI0ac&uach_m=[UACH]&cid=CAQSSwDq26N9-iTNS3QG8F1-_j6sKKMoaEgQAAUyUHNopFEfhwVgiVMVbYKA81LRS3rVZqglbivFc-OkjXwmrfEE7PpYf6XQouK6M9ESsxgBIBM&template_id=492
Requested by
Host: xdarom.com
URL: https://xdarom.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers
container.html
1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 9C91 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xdarom.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

accept-ranges
bytes
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 16 Dec 2022 19:40:25 GMT
expires
Sat, 16 Dec 2023 19:40:25 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame B580 		221 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f2b7ea44f5cc51d49a3235f198623da9f4a976bfc183fd233b4a5a9441579f1f

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/png
army.gif
xdarom.com/porpoiseant/ 		0
509 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMzk3NTEwNzI3NzEzMjg3MiIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MTYsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMzk3NTEwNzI3NzEzMjg3MiIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MTYsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiI2MDQ3NDIxMWRhZjFkZmQ0ZDkwMDAwZWEwMWY1NmMzMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMzk3NTEwNzI3NzEzMjg3MiIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDAwMiwiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLjAwMDAwMiwiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MTYsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIzOTc1MTA3Mjc3MTMyODcyIiwiZG9tYWluX2lkIjoiMTg4NTEzIiwidW5pdCI6ImRpdi1ncHQtYWQteGRhcm9tX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTY3MTIxOTYyMiwiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiNjdhMDBjMmQtY2VhMy00ZjhkLTQ3NDYtOWFhMDBlOWI0NGExIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUxNiwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDM0NTE2In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIzOTc1MTA3Mjc3MTMyODcyIiwiZG9tYWluX2lkIjoiMTg4NTEzIiwidW5pdCI6ImRpdi1ncHQtYWQteGRhcm9tX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTY3MTIxOTYyMiwiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiNjdhMDBjMmQtY2VhMy00ZjhkLTQ3NDYtOWFhMDBlOWI0NGExIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUxNiwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiMjg2ODcyNzQifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by
Host: xdarom.com
URL: https://xdarom.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y0b-6y0d-21y14-4y18-5y22-3y30-4y5a-2y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x0bx0dx14x18x22x30x5ax5ex65&abt=DynamicMedDec
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:25 GMT
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8OJ36Q8miNmtlrIwDYIuD0F8pmkGpduQ6lA%2Bs%2BWIY%2F2yLyJschEcBVRQ%2FNd5R1yJA3EPcoWFkNEh5BGoi9xk7Htfz1Lyr32NoDX6elhmUCvnKWdN8Mh%2FA%2BZZ1x6AhaqjZNtcVmsPWVFk"}],"group":"cf-nel","max_age":604800}
x-middleton-display
ezp_sol
cache-control
private, max-age=0, must-revalidate, no-cache, no-store
cf-ray
77a9e4060ffeb725-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 15 Dec 2022 19:40:25 GMT
army.gif
xdarom.com/porpoiseant/ 		0
509 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMzk3NTEwNzI3NzEzMjg3MiIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MTYsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIyLTEyLTE2In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiMTkifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiNSJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiIwIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by
Host: xdarom.com
URL: https://xdarom.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y0b-6y0d-21y14-4y18-5y22-3y30-4y5a-2y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x0bx0dx14x18x22x30x5ax5ex65&abt=DynamicMedDec
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:25 GMT
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LfiWZ4y%2BGV5PkGnC2xI%2BZzO5Ja0m2uro0iEDXdVoFqocJpOXvnH3COuZIuT8AwJw07vPKtvnaj744Jvvfmqyb9I6Kru6DvOTU2bLX%2FjGdChsX%2FFCm3Z2iaAO%2FbIKZb8jaGsZ9j5FQChw"}],"group":"cf-nel","max_age":604800}
x-middleton-display
ezp_sol
cache-control
private, max-age=0, must-revalidate, no-cache, no-store
cf-ray
77a9e4060800b725-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 15 Dec 2022 19:40:26 GMT
army.gif
xdarom.com/porpoiseant/ 		0
505 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMzk3NTEwNzI3NzEzMjg3MiIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsImF1Y3Rpb25fZXBvY2giOjE2NzEyMTk2MjYsImFkX3Bvc2l0aW9uIjoxMTAyLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiNjdhMDBjMmQtY2VhMy00ZjhkLTQ3NDYtOWFhMDBlOWI0NGExIiwiYmlkX2Zsb29yX2luaXRpYWwiOjAsImJpZF9mbG9vcl9wcmV2IjpudWxsLCJiaWRfZmxvb3JfZmlsbGVkIjowLCJhdWN0aW9uX2NvdW50IjoxLCJyZWZyZXNoX2FkX2NvdW50IjowLCJhdWN0aW9uX2R1cmF0aW9uIjo3OTcsIm11bHRpX2FkX3VuaXQiOjAsIm11bHRpX2FkX2NvdW50IjowLCJuZXR3b3JrX2NvZGUiOjEyNTQxNDQsImRhdGEiOlt7Im5hbWUiOiIiLCJ2YWwiOiIifV0sImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzR9XQ==
Requested by
Host: xdarom.com
URL: https://xdarom.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y0b-6y0d-21y14-4y18-5y22-3y30-4y5a-2y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x0bx0dx14x18x22x30x5ax5ex65&abt=DynamicMedDec
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:25 GMT
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y7xUXKVR3iN446tuh0cDExnVNCq2JVeSk5zpiZAx5%2FNq8qK6nZCJb9XKjxkeamb0gpZs5P2mw5BUqUO2ERgMaEWDwIBwCkEP1kiNpCPzefQvmB7j24nSAIT3uNuGo%2BKgvI1hYDxbDLgZ"}],"group":"cf-nel","max_age":604800}
x-middleton-display
ezp_sol
cache-control
private, max-age=0, must-revalidate, no-cache, no-store
cf-ray
77a9e4060801b725-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 15 Dec 2022 19:40:22 GMT
army.gif
xdarom.com/porpoiseant/ 		0
506 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU2NTMyNjk4NTExNzM0OSIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsImFkX3Bvc2l0aW9uIjoxMTA1LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MTYsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU2NTMyNjk4NTExNzM0OSIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsImFkX3Bvc2l0aW9uIjoxMTA1LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MTYsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiI2MDQ3NDIxMWRhZjFkZmQ0ZDkwMDAwZWEwMWY1NmMzMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU2NTMyNjk4NTExNzM0OSIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDAwMiwiYWRfcG9zaXRpb24iOjExMDUsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLjAwMDAwMiwiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MTYsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxNTY1MzI2OTg1MTE3MzQ5IiwiZG9tYWluX2lkIjoiMTg4NTEzIiwidW5pdCI6ImRpdi1ncHQtYWQteGRhcm9tX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTY3MTIxOTYyMiwiYWRfcG9zaXRpb24iOjExMDUsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiNjdhMDBjMmQtY2VhMy00ZjhkLTQ3NDYtOWFhMDBlOWI0NGExIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUxNiwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDM0NTE2In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxNTY1MzI2OTg1MTE3MzQ5IiwiZG9tYWluX2lkIjoiMTg4NTEzIiwidW5pdCI6ImRpdi1ncHQtYWQteGRhcm9tX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTY3MTIxOTYyMiwiYWRfcG9zaXRpb24iOjExMDUsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiNjdhMDBjMmQtY2VhMy00ZjhkLTQ3NDYtOWFhMDBlOWI0NGExIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUxNiwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiMjg2ODcyNzQifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by
Host: xdarom.com
URL: https://xdarom.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y0b-6y0d-21y14-4y18-5y22-3y30-4y5a-2y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x0bx0dx14x18x22x30x5ax5ex65&abt=DynamicMedDec
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:25 GMT
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J9tzdLyALjBbiXECNgwerYEcItJNVwvt3lKEReV0gFguGbA%2FETmkusTl6hcLk3GQzdSGeI1wqklIhGiBEQJzC08hNRiW3yI%2FJ75dhfLxQ%2BTys37oArCQNEHpQcj5Q3CoP7kMz3Be8dzO"}],"group":"cf-nel","max_age":604800}
x-middleton-display
ezp_sol
cache-control
private, max-age=0, must-revalidate, no-cache, no-store
cf-ray
77a9e4060808b725-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 15 Dec 2022 19:40:26 GMT
army.gif
xdarom.com/porpoiseant/ 		0
508 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU2NTMyNjk4NTExNzM0OSIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsImFkX3Bvc2l0aW9uIjoxMTA1LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MTYsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIyLTEyLTE2In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiMTkifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiNSJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiIwIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by
Host: xdarom.com
URL: https://xdarom.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y0b-6y0d-21y14-4y18-5y22-3y30-4y5a-2y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x0bx0dx14x18x22x30x5ax5ex65&abt=DynamicMedDec
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:25 GMT
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qRMDiGp%2FDh8wJ%2Fy31Zb2j72drZLCxiwUZz1SxGeL924WBJEyqC71kAKTKqnWpjN55qcC%2BYrguaCrQAnkpLVRf3Wu%2F04nPZDZ4ANG82MmwzwL6zX7DT74LkjB2b6ZOPz7ZP7G1IAuaH2B"}],"group":"cf-nel","max_age":604800}
x-middleton-display
ezp_sol
cache-control
private, max-age=0, must-revalidate, no-cache, no-store
cf-ray
77a9e406080bb725-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 15 Dec 2022 19:40:25 GMT
army.gif
xdarom.com/porpoiseant/ 		0
521 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMTU2NTMyNjk4NTExNzM0OSIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsImF1Y3Rpb25fZXBvY2giOjE2NzEyMTk2MjYsImFkX3Bvc2l0aW9uIjoxMTA1LCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiNjdhMDBjMmQtY2VhMy00ZjhkLTQ3NDYtOWFhMDBlOWI0NGExIiwiYmlkX2Zsb29yX2luaXRpYWwiOjAsImJpZF9mbG9vcl9wcmV2IjpudWxsLCJiaWRfZmxvb3JfZmlsbGVkIjowLCJhdWN0aW9uX2NvdW50IjoxLCJyZWZyZXNoX2FkX2NvdW50IjowLCJhdWN0aW9uX2R1cmF0aW9uIjo4MDIsIm11bHRpX2FkX3VuaXQiOjAsIm11bHRpX2FkX2NvdW50IjowLCJuZXR3b3JrX2NvZGUiOjEyNTQxNDQsImRhdGEiOlt7Im5hbWUiOiIiLCJ2YWwiOiIifV0sImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzR9XQ==
Requested by
Host: xdarom.com
URL: https://xdarom.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y0b-6y0d-21y14-4y18-5y22-3y30-4y5a-2y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x0bx0dx14x18x22x30x5ax5ex65&abt=DynamicMedDec
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:25 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hXSc8fKeWAdvS0KWIm3AbmRisdJCjZC7jhwz6oW7FC8Jz%2FQSX%2FrLPG8l4a2QcQbh9B7wfMaLHAZ1M0VveHDqJuDzWXzd6y2uVGTh6Po8ud0b%2FI2obnCwixPkE8HBY5jhFGradSO8ypiQ"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://xdarom.com
x-middleton-display
ezp_sol
cache-control
private, max-age=0, must-revalidate, no-cache, no-store
cf-ray
77a9e406080cb725-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 15 Dec 2022 19:40:26 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame 2236 		624 B
285 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CI2VFxDgh9qvAxjMidfJATAB&v=APEucNVojYurvjRBg5TmxBZLOd714IK11raTmMQHcueAjzVk0BXlSP23vOvd08dJtHpQEsg7iQnCLdZb5sCIi4-dpP-p6uVFabpVz_Waoy4aerZeEctJ6ePyXacP7_KIdSAcVABZnpzc5pFreXcxglbcgSOfZeSG5MrL-92CuEYHUrVoSDvR6_tg1NqFYEKyiUA_BPa2BAFCzewtZo_rkFSbmp8iADXHFQ
Requested by
Host: 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
URL: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding
br
content-length
222
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 16 Dec 2022 19:40:25 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame 9C91 		81 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A4TIZKzRO4vt2aan7Oe0gK5euIvZo2I-E64FzPqPzEEIpPHsTqPm3zteVfjCjXZ3ZjHnk4rcXgPnz9NIyb706zbum9gQ&cry=1&dbm_d=AKAmf-A7d7LNryPeTzC09KnXn6bO2CUFiiCBF2wI_BieHkNe7XXTTIjT5xkHmKMwYBPYCyLlKAsZ7k-lrs4Ma3t9XnIda7DMDFvSNpsnNDA9k0cxrSv97GDQkGCjmNi-sJrpKnu9t7hPxddYcKw9JQmHA4uYaq99PFzfAt_pc78FMQAGYavh3uMsg_LVLHTuWRMMRuEuFRiE0MKIOwIi1g3zvtTRVAeNKa-zAC-lJcSFAbEtY2ULVQFcMcbQgzysqFqSFioLui1qmqkNjz4YPturWmUI4xPqWgE1K1yEJ7errrFhDh2IJdE6IFCMzPfqG3TGmzLTGtktjnBVyc65kG9xiYKacP6i7rrxJ9RW38t-s4yMov1K6IOkaH11nMVzmn0R23sDedsXnihD99MYGC3uQ8-NtP5xiqcvRBJHCJA8LdvqZuYNE0j0sY0jhDMo3r_vbWX17R2c2WocbEd0WegEbGpauzIJYO-Sxf-nNx88lHuTqBjVfHkSgWA3UDh9Rxnco0sOvq0-XzHZ0Iii-uDvDX3ejGSWl-ajsanZ-vjyeSV7XRXgbMvsj1gP9brjkFze3c9WJSJYNjokQdnm4tTnIc21vUIbzRlFVT7JCcqazQILJuDsVIT758kJPteTqjWAiW_kA84uIFrl6L9O0RjGsald0wX0hPVjx9BW2-OdeI_UUcB2_I4_pZ7qIz9GOPKMUcyRyHfieJnQ88gvyqdG8rBpv-pygG943rV9jVuWJ__DbVucthcnpM9out9mATM9-rKsQU5qEX0LR6civmWHWAQCNlceIjblRfQt5XlLrQFe8PZj6BOatcspHbceCBcw6TR9FpA5-wnQgwpsVNo7S2H_cSCJWO3Ozj1WCwshCwzEpYkBfK7WRHR7x-0YVQN0B_UBQxAMJQ1YNNlSlamWvzXePHHh5SuoRoTnvw7qHFln_YK0U3G6hjq7NyUO-_8jvbqFoYFJMTI9v66YjUt6TA53FRxlIQWfwLjtxWlgNhAB2hE_8_n51WHJa7vlw7CWhUYVcoJ7iSRpUtLR1hwxsY1oTV6ohH6CGgwVuexxdzZmcrXJvGHs7gJYUKVdnZFoB0Y7B2bey-K-zAI7vX3W7amEeqTFFPqVN_qGjAT01LQC-pgR2lHV7yYYW2PhqNcCUodTrlD4YQZ7qDwkAcYpG7wByib8EvgW6mGY0rr0Oki19oDelSU-9Q-p3F-0-lqqU15BFW1l7dBLmkEpLQeuRH3jaPw-D_8BeRof79hhUYYlKfPln6H2jPqE3OWGKsX7lzAY3-Ra8LdcORDchIXjPkan7HWeCmTLEGu7A8pBZc3KSMV-R2f94mMAhvI7lPokpwtDywQuV4QTW0ck6Mv0dBpEro4sLwbdK_D6U8Rpn-wSlboM9SH8mojZ2XoJy6SSzRsFd2C4qro6ZHcmIV5JHdIfX5gf_LAF26d1GKhCHzr9jMLfKHAS6oYA73Ibp_lMtliyKj1txMUMbvgwRHs2MRoJnmtokuEQOoZjm-UN_tQsGR4wIAuOQo9gKNZtiyuN370PPDOLE49X1fCjOPcUbwyzFjXBpGfdml1PYSBlETSNcPKkGIcLDBiq28GFcguXkAtqfPwPep4_lHuRqmtd5kPo9qLbxv4cnfZumTfd0XkFcrCI7iiidnoGKcnWkW11F-6fjf9ENl39lJWZcN7079USO3ILBUF2QviYwB6138nHJgCF98eLLbvEXkVPnl7D1zmKtHMq9ve3Sdv7qIuL11NJS_LJ-oOStyo8XyTSZDbHtV-WSgx0Bmkg5DgBFS9W6ZKCzPO1NN3Sxw5qhbKPEU4BAjJZM8UsWLjSvp-Gg_1sL2Koxco2orrtDW0A1cYtQrSXdOLFvvz3DqJfI8szXdC2zbkWPjfy805hOuwPCEMFTF0l1Rd_o4ym7TScRRBZqjjr7C3uHBmKNLi_bhyXrcemBcfS6igFdTwMrxrOPMtXUZ8AeC0UoCLawg9qrA_6SxT1zwPLECDzaCH3dLf8tMhRgnHv30yAxLkUADxpyBFYwNeBMEIcwZa5mD5oBMJipbttmyxWnrYdViEspPNAqEpsqqSMt04yZTFKPhrbTlT_VEa5o3pl40KkcjFAtetWR-u1VrwIGvzYQcUvmvZQnEIBoTcqJi7K5QGOQO2Qnt1nE9U14T5xrBl6V9aBkXJj10XmsNwcb9RXQFInI-iDA3nXVR9MC8dvVMzwi6oSImsi_njsQwnnl0mr90PiX8ugq0HOkGPu6udaI_fmqweQZ47588ASX5LzrLvajcLQye1iW79BQcHOOBYhG2fD8_ZE0uAhgYc8C3v5W1p8rvg-t9xl20ZYno4m22OIUgg4zSeOvZCI9VPJ-qagrhEW8IhvWtaGi7CFLj2gYvU57IQJZytYV47vPsPAkBg6NTaWtCccNjxgM1ynMVSQEFG3tVXyTWn4xn5VL8bckFse36MrW74bm8R-I0fFSeV30Ce8Ivs-wzlpWESUo3Mpmz2A6Jb_RB_WQwxSeOE3rRkfn2IEC4Y91sqUsJK64YckWvwKp9FPj6aSMIIVKelzdhokZ9NLBDbpRB7y3R3oCSZ_FIyhUXLOartxMtGki_3QkzwBDggrMbOkzHFnTRnFzuyaXjI_tG8QrmJAw9lAuUhBKrZqCz3U2LUNGiFl4yREns5V8vvjlUpkvsxs9m3TcXQyVlFV9IWt2PXUmTc8rQU3ze1VtRkFu6EogMgLwIn2251BbtFR9Gn5puXpksQ4K8R1PAqiX0YRGC9_j0b87IjW6y9MoC5uexAah_7hWJZfp8llxbEaagvFZJsotpKlE7iYE-Juq4a-XKJZrUujLFx00SzEgEnTZTYWwHbZ7gWpF-kauLPN7IHWfKq1BONGGqaPV5qqFAaonPJ78XFQTEeK-PM6AilsyJ1hepVUuU9ATi8MaBUeNIxa_ny84TLjt3UNd00XdfvrJxsn9UTyAm-RgnJ50zWwi45Yk4ndkOOhaz2uEHLxGsq5l3IzDeqxa4sDCLvmwwmIN9AMET3YSzD70kVY56pigmDqtRJmFYAVie7qDj8EwRo13rztRbqom-pK1uRpy2Xjh5MVs_kIJU-Naz6YVJeftnPHvPEKftMED5o402t-85wyT0W96fPmv7WNsA7qpMeV0eRPexQOGWC1G7HE3Amz_gNmWhIQ3zpfhAb2X-zznwQReWA&cid=CAQSSwDq26N9-iTNS3QG8F1-_j6sKKMoaEgQAAUyUHNopFEfhwVgiVMVbYKA81LRS3rVZqglbivFc-OkjXwmrfEE7PpYf6XQouK6M9ESsxgBIBM&rfl=1%2Chttps%253A%252F%252Fxdarom.com%252F%240
Requested by
Host: xdarom.com
URL: https://xdarom.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b4e08d09079cadf61c2bc3e58e1150341c83fbb95236edfa9f34e3d1a1b430ce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Dec 2022 19:40:25 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34601
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 9C91 		42 B
494 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AUV89F653sAFWZUn-s9a2CYQLlRrXXWB3soMJ98lBECXl3JCIZiBpmSDXM8Yn-6MRAWfIkhzlqzuE1oXQtIjjWfbJL92NsbEgqOvEO6j1eIKG-Dws
Requested by
Host: 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
URL: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:803::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Dec 2022 19:40:25 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame 9C91 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/window_focus_fy2021.js
Requested by
Host: 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
URL: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 12:28:35 GMT
content-encoding
br
x-content-type-options
nosniff
age
25910
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 30 Dec 2022 12:28:35 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame 9C91 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
URL: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 09:24:42 GMT
content-encoding
br
x-content-type-options
nosniff
age
36943
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7480
x-xss-protection
0
server
cafe
etag
15631949847000551034
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 30 Dec 2022 09:24:42 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 9C91 		153 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
URL: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47725
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1670417373259609"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 16 Dec 2022 19:40:26 GMT
rum
dsum-sec.casalemedia.com/ Frame AF6D
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMWvMx88LHWgal46LG6-0dI&google_cver=1
43 B
766 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMWvMx88LHWgal46LG6-0dI&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL_OxN0CEL3jp5YEGJbWzdsBMAE&v=APEucNWs_FDML2uBdsB9fM8ROMQY2UBu0lkTEi1tL3rg-hxhnBhY4Unh6Pz3C-NiTv3JpgstIoSiOZNKG4m4j_p2sc7eTWYDWpbyCTi9pywDyo2OKWntf01QctRM2VJNS4obA1KUDRYZVdn7K9encOUN9BV5tbn_01Vme2yDrgUOysgS2YyPw0OOa3vtSneCb6x_hJoEcF0LWoPP1z-mLtMr9xk2CfXh3A
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 16 Dec 2022 19:40:26 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=498
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Fri, 16 Dec 2022 19:40:26 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMWvMx88LHWgal46LG6-0dI&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame AF6D
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y5zJqktPUTql5tJtV4DerQAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFUJG4dsHE1oOJOoHvSw0Xs&google_cver=1
43 B
766 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFUJG4dsHE1oOJOoHvSw0Xs&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL_OxN0CEL3jp5YEGJbWzdsBMAE&v=APEucNWs_FDML2uBdsB9fM8ROMQY2UBu0lkTEi1tL3rg-hxhnBhY4Unh6Pz3C-NiTv3JpgstIoSiOZNKG4m4j_p2sc7eTWYDWpbyCTi9pywDyo2OKWntf01QctRM2VJNS4obA1KUDRYZVdn7K9encOUN9BV5tbn_01Vme2yDrgUOysgS2YyPw0OOa3vtSneCb6x_hJoEcF0LWoPP1z-mLtMr9xk2CfXh3A
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 16 Dec 2022 19:40:26 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=497
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Fri, 16 Dec 2022 19:40:26 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFUJG4dsHE1oOJOoHvSw0Xs&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame AF6D
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEJjeyo5dQUhygK51IFv7J1A&google_cver=1
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEJjeyo5dQUhygK51IFv7J1A&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL_OxN0CEL3jp5YEGJbWzdsBMAE&v=APEucNWs_FDML2uBdsB9fM8ROMQY2UBu0lkTEi1tL3rg-hxhnBhY4Unh6Pz3C-NiTv3JpgstIoSiOZNKG4m4j_p2sc7eTWYDWpbyCTi9pywDyo2OKWntf01QctRM2VJNS4obA1KUDRYZVdn7K9encOUN9BV5tbn_01Vme2yDrgUOysgS2YyPw0OOa3vtSneCb6x_hJoEcF0LWoPP1z-mLtMr9xk2CfXh3A
Protocol
HTTP/1.1
Server
37.252.171.53 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 16 Dec 2022 19:40:26 GMT
AN-X-Request-Uuid
92f32ccd-d77b-44f0-a0a3-e51631f87100
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
image/gif
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
31.204.150.143; 31.204.150.143; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 16 Dec 2022 19:40:26 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEJjeyo5dQUhygK51IFv7J1A&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame AF6D
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTUxNDQ5NDY0MjU3NDkwODQ4MA%3D%3D
170 B
243 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTUxNDQ5NDY0MjU3NDkwODQ4MA%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL_OxN0CEL3jp5YEGJbWzdsBMAE&v=APEucNWs_FDML2uBdsB9fM8ROMQY2UBu0lkTEi1tL3rg-hxhnBhY4Unh6Pz3C-NiTv3JpgstIoSiOZNKG4m4j_p2sc7eTWYDWpbyCTi9pywDyo2OKWntf01QctRM2VJNS4obA1KUDRYZVdn7K9encOUN9BV5tbn_01Vme2yDrgUOysgS2YyPw0OOa3vtSneCb6x_hJoEcF0LWoPP1z-mLtMr9xk2CfXh3A
Protocol
H2
Server
142.251.39.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s37-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Dec 2022 19:40:26 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Fri, 16 Dec 2022 19:40:26 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
31.204.150.143; 31.204.150.143; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
e532941d-62dd-47f4-a2ad-2ed37b0b3542
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTUxNDQ5NDY0MjU3NDkwODQ4MA%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20221207/r20110914/ Frame 1860 		30 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20221207/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CheDGKy43CQTCpxxPLppGj9wINjJcxgRZg3dv8hTp0yL3pRDqIrDIMFOKdJhf1tzIA-MrWWQMT1wsQfPmXepcyfjdURemDgfc64UymcEhoqsS4u1jE1Nwx6Dyt2nb8hB6_x2tOV-PEg5N2fgY7M1XydShAHfJpwwyd2Ylnhm6RmZB9aXE&dbm_d=AKAmf-CaBb7stON_TvZDG_6u2ug-eho_fKz_9baO83vXihVA_stfrJpHepkHU5YXjFwOs4Qfq8HW_xmtS8s4ZwO9jQHiHPmDe93hM4x8jaJ9FjnszDbhso9vzAVa-Ud0ZIWdlSSZMvlalQ_Nd40FI4rcHKrVMcqE1GOIPTCREvLUP3obrIF0VnC8UOFzPLneRgHlLUgKAtuLGjX-1DEgR2gyEHaEUY4xoDjPomXJAhJpQmq7DHcIvQpTE_JwB-OHVmsDVRjo2ePkg8kX2-GmmmaVjQfi7Dduvlz5uw5x2nzTT3GGZMYruabR9ChauDs97CAtVFEEPCKnfGCJ74U7Wi8F0SyPztA8TU2vFsRrwJ9jhjj2QkHfAP49MmP1UeOHzziJmOPAEjBBjSoMyl49ZsDjQzzt3cPcLS0OiopLPHfQMuNkYrs_p69wNnNam0DgxHg6LMUOnQEiLPm5VjZpJnuftE_Q5VWyp3Qi0FqbpBpNB1nUPO27yjEDQMBPJ1QpSFqE55VSFf082ij_l-wYIYiNS0RrHsapzBKXMyqYPmpDcUeQ4T72il-zSatVKJVrVuPCFyxS1N5dmn23nz86nJsmySJB6XzNNStDFnxm8Ch3tssH0fUkR5aJb1BGI_UzSsNIh0102s7LGQCIktlPf42KyKb9BOX5kwlr_NmyhgjHdAOMcnF69qRUG0evqPG9FNFGnJ3qgF9CYHFL1dK5br_EC13w1bncYd8UwiOLj8rYlgzqmTo27WPOCiUF3DDtvxN7dwT0n2vSXsiz839wpSjLpuK2pgqov9JYIepoEf2CCgPlIutyfNOJ1pszQ-LnV7U5f_vJI1Hs3tyIF3cpEt4mFfX4rXEVNKkDAHibUMe2xF6MzokIvgHchWxCMlb4_23hs-m2nDn3tHYsvNUarnX4y8j20C4YG2gfkrdqGa48SX3FGBCSfkZxaqBaLpuTQD4n34u46Uf7-ZV1QKUcWW9BkZWTyTZMWBM-8Ql8Nx-0AeR6tIqAA2RLEjo_FFtEpfEMqtCKXD8JPgytAEWxvs3jqckK64-Tq9ui0PXFE0lipv0wNfKSw8RYXBhnUGYujw3XPU3ZW5mjsM0HhLcpudPnqvrCshyidYr3Pd9qbX60ZPVwY13Wd73SujZXtofCCYajMUrFDxctYIIKL1CsHp6BAq0ihOt-2aPYg-NRgp-_z6lS85NC9xg1zRftfmkrHGKG5Sfr-bDdizgdfmlZ6VAiFGjF6tce6lwNXsq-LG9PJrUKCumXbOb4-GadhtgaYcXu7GxWpvPqQNRk3KRnLuTm6cjJWJihvAkNLL2We6oyh4xeET-UR3hwLwE696T9-E5l_b7PVs4GBxKp9IUHt_A1LGKa3rEEvQRobR40wgeEeg68U9hGFbYGXKTay-qJu2TpngtK5w4d--ufWl4In84bUYQS2hEybf98KfjnjEa0rjCeYfNlrrE2eIa0bg0HUb49cwcBx9edZCR2W04-dccQGLc4GIK8fK2Tob0i3ohFNGcXGxOjITGRgM1qhxdnDXoHtAb916NS6ZxH5JlkPDtKJfPI6BQXbVE2Kw2asosq6S0sY5VWRnFEk8yEW5k4CzWR8LVwngaV58zdJBjI5PctoBIu9STHvNt0LtBOiuznz9UafGKYMZ6QNaQoQbBV2tDR7UfMd00tEmuB1528Aanv9FI3DxKoRGWVqy1n9mDc-oEVZ0lM5Fj4HImLdlKsKpytapjbqP5JXx3AvVQcPwZrN1VPefBvjhN4yVJ7zb0JvYAkUMKy3ysd0DsmzXjsleXkdsFVjOygQraUKtpiWxO52Zlf9JMVwo1jgNVs0-jp8dlyL1jnrDM6bGvqRtWbF2mnqC3SRqsiAgHCJqL1OKrqe14qnveoSyjBj9Hdi_FpEe1zxxGdt1xA64MvEy8r98hDpNgp3t9WJ7qSSyiTK4WKcWhwbIz1BYf7gfBLTxEuW6umNEyHqKrjv2f9nNGJX_NOmGKW7ES3BWnT9bbDF7IhkYBEyeA8aF5_20x6KMYG0_CLS41Zt1tjgV1-6TR7YHNDUFs9tYfp5XuWJd99EZCRvmeE44B2hFeMn84LckWv9EGoFcSf2-C_NGFNnhmb_ehCIeJqf60d7BUhThSYQxsX3gPFOibR7unXTbygtWmFOgmpU1sb4AbEggO07KwcGy9KyFlx4py6l58ArmB1u6zmOT7Wj6Fsufj83Y-Q4rBp8Xs2-ol_AfK6yrht36xaDN212-ASJErpiIZ_qOM2h5cmmQ9Sgly7KGkwmMPfi3NO3xkzL80tIP6mSSZfAlTwcRoygisBehkxsCZjTGmmQ6sCMCd41WuRNtAh0FHDabIY44Zz4ZUma-byINUKoUkKTTiA9pKWdhpMzWzxaV69NO5oPuQqm9vJj0GMRrJaD8JYzGpIYACb6xst-YW1vg7-Q50wyTA5YM6JzKl0R8Upsppu-PEUL27MNjJWqJw32-eH_wd1pfphYntWIV3yVJuQAjNR0Bvvy20RV3jWH8B_PDSmYesH2rF0K-9IponsXa2Ml4gnC5CpNYtywua348uio7T_62Mo8pKXoi8tLSH6nEpGghgc6FNqSUDxEr7FROpa5b0u27dDwHjqZ2tZUtjAs2iTOD0k24W5A3FVyeXixz5fX1b4nJ55L6WARIDvO8ZFm5motwy0UMr86USInNIDBifHmZwA9P0JYP1iWIXNQyrS3ejmlxs04-CKlULk3V4JDa4jcjllI3C30_SGk4sVTIkhsv5MlOgu5kv3JtnOMwJeHNqHmBhXNhAlqy5J482wUC8HD5il05A7dJgHyoT232oQf9BDZrm0p3tYdQ7KIFfD9G1-Wf7aSyermlbzmLR_H8jogoCz36PJoifHgEi8MT9wVSMHnnYwOYkjZsUV0H2l0KF0duqrmBaiZ7TFzDUvQap4EVL-Pjqy801LeiI55D9statjrvGOZekg4kLdgk5UDM5mlE2RcnVJQkz0UgQa5Sk-nW-Z8I4ZWPrcjzh6JTPJtEaG-YtwL79Of3zXFhxijb_lBWtVd4Gl9ohOeDa8p7EG7yMupxnNKuO5F5_4eEMDMD7zj--jgi_5FQ25wzV8nEeOSwAJRryEhlJC5U0gRHogci5r0fBou3eco9_QqHXYi4vuR_8m_yR1k22YDjrkjDb9GaKLgMVq0OuLOvc2mkeTxD1XyGb3m7NAw6u1D_m6yObnFttwZ8Lhazmho4aPzMtu8qDAL5AGZm5CGF5StdS8RXbN3KtLjX-grVJRlcGOlCMh4syc&cid=CAQSTADq26N9q3wdBDXLchuRq0cvvTYrGSoAyb6uEvGtgXp4EXdcM02t_827obj_-xe5AN6BRXB9gaFBPooVWK4QTQIwl2KdLVX_x4Yuw1sYASAT&rfl=1%2Chttps%253A%252F%252Fxdarom.com%252F%240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:803::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c4d60e53476012ab254ca2f3f479903a6be9ead3cb39a9ea353c51ec75c618c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 16:53:10 GMT
content-encoding
br
x-content-type-options
nosniff
age
10036
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11387
x-xss-protection
0
server
cafe
etag
8197878782792770439
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 30 Dec 2022 16:53:10 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20221207/r20110914/elements/html/ Frame 1860 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20221207/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CheDGKy43CQTCpxxPLppGj9wINjJcxgRZg3dv8hTp0yL3pRDqIrDIMFOKdJhf1tzIA-MrWWQMT1wsQfPmXepcyfjdURemDgfc64UymcEhoqsS4u1jE1Nwx6Dyt2nb8hB6_x2tOV-PEg5N2fgY7M1XydShAHfJpwwyd2Ylnhm6RmZB9aXE&dbm_d=AKAmf-CaBb7stON_TvZDG_6u2ug-eho_fKz_9baO83vXihVA_stfrJpHepkHU5YXjFwOs4Qfq8HW_xmtS8s4ZwO9jQHiHPmDe93hM4x8jaJ9FjnszDbhso9vzAVa-Ud0ZIWdlSSZMvlalQ_Nd40FI4rcHKrVMcqE1GOIPTCREvLUP3obrIF0VnC8UOFzPLneRgHlLUgKAtuLGjX-1DEgR2gyEHaEUY4xoDjPomXJAhJpQmq7DHcIvQpTE_JwB-OHVmsDVRjo2ePkg8kX2-GmmmaVjQfi7Dduvlz5uw5x2nzTT3GGZMYruabR9ChauDs97CAtVFEEPCKnfGCJ74U7Wi8F0SyPztA8TU2vFsRrwJ9jhjj2QkHfAP49MmP1UeOHzziJmOPAEjBBjSoMyl49ZsDjQzzt3cPcLS0OiopLPHfQMuNkYrs_p69wNnNam0DgxHg6LMUOnQEiLPm5VjZpJnuftE_Q5VWyp3Qi0FqbpBpNB1nUPO27yjEDQMBPJ1QpSFqE55VSFf082ij_l-wYIYiNS0RrHsapzBKXMyqYPmpDcUeQ4T72il-zSatVKJVrVuPCFyxS1N5dmn23nz86nJsmySJB6XzNNStDFnxm8Ch3tssH0fUkR5aJb1BGI_UzSsNIh0102s7LGQCIktlPf42KyKb9BOX5kwlr_NmyhgjHdAOMcnF69qRUG0evqPG9FNFGnJ3qgF9CYHFL1dK5br_EC13w1bncYd8UwiOLj8rYlgzqmTo27WPOCiUF3DDtvxN7dwT0n2vSXsiz839wpSjLpuK2pgqov9JYIepoEf2CCgPlIutyfNOJ1pszQ-LnV7U5f_vJI1Hs3tyIF3cpEt4mFfX4rXEVNKkDAHibUMe2xF6MzokIvgHchWxCMlb4_23hs-m2nDn3tHYsvNUarnX4y8j20C4YG2gfkrdqGa48SX3FGBCSfkZxaqBaLpuTQD4n34u46Uf7-ZV1QKUcWW9BkZWTyTZMWBM-8Ql8Nx-0AeR6tIqAA2RLEjo_FFtEpfEMqtCKXD8JPgytAEWxvs3jqckK64-Tq9ui0PXFE0lipv0wNfKSw8RYXBhnUGYujw3XPU3ZW5mjsM0HhLcpudPnqvrCshyidYr3Pd9qbX60ZPVwY13Wd73SujZXtofCCYajMUrFDxctYIIKL1CsHp6BAq0ihOt-2aPYg-NRgp-_z6lS85NC9xg1zRftfmkrHGKG5Sfr-bDdizgdfmlZ6VAiFGjF6tce6lwNXsq-LG9PJrUKCumXbOb4-GadhtgaYcXu7GxWpvPqQNRk3KRnLuTm6cjJWJihvAkNLL2We6oyh4xeET-UR3hwLwE696T9-E5l_b7PVs4GBxKp9IUHt_A1LGKa3rEEvQRobR40wgeEeg68U9hGFbYGXKTay-qJu2TpngtK5w4d--ufWl4In84bUYQS2hEybf98KfjnjEa0rjCeYfNlrrE2eIa0bg0HUb49cwcBx9edZCR2W04-dccQGLc4GIK8fK2Tob0i3ohFNGcXGxOjITGRgM1qhxdnDXoHtAb916NS6ZxH5JlkPDtKJfPI6BQXbVE2Kw2asosq6S0sY5VWRnFEk8yEW5k4CzWR8LVwngaV58zdJBjI5PctoBIu9STHvNt0LtBOiuznz9UafGKYMZ6QNaQoQbBV2tDR7UfMd00tEmuB1528Aanv9FI3DxKoRGWVqy1n9mDc-oEVZ0lM5Fj4HImLdlKsKpytapjbqP5JXx3AvVQcPwZrN1VPefBvjhN4yVJ7zb0JvYAkUMKy3ysd0DsmzXjsleXkdsFVjOygQraUKtpiWxO52Zlf9JMVwo1jgNVs0-jp8dlyL1jnrDM6bGvqRtWbF2mnqC3SRqsiAgHCJqL1OKrqe14qnveoSyjBj9Hdi_FpEe1zxxGdt1xA64MvEy8r98hDpNgp3t9WJ7qSSyiTK4WKcWhwbIz1BYf7gfBLTxEuW6umNEyHqKrjv2f9nNGJX_NOmGKW7ES3BWnT9bbDF7IhkYBEyeA8aF5_20x6KMYG0_CLS41Zt1tjgV1-6TR7YHNDUFs9tYfp5XuWJd99EZCRvmeE44B2hFeMn84LckWv9EGoFcSf2-C_NGFNnhmb_ehCIeJqf60d7BUhThSYQxsX3gPFOibR7unXTbygtWmFOgmpU1sb4AbEggO07KwcGy9KyFlx4py6l58ArmB1u6zmOT7Wj6Fsufj83Y-Q4rBp8Xs2-ol_AfK6yrht36xaDN212-ASJErpiIZ_qOM2h5cmmQ9Sgly7KGkwmMPfi3NO3xkzL80tIP6mSSZfAlTwcRoygisBehkxsCZjTGmmQ6sCMCd41WuRNtAh0FHDabIY44Zz4ZUma-byINUKoUkKTTiA9pKWdhpMzWzxaV69NO5oPuQqm9vJj0GMRrJaD8JYzGpIYACb6xst-YW1vg7-Q50wyTA5YM6JzKl0R8Upsppu-PEUL27MNjJWqJw32-eH_wd1pfphYntWIV3yVJuQAjNR0Bvvy20RV3jWH8B_PDSmYesH2rF0K-9IponsXa2Ml4gnC5CpNYtywua348uio7T_62Mo8pKXoi8tLSH6nEpGghgc6FNqSUDxEr7FROpa5b0u27dDwHjqZ2tZUtjAs2iTOD0k24W5A3FVyeXixz5fX1b4nJ55L6WARIDvO8ZFm5motwy0UMr86USInNIDBifHmZwA9P0JYP1iWIXNQyrS3ejmlxs04-CKlULk3V4JDa4jcjllI3C30_SGk4sVTIkhsv5MlOgu5kv3JtnOMwJeHNqHmBhXNhAlqy5J482wUC8HD5il05A7dJgHyoT232oQf9BDZrm0p3tYdQ7KIFfD9G1-Wf7aSyermlbzmLR_H8jogoCz36PJoifHgEi8MT9wVSMHnnYwOYkjZsUV0H2l0KF0duqrmBaiZ7TFzDUvQap4EVL-Pjqy801LeiI55D9statjrvGOZekg4kLdgk5UDM5mlE2RcnVJQkz0UgQa5Sk-nW-Z8I4ZWPrcjzh6JTPJtEaG-YtwL79Of3zXFhxijb_lBWtVd4Gl9ohOeDa8p7EG7yMupxnNKuO5F5_4eEMDMD7zj--jgi_5FQ25wzV8nEeOSwAJRryEhlJC5U0gRHogci5r0fBou3eco9_QqHXYi4vuR_8m_yR1k22YDjrkjDb9GaKLgMVq0OuLOvc2mkeTxD1XyGb3m7NAw6u1D_m6yObnFttwZ8Lhazmho4aPzMtu8qDAL5AGZm5CGF5StdS8RXbN3KtLjX-grVJRlcGOlCMh4syc&cid=CAQSTADq26N9q3wdBDXLchuRq0cvvTYrGSoAyb6uEvGtgXp4EXdcM02t_827obj_-xe5AN6BRXB9gaFBPooVWK4QTQIwl2KdLVX_x4Yuw1sYASAT&rfl=1%2Chttps%253A%252F%252Fxdarom.com%252F%240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:803::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 15 Dec 2022 20:51:03 GMT
content-encoding
br
x-content-type-options
nosniff
age
82163
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2986
x-xss-protection
0
server
cafe
etag
3296546412363819624
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 29 Dec 2022 20:51:03 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 1860 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssEiCdmWRumFTwdPz55ydAOq6XSQVmcfmwlD4Wp3baf24GJwgx46MTrehHHedfhaySdMVyExWdQ10yWU9T-dURVFTXCvHPUtyplWDeF-F9uegxZORgGH70-7X4ScyAZnaPzRdGeBv-P-4nJYO8XYx2rQcP5a6uSUpBJNu507Z4Px8LXNbER4zT69PrcAOOQhn-iodo09aPtpuak2DCtjWxCMIs5DbwqH_6GFxOwJNkooDQsqiK5no-HPG5WXq5OIo155G_bM0K3GnPvhJsGovLQkcST5Zm0Q0JYKWdnndUFLjW9-csDR1cGYIDoOtD-c3MOV2upf8Z8Cgkoi6g9qRHKLR3bJsBNJfAY-gT_3UeCGlBagZIju3rht9uTc0_T6Sqg39CfsW_rD7aZDkroOCm4QIunf4xx-Qgbg1egNLTmAoPOktkSjiTVGGWMy1Sr0ErBuixOniCClqKbU-y1hs9CmZflR9e339SaqLdgbIArRfmZtXlZDXFOgfayOjXZkClXe-r8xj7KxCf4nC96-fkUDLslxXeY8v3grL8ZTMC8zi7XBt1DrT5p5VBxI9xH72IaENdtxrxVSF0ZhuTZX0b-WZGYaM6aTLoNjisMzVbIV0EEm8x3bly3dBMj7XXMxIjI3kg_m9AWJUW1Rj-mypNsxkt_q92aQowTlb0klVsBPTv3VdHQf3DDwqPOMsCpwgprzDoVSn3vxuRyYk9B3vliPjcbyDpsyCbjJ-FVDHVYA0jltmf_uBHz6MzggmtpbNcCJhMsAWnZp8J81VQMYKof39sDakr0Uxu26t9qpAWZ_bE8RaEsIf2oYAoKlwur1TE_VorqBDgmhGtI6VnvNjCS__b7N4FZGKmD865WlSno9KXW9EYrdoiSumeYghMBfJN8RTpJGCWxkNnxIuojPJCEPxDemGaq5v4PpZ7pd749D4RBQs_YeSZjRFMasxiWl2bUveYTNUAmmxFrnrejf7tHajCqKkqSk-1d-d93yaC9Tkxix5Q3V9QIamubypzZJgtgTp0Ez9xy2PT9J5Ytv0uffYubusxtz_7EVBwpfnUt6KCb4FLugJsNEe9M9VPKuJ18bpPtGzrtaAyLBYicFcY-_PzwQ-R2Lbt6BElr7w0LAF5iFJTBWlkJgPEavuA5EEbxmbR9PQfWI2pwRjzEpwNpl_4pvGYTSmw&sai=AMfl-YSPUYouPUPz_rDeFrXBscqigOG5EiO66A_ZLeauzbVQHOfurfDaMWWTrUInVlcZAddXq1cQXALq7mZ1G8yjNmSdS3Yl1476F3XqWQ2cvMSNJkI8YlepV27pVMIR-H4WdkK_voHRgLEYGwhlFyyQTtlf1HLdF_Cad4m5PolL9IpRekPn5HZ0FfBYDMCDyII3yXpSNb_wnMhSv7iUPOicVrcC0ATyFg4yhOCx--2Ki1F8gsD35_d5JyLlevkfY5oIeFXOsi5z-iR1togBeTYK85LO4-9auk0WuISUjc5e5Q&sig=Cg0ArKJSzBA47BcNeA4mEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=2&cbvp=1&cstd=1&cisv=r20221207.70541&arae=0&ftch=1&adurl=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CheDGKy43CQTCpxxPLppGj9wINjJcxgRZg3dv8hTp0yL3pRDqIrDIMFOKdJhf1tzIA-MrWWQMT1wsQfPmXepcyfjdURemDgfc64UymcEhoqsS4u1jE1Nwx6Dyt2nb8hB6_x2tOV-PEg5N2fgY7M1XydShAHfJpwwyd2Ylnhm6RmZB9aXE&dbm_d=AKAmf-CaBb7stON_TvZDG_6u2ug-eho_fKz_9baO83vXihVA_stfrJpHepkHU5YXjFwOs4Qfq8HW_xmtS8s4ZwO9jQHiHPmDe93hM4x8jaJ9FjnszDbhso9vzAVa-Ud0ZIWdlSSZMvlalQ_Nd40FI4rcHKrVMcqE1GOIPTCREvLUP3obrIF0VnC8UOFzPLneRgHlLUgKAtuLGjX-1DEgR2gyEHaEUY4xoDjPomXJAhJpQmq7DHcIvQpTE_JwB-OHVmsDVRjo2ePkg8kX2-GmmmaVjQfi7Dduvlz5uw5x2nzTT3GGZMYruabR9ChauDs97CAtVFEEPCKnfGCJ74U7Wi8F0SyPztA8TU2vFsRrwJ9jhjj2QkHfAP49MmP1UeOHzziJmOPAEjBBjSoMyl49ZsDjQzzt3cPcLS0OiopLPHfQMuNkYrs_p69wNnNam0DgxHg6LMUOnQEiLPm5VjZpJnuftE_Q5VWyp3Qi0FqbpBpNB1nUPO27yjEDQMBPJ1QpSFqE55VSFf082ij_l-wYIYiNS0RrHsapzBKXMyqYPmpDcUeQ4T72il-zSatVKJVrVuPCFyxS1N5dmn23nz86nJsmySJB6XzNNStDFnxm8Ch3tssH0fUkR5aJb1BGI_UzSsNIh0102s7LGQCIktlPf42KyKb9BOX5kwlr_NmyhgjHdAOMcnF69qRUG0evqPG9FNFGnJ3qgF9CYHFL1dK5br_EC13w1bncYd8UwiOLj8rYlgzqmTo27WPOCiUF3DDtvxN7dwT0n2vSXsiz839wpSjLpuK2pgqov9JYIepoEf2CCgPlIutyfNOJ1pszQ-LnV7U5f_vJI1Hs3tyIF3cpEt4mFfX4rXEVNKkDAHibUMe2xF6MzokIvgHchWxCMlb4_23hs-m2nDn3tHYsvNUarnX4y8j20C4YG2gfkrdqGa48SX3FGBCSfkZxaqBaLpuTQD4n34u46Uf7-ZV1QKUcWW9BkZWTyTZMWBM-8Ql8Nx-0AeR6tIqAA2RLEjo_FFtEpfEMqtCKXD8JPgytAEWxvs3jqckK64-Tq9ui0PXFE0lipv0wNfKSw8RYXBhnUGYujw3XPU3ZW5mjsM0HhLcpudPnqvrCshyidYr3Pd9qbX60ZPVwY13Wd73SujZXtofCCYajMUrFDxctYIIKL1CsHp6BAq0ihOt-2aPYg-NRgp-_z6lS85NC9xg1zRftfmkrHGKG5Sfr-bDdizgdfmlZ6VAiFGjF6tce6lwNXsq-LG9PJrUKCumXbOb4-GadhtgaYcXu7GxWpvPqQNRk3KRnLuTm6cjJWJihvAkNLL2We6oyh4xeET-UR3hwLwE696T9-E5l_b7PVs4GBxKp9IUHt_A1LGKa3rEEvQRobR40wgeEeg68U9hGFbYGXKTay-qJu2TpngtK5w4d--ufWl4In84bUYQS2hEybf98KfjnjEa0rjCeYfNlrrE2eIa0bg0HUb49cwcBx9edZCR2W04-dccQGLc4GIK8fK2Tob0i3ohFNGcXGxOjITGRgM1qhxdnDXoHtAb916NS6ZxH5JlkPDtKJfPI6BQXbVE2Kw2asosq6S0sY5VWRnFEk8yEW5k4CzWR8LVwngaV58zdJBjI5PctoBIu9STHvNt0LtBOiuznz9UafGKYMZ6QNaQoQbBV2tDR7UfMd00tEmuB1528Aanv9FI3DxKoRGWVqy1n9mDc-oEVZ0lM5Fj4HImLdlKsKpytapjbqP5JXx3AvVQcPwZrN1VPefBvjhN4yVJ7zb0JvYAkUMKy3ysd0DsmzXjsleXkdsFVjOygQraUKtpiWxO52Zlf9JMVwo1jgNVs0-jp8dlyL1jnrDM6bGvqRtWbF2mnqC3SRqsiAgHCJqL1OKrqe14qnveoSyjBj9Hdi_FpEe1zxxGdt1xA64MvEy8r98hDpNgp3t9WJ7qSSyiTK4WKcWhwbIz1BYf7gfBLTxEuW6umNEyHqKrjv2f9nNGJX_NOmGKW7ES3BWnT9bbDF7IhkYBEyeA8aF5_20x6KMYG0_CLS41Zt1tjgV1-6TR7YHNDUFs9tYfp5XuWJd99EZCRvmeE44B2hFeMn84LckWv9EGoFcSf2-C_NGFNnhmb_ehCIeJqf60d7BUhThSYQxsX3gPFOibR7unXTbygtWmFOgmpU1sb4AbEggO07KwcGy9KyFlx4py6l58ArmB1u6zmOT7Wj6Fsufj83Y-Q4rBp8Xs2-ol_AfK6yrht36xaDN212-ASJErpiIZ_qOM2h5cmmQ9Sgly7KGkwmMPfi3NO3xkzL80tIP6mSSZfAlTwcRoygisBehkxsCZjTGmmQ6sCMCd41WuRNtAh0FHDabIY44Zz4ZUma-byINUKoUkKTTiA9pKWdhpMzWzxaV69NO5oPuQqm9vJj0GMRrJaD8JYzGpIYACb6xst-YW1vg7-Q50wyTA5YM6JzKl0R8Upsppu-PEUL27MNjJWqJw32-eH_wd1pfphYntWIV3yVJuQAjNR0Bvvy20RV3jWH8B_PDSmYesH2rF0K-9IponsXa2Ml4gnC5CpNYtywua348uio7T_62Mo8pKXoi8tLSH6nEpGghgc6FNqSUDxEr7FROpa5b0u27dDwHjqZ2tZUtjAs2iTOD0k24W5A3FVyeXixz5fX1b4nJ55L6WARIDvO8ZFm5motwy0UMr86USInNIDBifHmZwA9P0JYP1iWIXNQyrS3ejmlxs04-CKlULk3V4JDa4jcjllI3C30_SGk4sVTIkhsv5MlOgu5kv3JtnOMwJeHNqHmBhXNhAlqy5J482wUC8HD5il05A7dJgHyoT232oQf9BDZrm0p3tYdQ7KIFfD9G1-Wf7aSyermlbzmLR_H8jogoCz36PJoifHgEi8MT9wVSMHnnYwOYkjZsUV0H2l0KF0duqrmBaiZ7TFzDUvQap4EVL-Pjqy801LeiI55D9statjrvGOZekg4kLdgk5UDM5mlE2RcnVJQkz0UgQa5Sk-nW-Z8I4ZWPrcjzh6JTPJtEaG-YtwL79Of3zXFhxijb_lBWtVd4Gl9ohOeDa8p7EG7yMupxnNKuO5F5_4eEMDMD7zj--jgi_5FQ25wzV8nEeOSwAJRryEhlJC5U0gRHogci5r0fBou3eco9_QqHXYi4vuR_8m_yR1k22YDjrkjDb9GaKLgMVq0OuLOvc2mkeTxD1XyGb3m7NAw6u1D_m6yObnFttwZ8Lhazmho4aPzMtu8qDAL5AGZm5CGF5StdS8RXbN3KtLjX-grVJRlcGOlCMh4syc&cid=CAQSTADq26N9q3wdBDXLchuRq0cvvTYrGSoAyb6uEvGtgXp4EXdcM02t_827obj_-xe5AN6BRXB9gaFBPooVWK4QTQIwl2KdLVX_x4Yuw1sYASAT&rfl=1%2Chttps%253A%252F%252Fxdarom.com%252F%240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Fri, 16 Dec 2022 19:40:26 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 16 Dec 2022 19:40:26 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 1860 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CheDGKy43CQTCpxxPLppGj9wINjJcxgRZg3dv8hTp0yL3pRDqIrDIMFOKdJhf1tzIA-MrWWQMT1wsQfPmXepcyfjdURemDgfc64UymcEhoqsS4u1jE1Nwx6Dyt2nb8hB6_x2tOV-PEg5N2fgY7M1XydShAHfJpwwyd2Ylnhm6RmZB9aXE&dbm_d=AKAmf-CaBb7stON_TvZDG_6u2ug-eho_fKz_9baO83vXihVA_stfrJpHepkHU5YXjFwOs4Qfq8HW_xmtS8s4ZwO9jQHiHPmDe93hM4x8jaJ9FjnszDbhso9vzAVa-Ud0ZIWdlSSZMvlalQ_Nd40FI4rcHKrVMcqE1GOIPTCREvLUP3obrIF0VnC8UOFzPLneRgHlLUgKAtuLGjX-1DEgR2gyEHaEUY4xoDjPomXJAhJpQmq7DHcIvQpTE_JwB-OHVmsDVRjo2ePkg8kX2-GmmmaVjQfi7Dduvlz5uw5x2nzTT3GGZMYruabR9ChauDs97CAtVFEEPCKnfGCJ74U7Wi8F0SyPztA8TU2vFsRrwJ9jhjj2QkHfAP49MmP1UeOHzziJmOPAEjBBjSoMyl49ZsDjQzzt3cPcLS0OiopLPHfQMuNkYrs_p69wNnNam0DgxHg6LMUOnQEiLPm5VjZpJnuftE_Q5VWyp3Qi0FqbpBpNB1nUPO27yjEDQMBPJ1QpSFqE55VSFf082ij_l-wYIYiNS0RrHsapzBKXMyqYPmpDcUeQ4T72il-zSatVKJVrVuPCFyxS1N5dmn23nz86nJsmySJB6XzNNStDFnxm8Ch3tssH0fUkR5aJb1BGI_UzSsNIh0102s7LGQCIktlPf42KyKb9BOX5kwlr_NmyhgjHdAOMcnF69qRUG0evqPG9FNFGnJ3qgF9CYHFL1dK5br_EC13w1bncYd8UwiOLj8rYlgzqmTo27WPOCiUF3DDtvxN7dwT0n2vSXsiz839wpSjLpuK2pgqov9JYIepoEf2CCgPlIutyfNOJ1pszQ-LnV7U5f_vJI1Hs3tyIF3cpEt4mFfX4rXEVNKkDAHibUMe2xF6MzokIvgHchWxCMlb4_23hs-m2nDn3tHYsvNUarnX4y8j20C4YG2gfkrdqGa48SX3FGBCSfkZxaqBaLpuTQD4n34u46Uf7-ZV1QKUcWW9BkZWTyTZMWBM-8Ql8Nx-0AeR6tIqAA2RLEjo_FFtEpfEMqtCKXD8JPgytAEWxvs3jqckK64-Tq9ui0PXFE0lipv0wNfKSw8RYXBhnUGYujw3XPU3ZW5mjsM0HhLcpudPnqvrCshyidYr3Pd9qbX60ZPVwY13Wd73SujZXtofCCYajMUrFDxctYIIKL1CsHp6BAq0ihOt-2aPYg-NRgp-_z6lS85NC9xg1zRftfmkrHGKG5Sfr-bDdizgdfmlZ6VAiFGjF6tce6lwNXsq-LG9PJrUKCumXbOb4-GadhtgaYcXu7GxWpvPqQNRk3KRnLuTm6cjJWJihvAkNLL2We6oyh4xeET-UR3hwLwE696T9-E5l_b7PVs4GBxKp9IUHt_A1LGKa3rEEvQRobR40wgeEeg68U9hGFbYGXKTay-qJu2TpngtK5w4d--ufWl4In84bUYQS2hEybf98KfjnjEa0rjCeYfNlrrE2eIa0bg0HUb49cwcBx9edZCR2W04-dccQGLc4GIK8fK2Tob0i3ohFNGcXGxOjITGRgM1qhxdnDXoHtAb916NS6ZxH5JlkPDtKJfPI6BQXbVE2Kw2asosq6S0sY5VWRnFEk8yEW5k4CzWR8LVwngaV58zdJBjI5PctoBIu9STHvNt0LtBOiuznz9UafGKYMZ6QNaQoQbBV2tDR7UfMd00tEmuB1528Aanv9FI3DxKoRGWVqy1n9mDc-oEVZ0lM5Fj4HImLdlKsKpytapjbqP5JXx3AvVQcPwZrN1VPefBvjhN4yVJ7zb0JvYAkUMKy3ysd0DsmzXjsleXkdsFVjOygQraUKtpiWxO52Zlf9JMVwo1jgNVs0-jp8dlyL1jnrDM6bGvqRtWbF2mnqC3SRqsiAgHCJqL1OKrqe14qnveoSyjBj9Hdi_FpEe1zxxGdt1xA64MvEy8r98hDpNgp3t9WJ7qSSyiTK4WKcWhwbIz1BYf7gfBLTxEuW6umNEyHqKrjv2f9nNGJX_NOmGKW7ES3BWnT9bbDF7IhkYBEyeA8aF5_20x6KMYG0_CLS41Zt1tjgV1-6TR7YHNDUFs9tYfp5XuWJd99EZCRvmeE44B2hFeMn84LckWv9EGoFcSf2-C_NGFNnhmb_ehCIeJqf60d7BUhThSYQxsX3gPFOibR7unXTbygtWmFOgmpU1sb4AbEggO07KwcGy9KyFlx4py6l58ArmB1u6zmOT7Wj6Fsufj83Y-Q4rBp8Xs2-ol_AfK6yrht36xaDN212-ASJErpiIZ_qOM2h5cmmQ9Sgly7KGkwmMPfi3NO3xkzL80tIP6mSSZfAlTwcRoygisBehkxsCZjTGmmQ6sCMCd41WuRNtAh0FHDabIY44Zz4ZUma-byINUKoUkKTTiA9pKWdhpMzWzxaV69NO5oPuQqm9vJj0GMRrJaD8JYzGpIYACb6xst-YW1vg7-Q50wyTA5YM6JzKl0R8Upsppu-PEUL27MNjJWqJw32-eH_wd1pfphYntWIV3yVJuQAjNR0Bvvy20RV3jWH8B_PDSmYesH2rF0K-9IponsXa2Ml4gnC5CpNYtywua348uio7T_62Mo8pKXoi8tLSH6nEpGghgc6FNqSUDxEr7FROpa5b0u27dDwHjqZ2tZUtjAs2iTOD0k24W5A3FVyeXixz5fX1b4nJ55L6WARIDvO8ZFm5motwy0UMr86USInNIDBifHmZwA9P0JYP1iWIXNQyrS3ejmlxs04-CKlULk3V4JDa4jcjllI3C30_SGk4sVTIkhsv5MlOgu5kv3JtnOMwJeHNqHmBhXNhAlqy5J482wUC8HD5il05A7dJgHyoT232oQf9BDZrm0p3tYdQ7KIFfD9G1-Wf7aSyermlbzmLR_H8jogoCz36PJoifHgEi8MT9wVSMHnnYwOYkjZsUV0H2l0KF0duqrmBaiZ7TFzDUvQap4EVL-Pjqy801LeiI55D9statjrvGOZekg4kLdgk5UDM5mlE2RcnVJQkz0UgQa5Sk-nW-Z8I4ZWPrcjzh6JTPJtEaG-YtwL79Of3zXFhxijb_lBWtVd4Gl9ohOeDa8p7EG7yMupxnNKuO5F5_4eEMDMD7zj--jgi_5FQ25wzV8nEeOSwAJRryEhlJC5U0gRHogci5r0fBou3eco9_QqHXYi4vuR_8m_yR1k22YDjrkjDb9GaKLgMVq0OuLOvc2mkeTxD1XyGb3m7NAw6u1D_m6yObnFttwZ8Lhazmho4aPzMtu8qDAL5AGZm5CGF5StdS8RXbN3KtLjX-grVJRlcGOlCMh4syc&cid=CAQSTADq26N9q3wdBDXLchuRq0cvvTYrGSoAyb6uEvGtgXp4EXdcM02t_827obj_-xe5AN6BRXB9gaFBPooVWK4QTQIwl2KdLVX_x4Yuw1sYASAT&rfl=1%2Chttps%253A%252F%252Fxdarom.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 15 Dec 2022 09:24:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
123342
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 15 Dec 2023 09:24:44 GMT
ABK_DV360_JPG_970x90_EN.jpg
s0.2mdn.net/12719645/ Frame 1860 		84 KB
84 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/12719645/ABK_DV360_JPG_970x90_EN.jpg
Requested by
Host: 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
URL: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:803::2006 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
70402126ef3130514c8b5d7af05bf15d8fea6a5b58f2dc0b314b2cc672cf6473
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 12:02:01 GMT
x-content-type-options
nosniff
age
27505
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
85851
x-xss-protection
0
last-modified
Thu, 01 Dec 2022 15:04:20 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 17 Dec 2022 12:02:01 GMT
express_html_inpage_rendering_lib_200_276.js
s0.2mdn.net/879366/ Frame 9C91 		106 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js
Requested by
Host: xdarom.com
URL: https://xdarom.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:803::2006 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
Origin
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 01:19:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
66059
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37872
x-xss-protection
0
last-modified
Wed, 02 Mar 2022 23:07:26 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 17 Dec 2022 01:19:27 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20221207/r20110914/elements/html/ Frame 9C91 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20221207/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A4TIZKzRO4vt2aan7Oe0gK5euIvZo2I-E64FzPqPzEEIpPHsTqPm3zteVfjCjXZ3ZjHnk4rcXgPnz9NIyb706zbum9gQ&cry=1&dbm_d=AKAmf-A7d7LNryPeTzC09KnXn6bO2CUFiiCBF2wI_BieHkNe7XXTTIjT5xkHmKMwYBPYCyLlKAsZ7k-lrs4Ma3t9XnIda7DMDFvSNpsnNDA9k0cxrSv97GDQkGCjmNi-sJrpKnu9t7hPxddYcKw9JQmHA4uYaq99PFzfAt_pc78FMQAGYavh3uMsg_LVLHTuWRMMRuEuFRiE0MKIOwIi1g3zvtTRVAeNKa-zAC-lJcSFAbEtY2ULVQFcMcbQgzysqFqSFioLui1qmqkNjz4YPturWmUI4xPqWgE1K1yEJ7errrFhDh2IJdE6IFCMzPfqG3TGmzLTGtktjnBVyc65kG9xiYKacP6i7rrxJ9RW38t-s4yMov1K6IOkaH11nMVzmn0R23sDedsXnihD99MYGC3uQ8-NtP5xiqcvRBJHCJA8LdvqZuYNE0j0sY0jhDMo3r_vbWX17R2c2WocbEd0WegEbGpauzIJYO-Sxf-nNx88lHuTqBjVfHkSgWA3UDh9Rxnco0sOvq0-XzHZ0Iii-uDvDX3ejGSWl-ajsanZ-vjyeSV7XRXgbMvsj1gP9brjkFze3c9WJSJYNjokQdnm4tTnIc21vUIbzRlFVT7JCcqazQILJuDsVIT758kJPteTqjWAiW_kA84uIFrl6L9O0RjGsald0wX0hPVjx9BW2-OdeI_UUcB2_I4_pZ7qIz9GOPKMUcyRyHfieJnQ88gvyqdG8rBpv-pygG943rV9jVuWJ__DbVucthcnpM9out9mATM9-rKsQU5qEX0LR6civmWHWAQCNlceIjblRfQt5XlLrQFe8PZj6BOatcspHbceCBcw6TR9FpA5-wnQgwpsVNo7S2H_cSCJWO3Ozj1WCwshCwzEpYkBfK7WRHR7x-0YVQN0B_UBQxAMJQ1YNNlSlamWvzXePHHh5SuoRoTnvw7qHFln_YK0U3G6hjq7NyUO-_8jvbqFoYFJMTI9v66YjUt6TA53FRxlIQWfwLjtxWlgNhAB2hE_8_n51WHJa7vlw7CWhUYVcoJ7iSRpUtLR1hwxsY1oTV6ohH6CGgwVuexxdzZmcrXJvGHs7gJYUKVdnZFoB0Y7B2bey-K-zAI7vX3W7amEeqTFFPqVN_qGjAT01LQC-pgR2lHV7yYYW2PhqNcCUodTrlD4YQZ7qDwkAcYpG7wByib8EvgW6mGY0rr0Oki19oDelSU-9Q-p3F-0-lqqU15BFW1l7dBLmkEpLQeuRH3jaPw-D_8BeRof79hhUYYlKfPln6H2jPqE3OWGKsX7lzAY3-Ra8LdcORDchIXjPkan7HWeCmTLEGu7A8pBZc3KSMV-R2f94mMAhvI7lPokpwtDywQuV4QTW0ck6Mv0dBpEro4sLwbdK_D6U8Rpn-wSlboM9SH8mojZ2XoJy6SSzRsFd2C4qro6ZHcmIV5JHdIfX5gf_LAF26d1GKhCHzr9jMLfKHAS6oYA73Ibp_lMtliyKj1txMUMbvgwRHs2MRoJnmtokuEQOoZjm-UN_tQsGR4wIAuOQo9gKNZtiyuN370PPDOLE49X1fCjOPcUbwyzFjXBpGfdml1PYSBlETSNcPKkGIcLDBiq28GFcguXkAtqfPwPep4_lHuRqmtd5kPo9qLbxv4cnfZumTfd0XkFcrCI7iiidnoGKcnWkW11F-6fjf9ENl39lJWZcN7079USO3ILBUF2QviYwB6138nHJgCF98eLLbvEXkVPnl7D1zmKtHMq9ve3Sdv7qIuL11NJS_LJ-oOStyo8XyTSZDbHtV-WSgx0Bmkg5DgBFS9W6ZKCzPO1NN3Sxw5qhbKPEU4BAjJZM8UsWLjSvp-Gg_1sL2Koxco2orrtDW0A1cYtQrSXdOLFvvz3DqJfI8szXdC2zbkWPjfy805hOuwPCEMFTF0l1Rd_o4ym7TScRRBZqjjr7C3uHBmKNLi_bhyXrcemBcfS6igFdTwMrxrOPMtXUZ8AeC0UoCLawg9qrA_6SxT1zwPLECDzaCH3dLf8tMhRgnHv30yAxLkUADxpyBFYwNeBMEIcwZa5mD5oBMJipbttmyxWnrYdViEspPNAqEpsqqSMt04yZTFKPhrbTlT_VEa5o3pl40KkcjFAtetWR-u1VrwIGvzYQcUvmvZQnEIBoTcqJi7K5QGOQO2Qnt1nE9U14T5xrBl6V9aBkXJj10XmsNwcb9RXQFInI-iDA3nXVR9MC8dvVMzwi6oSImsi_njsQwnnl0mr90PiX8ugq0HOkGPu6udaI_fmqweQZ47588ASX5LzrLvajcLQye1iW79BQcHOOBYhG2fD8_ZE0uAhgYc8C3v5W1p8rvg-t9xl20ZYno4m22OIUgg4zSeOvZCI9VPJ-qagrhEW8IhvWtaGi7CFLj2gYvU57IQJZytYV47vPsPAkBg6NTaWtCccNjxgM1ynMVSQEFG3tVXyTWn4xn5VL8bckFse36MrW74bm8R-I0fFSeV30Ce8Ivs-wzlpWESUo3Mpmz2A6Jb_RB_WQwxSeOE3rRkfn2IEC4Y91sqUsJK64YckWvwKp9FPj6aSMIIVKelzdhokZ9NLBDbpRB7y3R3oCSZ_FIyhUXLOartxMtGki_3QkzwBDggrMbOkzHFnTRnFzuyaXjI_tG8QrmJAw9lAuUhBKrZqCz3U2LUNGiFl4yREns5V8vvjlUpkvsxs9m3TcXQyVlFV9IWt2PXUmTc8rQU3ze1VtRkFu6EogMgLwIn2251BbtFR9Gn5puXpksQ4K8R1PAqiX0YRGC9_j0b87IjW6y9MoC5uexAah_7hWJZfp8llxbEaagvFZJsotpKlE7iYE-Juq4a-XKJZrUujLFx00SzEgEnTZTYWwHbZ7gWpF-kauLPN7IHWfKq1BONGGqaPV5qqFAaonPJ78XFQTEeK-PM6AilsyJ1hepVUuU9ATi8MaBUeNIxa_ny84TLjt3UNd00XdfvrJxsn9UTyAm-RgnJ50zWwi45Yk4ndkOOhaz2uEHLxGsq5l3IzDeqxa4sDCLvmwwmIN9AMET3YSzD70kVY56pigmDqtRJmFYAVie7qDj8EwRo13rztRbqom-pK1uRpy2Xjh5MVs_kIJU-Naz6YVJeftnPHvPEKftMED5o402t-85wyT0W96fPmv7WNsA7qpMeV0eRPexQOGWC1G7HE3Amz_gNmWhIQ3zpfhAb2X-zznwQReWA&cid=CAQSSwDq26N9-iTNS3QG8F1-_j6sKKMoaEgQAAUyUHNopFEfhwVgiVMVbYKA81LRS3rVZqglbivFc-OkjXwmrfEE7PpYf6XQouK6M9ESsxgBIBM&rfl=1%2Chttps%253A%252F%252Fxdarom.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:803::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 15 Dec 2022 20:51:03 GMT
content-encoding
br
x-content-type-options
nosniff
age
82163
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2986
x-xss-protection
0
server
cafe
etag
3296546412363819624
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 29 Dec 2022 20:51:03 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20221207/r20110914/ Frame 9C91 		30 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20221207/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A4TIZKzRO4vt2aan7Oe0gK5euIvZo2I-E64FzPqPzEEIpPHsTqPm3zteVfjCjXZ3ZjHnk4rcXgPnz9NIyb706zbum9gQ&cry=1&dbm_d=AKAmf-A7d7LNryPeTzC09KnXn6bO2CUFiiCBF2wI_BieHkNe7XXTTIjT5xkHmKMwYBPYCyLlKAsZ7k-lrs4Ma3t9XnIda7DMDFvSNpsnNDA9k0cxrSv97GDQkGCjmNi-sJrpKnu9t7hPxddYcKw9JQmHA4uYaq99PFzfAt_pc78FMQAGYavh3uMsg_LVLHTuWRMMRuEuFRiE0MKIOwIi1g3zvtTRVAeNKa-zAC-lJcSFAbEtY2ULVQFcMcbQgzysqFqSFioLui1qmqkNjz4YPturWmUI4xPqWgE1K1yEJ7errrFhDh2IJdE6IFCMzPfqG3TGmzLTGtktjnBVyc65kG9xiYKacP6i7rrxJ9RW38t-s4yMov1K6IOkaH11nMVzmn0R23sDedsXnihD99MYGC3uQ8-NtP5xiqcvRBJHCJA8LdvqZuYNE0j0sY0jhDMo3r_vbWX17R2c2WocbEd0WegEbGpauzIJYO-Sxf-nNx88lHuTqBjVfHkSgWA3UDh9Rxnco0sOvq0-XzHZ0Iii-uDvDX3ejGSWl-ajsanZ-vjyeSV7XRXgbMvsj1gP9brjkFze3c9WJSJYNjokQdnm4tTnIc21vUIbzRlFVT7JCcqazQILJuDsVIT758kJPteTqjWAiW_kA84uIFrl6L9O0RjGsald0wX0hPVjx9BW2-OdeI_UUcB2_I4_pZ7qIz9GOPKMUcyRyHfieJnQ88gvyqdG8rBpv-pygG943rV9jVuWJ__DbVucthcnpM9out9mATM9-rKsQU5qEX0LR6civmWHWAQCNlceIjblRfQt5XlLrQFe8PZj6BOatcspHbceCBcw6TR9FpA5-wnQgwpsVNo7S2H_cSCJWO3Ozj1WCwshCwzEpYkBfK7WRHR7x-0YVQN0B_UBQxAMJQ1YNNlSlamWvzXePHHh5SuoRoTnvw7qHFln_YK0U3G6hjq7NyUO-_8jvbqFoYFJMTI9v66YjUt6TA53FRxlIQWfwLjtxWlgNhAB2hE_8_n51WHJa7vlw7CWhUYVcoJ7iSRpUtLR1hwxsY1oTV6ohH6CGgwVuexxdzZmcrXJvGHs7gJYUKVdnZFoB0Y7B2bey-K-zAI7vX3W7amEeqTFFPqVN_qGjAT01LQC-pgR2lHV7yYYW2PhqNcCUodTrlD4YQZ7qDwkAcYpG7wByib8EvgW6mGY0rr0Oki19oDelSU-9Q-p3F-0-lqqU15BFW1l7dBLmkEpLQeuRH3jaPw-D_8BeRof79hhUYYlKfPln6H2jPqE3OWGKsX7lzAY3-Ra8LdcORDchIXjPkan7HWeCmTLEGu7A8pBZc3KSMV-R2f94mMAhvI7lPokpwtDywQuV4QTW0ck6Mv0dBpEro4sLwbdK_D6U8Rpn-wSlboM9SH8mojZ2XoJy6SSzRsFd2C4qro6ZHcmIV5JHdIfX5gf_LAF26d1GKhCHzr9jMLfKHAS6oYA73Ibp_lMtliyKj1txMUMbvgwRHs2MRoJnmtokuEQOoZjm-UN_tQsGR4wIAuOQo9gKNZtiyuN370PPDOLE49X1fCjOPcUbwyzFjXBpGfdml1PYSBlETSNcPKkGIcLDBiq28GFcguXkAtqfPwPep4_lHuRqmtd5kPo9qLbxv4cnfZumTfd0XkFcrCI7iiidnoGKcnWkW11F-6fjf9ENl39lJWZcN7079USO3ILBUF2QviYwB6138nHJgCF98eLLbvEXkVPnl7D1zmKtHMq9ve3Sdv7qIuL11NJS_LJ-oOStyo8XyTSZDbHtV-WSgx0Bmkg5DgBFS9W6ZKCzPO1NN3Sxw5qhbKPEU4BAjJZM8UsWLjSvp-Gg_1sL2Koxco2orrtDW0A1cYtQrSXdOLFvvz3DqJfI8szXdC2zbkWPjfy805hOuwPCEMFTF0l1Rd_o4ym7TScRRBZqjjr7C3uHBmKNLi_bhyXrcemBcfS6igFdTwMrxrOPMtXUZ8AeC0UoCLawg9qrA_6SxT1zwPLECDzaCH3dLf8tMhRgnHv30yAxLkUADxpyBFYwNeBMEIcwZa5mD5oBMJipbttmyxWnrYdViEspPNAqEpsqqSMt04yZTFKPhrbTlT_VEa5o3pl40KkcjFAtetWR-u1VrwIGvzYQcUvmvZQnEIBoTcqJi7K5QGOQO2Qnt1nE9U14T5xrBl6V9aBkXJj10XmsNwcb9RXQFInI-iDA3nXVR9MC8dvVMzwi6oSImsi_njsQwnnl0mr90PiX8ugq0HOkGPu6udaI_fmqweQZ47588ASX5LzrLvajcLQye1iW79BQcHOOBYhG2fD8_ZE0uAhgYc8C3v5W1p8rvg-t9xl20ZYno4m22OIUgg4zSeOvZCI9VPJ-qagrhEW8IhvWtaGi7CFLj2gYvU57IQJZytYV47vPsPAkBg6NTaWtCccNjxgM1ynMVSQEFG3tVXyTWn4xn5VL8bckFse36MrW74bm8R-I0fFSeV30Ce8Ivs-wzlpWESUo3Mpmz2A6Jb_RB_WQwxSeOE3rRkfn2IEC4Y91sqUsJK64YckWvwKp9FPj6aSMIIVKelzdhokZ9NLBDbpRB7y3R3oCSZ_FIyhUXLOartxMtGki_3QkzwBDggrMbOkzHFnTRnFzuyaXjI_tG8QrmJAw9lAuUhBKrZqCz3U2LUNGiFl4yREns5V8vvjlUpkvsxs9m3TcXQyVlFV9IWt2PXUmTc8rQU3ze1VtRkFu6EogMgLwIn2251BbtFR9Gn5puXpksQ4K8R1PAqiX0YRGC9_j0b87IjW6y9MoC5uexAah_7hWJZfp8llxbEaagvFZJsotpKlE7iYE-Juq4a-XKJZrUujLFx00SzEgEnTZTYWwHbZ7gWpF-kauLPN7IHWfKq1BONGGqaPV5qqFAaonPJ78XFQTEeK-PM6AilsyJ1hepVUuU9ATi8MaBUeNIxa_ny84TLjt3UNd00XdfvrJxsn9UTyAm-RgnJ50zWwi45Yk4ndkOOhaz2uEHLxGsq5l3IzDeqxa4sDCLvmwwmIN9AMET3YSzD70kVY56pigmDqtRJmFYAVie7qDj8EwRo13rztRbqom-pK1uRpy2Xjh5MVs_kIJU-Naz6YVJeftnPHvPEKftMED5o402t-85wyT0W96fPmv7WNsA7qpMeV0eRPexQOGWC1G7HE3Amz_gNmWhIQ3zpfhAb2X-zznwQReWA&cid=CAQSSwDq26N9-iTNS3QG8F1-_j6sKKMoaEgQAAUyUHNopFEfhwVgiVMVbYKA81LRS3rVZqglbivFc-OkjXwmrfEE7PpYf6XQouK6M9ESsxgBIBM&rfl=1%2Chttps%253A%252F%252Fxdarom.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:803::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c4d60e53476012ab254ca2f3f479903a6be9ead3cb39a9ea353c51ec75c618c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 16:53:10 GMT
content-encoding
br
x-content-type-options
nosniff
age
10036
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11387
x-xss-protection
0
server
cafe
etag
8197878782792770439
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 30 Dec 2022 16:53:10 GMT
rum
dsum-sec.casalemedia.com/ Frame 2236
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFUJG4dsHE1oOJOoHvSw0Xs&google_cver=1
43 B
766 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFUJG4dsHE1oOJOoHvSw0Xs&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI2VFxDgh9qvAxjMidfJATAB&v=APEucNVojYurvjRBg5TmxBZLOd714IK11raTmMQHcueAjzVk0BXlSP23vOvd08dJtHpQEsg7iQnCLdZb5sCIi4-dpP-p6uVFabpVz_Waoy4aerZeEctJ6ePyXacP7_KIdSAcVABZnpzc5pFreXcxglbcgSOfZeSG5MrL-92CuEYHUrVoSDvR6_tg1NqFYEKyiUA_BPa2BAFCzewtZo_rkFSbmp8iADXHFQ
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 16 Dec 2022 19:40:26 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=498
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Fri, 16 Dec 2022 19:40:26 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFUJG4dsHE1oOJOoHvSw0Xs&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 2236
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y5zJqktPUTql5tJtV4DerQAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFUJG4dsHE1oOJOoHvSw0Xs&google_cver=1
43 B
894 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFUJG4dsHE1oOJOoHvSw0Xs&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI2VFxDgh9qvAxjMidfJATAB&v=APEucNVojYurvjRBg5TmxBZLOd714IK11raTmMQHcueAjzVk0BXlSP23vOvd08dJtHpQEsg7iQnCLdZb5sCIi4-dpP-p6uVFabpVz_Waoy4aerZeEctJ6ePyXacP7_KIdSAcVABZnpzc5pFreXcxglbcgSOfZeSG5MrL-92CuEYHUrVoSDvR6_tg1NqFYEKyiUA_BPa2BAFCzewtZo_rkFSbmp8iADXHFQ
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 16 Dec 2022 19:40:26 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=497
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Fri, 16 Dec 2022 19:40:26 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFUJG4dsHE1oOJOoHvSw0Xs&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame 2236
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEDfHO9XOQjCAYTkFpcZPIA8&google_cver=1
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEDfHO9XOQjCAYTkFpcZPIA8&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI2VFxDgh9qvAxjMidfJATAB&v=APEucNVojYurvjRBg5TmxBZLOd714IK11raTmMQHcueAjzVk0BXlSP23vOvd08dJtHpQEsg7iQnCLdZb5sCIi4-dpP-p6uVFabpVz_Waoy4aerZeEctJ6ePyXacP7_KIdSAcVABZnpzc5pFreXcxglbcgSOfZeSG5MrL-92CuEYHUrVoSDvR6_tg1NqFYEKyiUA_BPa2BAFCzewtZo_rkFSbmp8iADXHFQ
Protocol
HTTP/1.1
Server
37.252.171.53 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 16 Dec 2022 19:40:26 GMT
AN-X-Request-Uuid
84780cb0-a1e3-4528-89be-2086cbb54727
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
image/gif
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
31.204.150.143; 31.204.150.143; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 16 Dec 2022 19:40:26 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEDfHO9XOQjCAYTkFpcZPIA8&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 2236
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjg4ODQ3MTM3ODg1ODc2NDg4Mw%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjg4ODQ3MTM3ODg1ODc2NDg4Mw%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI2VFxDgh9qvAxjMidfJATAB&v=APEucNVojYurvjRBg5TmxBZLOd714IK11raTmMQHcueAjzVk0BXlSP23vOvd08dJtHpQEsg7iQnCLdZb5sCIi4-dpP-p6uVFabpVz_Waoy4aerZeEctJ6ePyXacP7_KIdSAcVABZnpzc5pFreXcxglbcgSOfZeSG5MrL-92CuEYHUrVoSDvR6_tg1NqFYEKyiUA_BPa2BAFCzewtZo_rkFSbmp8iADXHFQ
Protocol
H3
Server
142.251.39.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s37-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Dec 2022 19:40:26 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Fri, 16 Dec 2022 19:40:26 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
31.204.150.143; 31.204.150.143; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
51a1d1df-651c-4428-84e8-88a474d54bf2
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjg4ODQ3MTM3ODg1ODc2NDg4Mw%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame B580 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300|Roboto:400,500,700&lang=en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:802::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://xdarom.com
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 14 Dec 2022 19:33:00 GMT
x-content-type-options
nosniff
age
173246
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 14 Dec 2023 19:33:00 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame B580 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300|Roboto:400,500,700&lang=en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:802::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://xdarom.com
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 14 Dec 2022 19:33:08 GMT
x-content-type-options
nosniff
age
173238
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15860
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 14 Dec 2023 19:33:08 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame B580
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: xdarom.com
URL: https://xdarom.com/
Protocol
H3
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Redirect headers

date
Fri, 16 Dec 2022 19:40:26 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
pd
google-bidout-d.openx.net/w/1.0/ Frame 5554 		0
176 B 		Document
General
Check archive.org
Download Go to
Full URL
https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by
Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://xdarom.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Fri, 16 Dec 2022 19:40:26 GMT
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
truncated
/ Frame 1860 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
163b372fb12a537962f1888850272906e1713b2d6889ecdaff4ecfe82426a883

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/png
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 1C19 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

accept-ranges
bytes
age
123342
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 15 Dec 2022 09:24:44 GMT
expires
Fri, 15 Dec 2023 09:24:44 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame 1860 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodarir&v=30&d=1&s=1&f=0.01&bgai=B1udhqcmcY7jxOIXE7gPM4KP4BQAAAAA4AeAEAg
Requested by
Host: 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
URL: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:803::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Dec 2022 19:40:26 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 9C91 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
URL: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 15 Dec 2022 09:24:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
123342
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 15 Dec 2023 09:24:44 GMT
truncated
/ Frame 9C91 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6a416e2a4fd815e44bd37b0407d5f2a1820f637b776f7540cb73e6df905ad0b8

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/png
index.html
s0.2mdn.net/sadbundle/7950924427677957422/ Frame C710 		27 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/7950924427677957422/index.html
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:803::2006 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b785d8b7378b3afcd6022aff46d080b8108e000bd13435834c2bae03f65ec962
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
160493
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
9814
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Wed, 14 Dec 2022 23:05:33 GMT
expires
Thu, 14 Dec 2023 23:05:33 GMT
last-modified
Wed, 23 Feb 2022 03:16:55 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame 9C91 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstizwrKM0Btaut1ktgmbADhv2xDoFOEKbEbfmrDRgF8VR2z8H_a5c4t3JyP9Nwutj_ek9Ezd-56cOVpA6W0R0ImVCWHmHifBSY7Yx9UbUyQNVjtW6FvF-J5xXdlkcICaewpUVABjKS7BQD3ofx_L5hsiCQboCj3GzaZgS00mqOnALIN9kHSFDhApqQsWFp3rX93RcUQURGTlNreSvtHKD24bSx27GywQUtDfux7gOeBkdElHNEJmL_AE9DjHhoHMAR2NMpdVbCgPbxY0VFdTXBsUhF53qJ-WqgzNrqdVEHc1naiomaNuN4coMeuomQvt_cK5cXEh1cyd31aGYY9_xKksGLwb6vSg3bXmAU2JbKcn_gz7BG4IQTPAMzFG5mCpvRHzx3u5wE8R4fux5VOJ100jGv4nazM-hBJCfUBSOKLLRVmB-YplHhYNnSCo2egGGHrQqqRGSRi-Bd5nnCDhWilfZ7o8mNiJnmP2IhB8aBeoAEvSotm0bBu41zuYXAZpV5rOqgXTdzVOedy_irpdRpz8_vOdwSQ0F2piiFSZHOJKRvy8kYuJMsp7h5yJIAvBXHPhM5Ay7pc5PCdzwvpZRMgnEgcXnVNGr6mNJXU7F6LwsSM0Xg3tSjGBSh8WjA3WnlnmDKa1tUr6mkoU6UWAdUGxpK_Uuj0XgrmHWrfLpugbRXjhh9otu6RhQt5YPXH8viH5C0tWGMmId_REp7nmb97mm8lts7-FDb7EUTkrrYnbTwxjRqu1ShcmprUu7htXd-U-r-6hWogIh4rl2Qh1Im9e-YWARwJhnxOFsEilAbX_IGbPKNW8FWzZbMGjq_mRImVaaIvWPKy51kugqTca3weqgRcsSk-wJkhIXSTIqEit5fVva-FiqdOrAWwepoe5aRgvbQ8B-yeAIMf-ujJPkmahkabyjSyhMXwSfyUHO1W9vLXvPrpr5ZrquktP3zoouFSkDDjU6PLlFuAMAc9B7Tbg1LcCJHj3t4c13fKSc3uL7XFWllJPYz4cYTmrSjcVzhyROKopfx93cZ4ePhdDRYAkMTIpxmX0zsFdaMrSJkxsBY3F6e-3ob2686zpxP5VuVRIPq9vN4OLx5lbHcWB5EIm1_yu6EHaJQBeL4KTOCITM_TA8YFzEvlySUKVc_YZ0QFfwB1aDJILz1T7PUQJrzJZYdelWXFHuCgeSOEt82LgJSk1fNBlBtlRfEP4p2w0hQPuypntJjhU04&sai=AMfl-YTdjK5yPdrliSSzBSGDJ6qBcqcse694YOMn3MP_1y_zA-FCYEBIKWRUtQ9YeGJ0Cy_nJKvN7BOiCI31EZOJ8R5mlA_Ep7TDkaQxu_jlcE4qMbfyzfS2dneUkFTexJK9cqcnD0hrXiddtvZAXqDnulZki4JZUpJgNTXI6uTSEoz1bbK_k_orNegXE6uajKYA4gcLYCiPp3kRSbTBvqMIyF8KiGKdtbzMO4qq9Ch_uxfYX1Y_ND6rxnOGI9BX4oan9oWn7EcXIhyWx3lYdZ6ctCvc3_ktnVwnMPThYFE&sig=Cg0ArKJSzLqtNUQi9uF2EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=249&cbvp=1&cstd=246&cisv=r20221207.16412&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=
Requested by
Host: xdarom.com
URL: https://xdarom.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Fri, 16 Dec 2022 19:40:26 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 16 Dec 2022 19:40:26 GMT
ad_impression.gif
beacon.krxd.net/ Frame 9C91 		0
338 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon.krxd.net/ad_impression.gif?confid=ux5k5l91h&campaignid=27769850&advertiserid=8316070&placementid=335681472&adid=527896237&creativeid=170855759&siteid=7939113
Requested by
Host: 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
URL: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.77.217.9 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-77-217-9.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-served-by
beacon-n023-dub-prod.krxd.net
date
Fri, 16 Dec 2022 19:40:26 GMT
cache-control
private, no-cache, no-store
x-request-time
D=30 t=1671219626
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 49CA 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

accept-ranges
bytes
age
123342
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 15 Dec 2022 09:24:44 GMT
expires
Fri, 15 Dec 2023 09:24:44 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame 1860 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssEiCdmWRumFTwdPz55ydAOq6XSQVmcfmwlD4Wp3baf24GJwgx46MTrehHHedfhaySdMVyExWdQ10yWU9T-dURVFTXCvHPUtyplWDeF-F9uegxZORgGH70-7X4ScyAZnaPzRdGeBv-P-4nJYO8XYx2rQcP5a6uSUpBJNu507Z4Px8LXNbER4zT69PrcAOOQhn-iodo09aPtpuak2DCtjWxCMIs5DbwqH_6GFxOwJNkooDQsqiK5no-HPG5WXq5OIo155G_bM0K3GnPvhJsGovLQkcST5Zm0Q0JYKWdnndUFLjW9-csDR1cGYIDoOtD-c3MOV2upf8Z8Cgkoi6g9qRHKLR3bJsBNJfAY-gT_3UeCGlBagZIju3rht9uTc0_T6Sqg39CfsW_rD7aZDkroOCm4QIunf4xx-Qgbg1egNLTmAoPOktkSjiTVGGWMy1Sr0ErBuixOniCClqKbU-y1hs9CmZflR9e339SaqLdgbIArRfmZtXlZDXFOgfayOjXZkClXe-r8xj7KxCf4nC96-fkUDLslxXeY8v3grL8ZTMC8zi7XBt1DrT5p5VBxI9xH72IaENdtxrxVSF0ZhuTZX0b-WZGYaM6aTLoNjisMzVbIV0EEm8x3bly3dBMj7XXMxIjI3kg_m9AWJUW1Rj-mypNsxkt_q92aQowTlb0klVsBPTv3VdHQf3DDwqPOMsCpwgprzDoVSn3vxuRyYk9B3vliPjcbyDpsyCbjJ-FVDHVYA0jltmf_uBHz6MzggmtpbNcCJhMsAWnZp8J81VQMYKof39sDakr0Uxu26t9qpAWZ_bE8RaEsIf2oYAoKlwur1TE_VorqBDgmhGtI6VnvNjCS__b7N4FZGKmD865WlSno9KXW9EYrdoiSumeYghMBfJN8RTpJGCWxkNnxIuojPJCEPxDemGaq5v4PpZ7pd749D4RBQs_YeSZjRFMasxiWl2bUveYTNUAmmxFrnrejf7tHajCqKkqSk-1d-d93yaC9Tkxix5Q3V9QIamubypzZJgtgTp0Ez9xy2PT9J5Ytv0uffYubusxtz_7EVBwpfnUt6KCb4FLugJsNEe9M9VPKuJ18bpPtGzrtaAyLBYicFcY-_PzwQ-R2Lbt6BElr7w0LAF5iFJTBWlkJgPEavuA5EEbxmbR9PQfWI2pwRjzEpwNpl_4pvGYTSmw&sai=AMfl-YSPUYouPUPz_rDeFrXBscqigOG5EiO66A_ZLeauzbVQHOfurfDaMWWTrUInVlcZAddXq1cQXALq7mZ1G8yjNmSdS3Yl1476F3XqWQ2cvMSNJkI8YlepV27pVMIR-H4WdkK_voHRgLEYGwhlFyyQTtlf1HLdF_Cad4m5PolL9IpRekPn5HZ0FfBYDMCDyII3yXpSNb_wnMhSv7iUPOicVrcC0ATyFg4yhOCx--2Ki1F8gsD35_d5JyLlevkfY5oIeFXOsi5z-iR1togBeTYK85LO4-9auk0WuISUjc5e5Q&sig=Cg0ArKJSzBA47BcNeA4mEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=292&vt=11&dtpt=290&dett=2&cstd=1&cisv=r20221207.70541&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CheDGKy43CQTCpxxPLppGj9wINjJcxgRZg3dv8hTp0yL3pRDqIrDIMFOKdJhf1tzIA-MrWWQMT1wsQfPmXepcyfjdURemDgfc64UymcEhoqsS4u1jE1Nwx6Dyt2nb8hB6_x2tOV-PEg5N2fgY7M1XydShAHfJpwwyd2Ylnhm6RmZB9aXE&dbm_d=AKAmf-CaBb7stON_TvZDG_6u2ug-eho_fKz_9baO83vXihVA_stfrJpHepkHU5YXjFwOs4Qfq8HW_xmtS8s4ZwO9jQHiHPmDe93hM4x8jaJ9FjnszDbhso9vzAVa-Ud0ZIWdlSSZMvlalQ_Nd40FI4rcHKrVMcqE1GOIPTCREvLUP3obrIF0VnC8UOFzPLneRgHlLUgKAtuLGjX-1DEgR2gyEHaEUY4xoDjPomXJAhJpQmq7DHcIvQpTE_JwB-OHVmsDVRjo2ePkg8kX2-GmmmaVjQfi7Dduvlz5uw5x2nzTT3GGZMYruabR9ChauDs97CAtVFEEPCKnfGCJ74U7Wi8F0SyPztA8TU2vFsRrwJ9jhjj2QkHfAP49MmP1UeOHzziJmOPAEjBBjSoMyl49ZsDjQzzt3cPcLS0OiopLPHfQMuNkYrs_p69wNnNam0DgxHg6LMUOnQEiLPm5VjZpJnuftE_Q5VWyp3Qi0FqbpBpNB1nUPO27yjEDQMBPJ1QpSFqE55VSFf082ij_l-wYIYiNS0RrHsapzBKXMyqYPmpDcUeQ4T72il-zSatVKJVrVuPCFyxS1N5dmn23nz86nJsmySJB6XzNNStDFnxm8Ch3tssH0fUkR5aJb1BGI_UzSsNIh0102s7LGQCIktlPf42KyKb9BOX5kwlr_NmyhgjHdAOMcnF69qRUG0evqPG9FNFGnJ3qgF9CYHFL1dK5br_EC13w1bncYd8UwiOLj8rYlgzqmTo27WPOCiUF3DDtvxN7dwT0n2vSXsiz839wpSjLpuK2pgqov9JYIepoEf2CCgPlIutyfNOJ1pszQ-LnV7U5f_vJI1Hs3tyIF3cpEt4mFfX4rXEVNKkDAHibUMe2xF6MzokIvgHchWxCMlb4_23hs-m2nDn3tHYsvNUarnX4y8j20C4YG2gfkrdqGa48SX3FGBCSfkZxaqBaLpuTQD4n34u46Uf7-ZV1QKUcWW9BkZWTyTZMWBM-8Ql8Nx-0AeR6tIqAA2RLEjo_FFtEpfEMqtCKXD8JPgytAEWxvs3jqckK64-Tq9ui0PXFE0lipv0wNfKSw8RYXBhnUGYujw3XPU3ZW5mjsM0HhLcpudPnqvrCshyidYr3Pd9qbX60ZPVwY13Wd73SujZXtofCCYajMUrFDxctYIIKL1CsHp6BAq0ihOt-2aPYg-NRgp-_z6lS85NC9xg1zRftfmkrHGKG5Sfr-bDdizgdfmlZ6VAiFGjF6tce6lwNXsq-LG9PJrUKCumXbOb4-GadhtgaYcXu7GxWpvPqQNRk3KRnLuTm6cjJWJihvAkNLL2We6oyh4xeET-UR3hwLwE696T9-E5l_b7PVs4GBxKp9IUHt_A1LGKa3rEEvQRobR40wgeEeg68U9hGFbYGXKTay-qJu2TpngtK5w4d--ufWl4In84bUYQS2hEybf98KfjnjEa0rjCeYfNlrrE2eIa0bg0HUb49cwcBx9edZCR2W04-dccQGLc4GIK8fK2Tob0i3ohFNGcXGxOjITGRgM1qhxdnDXoHtAb916NS6ZxH5JlkPDtKJfPI6BQXbVE2Kw2asosq6S0sY5VWRnFEk8yEW5k4CzWR8LVwngaV58zdJBjI5PctoBIu9STHvNt0LtBOiuznz9UafGKYMZ6QNaQoQbBV2tDR7UfMd00tEmuB1528Aanv9FI3DxKoRGWVqy1n9mDc-oEVZ0lM5Fj4HImLdlKsKpytapjbqP5JXx3AvVQcPwZrN1VPefBvjhN4yVJ7zb0JvYAkUMKy3ysd0DsmzXjsleXkdsFVjOygQraUKtpiWxO52Zlf9JMVwo1jgNVs0-jp8dlyL1jnrDM6bGvqRtWbF2mnqC3SRqsiAgHCJqL1OKrqe14qnveoSyjBj9Hdi_FpEe1zxxGdt1xA64MvEy8r98hDpNgp3t9WJ7qSSyiTK4WKcWhwbIz1BYf7gfBLTxEuW6umNEyHqKrjv2f9nNGJX_NOmGKW7ES3BWnT9bbDF7IhkYBEyeA8aF5_20x6KMYG0_CLS41Zt1tjgV1-6TR7YHNDUFs9tYfp5XuWJd99EZCRvmeE44B2hFeMn84LckWv9EGoFcSf2-C_NGFNnhmb_ehCIeJqf60d7BUhThSYQxsX3gPFOibR7unXTbygtWmFOgmpU1sb4AbEggO07KwcGy9KyFlx4py6l58ArmB1u6zmOT7Wj6Fsufj83Y-Q4rBp8Xs2-ol_AfK6yrht36xaDN212-ASJErpiIZ_qOM2h5cmmQ9Sgly7KGkwmMPfi3NO3xkzL80tIP6mSSZfAlTwcRoygisBehkxsCZjTGmmQ6sCMCd41WuRNtAh0FHDabIY44Zz4ZUma-byINUKoUkKTTiA9pKWdhpMzWzxaV69NO5oPuQqm9vJj0GMRrJaD8JYzGpIYACb6xst-YW1vg7-Q50wyTA5YM6JzKl0R8Upsppu-PEUL27MNjJWqJw32-eH_wd1pfphYntWIV3yVJuQAjNR0Bvvy20RV3jWH8B_PDSmYesH2rF0K-9IponsXa2Ml4gnC5CpNYtywua348uio7T_62Mo8pKXoi8tLSH6nEpGghgc6FNqSUDxEr7FROpa5b0u27dDwHjqZ2tZUtjAs2iTOD0k24W5A3FVyeXixz5fX1b4nJ55L6WARIDvO8ZFm5motwy0UMr86USInNIDBifHmZwA9P0JYP1iWIXNQyrS3ejmlxs04-CKlULk3V4JDa4jcjllI3C30_SGk4sVTIkhsv5MlOgu5kv3JtnOMwJeHNqHmBhXNhAlqy5J482wUC8HD5il05A7dJgHyoT232oQf9BDZrm0p3tYdQ7KIFfD9G1-Wf7aSyermlbzmLR_H8jogoCz36PJoifHgEi8MT9wVSMHnnYwOYkjZsUV0H2l0KF0duqrmBaiZ7TFzDUvQap4EVL-Pjqy801LeiI55D9statjrvGOZekg4kLdgk5UDM5mlE2RcnVJQkz0UgQa5Sk-nW-Z8I4ZWPrcjzh6JTPJtEaG-YtwL79Of3zXFhxijb_lBWtVd4Gl9ohOeDa8p7EG7yMupxnNKuO5F5_4eEMDMD7zj--jgi_5FQ25wzV8nEeOSwAJRryEhlJC5U0gRHogci5r0fBou3eco9_QqHXYi4vuR_8m_yR1k22YDjrkjDb9GaKLgMVq0OuLOvc2mkeTxD1XyGb3m7NAw6u1D_m6yObnFttwZ8Lhazmho4aPzMtu8qDAL5AGZm5CGF5StdS8RXbN3KtLjX-grVJRlcGOlCMh4syc&cid=CAQSTADq26N9q3wdBDXLchuRq0cvvTYrGSoAyb6uEvGtgXp4EXdcM02t_827obj_-xe5AN6BRXB9gaFBPooVWK4QTQIwl2KdLVX_x4Yuw1sYASAT&rfl=1%2Chttps%253A%252F%252Fxdarom.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:26 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 16 Dec 2022 19:40:26 GMT
GC5M5N_VN3lVd7ErmxmldCKoshgV9d2S74rLP9hyoZw.js
pagead2.googlesyndication.com/bg/ Frame 1C19 		36 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/GC5M5N_VN3lVd7ErmxmldCKoshgV9d2S74rLP9hyoZw.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:803::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
182e4ce4dfd537795577b12b9b19a57422a8b21815f5dd92ef8acb3fd872a19c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 13 Dec 2022 20:48:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
255109
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16025
x-xss-protection
0
last-modified
Mon, 05 Dec 2022 17:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 13 Dec 2023 20:48:37 GMT
counter.d27508c102582d608697.js
s7.addthis.com/static/ 		24 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s7.addthis.com/static/counter.d27508c102582d608697.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.62.220.135 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-62-220-135.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
e4f924eac92aa3cc4ea64f2891447e8bd3af49e1a5c0bcd04b7356e2f7f1c04c
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
date
Fri, 16 Dec 2022 19:40:26 GMT
last-modified
Mon, 26 Oct 2020 18:11:48 GMT
server
nginx/1.15.8
etag
W/"5f971164-5fd2"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=86313600
x-host
s7.addthis.com
timing-allow-origin
*
content-length
8265
14.2dfb61b890959f78272d.js
s7.addthis.com/static/ 		397 B
544 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s7.addthis.com/static/14.2dfb61b890959f78272d.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.62.220.135 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-62-220-135.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
6070049215ef9b98d1b389d67963816172ff29513d34335c5061cd9619a3ea17
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
date
Fri, 16 Dec 2022 19:40:26 GMT
last-modified
Mon, 26 Oct 2020 18:11:48 GMT
server
nginx/1.15.8
etag
W/"5f971164-18d"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=86313600
x-host
s7.addthis.com
timing-allow-origin
*
content-length
304
truncated
/ 		443 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/png
shares.json
api-public.addthis.com/url/ 		55 B
311 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api-public.addthis.com/url/shares.json?url=https%3A%2F%2Fxdarom.com%2Fmagisk-manager%2F&callback=_ate.cbs.sc_httpsxdaromcommagiskmanager0
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.62.220.135 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-62-220-135.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
36bf7f3a24472138d74c0f902abcbcaf42bad8526a3d485b5960e515b7e6766e
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
surrogate-key
xdarom.com/magisk-manager/
last-modified
Fri, 16 Dec 2022 19:40:26 GMT
server
nginx/1.15.8
date
Fri, 16 Dec 2022 19:40:26 GMT
vary
Accept-Encoding
content-type
application/json
cache-control
no-transform, must-revalidate, max-age=0, s-maxage=3600
content-length
75
shares.json
api-public.addthis.com/url/ 		80 B
349 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api-public.addthis.com/url/shares.json?url=https%3A%2F%2Fxdarom.com%2Fsmartphone-sp-flash-tools-version-download%2F&callback=_ate.cbs.sc_httpsxdaromcomsmartphonespflashtoolsversiondownload0
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.62.220.135 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-62-220-135.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
e3beba43f7399f0472709abffa9f60cfa64c93a274d2d38295b02589b1937aef
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
surrogate-key
xdarom.com/smartphone-sp-flash-tools-version-download/
last-modified
Fri, 16 Dec 2022 19:40:26 GMT
server
nginx/1.15.8
date
Fri, 16 Dec 2022 19:40:26 GMT
vary
Accept-Encoding
content-type
application/json
cache-control
no-transform, must-revalidate, max-age=0, s-maxage=3600
content-length
94
shares.json
api-public.addthis.com/url/ 		62 B
323 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api-public.addthis.com/url/shares.json?url=https%3A%2F%2Fxdarom.com%2Fmi-account-remove-tool%2F&callback=_ate.cbs.sc_httpsxdaromcommiaccountremovetool0
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.62.220.135 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-62-220-135.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
d7aacdd483dd88c140cccb36ba42f82981311524c06ef15f976ddb094d0d6ba6
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
surrogate-key
xdarom.com/mi-account-remove-tool/
last-modified
Fri, 16 Dec 2022 19:40:26 GMT
server
nginx/1.15.8
date
Fri, 16 Dec 2022 19:40:26 GMT
vary
Accept-Encoding
content-type
application/json
cache-control
no-transform, must-revalidate, max-age=0, s-maxage=3600
content-length
82
shares.json
api-public.addthis.com/url/ 		66 B
331 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api-public.addthis.com/url/shares.json?url=https%3A%2F%2Fxdarom.com%2Fsamsung-tool-card-not-found%2F&callback=_ate.cbs.sc_httpsxdaromcomsamsungtoolcardnotfound0
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.62.220.135 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-62-220-135.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
ca8d096ba331e9e56e006f72e4d43879e61b70c4090c68e8be1f2aa30830b339
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
surrogate-key
xdarom.com/samsung-tool-card-not-found/
last-modified
Fri, 16 Dec 2022 19:40:26 GMT
server
nginx/1.15.8
date
Fri, 16 Dec 2022 19:40:26 GMT
vary
Accept-Encoding
content-type
application/json
cache-control
no-transform, must-revalidate, max-age=0, s-maxage=3600
content-length
86
shares.json
api-public.addthis.com/url/ 		61 B
322 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api-public.addthis.com/url/shares.json?url=https%3A%2F%2Fxdarom.com%2Foppo-preloader-driver%2F&callback=_ate.cbs.sc_httpsxdaromcomoppopreloaderdriver0
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.62.220.135 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-62-220-135.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
80ba090472301810eb1683e1fd67cfd51997bff76c70e0eb3b157738a0e68ba2
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
surrogate-key
xdarom.com/oppo-preloader-driver/
last-modified
Fri, 16 Dec 2022 19:40:26 GMT
server
nginx/1.15.8
date
Fri, 16 Dec 2022 19:40:26 GMT
vary
Accept-Encoding
content-type
application/json
cache-control
no-transform, must-revalidate, max-age=0, s-maxage=3600
content-length
81
shares.json
api-public.addthis.com/url/ 		59 B
316 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api-public.addthis.com/url/shares.json?url=https%3A%2F%2Fxdarom.com%2Fcm2-dongle-manager%2F&callback=_ate.cbs.sc_httpsxdaromcomcm2donglemanager0
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.62.220.135 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-62-220-135.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
da7d071b5dbde50f6e1f03862b660f07f4b4c457f012165b612c18f93dd347e5
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
surrogate-key
xdarom.com/cm2-dongle-manager/
last-modified
Fri, 16 Dec 2022 19:40:26 GMT
server
nginx/1.15.8
date
Fri, 16 Dec 2022 19:40:26 GMT
vary
Accept-Encoding
content-type
application/json
cache-control
no-transform, must-revalidate, max-age=0, s-maxage=3600
content-length
77
shares.json
api-public.addthis.com/url/ 		69 B
338 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api-public.addthis.com/url/shares.json?url=https%3A%2F%2Fxdarom.com%2Fsamsung-j7-pro-frp-file-download%2F&callback=_ate.cbs.sc_httpsxdaromcomsamsungj7profrpfiledownload0
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.62.220.135 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-62-220-135.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
1e57530eb708eb75ca4319717836a7ec580b1b6b09ba69a384392bfa5dd564a9
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
surrogate-key
xdarom.com/samsung-j7-pro-frp-file-download/
last-modified
Fri, 16 Dec 2022 19:40:26 GMT
server
nginx/1.15.8
date
Fri, 16 Dec 2022 19:40:26 GMT
vary
Accept-Encoding
content-type
application/json
cache-control
no-transform, must-revalidate, max-age=0, s-maxage=3600
content-length
89
shares.json
api-public.addthis.com/url/ 		69 B
335 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api-public.addthis.com/url/shares.json?url=https%3A%2F%2Fxdarom.com%2Foppo-a3s-pattern-lock-reset-done%2F&callback=_ate.cbs.sc_httpsxdaromcomoppoa3spatternlockresetdone0
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.62.220.135 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-62-220-135.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
f6f6366f12a6233acc872f46f99274bbdff4e4f473c98f1464f8419c5857b660
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
surrogate-key
xdarom.com/oppo-a3s-pattern-lock-reset-done/
last-modified
Fri, 16 Dec 2022 19:40:26 GMT
server
nginx/1.15.8
date
Fri, 16 Dec 2022 19:40:26 GMT
vary
Accept-Encoding
content-type
application/json
cache-control
no-transform, must-revalidate, max-age=0, s-maxage=3600
content-length
87
shares.json
api-public.addthis.com/url/ 		55 B
311 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api-public.addthis.com/url/shares.json?url=https%3A%2F%2Fxdarom.com%2Fmtk-client-tool%2F&callback=_ate.cbs.sc_httpsxdaromcommtkclienttool0
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.62.220.135 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-62-220-135.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
cf4e42ab19ce65873e9ccb11decb22e6507e58451e18c0e8ffaae314e528c5c0
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
surrogate-key
xdarom.com/mtk-client-tool/
last-modified
Fri, 16 Dec 2022 19:40:26 GMT
server
nginx/1.15.8
date
Fri, 16 Dec 2022 19:40:26 GMT
vary
Accept-Encoding
content-type
application/json
cache-control
no-transform, must-revalidate, max-age=0, s-maxage=3600
content-length
75
shares.json
api-public.addthis.com/url/ 		57 B
315 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api-public.addthis.com/url/shares.json?url=https%3A%2F%2Fxdarom.com%2Frealme-dialer-apk%2F&callback=_ate.cbs.sc_httpsxdaromcomrealmedialerapk0
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.62.220.135 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-62-220-135.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
f08bed819ea0227fe91ff47b2989567759edd6db1e057ab9695a3f2ed6fbacae
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
surrogate-key
xdarom.com/realme-dialer-apk/
last-modified
Fri, 16 Dec 2022 19:33:53 GMT
server
nginx/1.15.8
date
Fri, 16 Dec 2022 19:40:26 GMT
vary
Accept-Encoding
content-type
application/json
cache-control
no-transform, must-revalidate, max-age=0, s-maxage=3600
content-length
77
GC5M5N_VN3lVd7ErmxmldCKoshgV9d2S74rLP9hyoZw.js
pagead2.googlesyndication.com/bg/ Frame 49CA 		36 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/GC5M5N_VN3lVd7ErmxmldCKoshgV9d2S74rLP9hyoZw.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:803::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
182e4ce4dfd537795577b12b9b19a57422a8b21815f5dd92ef8acb3fd872a19c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 13 Dec 2022 20:48:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
255109
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16025
x-xss-protection
0
last-modified
Mon, 05 Dec 2022 17:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 13 Dec 2023 20:48:37 GMT
GDSherpa-Semibold-trim.css
s0.2mdn.net/sadbundle/7950924427677957422/css/ Frame C710 		18 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/7950924427677957422/css/GDSherpa-Semibold-trim.css
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7950924427677957422/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:803::2006 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
04681f7bb0e948a2d514f053800b8eb2a63ace4bad7552b71bed7fabc0481abd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://s0.2mdn.net/sadbundle/7950924427677957422/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 14 Dec 2022 21:07:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
167573
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13958
x-xss-protection
0
last-modified
Wed, 23 Feb 2022 03:16:55 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 14 Dec 2023 21:07:33 GMT
GDSage-Bold-trim.css
s0.2mdn.net/sadbundle/7950924427677957422/css/ Frame C710 		30 KB
23 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/7950924427677957422/css/GDSage-Bold-trim.css
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7950924427677957422/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:803::2006 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2ca6a1e448f56870627c459225a0d39627b369618117e28770725b87a1fb83e9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://s0.2mdn.net/sadbundle/7950924427677957422/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 08:02:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
41869
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23299
x-xss-protection
0
last-modified
Wed, 23 Feb 2022 03:16:55 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 16 Dec 2023 08:02:37 GMT
GDSherpa-Medium-trim.css
s0.2mdn.net/sadbundle/7950924427677957422/css/ Frame C710 		18 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/7950924427677957422/css/GDSherpa-Medium-trim.css
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7950924427677957422/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:803::2006 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
469e50ea8f0d43a44c19c5fa440e14caa9492f159e96470c9e774ee034bda6e2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://s0.2mdn.net/sadbundle/7950924427677957422/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 14 Dec 2022 11:59:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
200446
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14095
x-xss-protection
0
last-modified
Wed, 23 Feb 2022 03:16:55 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 14 Dec 2023 11:59:40 GMT
GDSherpa-Bold-trim.css
s0.2mdn.net/sadbundle/7950924427677957422/css/ Frame C710 		15 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/7950924427677957422/css/GDSherpa-Bold-trim.css
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7950924427677957422/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:803::2006 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
207250956dee49c6a1ef59194bd1c5a956a5377c4f504ddde7209678541706f4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://s0.2mdn.net/sadbundle/7950924427677957422/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 14 Dec 2022 23:05:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
160493
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11802
x-xss-protection
0
last-modified
Wed, 23 Feb 2022 03:16:55 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 14 Dec 2023 23:05:33 GMT
main.css
s0.2mdn.net/sadbundle/7950924427677957422/css/ Frame C710 		11 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/7950924427677957422/css/main.css
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7950924427677957422/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:803::2006 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fc756d6d9c13b68a78cf9dcd159d5c1658e2d7162ffedc9b4a98fdb9c82ccc09
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://s0.2mdn.net/sadbundle/7950924427677957422/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 13 Dec 2022 15:21:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
274720
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2366
x-xss-protection
0
last-modified
Wed, 23 Feb 2022 03:16:55 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 13 Dec 2023 15:21:46 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 1C19 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B1udhqcmcY7jxOIXE7gPM4KP4BQAAAAA4AeAEAg&bg=!ubqluv7NAAYgquz3AKo7ACkAdvg8Wtx4fg2moSboo09BXhYjk6JhlxynKWqt8aij1WV1rCydXidX-AIAAACCUgAAAAJoAQeZAw8C6pYlBK8rp8gDDMzW8jU4CH1povgpjgaohb0cL_sVr48y5CC_OotHnT1l2NYYVpW9xjlPqTd4HO6rcNwIGNGLCWW1FWEIyqRdVl86kXlPWm4rmJbiXWwJxyYt6ys05tanMSm2yiXxObvyDcGKaFjRzPDmpU8NjvbkboMZzGBqvEHD2bxWGHkpxjgeDQT76OlcfsVqkKf3dx31DnJwR9sj4zZHJQZ6nDpF5vRA6u3DPCWytmAxBKNRilE051V5Um0f5x7zRtYjZpdBZyYWoTabqTKczP2L_ANh9KdkUjxXSAdhQuizyo-o-iHAqQou41fKaSPBRSFGjBSmg_xEirw-OS4QNT08Heb6wN97YyWAevSdQbk4C0d3P1Hwe7owFip6Cjxq41iOEOcAsdZCVhIj3_EgRoopUPA3QG8kM59ms7rCo_jKfQ1h5shC7BJgBRgRtGErhWQAx2_GYsnadA1TRLk4xfBMLdTAkcJcl6xZMfld0UHhMt9-oPj3nGnzf8QibOFFcpcQQpT2f1X9FDJ3Jw8S8ZzMczVpbCf3NtsZZjXkva-kK0qvEXvR8c-NHgwcE_dqfz-3a6eSgqO0ZGF8rm0WZaR27wsZRdQCscSkzt1vGIaFiuTyec0BvKy13VmeEm3zWDi03ROM4x-VFMHQoP3CxQ5UtY4TwrIpC4pL9HPp_y49oXadb4Z5DofHyFUnqseOWcIXTCWxZ_nTuO-8v_x9BaeYx7ZDidEx7RdVXafg5UyXJ8qfwwPmkV-PEclOIs920ut3sNIDPAEmaujPeq7QAAtjtd4TLf-qOzMRrDa7BrG4Z1e3Ev73GWi1wMG_Zly3tnioYzEc4Sa7Tjg1ikaGHxhMShS82l20g55UcS29acJD4x8sdOVehbc1jkB3xboAhdYSv2c6qWjSlfH6ui63Eor7wMsRD_QhburGfLtFQ53S_mxESy7-gwrEqVfGbdlwK5wdpPTM2mJ93QX2nZMHteI6R-xgmqQWBP6VP1Rf8wZwlMWfgzmpmDK1ovAwFN9Q2W6zyrRSA1z3seY
Requested by
Host: xdarom.com
URL: https://xdarom.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:803::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Dec 2022 19:40:26 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
300x250.png
s0.2mdn.net/sadbundle/7950924427677957422/img/ Frame C710 		58 KB
58 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/7950924427677957422/img/300x250.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7950924427677957422/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:803::2006 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7c5b697d010f6cdd7343aa97dc0bfb0c29278555192f430d05aa98e07e9a4620
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://s0.2mdn.net/sadbundle/7950924427677957422/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 14 Dec 2022 23:06:59 GMT
x-content-type-options
nosniff
age
160407
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
59700
x-xss-protection
0
last-modified
Wed, 23 Feb 2022 03:16:55 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 14 Dec 2023 23:06:59 GMT
index.html
s0.2mdn.net/sadbundle/7950924427677957422/ Frame C710 		27 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/7950924427677957422/index.html
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7950924427677957422/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:803::2006 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://s0.2mdn.net/sadbundle/7950924427677957422/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 14 Dec 2022 23:05:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
160493
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9814
x-xss-protection
0
last-modified
Wed, 23 Feb 2022 03:16:55 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/html
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 14 Dec 2023 23:05:33 GMT
truncated
/ Frame C710 		13 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3467899160318fc9669302f7ac232dd9f8e43cd921386880e661061e7535363b

Request headers

Referer
Origin
https://s0.2mdn.net
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
application/x-font-woff;charset=utf-8
truncated
/ Frame C710 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
877b53d3e74515e85b2b25b3937f334260d2107cb30a8e29c34fddc0281a2e7d

Request headers

Referer
Origin
https://s0.2mdn.net
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
application/x-font-woff;charset=utf-8
truncated
/ Frame C710 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/gif
gen_204
pagead2.googlesyndication.com/pagead/ Frame 49CA 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BsvQwqcmcY6j-OtaXgQfrpL7ABAAAAAA4AeAEAg&bg=!YmGlYSXNAAYgquz3AKo7ACkAdvg8Wq_l1q2cGXPE9DlPf9JMDvAACFPnokfi5n2Jrm1LKlNxZlfRmAIAAABoUgAAAAJoAQeZAyktmFaWXbe0C3R0Av4fdTenwsQN_XBPoz1IUlKXrfDA5kYpAjZDhv2IGG8JGzgkNhB2Q35803IYpi-v8_EyhqaaP_wsPArFn4-ZUY_ExWVVhI9YycBUVmzFVxD8Y50NOu7oMXoGrltfu4rh10p7N28R9pg20TmWfPogr04lj--zuFxgojRq6qHj1tWdOCNtdoJwD8--ycSh2E_cTApistpDV7IIB34m6FunI4KiFzqh3nNg3YlJeWUE7ndF4QlxpHEUD159zpRbHm_cjbjDXKc1AZkMsFvuZf1FUoQcwuFxWGvgrAeOb24465nTDwcL7ngVcg1iRLOF8mlVUTyee7RbrdojT9XMJ8JEOexN8Gz1_81CLGc7dgq3kdPXgJb7bmaIR5kMrQqpStXZKIzRnfXmCiRS8BWJ2gliWI2e8PGSDflYoQN1Imx1e6KDTwTPNemtw9uEilWv_4tW1zM9jvHJlcGcEqIfS5lTnLYTJhdOelYJWoGMCLW6OcfH1C429OuH6PJhDS18qE8uax-tAJt4vmvEL2jkD67r_ncTYzT-J_--DLhJi-PpMdTBvX35KFea4k3oP7riR4cDtnItkGgM8PB_ygJmAiYJIjOqMT8zVWmt-ave6in_u9a6r4EaegHJn5t6T0BrFxpYHUUccnQaHRVEBUznz9B9nGTssz3Qyj44vumS46QvBpIJRkOetHecx9Kr1L6r_2LmDVa7heyaGx6FZWbt7OPG-kwlspRNwo_HTpJmOt1RPAi-2BYWz7gqKkyUgsiLljAdz3nhWSFcrENu9za-ezT5JvRVr8F5aSKBrD0CKKhPcGF0lAnCwP3dKSb2KiOsDdy5_87pG8yuCZmCplP02Q0Z1dqzxGVvkApeTxAch8nR6yMZuL9KRE6BggSKuwJDCsKZ0WjS8iERfBityT6NGFLjtVabeT9ksCDiju_ljFYu89bdBv44CnVKAlZsfHPZ_edLQrcunVlP5lzLCVhRK2DTp_VPC7Yfy3Ib08vWazk2xxAhtKN0di8TkLpUZhxUWpB9L2ggYNR6rkeFOHgYPtl8xp8nZ7vHRo7BuRXI6593gw
Requested by
Host: 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
URL: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:803::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Dec 2022 19:40:26 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
tweenmax_1.20.0_d360d9a082ccc13b1a1a9b153f86b378_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame C710 		112 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_1.20.0_d360d9a082ccc13b1a1a9b153f86b378_min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7950924427677957422/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:803::2006 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c3b9597a90a43830b2a92897a5ef015ce5310e7f32dbb5cd1db2c807c5e6b036
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://s0.2mdn.net/sadbundle/7950924427677957422/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38407
x-xss-protection
0
last-modified
Wed, 04 Oct 2017 18:33:56 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 16 Dec 2022 19:40:26 GMT
timelinelite_2.0.1_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame C710 		13 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/ads/studio/cached_libs/timelinelite_2.0.1_min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7950924427677957422/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:803::2006 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1d49aa620c0f7fe03d96000efb3d9a812cc1bdf0f14696681ca16e146ec7b3c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://s0.2mdn.net/sadbundle/7950924427677957422/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4356
x-xss-protection
0
last-modified
Tue, 19 Jun 2018 18:02:35 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 16 Dec 2022 19:40:26 GMT
scripts.js
s0.2mdn.net/sadbundle/7950924427677957422/js/ Frame C710 		40 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/7950924427677957422/js/scripts.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7950924427677957422/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:803::2006 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ad01e0fed80d20dabbb85eca33b1d6546eb4e9c0fcdabe1d704b684a51e62b9a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://s0.2mdn.net/sadbundle/7950924427677957422/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 15 Dec 2022 03:49:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143436
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9877
x-xss-protection
0
last-modified
Wed, 23 Feb 2022 03:16:55 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 15 Dec 2023 03:49:50 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 9C91 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstizwrKM0Btaut1ktgmbADhv2xDoFOEKbEbfmrDRgF8VR2z8H_a5c4t3JyP9Nwutj_ek9Ezd-56cOVpA6W0R0ImVCWHmHifBSY7Yx9UbUyQNVjtW6FvF-J5xXdlkcICaewpUVABjKS7BQD3ofx_L5hsiCQboCj3GzaZgS00mqOnALIN9kHSFDhApqQsWFp3rX93RcUQURGTlNreSvtHKD24bSx27GywQUtDfux7gOeBkdElHNEJmL_AE9DjHhoHMAR2NMpdVbCgPbxY0VFdTXBsUhF53qJ-WqgzNrqdVEHc1naiomaNuN4coMeuomQvt_cK5cXEh1cyd31aGYY9_xKksGLwb6vSg3bXmAU2JbKcn_gz7BG4IQTPAMzFG5mCpvRHzx3u5wE8R4fux5VOJ100jGv4nazM-hBJCfUBSOKLLRVmB-YplHhYNnSCo2egGGHrQqqRGSRi-Bd5nnCDhWilfZ7o8mNiJnmP2IhB8aBeoAEvSotm0bBu41zuYXAZpV5rOqgXTdzVOedy_irpdRpz8_vOdwSQ0F2piiFSZHOJKRvy8kYuJMsp7h5yJIAvBXHPhM5Ay7pc5PCdzwvpZRMgnEgcXnVNGr6mNJXU7F6LwsSM0Xg3tSjGBSh8WjA3WnlnmDKa1tUr6mkoU6UWAdUGxpK_Uuj0XgrmHWrfLpugbRXjhh9otu6RhQt5YPXH8viH5C0tWGMmId_REp7nmb97mm8lts7-FDb7EUTkrrYnbTwxjRqu1ShcmprUu7htXd-U-r-6hWogIh4rl2Qh1Im9e-YWARwJhnxOFsEilAbX_IGbPKNW8FWzZbMGjq_mRImVaaIvWPKy51kugqTca3weqgRcsSk-wJkhIXSTIqEit5fVva-FiqdOrAWwepoe5aRgvbQ8B-yeAIMf-ujJPkmahkabyjSyhMXwSfyUHO1W9vLXvPrpr5ZrquktP3zoouFSkDDjU6PLlFuAMAc9B7Tbg1LcCJHj3t4c13fKSc3uL7XFWllJPYz4cYTmrSjcVzhyROKopfx93cZ4ePhdDRYAkMTIpxmX0zsFdaMrSJkxsBY3F6e-3ob2686zpxP5VuVRIPq9vN4OLx5lbHcWB5EIm1_yu6EHaJQBeL4KTOCITM_TA8YFzEvlySUKVc_YZ0QFfwB1aDJILz1T7PUQJrzJZYdelWXFHuCgeSOEt82LgJSk1fNBlBtlRfEP4p2w0hQPuypntJjhU04&sai=AMfl-YTdjK5yPdrliSSzBSGDJ6qBcqcse694YOMn3MP_1y_zA-FCYEBIKWRUtQ9YeGJ0Cy_nJKvN7BOiCI31EZOJ8R5mlA_Ep7TDkaQxu_jlcE4qMbfyzfS2dneUkFTexJK9cqcnD0hrXiddtvZAXqDnulZki4JZUpJgNTXI6uTSEoz1bbK_k_orNegXE6uajKYA4gcLYCiPp3kRSbTBvqMIyF8KiGKdtbzMO4qq9Ch_uxfYX1Y_ND6rxnOGI9BX4oan9oWn7EcXIhyWx3lYdZ6ctCvc3_ktnVwnMPThYFE&sig=Cg0ArKJSzLqtNUQi9uF2EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=591&vt=11&dtpt=342&dett=3&cstd=246&cisv=r20221207.16412&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=
Requested by
Host: xdarom.com
URL: https://xdarom.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:26 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 16 Dec 2022 19:40:26 GMT
truncated
/ 		171 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0d2fd5a42a1849ad0d820611e243fd81fe81ee767716b639ff7e88c1e9f78bb6

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		937 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c69e528427c8218cb4bc5fe647db3366146403d53593a3f96482479a14eca234

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/png
army.gif
xdarom.com/porpoiseant/ 		0
504 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMzk3NTEwNzI3NzEzMjg3MiIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MTYsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by
Host: xdarom.com
URL: https://xdarom.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y0b-6y0d-21y14-4y18-5y22-3y30-4y5a-2y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x0bx0dx14x18x22x30x5ax5ex65&abt=DynamicMedDec
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:26 GMT
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6njvcK9rNzkVyBQLrbFXaasWdsG%2FHaUPsnjIjwselcUqZ5My9qsfndxF0tgTekdJ5FKoQwTmTMt9PP7PB5HBESAL2XqCKPPKwOANDJT0TJwIlq5N0ij9%2BS77vha1eEjDVsHSAviaIikQ"}],"group":"cf-nel","max_age":604800}
x-middleton-display
ezp_sol
cache-control
private, max-age=0, must-revalidate, no-cache, no-store
cf-ray
77a9e40c6e0fb725-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 15 Dec 2022 19:40:27 GMT
dark-bottom.css
xdarom.com/ezoic/styles/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/ezoic/styles/dark-bottom.css
Requested by
Host: xdarom.com
URL: https://xdarom.com/ezoic/cookieconsent.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
94edf973e9deb80b5eccf17f8f3108eafe15209fe25fe417e8f8962a4d8f48b3

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:27 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Fri, 16 Dec 2022 16:32:44 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"bd7-5eff484e1c300-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J6UNo1rKMQRamgCxiRqCIload7uhc2qXS6MNwqRnl%2F%2Bnz1cO6NtPOnQLU9nPr74jNdthUWEUl7iM%2BZwJq73Sbts%2BTVBfmo3Vw6l9%2F%2Bo%2Bbau8CAT%2FKbIEDoXjFHJayvoctLAsMP8b4CEy"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=31536000
x-robots-tag
noindex
cf-ray
77a9e40c9e36b725-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
300lo.json
m.addthis.com/live/red_lojson/ 		88 B
248 B 		Script
General
Check archive.org
Download Go to
Full URL
https://m.addthis.com/live/red_lojson/300lo.json?si=639cc9a927eb617c&bkl=0&bl=1&pdt=3444&sid=639cc9a927eb617c&pub=wp-0a30e673284c7577d41b1511df774fe4&rev=v8.28.8-wp&ln=en&pc=scopl%2Cwpp&cb=0&ab=-&dp=xdarom.com&fp=&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1671219626968&wpv=wpp-6.2.7&addthis_plugin_info=%7B%22info_status%22%3A%22enabled%22%2C%22cms_name%22%3A%22WordPress%22%2C%22plugin_name%22%3A%22Share%20Buttons%20by%20AddThis%22%2C%22plugin_version%22%3A%226.2.7%22%2C%22plugin_mode%22%3A%22WordPress%22%2C%22anonymous_profile_id%22%3A%22wp-0a30e673284c7577d41b1511df774fe4%22%2C%22page_info%22%3A%7B%22template%22%3A%22home%22%2C%22post_type%22%3A%22%22%7D%2C%22sharing_enabled_on_post_via_metabox%22%3Afalse%7D&jsl=4097&uvs=639cc9a9a6ea28a8000&skipb=1&callback=addthis.cbs.jsonp__7214518056845580
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.62.220.135 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-62-220-135.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
34b5493c7ce4b0a1558ab99cbe8e19961944a143a028429048140f8d962a89e2

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Dec 2022 19:40:27 GMT
cache-control
max-age=0, no-cache, no-store, no-transform
content-disposition
attachment; filename=1.txt
content-length
88
content-type
application/javascript;charset=utf-8
sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 584C 		0
0
sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame A5E6 		71 KB
26 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.62.220.135 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-62-220-135.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://xdarom.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

cache-control
public, max-age=86313600
content-encoding
gzip
content-length
26421
content-type
text/html
date
Fri, 16 Dec 2022 19:40:27 GMT
etag
W/"5f971164-11adc"
last-modified
Mon, 26 Oct 2020 18:11:48 GMT
p3p
CP="NON ADM OUR DEV IND COM STA"
server
nginx/1.15.8
strict-transport-security
max-age=15724800; includeSubDomains
timing-allow-origin
*
vary
Accept-Encoding
x-host
s7.addthis.com
sodar
pagead2.googlesyndication.com/getconfig/ 		14 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022120501&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:803::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
85d6ce28368977acc9fbcaf2fce4c1fa337ea64ffdb7cbd97491405f58e99645
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:27 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11101
x-xss-protection
0
army.gif
xdarom.com/porpoiseant/ 		0
512 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiODE5NjYzNjgzOTExOTE1NSIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6Ils5NzAsOTBdIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI4MTk2NjM2ODM5MTE5MTU1IiwiZG9tYWluX2lkIjoiMTg4NTEzIiwidW5pdCI6ImRpdi1ncHQtYWQteGRhcm9tX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTY3MTIxOTYyMiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiNjdhMDBjMmQtY2VhMy00ZjhkLTQ3NDYtOWFhMDBlOWI0NGExIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9mbHVpZCIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI4MTk2NjM2ODM5MTE5MTU1IiwiZG9tYWluX2lkIjoiMTg4NTEzIiwidW5pdCI6ImRpdi1ncHQtYWQteGRhcm9tX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTY3MTIxOTYyMiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiNjdhMDBjMmQtY2VhMy00ZjhkLTQ3NDYtOWFhMDBlOWI0NGExIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImRvbWFpbl9kZnBfc3R5bGVfaWQiLCJ2YWwiOiIwIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by
Host: xdarom.com
URL: https://xdarom.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y0b-6y0d-21y14-4y18-5y22-3y30-4y5a-2y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x0bx0dx14x18x22x30x5ax5ex65&abt=DynamicMedDec
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:27 GMT
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZUHR%2BemS8ePvHkU%2BjLcRSzG4wOBRDPZ%2B4GfTLtTXi7%2BRLhewSmaf25z7iVjr352IpyAQBzPdJjUvk9gSknVAmwgFnCucm2M%2FPUkt4NAC7l5XzNGikK2KzI3Esn%2ByMTCo%2FeLT6G8VqAws"}],"group":"cf-nel","max_age":604800}
x-middleton-display
ezp_sol
cache-control
private, max-age=0, must-revalidate, no-cache, no-store
cf-ray
77a9e40d6eccb725-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 15 Dec 2022 19:40:24 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 16 Dec 2022 19:40:27 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame B580 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstmnrdDMWUsIba68AJ-qMPsISOOJfiOOzcc-Hcmtw8aUf__z2sAHzNWg4y-VHu_jhOntkztBHLLvgx-1pW_eGnHbd2_5sq6U7_VIl2aLqWNG2oIu5_YvD_pA86XoswUPp-gdf3HqA&sai=AMfl-YThoyZ8gp9ZVIoEf-FtmXgs9R55kyCXxF0n5fQ3OkeccJE7_CritDvWtRsEqUy9G6QiUpUfJNvsXzfIedBXnWusyza0aIHR7CbrB2VbnQ7gNsmH1i-eMGiT3JOxjLF3BmEW4cbQKZ6udYGxQ_4&sig=Cg0ArKJSzA_wGlT3rnJUEAE&cid=CAQSSwDq26N9-iTNS3QG8F1-_j6sKKMoaEgQAAUyUHNopFEfhwVgiVMVbYKA81LRS3rVZqglbivFc-OkjXwmrfEE7PpYf6XQouK6M9ESsxgBIBM&id=ampim&o=1228,220&d=250,250&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=338&tls=1338&g=100&h=100&tt=1338&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:803::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Dec 2022 19:40:27 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sdk.js
connect.facebook.net/en_US/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f007:8:face:b00c:0:1 Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
7c24775142a8ef7a607925bd1f0145d81bd92e20daec68832f0a86e798df2fcf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 16 Dec 2022 19:40:27 GMT
content-md5
MA/XK+vgX+GxYMabTm8ZhA==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
1687
x-fb-rlafr
0
x-fb-debug
wqWmpsUYcmjy4q4iDkeB1V0j49s6LErU3OInqfyJrvHhFjPFxA1YGVcsCWRrPd473Xpla7KzWSXoQ8tljQK1zA==
x-fb-trip-id
720026100
x-fb-content-md5
224c3d521c744a876903be2afd533f63
cross-origin-opener-policy
same-origin-allow-popups
etag
"09f9e82d2601d48ed65c079c43752311"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin
*
priority
u=3,i
expires
Fri, 16 Dec 2022 19:46:25 GMT
widgets.js
platform.twitter.com/ 		97 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6B9F) /
Resource Hash
c02444f391e8655e79ff8d7d4cb69c3426c3bffbf8731a994fa23aed0f641d12

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Fri, 16 Dec 2022 19:40:27 GMT
Content-Encoding
gzip
Age
1071
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length
29221
Last-Modified
Wed, 02 Nov 2022 19:43:37 GMT
Server
ECS (amb/6B9F)
Etag
"6633f9603c759c40d9b200995454f17c+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
x-tw-cdn
VZ
Cache-Control
public, max-age=1800
pinit.js
assets.pinterest.com/js/ 		361 B
448 B 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.pinterest.com/js/pinit.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:88e::1931 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
3faadebc89cdb21d11634a032816f152462d1cb8903eb21d0642501fcad065de

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

akamai-x-true-ttl
300
content-encoding
br
x-cdn
akamai
etag
"62d32c28f14783b94192cd8d35bc010d"
vary
Accept-Encoding, Origin
access-control-max-age
86400
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-methods
GET
access-control-expose-headers
X-CDN
cache-control
max-age=249
accept-ranges
bytes
content-length
203
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 4652 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xdarom.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

accept-ranges
bytes
age
2989
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 16 Dec 2022 18:50:38 GMT
expires
Sat, 16 Dec 2023 18:50:38 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 8674 		783 B
535 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:807::2004 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
f8e239b7b868f38fb8966120c8e93cef9c8efbe1ca4d3c6f9928d86b2ad3b820
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-eoIfSo6vCnZPYLFoW6J-jw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://xdarom.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
513
content-security-policy
script-src 'report-sample' 'nonce-eoIfSo6vCnZPYLFoW6J-jw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Fri, 16 Dec 2022 19:40:27 GMT
expires
Fri, 16 Dec 2022 19:40:27 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
activeview
pagead2.googlesyndication.com/pcs/ Frame 9C91 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu6zjj9ih0AkQYlhEb7333aUfP8L-HwoCMO41eJ_UVjG-p9tPYrJDQVxrdFEvj4YOHOhoBf4NC1A9N1X7gFD3Dmvsem3qBPiPecOVOnweHTiX5rxvMeuxIS14Wq4V5bthL2IIAuOQ&sai=AMfl-YQC-L8C094z4pKRtV-mmsB2y0bY1y9nQdvr08dSKOVHSeN_GCklw1uFLVpQpMxoosWH9hkq6mfi9ogBbhw8Y0drF51FW8bRTqVU9QeKpkOszx6G2d3AdG6cqSIyIMU28aKKj3nyvbzQdIcSdGA&sig=Cg0ArKJSzGPqyWvt4VAiEAE&cid=CAQSSwDq26N9-iTNS3QG8F1-_j6sKKMoaEgQAAUyUHNopFEfhwVgiVMVbYKA81LRS3rVZqglbivFc-OkjXwmrfEE7PpYf6XQouK6M9ESsxgBIBM&id=lidar2&mcvt=1000&p=97,463,347,763&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20221207&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3132901458&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1671219625861&rpt=357&isd=0&lsd=0&met=ce&wmsd=0&pbe=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:803::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Dec 2022 19:40:27 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
GC5M5N_VN3lVd7ErmxmldCKoshgV9d2S74rLP9hyoZw.js
pagead2.googlesyndication.com/bg/ Frame 4652 		36 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/GC5M5N_VN3lVd7ErmxmldCKoshgV9d2S74rLP9hyoZw.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:803::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
182e4ce4dfd537795577b12b9b19a57422a8b21815f5dd92ef8acb3fd872a19c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 13 Dec 2022 20:48:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
255110
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16025
x-xss-protection
0
last-modified
Mon, 05 Dec 2022 17:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 13 Dec 2023 20:48:37 GMT
widget_iframe.644279d1635fd969e87af94a98bd232b.html
platform.twitter.com/widgets/ Frame 03EB 		320 KB
104 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/widget_iframe.644279d1635fd969e87af94a98bd232b.html?origin=https%3A%2F%2Fxdarom.com
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6BBA) /
Resource Hash
8c0531412c543b9bd978e29acb8f5cf330db9891115d1e9924519d9a675b7b74

Request headers

Referer
https://xdarom.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
60728
Cache-Control
public, max-age=315360000
Content-Encoding
gzip
Content-Length
105445
Content-Type
text/html; charset=utf-8
Date
Fri, 16 Dec 2022 19:40:27 GMT
Etag
"50d73c0b4a4c7e4697b9c6ac6f1ecd75+gzip"
Last-Modified
Wed, 02 Nov 2022 19:36:59 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (amb/6BBA)
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
army.gif
xdarom.com/porpoiseant/ 		0
522 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMzk3NTEwNzI3NzEzMjg3MiIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MTYsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6IlsyNTAsMjUwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMzk3NTEwNzI3NzEzMjg3MiIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MTYsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMzk3NTEwNzI3NzEzMjg3MiIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MTYsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiNCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by
Host: xdarom.com
URL: https://xdarom.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y0b-6y0d-21y14-4y18-5y22-3y30-4y5a-2y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x0bx0dx14x18x22x30x5ax5ex65&abt=DynamicMedDec
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:27 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LqSrgrNNEDPfXZep3xkcejNeab6XoSnUTbfzq2mTWJS3nz7OAgnec0tV%2BXc05QszWloDPNsk6LNn2t5%2FSQ4lJ3ljnaygTi%2Fi29A3Ug8xv9U5hkFGoYHgaxboVMVUBUQoVe1VssW9G%2B%2Bb"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://xdarom.com
x-middleton-display
ezp_sol
cache-control
private, max-age=0, must-revalidate, no-cache, no-store
cf-ray
77a9e40f284eb725-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 15 Dec 2022 19:40:26 GMT
sdk.js
connect.facebook.net/en_US/ 		301 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=e8710aa673e7f05290e69238e3325d1c
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f007:8:face:b00c:0:1 Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
d2331f028b326f5d6725e177e28be7b84c3d7cc2e5ca56ed20400b31eec5ff20
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://xdarom.com/
Origin
https://xdarom.com
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 16 Dec 2022 19:40:27 GMT
content-md5
ypU9bZZeJ5TqWTkWdio7qA==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
87018
x-fb-rlafr
0
x-fb-debug
UDPxQ62OSn+md2YBSJ+P0VCXsswyMrF0aleHhtdzXHZ9p8lBMfx2wPP+g0dLlLyA0cocEEfmhzE+WPHhGbdsSQ==
x-fb-content-md5
cdfe1c8f0de98d664ab0f2229287da68
cross-origin-opener-policy
same-origin-allow-popups
etag
"8d20f7085344c3a0a32f1f002b438e0b"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin
*
priority
u=3,i
expires
Sat, 16 Dec 2023 18:11:08 GMT
army.gif
xdarom.com/porpoiseant/ 		0
507 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU2NTMyNjk4NTExNzM0OSIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsImFkX3Bvc2l0aW9uIjoxMTA1LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MTYsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6IlszMDAsMjUwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU2NTMyNjk4NTExNzM0OSIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsImFkX3Bvc2l0aW9uIjoxMTA1LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MTYsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU2NTMyNjk4NTExNzM0OSIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsImFkX3Bvc2l0aW9uIjoxMTA1LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MTYsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiNjMifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by
Host: xdarom.com
URL: https://xdarom.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y0b-6y0d-21y14-4y18-5y22-3y30-4y5a-2y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x0bx0dx14x18x22x30x5ax5ex65&abt=DynamicMedDec
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:27 GMT
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P6O2AmtwoCn8pI2P5gLz3agVT10VNgnr%2F%2BRAKDAorVAVedlCn9yV9hh4kOJlFJXwzm5EPHlFX%2BTocLxDvAMJCaNh0DvAOGM7AmsIEyrF9ZRFc6XSdyKfHTEPxv0rkfOMkB0T0%2BA6nILH"}],"group":"cf-nel","max_age":604800}
x-middleton-display
ezp_sol
cache-control
private, max-age=0, must-revalidate, no-cache, no-store
cf-ray
77a9e40f3858b725-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 15 Dec 2022 19:40:26 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 1860 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv33u1O1je_P3rEijO3uHGXBYQsVbHgVl4uTKc-9lOl5HG0sUotwu9LLU5BkA1KqF2Ebi9Skepq36ZTXZQ2ZhE0oaxCj6Ky8Qway_kSRIrD5pf2BpUJ-SR4Amjx&sai=AMfl-YQS_MNxqHCi2iU41gaIKr_bJJ4hC5vsIRGCBJS4cx3qHMirV-ZXRLhHRx4AOoVZJ9tlwD6tEMw7QAADhgB3X39EeYrXxtae7_vn97Mb4vTJcliR8qJ_mYqPKVTLnQnrW0ouR6uHbGC5VMz6YyDU&sig=Cg0ArKJSzGL3yWIgMRNBEAE&cid=CAQSTADq26N9q3wdBDXLchuRq0cvvTYrGSoAyb6uEvGtgXp4EXdcM02t_827obj_-xe5AN6BRXB9gaFBPooVWK4QTQIwl2KdLVX_x4Yuw1sYASAT&id=lidar2&mcvt=1021&p=1110,315,1200,1285&mtos=1021,1021,1021,1021,1021&tos=1021,0,0,0,0&v=20221207&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3179079738&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1671219625580&rpt=727&isd=0&lsd=0&met=ie&wmsd=0&pbe=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:803::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Dec 2022 19:40:27 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
settings
syndication.twitter.com/ Frame 03EB 		1 KB
722 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://syndication.twitter.com/settings?session_id=69ed89580a2ecda184e0cd69e574e7fbc5269b5b
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.644279d1635fd969e87af94a98bd232b.html?origin=https%3A%2F%2Fxdarom.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.72 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_f /
Resource Hash
35d05550e6b74af381716ccae2c9d1a5e6eb8ae78eb80c43a4f1d55ecc4d2250
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-response-time
91
date
Fri, 16 Dec 2022 19:40:26 GMT
content-encoding
gzip
strict-transport-security
max-age=631138519
last-modified
Fri, 16 Dec 2022 19:40:27 GMT
server
tsa_f
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://platform.twitter.com
x-transaction-id
cd9b58507b7b6ca5
cache-control
must-revalidate, max-age=600
access-control-allow-credentials
true
perf
7626143928
x-connection-hash
a7e9245d66a15c1ade70c12f96fb4ae82892b98318fe9493ba4fcbe4866f6ab1
content-length
402
sodar
pagead2.googlesyndication.com/pagead/ Frame 8674 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022120501&jk=1504586407287834&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:803::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers
army.gif
xdarom.com/porpoiseant/ 		0
524 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiODE5NjYzNjgzOTExOTE1NSIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by
Host: xdarom.com
URL: https://xdarom.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y0b-6y0d-21y14-4y18-5y22-3y30-4y5a-2y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x0bx0dx14x18x22x30x5ax5ex65&abt=DynamicMedDec
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:27 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BkTfD%2FZS1kULWu%2FpzXJbgzsbG84wBmwWvU2BHxNbKBDgMzVGLxUhY59tHQYoS2Dj8Zs2GSy4ZRTwXs67U8kjPErRiCbjjlDBPiOKpX%2FO2C72S8kWnGhL0kHBPe1fBf73chlXjCdv3Olg"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://xdarom.com
x-middleton-display
ezp_sol
cache-control
private, max-age=0, must-revalidate, no-cache, no-store
cf-ray
77a9e40fc8c2b725-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 15 Dec 2022 19:40:26 GMT
generate_204
tpc.googlesyndication.com/ Frame 4652 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?HVnjVA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:27 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
like.php
www.facebook.com/v2.6/plugins/ Frame EF6A 		0
130 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2a8d228f5f9724%26domain%3Dxdarom.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fxdarom.com%252Ff2c0007e5297b3c%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fxdarom.com%2Fmagisk-manager%2F&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=e8710aa673e7f05290e69238e3325d1c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xdarom.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-length
0
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type
text/html;charset=utf-8
cross-origin-opener-policy
same-origin-allow-popups
date
Fri, 16 Dec 2022 19:40:27 GMT
expires
Sat, 01 Jan 2000 00:00:00 GMT
pragma
no-cache
priority
u=3,i
report-to
{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-content-type-options
nosniff
x-fb-debug
ehjlLnaV2c87pEnRsvjGHofYwbxX3wDzXAqaD27GR2VGbdHtjbBbyX9c5FvBORwiDx6NVmtgA+pC/XwSe4hqeQ==
x-xss-protection
0
like.php
www.facebook.com/v2.6/plugins/ Frame A7F8 		0
118 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df19e8904b15d914%26domain%3Dxdarom.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fxdarom.com%252Ff2c0007e5297b3c%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fxdarom.com%2Fsmartphone-sp-flash-tools-version-download%2F&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=e8710aa673e7f05290e69238e3325d1c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xdarom.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-length
0
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type
text/html;charset=utf-8
cross-origin-opener-policy
same-origin-allow-popups
date
Fri, 16 Dec 2022 19:40:27 GMT
expires
Sat, 01 Jan 2000 00:00:00 GMT
pragma
no-cache
report-to
{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-content-type-options
nosniff
x-fb-debug
SLtByZJ2b2Zd5Yl6UwwZxiF5exlXD1lxcModr70DMFhk6WSKkdYkDdeKiwa3Jv631WdJQ53+zVX7bYpxqq7znQ==
x-xss-protection
0
like.php
www.facebook.com/v2.6/plugins/ Frame 98BB 		0
120 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df32eb58bf53aa5c%26domain%3Dxdarom.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fxdarom.com%252Ff2c0007e5297b3c%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fxdarom.com%2Fmi-account-remove-tool%2F&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=e8710aa673e7f05290e69238e3325d1c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xdarom.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-length
0
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type
text/html;charset=utf-8
cross-origin-opener-policy
same-origin-allow-popups
date
Fri, 16 Dec 2022 19:40:27 GMT
expires
Sat, 01 Jan 2000 00:00:00 GMT
pragma
no-cache
priority
u=3,i
report-to
{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-content-type-options
nosniff
x-fb-debug
PvXScuXN1M4lcpuz+mvBhzASvAhBEDS0kEXGtiTgptFRE+Iwyj1VnBRpxqPBqVDGbZWB4V4LWIs37OCiuL6jLA==
x-xss-protection
0
like.php
www.facebook.com/v2.6/plugins/ Frame 43CF 		0
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df150fb35a3979ec%26domain%3Dxdarom.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fxdarom.com%252Ff2c0007e5297b3c%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fxdarom.com%2Fsamsung-tool-card-not-found%2F&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=e8710aa673e7f05290e69238e3325d1c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xdarom.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-length
0
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type
text/html;charset=utf-8
cross-origin-opener-policy
same-origin-allow-popups
date
Fri, 16 Dec 2022 19:40:27 GMT
expires
Sat, 01 Jan 2000 00:00:00 GMT
pragma
no-cache
report-to
{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-content-type-options
nosniff
x-fb-debug
eFl6SHwQTATYOtS+9BlrmBAt3cTodswiofcdClP8YpVlQldir2kQpuYJiOS9xaonWRwF1XlgkIjG/N8snBmD3g==
x-xss-protection
0
like.php
www.facebook.com/v2.6/plugins/ Frame C1AB 		0
118 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1c13970df541%26domain%3Dxdarom.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fxdarom.com%252Ff2c0007e5297b3c%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fxdarom.com%2Foppo-preloader-driver%2F&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=e8710aa673e7f05290e69238e3325d1c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xdarom.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-length
0
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type
text/html;charset=utf-8
cross-origin-opener-policy
same-origin-allow-popups
date
Fri, 16 Dec 2022 19:40:27 GMT
expires
Sat, 01 Jan 2000 00:00:00 GMT
pragma
no-cache
priority
u=3,i
report-to
{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-content-type-options
nosniff
x-fb-debug
4uJYLCrVOUXz3c+91kZ6r6aPooXPVSsr5+0oAXJpKsSRt2Sl43Z7100Y8wQKOfv0CPEBytJzqM7Zb4pntgtkcA==
x-xss-protection
0
like.php
www.facebook.com/v2.6/plugins/ Frame 50AB 		0
118 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2ee2f7f88fad3c%26domain%3Dxdarom.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fxdarom.com%252Ff2c0007e5297b3c%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fxdarom.com%2Fcm2-dongle-manager%2F&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=e8710aa673e7f05290e69238e3325d1c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xdarom.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-length
0
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type
text/html;charset=utf-8
cross-origin-opener-policy
same-origin-allow-popups
date
Fri, 16 Dec 2022 19:40:27 GMT
expires
Sat, 01 Jan 2000 00:00:00 GMT
pragma
no-cache
priority
u=3,i
report-to
{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-content-type-options
nosniff
x-fb-debug
e+/F84BjyGYcH5aNIsxR3iouVL68CuIKdJgSoKS/Me6xnOSQyoT9A7dyuOFc/tCt7qys8mvbBnevSR+k8ob6Jw==
x-xss-protection
0
like.php
www.facebook.com/v2.6/plugins/ Frame 00C1 		0
117 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2728672acdb384%26domain%3Dxdarom.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fxdarom.com%252Ff2c0007e5297b3c%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fxdarom.com%2Fsamsung-j7-pro-frp-file-download%2F&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=e8710aa673e7f05290e69238e3325d1c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xdarom.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-length
0
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type
text/html;charset=utf-8
cross-origin-opener-policy
same-origin-allow-popups
date
Fri, 16 Dec 2022 19:40:27 GMT
expires
Sat, 01 Jan 2000 00:00:00 GMT
pragma
no-cache
report-to
{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-content-type-options
nosniff
x-fb-debug
Z4jr7VUuvb2TI7cbrVJ9wMj1to5+niesheNzJGtJl5yFqxplL9/26jdeTuEWd6pDZ8EuVJWd+/hrgTX6mkvVew==
x-xss-protection
0
like.php
www.facebook.com/v2.6/plugins/ Frame E36F 		0
119 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df274a482be1fc88%26domain%3Dxdarom.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fxdarom.com%252Ff2c0007e5297b3c%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fxdarom.com%2Foppo-a3s-pattern-lock-reset-done%2F&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=e8710aa673e7f05290e69238e3325d1c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xdarom.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-length
0
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type
text/html;charset=utf-8
cross-origin-opener-policy
same-origin-allow-popups
date
Fri, 16 Dec 2022 19:40:27 GMT
expires
Sat, 01 Jan 2000 00:00:00 GMT
pragma
no-cache
report-to
{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-content-type-options
nosniff
x-fb-debug
Shomr60to+1R0D6+MvmIFhv9qob4D2dnz7bKI96zUdUknxqRQuYy9rHS8G9J/YXxQDTQJ0+SDhEWmpjIPbwtzw==
x-xss-protection
0
like.php
www.facebook.com/v2.6/plugins/ Frame A354 		0
115 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df251e5a549ef4d%26domain%3Dxdarom.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fxdarom.com%252Ff2c0007e5297b3c%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fxdarom.com%2Fmtk-client-tool%2F&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=e8710aa673e7f05290e69238e3325d1c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xdarom.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-length
0
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type
text/html;charset=utf-8
cross-origin-opener-policy
same-origin-allow-popups
date
Fri, 16 Dec 2022 19:40:27 GMT
expires
Sat, 01 Jan 2000 00:00:00 GMT
pragma
no-cache
report-to
{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-content-type-options
nosniff
x-fb-debug
oZVJ3rFpIFYc0N9qfYfJLdqGUpb9JesGMgoiIWgL5boLd1/5eOeJYq1RTga/its1UkSNvK6qYgO5MF0T9/v83g==
x-xss-protection
0
like.php
www.facebook.com/v2.6/plugins/ Frame 5C64 		0
120 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ccda7761501bc%26domain%3Dxdarom.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fxdarom.com%252Ff2c0007e5297b3c%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fxdarom.com%2Frealme-dialer-apk%2F&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=e8710aa673e7f05290e69238e3325d1c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xdarom.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-length
0
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type
text/html;charset=utf-8
cross-origin-opener-policy
same-origin-allow-popups
date
Fri, 16 Dec 2022 19:40:27 GMT
expires
Sat, 01 Jan 2000 00:00:00 GMT
pragma
no-cache
report-to
{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-content-type-options
nosniff
x-fb-debug
SVUsDEoXRIbg4GNdKl4xL6B5gc+2xUHtz3wRHj+6qIFbnKfghZ/9ZbI8WPnXrZSR7KbtVysY9W+oKvZFmvgAFw==
x-xss-protection
0
army.gif
xdarom.com/porpoiseant/ 		0
508 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU2NTMyNjk4NTExNzM0OSIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTEwNSwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MTYsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by
Host: xdarom.com
URL: https://xdarom.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y0b-6y0d-21y14-4y18-5y22-3y30-4y5a-2y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x0bx0dx14x18x22x30x5ax5ex65&abt=DynamicMedDec
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:27 GMT
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wi%2F%2BqyOJ0ya1ijkv55t7TIp0xUy3nZLhU0aCo0P%2B45FIvcuNe9KSKxzBRyFc56e5yzQ2C0sdYCorHPjNEvuOGNK%2F8vMH1iitnP%2FPGzMUUWsfKffzBeweNmy6sVfWMAx9kqaFMwnCjkVA"}],"group":"cf-nel","max_age":604800}
x-middleton-display
ezp_sol
cache-control
private, max-age=0, must-revalidate, no-cache, no-store
cf-ray
77a9e410e9d5b725-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 15 Dec 2022 19:40:27 GMT
button.d2f864f87f544dc0c11d7d712a191c1f.js
platform.twitter.com/js/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/js/button.d2f864f87f544dc0c11d7d712a191c1f.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6B9F) /
Resource Hash
236dca679b9983d1fbea0415d584b17d80f1c6942506fc508a5384db924e8795

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Fri, 16 Dec 2022 19:40:27 GMT
Content-Encoding
gzip
Age
65562
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length
2362
Last-Modified
Wed, 02 Nov 2022 19:36:52 GMT
Server
ECS (amb/6B9F)
Etag
"7bb2d17ac20be3bd6ec1079356afecd9+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
x-tw-cdn
VZ
Cache-Control
public, max-age=315360000
tweet_button.644279d1635fd969e87af94a98bd232b.en.html
platform.twitter.com/widgets/ Frame B3F2 		37 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/tweet_button.644279d1635fd969e87af94a98bd232b.en.html
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6B9F) /
Resource Hash
e44458c2c9acea446178d73575b53255ee7ba669c33cb20cfea94b90908f921d

Request headers

Referer
https://xdarom.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
65562
Cache-Control
public, max-age=315360000
Content-Encoding
gzip
Content-Length
13753
Content-Type
text/html; charset=utf-8
Date
Fri, 16 Dec 2022 19:40:27 GMT
Etag
"126ffb93f08e989b18a6e1fc082c9e33+gzip"
Last-Modified
Wed, 02 Nov 2022 19:36:56 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (amb/6B9F)
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
tweet_button.644279d1635fd969e87af94a98bd232b.en.html
platform.twitter.com/widgets/ Frame B30E 		37 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/tweet_button.644279d1635fd969e87af94a98bd232b.en.html
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6B9F) /
Resource Hash
e44458c2c9acea446178d73575b53255ee7ba669c33cb20cfea94b90908f921d

Request headers

Referer
https://xdarom.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
65562
Cache-Control
public, max-age=315360000
Content-Encoding
gzip
Content-Length
13753
Content-Type
text/html; charset=utf-8
Date
Fri, 16 Dec 2022 19:40:27 GMT
Etag
"126ffb93f08e989b18a6e1fc082c9e33+gzip"
Last-Modified
Wed, 02 Nov 2022 19:36:56 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (amb/6B9F)
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
tweet_button.644279d1635fd969e87af94a98bd232b.en.html
platform.twitter.com/widgets/ Frame 6D06 		37 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/tweet_button.644279d1635fd969e87af94a98bd232b.en.html
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6B9F) /
Resource Hash
e44458c2c9acea446178d73575b53255ee7ba669c33cb20cfea94b90908f921d

Request headers

Referer
https://xdarom.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
65562
Cache-Control
public, max-age=315360000
Content-Encoding
gzip
Content-Length
13753
Content-Type
text/html; charset=utf-8
Date
Fri, 16 Dec 2022 19:40:27 GMT
Etag
"126ffb93f08e989b18a6e1fc082c9e33+gzip"
Last-Modified
Wed, 02 Nov 2022 19:36:56 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (amb/6B9F)
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
tweet_button.644279d1635fd969e87af94a98bd232b.en.html
platform.twitter.com/widgets/ Frame DE10 		37 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/tweet_button.644279d1635fd969e87af94a98bd232b.en.html
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6BB0) /
Resource Hash
e44458c2c9acea446178d73575b53255ee7ba669c33cb20cfea94b90908f921d

Request headers

Referer
https://xdarom.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
65535
Cache-Control
public, max-age=315360000
Content-Encoding
gzip
Content-Length
13753
Content-Type
text/html; charset=utf-8
Date
Fri, 16 Dec 2022 19:40:27 GMT
Etag
"126ffb93f08e989b18a6e1fc082c9e33+gzip"
Last-Modified
Wed, 02 Nov 2022 19:36:56 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (amb/6BB0)
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
tweet_button.644279d1635fd969e87af94a98bd232b.en.html
platform.twitter.com/widgets/ Frame 8309 		37 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/tweet_button.644279d1635fd969e87af94a98bd232b.en.html
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6BBF) /
Resource Hash
e44458c2c9acea446178d73575b53255ee7ba669c33cb20cfea94b90908f921d

Request headers

Referer
https://xdarom.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
65542
Cache-Control
public, max-age=315360000
Content-Encoding
gzip
Content-Length
13753
Content-Type
text/html; charset=utf-8
Date
Fri, 16 Dec 2022 19:40:27 GMT
Etag
"126ffb93f08e989b18a6e1fc082c9e33+gzip"
Last-Modified
Wed, 02 Nov 2022 19:36:56 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (amb/6BBF)
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
tweet_button.644279d1635fd969e87af94a98bd232b.en.html
platform.twitter.com/widgets/ Frame 721F 		37 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/tweet_button.644279d1635fd969e87af94a98bd232b.en.html
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6BA6) /
Resource Hash
e44458c2c9acea446178d73575b53255ee7ba669c33cb20cfea94b90908f921d

Request headers

Referer
https://xdarom.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
65560
Cache-Control
public, max-age=315360000
Content-Encoding
gzip
Content-Length
13753
Content-Type
text/html; charset=utf-8
Date
Fri, 16 Dec 2022 19:40:27 GMT
Etag
"126ffb93f08e989b18a6e1fc082c9e33+gzip"
Last-Modified
Wed, 02 Nov 2022 19:36:56 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (amb/6BA6)
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
tweet_button.644279d1635fd969e87af94a98bd232b.en.html
platform.twitter.com/widgets/ Frame 6521 		37 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/tweet_button.644279d1635fd969e87af94a98bd232b.en.html
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6BAD) /
Resource Hash
e44458c2c9acea446178d73575b53255ee7ba669c33cb20cfea94b90908f921d

Request headers

Referer
https://xdarom.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
65570
Cache-Control
public, max-age=315360000
Content-Encoding
gzip
Content-Length
13753
Content-Type
text/html; charset=utf-8
Date
Fri, 16 Dec 2022 19:40:27 GMT
Etag
"126ffb93f08e989b18a6e1fc082c9e33+gzip"
Last-Modified
Wed, 02 Nov 2022 19:36:56 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (amb/6BAD)
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
tweet_button.644279d1635fd969e87af94a98bd232b.en.html
platform.twitter.com/widgets/ Frame F71D 		37 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/tweet_button.644279d1635fd969e87af94a98bd232b.en.html
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6BA5) /
Resource Hash
e44458c2c9acea446178d73575b53255ee7ba669c33cb20cfea94b90908f921d

Request headers

Referer
https://xdarom.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
65576
Cache-Control
public, max-age=315360000
Content-Encoding
gzip
Content-Length
13753
Content-Type
text/html; charset=utf-8
Date
Fri, 16 Dec 2022 19:40:27 GMT
Etag
"126ffb93f08e989b18a6e1fc082c9e33+gzip"
Last-Modified
Wed, 02 Nov 2022 19:36:56 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (amb/6BA5)
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
tweet_button.644279d1635fd969e87af94a98bd232b.en.html
platform.twitter.com/widgets/ Frame 458C 		37 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/tweet_button.644279d1635fd969e87af94a98bd232b.en.html
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6B9F) /
Resource Hash
e44458c2c9acea446178d73575b53255ee7ba669c33cb20cfea94b90908f921d

Request headers

Referer
https://xdarom.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
65562
Cache-Control
public, max-age=315360000
Content-Encoding
gzip
Content-Length
13753
Content-Type
text/html; charset=utf-8
Date
Fri, 16 Dec 2022 19:40:27 GMT
Etag
"126ffb93f08e989b18a6e1fc082c9e33+gzip"
Last-Modified
Wed, 02 Nov 2022 19:36:56 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (amb/6B9F)
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
tweet_button.644279d1635fd969e87af94a98bd232b.en.html
platform.twitter.com/widgets/ Frame 47F6 		37 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/tweet_button.644279d1635fd969e87af94a98bd232b.en.html
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6BB0) /
Resource Hash
e44458c2c9acea446178d73575b53255ee7ba669c33cb20cfea94b90908f921d

Request headers

Referer
https://xdarom.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
65536
Cache-Control
public, max-age=315360000
Content-Encoding
gzip
Content-Length
13753
Content-Type
text/html; charset=utf-8
Date
Fri, 16 Dec 2022 19:40:28 GMT
Etag
"126ffb93f08e989b18a6e1fc082c9e33+gzip"
Last-Modified
Wed, 02 Nov 2022 19:36:56 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (amb/6BB0)
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
embeds
syndication.twitter.com/i/jot/ 		43 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://syndication.twitter.com/i/jot/embeds?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fxdarom.com%2F%22%2C%22widget_frame%22%3Afalse%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22context%22%3A%22rufous-eol%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1671219627886%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22a3525f077c700%3A1667415560940%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=69ed89580a2ecda184e0cd69e574e7fbc5269b5b
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.72 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_f /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-response-time
106
date
Fri, 16 Dec 2022 19:40:27 GMT
strict-transport-security
max-age=631138519
last-modified
Fri, 16 Dec 2022 19:40:27 GMT
server
tsa_f
vary
Origin
content-type
image/gif
x-transaction-id
04ac9c1800a9c48d
cache-control
must-revalidate, max-age=600
perf
7626143928
x-connection-hash
a7e9245d66a15c1ade70c12f96fb4ae82892b98318fe9493ba4fcbe4866f6ab1
content-length
43
embeds
syndication.twitter.com/i/jot/ 		43 B
127 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://syndication.twitter.com/i/jot/embeds?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fxdarom.com%2F%22%2C%22widget_frame%22%3Afalse%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22context%22%3A%22rufous-eol%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1671219627887%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22a3525f077c700%3A1667415560940%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=69ed89580a2ecda184e0cd69e574e7fbc5269b5b
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.72 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_f /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-response-time
94
date
Fri, 16 Dec 2022 19:40:27 GMT
strict-transport-security
max-age=631138519
last-modified
Fri, 16 Dec 2022 19:40:27 GMT
server
tsa_f
vary
Origin
content-type
image/gif
x-transaction-id
a4ff6bf406097603
cache-control
must-revalidate, max-age=600
perf
7626143928
x-connection-hash
a7e9245d66a15c1ade70c12f96fb4ae82892b98318fe9493ba4fcbe4866f6ab1
content-length
43
truncated
/ Frame B3F2 		822 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame B30E 		822 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml
pinit_main.js
assets.pinterest.com/js/ 		66 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.pinterest.com/js/pinit_main.js?0.308598311967087
Requested by
Host: assets.pinterest.com
URL: https://assets.pinterest.com/js/pinit.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:88e::1931 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
20f0315c97ff7007f2e7a94d659e094a7efc01b8306da53987538c1101489e0e

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

akamai-x-true-ttl
300
content-encoding
br
x-cdn
akamai
etag
"3725764cf05d1a0938de73d398772331"
vary
Accept-Encoding, Origin
access-control-max-age
86400
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-methods
GET
access-control-expose-headers
X-CDN
cache-control
max-age=195
accept-ranges
bytes
content-length
18679
truncated
/ Frame 6D06 		822 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
859adbfc48bb0b06c58fe109db4909585fbca5df398d49185fc0f486bad1ac96

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022120501&jk=1504586407287834&bg=!y8ilyIzNAAYgquz3AKo7ACkAdvg8Wj6TCqEtXxGF0pZmhsUF5q-d93NlIs9gssbn2XOFbVOEf5ULuAIAAACXUgAAAAJoAQcKAGAlVTRoPkrqMez7ctUsLF1zp9GJdB1oNdlF7Z6lb2wWwIPE9goV47Ht6oxcbvA2jkO5H52bQ0yzoHOwBVGms1wCTFzyVpvIeHb9T1jfwf4V5NCdAwV5_uBiAgrcsFdcemWZAudP5HrSCAp_1SPJ_1cjSaLuzUvplhIKPPoookbejcfVlEn06qdzw2ziqimaqOgQn6QbXgLqnrejap7SodazEtS_BD6aSrW1wb5wd-X7cFd9vD2-1ynT82X7Qt7vIXSLFoG5pmEvKtM5MkFowj9CmjO8b8jbkek2o25zfgymEBuUprcCuD-gX8cabOqshNNkQVwBPFbYjXf05GIIDC2Qbx5twp4y9Q4wp8lxwNL8fwZ4mXcKJdFm2Wmq6ZXJjGYydn3NDh0pWdebAgpfam78OlxC4DgWv315SeFx0YlPnq_Ipg4-WDpHmaVuuiJzVt4_dXUL0gH0zMSCSLeBApOulcuZSuDUHVmnbcPsoENadK8bTUsDAK_6Vfw2HKSQDowu7rkgAWVCW1nZhsTB-gDVAOHI4heVMR2CXSyls8_VyL1UrsURf4Bi1Hsc3CFv1t1mV07T8kQSNSgAH9eBVFss_ZETTG4VCN_4TGTE2XPrFG-2vdKmxzUH3gU1uQ7c6tm-tdPWIpY8gPzu63MaCpc6pCSsfJXIQMBIk2LoUf3D-mddy7AKz3JZmLiAH4ROJVQQ3SjspocAFyrP_FDc5bBMSoiVU90Ds7YwnHBJLJm-UP6b7VVOwrpuuUiozXEpBKVt4BPbfKERw7vJsmbZrb4oHMgDppc8PDlsObnWs479Dsm21q6_q0DUJh4B8unpWGgzLV8ThfUpvblD7A_rb6tReRXMv9bgG6Uuaf5yJemnOmI_OqG8f9sMYg36_Aqc2No-LEF1kS1FIYwmb5YHyruiqUZ9B1o0yJnOAxmfHQLgC0oU4WIwMfYavtFrqzWhDu2OMHk3R-E50F1AtSkNMRHzZ-MzuiGz-XhGuKW4AM_P4yHq4adB-AplKP8ohzzRVzcHofrkjn5kta1Ds2yy0RQit-jU1hEZrt0X1UgOHqfa0wWXEkjISNzQeA9F83tBpE2oUEHin7GHMe8TPt-GzkonNyNsNWomE_LTWg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:803::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers
truncated
/ Frame DE10 		822 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame 8309 		822 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame 721F 		822 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame 6521 		822 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame F71D 		822 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame 458C 		822 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame 47F6 		822 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml
integrator.js
adservice.google.nl/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.nl/adsid/integrator.js?domain=xdarom.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=xdarom.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		955 B
446 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1504586407287834&correlator=2049939892020691&eid=31071094&output=ldjh&gdfp_req=1&vrg=2022120501&ptt=17&impl=fifs&iu_parts=1254144%3A22665599549%2Cxdarom_com-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x1050%7C320x50%7C320x100%7C234x60&fluid=height&ifi=5&adks=329616143&didk=3374956854&sfv=1-0-40&ris=3&rcs=1&prev_scp=a%3D%257C0%257C%26iid1%3D5142574673164213%26eid%3D5142574673164213%26t%3D134%26d%3D188513%26t1%3D134%26pvc%3D0%26ap%3D1103%26sap%3D1103%26as%3Drevenue%26plat%3D1%26bra%3Dmod59%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D34%26al%3D1034%26compid%3D0%26tap%3Dxdarom_com-large-billboard-2-5142574673164213%26eb_br%3D33dd523f8e4dda158f0aa99686dda7f2%26eba%3D1%26bv%3D21%26bvm%3D0%26bvr%3D7%26shp%3D2%26ftsn%3D12%26ftsng%3D12%26br1%3D6%26br2%3D6%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D63%2C14%2C28%2C4%2C51%2C0%2C88%2C0%2C71%2C30%2C0%2C31%2C901%2C902%2C903%26deal1%3D17%2C18%2C19%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C1428%2C1794%2C2310%2C2339%2C2351%2C2526%2C2527%2C2610%2C2688%2C2693%2C2761%2C2763%2C2764%2C2765%2C3044%2C3045%2C3052%2C3053%2C3054%2C3154%2C3430%2C3455%2C3456%2C3457%2C3458%2C3460%2C3682%2C3683%2C3684%2C3856%2C4184%2C4185%2C4186%2C4276%26lb%3D10%26reqt%3D1671219628194&eri=1&sc=1&cookie=ID%3D4a0d87061a0293f3%3AT%3D1671219625%3AS%3DALNI_MYrkqS5Alcp_HNu6Jbq9cVj94IKfQ&gpic=UID%3D00000b938891b518%3AT%3D1671219625%3ART%3D1671219625%3AS%3DALNI_MaEthC9tqK9DpahSFuvw8UUm9ps_A&abxe=1&dt=1671219628218&lmt=1671216108&dlt=1671219624403&idt=561&adxs=1168&adys=632&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fxdarom.com%2F&frm=20&vis=1&psz=369x1064&msz=369x1050&fws=0&ohw=0&ga_vid=1323725132.1671219625&ga_sid=1671219625&ga_hid=160787111&ga_fc=false&a3p=EhwKDWNyd2RjbnRybC5uZXQY4fzO49EwSABSAghkEhkKCnB1YmNpZC5vcmcYzIHP49EwSABSAghqEh0KDmVzcC5jcml0ZW8uY29tGOH8zuPRMEgAUgIIZBLCAQoIcnRiaG91c2USrAFQYWlmR1FEanAxSnl2Z3BmQ0xza1F5bm0rR25IRmY4NGhtZGFOeFhNZk13cjQ2TzhXdlpQWE5Md0dOZ2RoYnpydStkRGUvZUxYYkk1cVBCaVdNeUN6ZGJ0RGtvTnRyNGdGUEhtSlRCWTdKRm1UMmR3TWZibVB1WDFWeDBPUEx3czlvM2lWRCtnMTJBaGk4aThPM05KZklGdmJHclRnN3NSc204dWZ6YkttRVU9GP7_zuPRMEgAEj4KBW9wZW54EixleUpwSWpvaVkyTlBVakZtUkVaVGR6Wmhjek5uV2pGNmEydGxRVDA5SW4wPRiQgc_j0TBIABIZCgp1aWRhcGkuY29tGOH8zuPRMEgAUgIIZBIbCgxpZDUtc3luYy5jb20Y9v7O49EwSABSAghq
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b71a6b77e163fd099743f25a86338b67abf11b79b044b7153cf06131c6a30c13
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:28 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
417
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://xdarom.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
log.pinterest.com/ 		0
333 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://log.pinterest.com/?type=pidget&guid=9c98Yt3KdUaU&tv=2021110201&event=init&sub=www&button_count=10&follow_count=0&pin_count=0&profile_count=0&board_count=0&section_count=0&lang=en&nvl=en-US&via=https%3A%2F%2Fxdarom.com%2F&viaSrc=canonical
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cache-hits
0
date
Fri, 16 Dec 2022 19:40:29 GMT
via
1.1 varnish
x-cache
MISS
x-envoy-upstream-service-time
3
x-pinterest-rid
4208341833013314
content-length
0
x-served-by
cache-ewr18126-EWR
pragma
no-cache
server
envoy
x-timer
S1671219629.300700,VS0,VE336
access-control-max-age
86400
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache,no-store,must-revalidate,max-age=0
accept-ranges
bytes
expires
Sat, 01 Jan 2000 00:00:00 GMT
prebid
ads.yieldmo.com/exchange/ 		0
221 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.yieldmo.com/exchange/prebid?pbav=7.17.0&p=%5B%7B%22placement_id%22%3A%22div-gpt-ad-xdarom_com-medrectangle-2-0%22%2C%22callback_id%22%3A%22205a0bdbcc6e9b%22%2C%22sizes%22%3A%5B%5B970%2C90%5D%2C%5B728%2C90%5D%5D%2C%22ym_placement_id%22%3A%222834942196124164132%22%2C%22tid%22%3A%224e5c5db4-e765-49ec-be09-bba7838798e8%22%2C%22auctionId%22%3A%22f3de7f08-7f00-421d-9041-7510c5359126%22%7D%2C%7B%22placement_id%22%3A%22div-gpt-ad-xdarom_com-box-1-0%22%2C%22callback_id%22%3A%2233c7ef1744693f%22%2C%22sizes%22%3A%5B%5B250%2C250%5D%5D%2C%22ym_placement_id%22%3A%222834942196124164132%22%2C%22tid%22%3A%22f46e627a-6d01-4967-ad89-fb634a490021%22%2C%22auctionId%22%3A%22f3de7f08-7f00-421d-9041-7510c5359126%22%7D%2C%7B%22placement_id%22%3A%22div-gpt-ad-xdarom_com-box-2-0%22%2C%22callback_id%22%3A%224bd2cb909e5d24%22%2C%22sizes%22%3A%5B%5B300%2C250%5D%5D%2C%22ym_placement_id%22%3A%222834942196124164132%22%2C%22tid%22%3A%22ea70af9a-1ee1-40c4-bbf2-de60d9e43fa8%22%2C%22auctionId%22%3A%22f3de7f08-7f00-421d-9041-7510c5359126%22%7D%2C%7B%22placement_id%22%3A%22div-gpt-ad-xdarom_com-medrectangle-1-0%22%2C%22callback_id%22%3A%2257c38c1fad592%22%2C%22sizes%22%3A%5B%5B300%2C250%5D%5D%2C%22ym_placement_id%22%3A%222834942196124164132%22%2C%22tid%22%3A%22f7b64633-ae46-45fd-b1c1-919eb305b3a7%22%2C%22auctionId%22%3A%22f3de7f08-7f00-421d-9041-7510c5359126%22%7D%2C%7B%22placement_id%22%3A%22div-gpt-ad-xdarom_com-medrectangle-1-0_1%22%2C%22callback_id%22%3A%2263bddf9f593c32%22%2C%22sizes%22%3A%5B%5B300%2C250%5D%5D%2C%22ym_placement_id%22%3A%222834942196124164132%22%2C%22tid%22%3A%225a075317-e43b-4cc4-ad58-7b136a367a4a%22%2C%22auctionId%22%3A%22f3de7f08-7f00-421d-9041-7510c5359126%22%7D%2C%7B%22placement_id%22%3A%22div-gpt-ad-xdarom_com-medrectangle-1-0_2%22%2C%22callback_id%22%3A%2270ff4b0902356c%22%2C%22sizes%22%3A%5B%5B300%2C250%5D%5D%2C%22ym_placement_id%22%3A%222834942196124164132%22%2C%22tid%22%3A%2295e4bfe6-31d6-4a4e-ae59-f1e786aff635%22%2C%22auctionId%22%3A%22f3de7f08-7f00-421d-9041-7510c5359126%22%7D%2C%7B%22placement_id%22%3A%22div-gpt-ad-xdarom_com-large-billboard-2-0%22%2C%22callback_id%22%3A%228a08653295e00b%22%2C%22sizes%22%3A%5B%5B300%2C1050%5D%2C%5B300%2C600%5D%5D%2C%22ym_placement_id%22%3A%222834942196124164132%22%2C%22tid%22%3A%22aa22cd9e-1095-4fa5-9ff1-554f236f3472%22%2C%22auctionId%22%3A%22f3de7f08-7f00-421d-9041-7510c5359126%22%7D%5D&page_url=https%3A%2F%2Fxdarom.com%2F&bust=1671219629469&dnt=false&description=Android%20Update%20News%2C%20GSM%20USB%20Drivers%2C%20Flash%20Tools%2CUnlock%20Tool%2C%20FRP%20Bypass%20Tools%20Download&userConsent=%7B%22gdprApplies%22%3A%22%22%2C%22cmp%22%3A%22%22%7D&us_privacy=&pr=&scrd=1&title=XDAROM.COM%20-%20Android%20Update%20News%2C%20GSM%20USB%20Drivers%2C%20Flash%20Tools%2CUnlock%20Tool%2C%20FRP%20Bypass%20Tools%20Download&w=1600&h=1200&pubcid=ded728c0-fdf6-4a84-b5b6-034fb3e5adb8&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22ezoic.ai%22%2C%22sid%22%3A%2241d526952cea19abc764947d5999a6de%22%2C%22domain%22%3A%22xdarom.com%22%2C%22hp%22%3A1%7D%5D%7D&eids=%5B%7B%22source%22%3A%22quantcast.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22P0-179098142-1671219624788%22%2C%22atype%22%3A1%7D%5D%7D%2C%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22ded728c0-fdf6-4a84-b5b6-034fb3e5adb8%22%2C%22atype%22%3A1%7D%5D%7D%5D
Requested by
Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=adyoulike,yieldmo&cb=195-0-50
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.76.72.156 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-72-156.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://xdarom.com/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://xdarom.com
pragma
no-cache
date
Fri, 16 Dec 2022 19:40:29 GMT
access-control-allow-credentials
true
x-robots-tag
none,NOINDEX,NOFOLLOW
access-control-allow-methods
POST, GET, OPTIONS
access-control-request-headers
Cache-Control, Pragma
v1
hb-api.omnitagjs.com/hb-api/prebid/ 		536 B
883 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fxdarom.com%2F&CanonicalUrl=https%3A%2F%2Fxdarom.com%2F
Requested by
Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=adyoulike,yieldmo&cb=195-0-50
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.255.84.151 , France, ASN200271 (IGUANE-, FR),
Reverse DNS
Software
ayl-lb-fra02 /
Resource Hash
fb2762da134a39eadf5f1e1071d5d76414648b895fad153055aff7999f40f272
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://xdarom.com/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 16 Dec 2022 19:40:29 GMT
x-content-type-options
nosniff
server
ayl-lb-fra02
access-control-max-age
3600
access-control-allow-methods
OPTIONS, POST
content-type
application/json; charset=utf-8
access-control-allow-origin
https://xdarom.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
753
vary
Accept-Encoding
access-control-allow-headers
Accept-Encoding, Content-Type
content-length
536
expires
0
integrator.js
adservice.google.nl/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.nl/adsid/integrator.js?domain=xdarom.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=xdarom.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		955 B
442 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1504586407287834&correlator=3754843755883328&eid=31071094&output=ldjh&gdfp_req=1&vrg=2022120501&ptt=17&impl=fifs&iu_parts=1254144%3A22665599549%2Cxdarom_com-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x1050%7C320x50%7C320x100%7C234x60&fluid=height&ifi=6&adks=329616143&didk=3374956854&sfv=1-0-40&ris=2&rcs=2&prev_scp=a%3D%257C0%257C%26iid1%3D5142574673164213%26eid%3D5142574673164213%26t%3D134%26d%3D188513%26t1%3D134%26pvc%3D0%26ap%3D1103%26sap%3D1103%26as%3Drevenue%26plat%3D1%26bra%3Dmod59%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D34%26al%3D1034%26compid%3D0%26tap%3Dxdarom_com-large-billboard-2-5142574673164213%26eb_br%3D9c3e4ee8eae7f1433cb2fe69b1326605%26eba%3D1%26bv%3D21%26bvm%3D0%26bvr%3D7%26shp%3D2%26ftsn%3D12%26ftsng%3D12%26br1%3D4%26br2%3D6%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D63%2C14%2C28%2C4%2C51%2C0%2C88%2C0%2C71%2C30%2C0%2C31%2C901%2C902%2C903%26deal1%3D17%2C18%2C19%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C1428%2C1794%2C2310%2C2339%2C2351%2C2526%2C2527%2C2610%2C2688%2C2693%2C2761%2C2763%2C2764%2C2765%2C3044%2C3045%2C3052%2C3053%2C3054%2C3154%2C3430%2C3455%2C3456%2C3457%2C3458%2C3460%2C3682%2C3683%2C3684%2C3856%2C4184%2C4185%2C4186%2C4276%26lb%3D6%26reqt%3D1671219628738&eri=1&sc=1&cookie=ID%3D4a0d87061a0293f3%3AT%3D1671219625%3AS%3DALNI_MYrkqS5Alcp_HNu6Jbq9cVj94IKfQ&gpic=UID%3D00000b938891b518%3AT%3D1671219625%3ART%3D1671219625%3AS%3DALNI_MaEthC9tqK9DpahSFuvw8UUm9ps_A&abxe=1&dt=1671219629756&lmt=1671216108&dlt=1671219624403&idt=561&adxs=1168&adys=632&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fxdarom.com%2F&frm=20&vis=1&psz=369x1064&msz=369x1050&fws=0&ohw=0&ga_vid=1323725132.1671219625&ga_sid=1671219625&ga_hid=160787111&ga_fc=false&a3p=EhwKDWNyd2RjbnRybC5uZXQY4fzO49EwSABSAghkEhkKCnB1YmNpZC5vcmcYzIHP49EwSABSAghqEh0KDmVzcC5jcml0ZW8uY29tGOH8zuPRMEgAUgIIZBLCAQoIcnRiaG91c2USrAFQYWlmR1FEanAxSnl2Z3BmQ0xza1F5bm0rR25IRmY4NGhtZGFOeFhNZk13cjQ2TzhXdlpQWE5Md0dOZ2RoYnpydStkRGUvZUxYYkk1cVBCaVdNeUN6ZGJ0RGtvTnRyNGdGUEhtSlRCWTdKRm1UMmR3TWZibVB1WDFWeDBPUEx3czlvM2lWRCtnMTJBaGk4aThPM05KZklGdmJHclRnN3NSc204dWZ6YkttRVU9GP7_zuPRMEgAEj4KBW9wZW54EixleUpwSWpvaVkyTlBVakZtUkVaVGR6Wmhjek5uV2pGNmEydGxRVDA5SW4wPRiQgc_j0TBIABIZCgp1aWRhcGkuY29tGOH8zuPRMEgAUgIIZBIbCgxpZDUtc3luYy5jb20Y9v7O49EwSABSAghq
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
dd97dc3377ddfc4c7624520ca973742124db0653d480238ed5d371dd4f64e065
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:30 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
413
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://xdarom.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
integrator.js
adservice.google.nl/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.nl/adsid/integrator.js?domain=xdarom.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=xdarom.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		112 KB
36 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1504586407287834&correlator=676068909981686&eid=31071094&output=ldjh&gdfp_req=1&vrg=2022120501&ptt=17&impl=fifs&iu_parts=1254144%3A22665599549%2Cxdarom_com-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x1050%7C320x50%7C320x100%7C234x60&fluid=height&ifi=7&adks=329616143&didk=3374956854&sfv=1-0-40&ris=1&rcs=3&prev_scp=a%3D%257C0%257C%26iid1%3D5142574673164213%26eid%3D5142574673164213%26t%3D134%26d%3D188513%26t1%3D134%26pvc%3D0%26ap%3D1103%26sap%3D1103%26as%3Drevenue%26plat%3D1%26bra%3Dmod59%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D34%26al%3D1034%26compid%3D0%26tap%3Dxdarom_com-large-billboard-2-5142574673164213%26eb_br%3Db6c98a8bb15764f1c4ee331dcb724178%26eba%3D1%26bv%3D21%26bvm%3D0%26bvr%3D7%26shp%3D2%26ftsn%3D12%26ftsng%3D12%26br1%3D2%26br2%3D6%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D63%2C14%2C28%2C4%2C51%2C0%2C88%2C0%2C71%2C30%2C0%2C31%2C901%2C902%2C903%26deal1%3D17%2C18%2C19%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C1428%2C1794%2C2310%2C2339%2C2351%2C2526%2C2527%2C2610%2C2688%2C2693%2C2761%2C2763%2C2764%2C2765%2C3044%2C3045%2C3052%2C3053%2C3054%2C3154%2C3430%2C3455%2C3456%2C3457%2C3458%2C3460%2C3682%2C3683%2C3684%2C3856%2C4184%2C4185%2C4186%2C4276%26lb%3D4%26reqt%3D1671219630271&eri=1&sc=1&cookie=ID%3D4a0d87061a0293f3%3AT%3D1671219625%3AS%3DALNI_MYrkqS5Alcp_HNu6Jbq9cVj94IKfQ&gpic=UID%3D00000b938891b518%3AT%3D1671219625%3ART%3D1671219625%3AS%3DALNI_MaEthC9tqK9DpahSFuvw8UUm9ps_A&abxe=1&dt=1671219630291&lmt=1671216108&dlt=1671219624403&idt=561&adxs=1168&adys=632&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fxdarom.com%2F&frm=20&vis=1&psz=369x1064&msz=369x1050&fws=0&ohw=0&ga_vid=1323725132.1671219625&ga_sid=1671219625&ga_hid=160787111&ga_fc=false&a3p=EhwKDWNyd2RjbnRybC5uZXQY4fzO49EwSABSAghkEhkKCnB1YmNpZC5vcmcYzIHP49EwSABSAghqEh0KDmVzcC5jcml0ZW8uY29tGOH8zuPRMEgAUgIIZBLCAQoIcnRiaG91c2USrAFQYWlmR1FEanAxSnl2Z3BmQ0xza1F5bm0rR25IRmY4NGhtZGFOeFhNZk13cjQ2TzhXdlpQWE5Md0dOZ2RoYnpydStkRGUvZUxYYkk1cVBCaVdNeUN6ZGJ0RGtvTnRyNGdGUEhtSlRCWTdKRm1UMmR3TWZibVB1WDFWeDBPUEx3czlvM2lWRCtnMTJBaGk4aThPM05KZklGdmJHclRnN3NSc204dWZ6YkttRVU9GP7_zuPRMEgAEj4KBW9wZW54EixleUpwSWpvaVkyTlBVakZtUkVaVGR6Wmhjek5uV2pGNmEydGxRVDA5SW4wPRiQgc_j0TBIABIZCgp1aWRhcGkuY29tGOH8zuPRMEgAUgIIZBIbCgxpZDUtc3luYy5jb20Y9v7O49EwSABSAghq
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
639257a93794b6c22a1909eb4039fd338d7a1463055d9f6830c405210eff81b2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:30 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36868
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://xdarom.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 11EA 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xdarom.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

accept-ranges
bytes
age
5
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 16 Dec 2022 19:40:25 GMT
expires
Sat, 16 Dec 2023 19:40:25 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
army.gif
xdarom.com/porpoiseant/ 		0
504 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNTE0MjU3NDY3MzE2NDIxMyIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsImFkX3Bvc2l0aW9uIjoxMTAzLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiNCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNTE0MjU3NDY3MzE2NDIxMyIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsImFkX3Bvc2l0aW9uIjoxMTAzLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiJiNmM5OGE4YmIxNTc2NGYxYzRlZTMzMWRjYjcyNDE3OCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNTE0MjU3NDY3MzE2NDIxMyIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDAyLCJhZF9wb3NpdGlvbiI6MTEwMywiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMDIsImJpZF9mbG9vcl9wcmV2IjowLjAwMDA0LCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6Ik5MIiwicGFnZXZpZXdfaWQiOiI2N2EwMGMyZC1jZWEzLTRmOGQtNDc0Ni05YWEwMGU5YjQ0YTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTA3LCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNTE0MjU3NDY3MzE2NDIxMyIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsImFkX3Bvc2l0aW9uIjoxMTAzLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJjcmVhdGl2ZV9pZCIsInZhbCI6IjEzODMxMDAzNDUwNyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNTE0MjU3NDY3MzE2NDIxMyIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsImFkX3Bvc2l0aW9uIjoxMTAzLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJsaW5laXRlbV9pZCIsInZhbCI6IjI4Njg3Mjc0In1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by
Host: xdarom.com
URL: https://xdarom.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y0b-6y0d-21y14-4y18-5y22-3y30-4y5a-2y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x0bx0dx14x18x22x30x5ax5ex65&abt=DynamicMedDec
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:30 GMT
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fbFw5FRidtDIaAUaVa%2BBt0EpVIfgxgG6yXJjRZedJrR9l5t8Ug6%2BjxqYnWHtGek1Zr7OYb2Ho2%2FoAT1aNF5LeQy9R8iY9hnmo0HaqalFoRG69D51Q6Rpuqa7xeZ3aGYWdntE%2Bhxkar5f"}],"group":"cf-nel","max_age":604800}
x-middleton-display
ezp_sol
cache-control
private, max-age=0, must-revalidate, no-cache, no-store
cf-ray
77a9e424ecbdb725-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 15 Dec 2022 19:40:31 GMT
army.gif
xdarom.com/porpoiseant/ 		0
513 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNTE0MjU3NDY3MzE2NDIxMyIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsImFkX3Bvc2l0aW9uIjoxMTAzLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIyLTEyLTE2In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiMTkifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiNSJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiIwIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by
Host: xdarom.com
URL: https://xdarom.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y0b-6y0d-21y14-4y18-5y22-3y30-4y5a-2y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x0bx0dx14x18x22x30x5ax5ex65&abt=DynamicMedDec
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:30 GMT
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3l1Hj6bTTvyfwO33Os%2FMFnQxRHRcG%2FbOESdqCjWQim%2FbTREcE5ZI59ElwXuPV%2BKzqHPT26qPnDdHBoVg19l3qL%2FKifMPoZkI87hS%2FKOTIwOWKt96lGB409hok9Vl%2BCVkgDdfavkgY2fE"}],"group":"cf-nel","max_age":604800}
x-middleton-display
ezp_sol
cache-control
private, max-age=0, must-revalidate, no-cache, no-store
cf-ray
77a9e424ecbfb725-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 15 Dec 2022 19:40:30 GMT
army.gif
xdarom.com/porpoiseant/ 		0
508 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNTE0MjU3NDY3MzE2NDIxMyIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsImF1Y3Rpb25fZXBvY2giOjE2NzEyMTk2MzEsImFkX3Bvc2l0aW9uIjoxMTAzLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiNjdhMDBjMmQtY2VhMy00ZjhkLTQ3NDYtOWFhMDBlOWI0NGExIiwiYmlkX2Zsb29yX2luaXRpYWwiOjEwLCJiaWRfZmxvb3JfcHJldiI6NCwiYmlkX2Zsb29yX2ZpbGxlZCI6MiwiYXVjdGlvbl9jb3VudCI6NCwicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6NTQ2LCJtdWx0aV9hZF91bml0IjowLCJtdWx0aV9hZF9jb3VudCI6MCwibmV0d29ya19jb2RlIjoxMjU0MTQ0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0fV0=
Requested by
Host: xdarom.com
URL: https://xdarom.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y0b-6y0d-21y14-4y18-5y22-3y30-4y5a-2y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x0bx0dx14x18x22x30x5ax5ex65&abt=DynamicMedDec
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:30 GMT
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y8lsb3b5C8j%2F7E0o4IVRwmNTMbMQtjYYPycvwJRyKKknaeieNxw%2F9QxkuUEdmqxnoBlEYFxjd9QXW7IK5CGwR%2BXJZx4kTM1fsTUGLYk0E7pCNngReqhktUcrevKENuaWmhQ%2FcztUKlLW"}],"group":"cf-nel","max_age":604800}
x-middleton-display
ezp_sol
cache-control
private, max-age=0, must-revalidate, no-cache, no-store
cf-ray
77a9e424ecc0b725-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 15 Dec 2022 19:40:30 GMT
army.gif
xdarom.com/porpoiseant/ 		0
509 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiODE5NjYzNjgzOTExOTE1NSIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjAifSx7Im5hbWUiOiJwb3NfeSIsInZhbCI6IjExMDQifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6InRydWUifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjE1NjUzMjY5ODUxMTczNDkiLCJkb21haW5faWQiOiIxODg1MTMiLCJ1bml0IjoiZGl2LWdwdC1hZC14ZGFyb21fY29tLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjcxMjE5NjIyLCJhZF9wb3NpdGlvbiI6MTEwNSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6Ik5MIiwicGFnZXZpZXdfaWQiOiI2N2EwMGMyZC1jZWEzLTRmOGQtNDc0Ni05YWEwMGU5YjQ0YTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTE2LCJkYXRhIjpbeyJuYW1lIjoicG9zX3giLCJ2YWwiOiI0NjMifSx7Im5hbWUiOiJwb3NfeSIsInZhbCI6Ijk3In0seyJuYW1lIjoiaXNfZmxvYXRpbmciLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMzk3NTEwNzI3NzEzMjg3MiIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MTYsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjEyMjgifSx7Im5hbWUiOiJwb3NfeSIsInZhbCI6IjIyMCJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjUxNDI1NzQ2NzMxNjQyMTMiLCJkb21haW5faWQiOiIxODg1MTMiLCJ1bml0IjoiZGl2LWdwdC1hZC14ZGFyb21fY29tLWxhcmdlLWJpbGxib2FyZC0yLTAiLCJ0X2Vwb2NoIjoxNjcxMjE5NjIyLCJhZF9wb3NpdGlvbiI6MTEwMywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6Ik5MIiwicGFnZXZpZXdfaWQiOiI2N2EwMGMyZC1jZWEzLTRmOGQtNDc0Ni05YWEwMGU5YjQ0YTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTA3LCJkYXRhIjpbeyJuYW1lIjoicG9zX3giLCJ2YWwiOiIxMTY4In0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiI2MzIifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by
Host: xdarom.com
URL: https://xdarom.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y0b-6y0d-21y14-4y18-5y22-3y30-4y5a-2y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x0bx0dx14x18x22x30x5ax5ex65&abt=DynamicMedDec
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:30 GMT
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BgmsrZ5nilM7OBpyxL0WtkmUo443bL4Vr2szJAD7vntDIFV%2BGDet1xT4DxnVR2QRW1AaPbxQV2hZKxPbBSBAhnAnR%2BjUIa%2BhjIHkzSq69fCdxRuRq8%2FpFmGgRkp20QT9LJ0Vu%2B5MSI8e"}],"group":"cf-nel","max_age":604800}
x-middleton-display
ezp_sol
cache-control
private, max-age=0, must-revalidate, no-cache, no-store
cf-ray
77a9e424ecc1b725-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 15 Dec 2022 19:40:30 GMT
css
fonts.googleapis.com/ Frame 11EA 		2 KB
535 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400
Requested by
Host: 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
URL: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:80d::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
582c2586c49819d9dfe5cb88653679a40bf930ca86f1dc01a4afd821a9eab97e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 16 Dec 2022 19:40:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 16 Dec 2022 19:01:40 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 16 Dec 2022 19:40:31 GMT
load_preloaded_resource_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame 11EA 		2 KB
765 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/load_preloaded_resource_fy2021.js
Requested by
Host: 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
URL: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 15 Dec 2022 22:12:00 GMT
content-encoding
br
x-content-type-options
nosniff
age
77310
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
738
x-xss-protection
0
server
cafe
etag
1394486882873449110
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 29 Dec 2022 22:12:00 GMT
adview
securepubads.g.doubleclick.net/pagead/ Frame 11EA 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CEJWhrsmcY7-YF9O8lQeYyp_wDp3lhfFtltOk0pUQkJ6O148OEAEg9PnGJWCRhKCFjBigAerYq90CyAEJ4AIAqAMByAPLBKoE8AFP0IyqTLYqiakz2kVUr6wEU_-4P2Ao2-JgNkAVLm5Rj7aeZdjxNP9rCzcH29yVUKR7hmU7JI_Hl1AP16ySMvcMQLYOyTTjZUPu_WcISyXLqlplDs68kU3RNcSsFmOoUJW3VGzaTJGg1QHjvm30u0Cfkx7vDBivzvCAsXY7CPmhaNjh3A21MGEJUAQY0SXBaDp2c4Drs8e9PjanFRG9yF27YILJfmsuIb6Q3ujxxQUktVAwRxVCwbyIjou1eDjcPuhPHH-6YriWiSn_T9EzYt7n7Ov06uYnFunYlGoVC-CWXsINgmhgfblUc5P2eOiEYKrABLaM2cedAuAEAZIFBAgEGAGSBQQIBRgEoAYugAf-ptSiAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB6a-G9gHAPIHBBCHpAHSCBEIgOGAEBABGB0yAqoCOgKAQIAKA8gLAdgTDIgUBdAVAYAXAbIXHgocCAASFHB1Yi02Mzk2ODQ0NzQyNDk3MjA4GL7JBw&sigh=PHajlpyCTNI&uach_m=[UACH]&cid=CAQSOwDq26N9W_vOtgSjXrf1fkqXic1zgsTz4XkAw5RoHSd0TKb-eJzSL8xmslSKcnzdeX7y8mjBYP9SaH0uGAEgEw&template_id=494
Requested by
Host: xdarom.com
URL: https://xdarom.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/ Frame 11EA 		23 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/abg_lite_fy2021.js
Requested by
Host: 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
URL: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 09:24:42 GMT
content-encoding
br
x-content-type-options
nosniff
age
36948
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9443
x-xss-protection
0
server
cafe
etag
9828741834572772835
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 30 Dec 2022 09:24:42 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame 11EA 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/window_focus_fy2021.js
Requested by
Host: 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
URL: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 12:28:35 GMT
content-encoding
br
x-content-type-options
nosniff
age
25915
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 30 Dec 2022 12:28:35 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame 11EA 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
URL: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 09:24:42 GMT
content-encoding
br
x-content-type-options
nosniff
age
36948
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7480
x-xss-protection
0
server
cafe
etag
15631949847000551034
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 30 Dec 2022 09:24:42 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 11EA 		153 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
URL: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47725
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1670417373259609"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 16 Dec 2022 19:40:31 GMT
5abbe811e7745ada511aeaa994a13f9f.js
www.gstatic.com/mysidia/ Frame 11EA 		34 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/5abbe811e7745ada511aeaa994a13f9f.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
URL: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6b23e94a0591e43f749074a39df5a5e700d5bd6c40d1b8016a1a2e44a3176037
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Mon, 12 Dec 2022 21:16:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
339819
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14213
x-xss-protection
0
last-modified
Thu, 08 Dec 2022 23:34:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Sun, 12 Mar 2023 21:16:52 GMT
truncated
/ Frame 11EA 		358 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f7d1cde7dd6457ab3780699765fe535407e971c7037713d38374036f80a44db9

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml
shopping
encrypted-tbn2.gstatic.com/ Frame 11EA 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcRoyUJBtHCQY158dsYzXyPJ33yjhW7Nw0fj-YiQauU72PVcli8ptQE5yl5kwO0&usqp=CAI
Requested by
Host: 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
URL: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:803::200e , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3dd5067ca76de54fffbe534ee19be0563145246385994907a76670d85335ad4e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 14:47:56 GMT
x-content-type-options
nosniff
age
17555
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20002
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 13:08:54 GMT
server
sffe
report-to
{"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type
image/jpeg
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="images-tbn"
expires
Sat, 16 Dec 2023 14:47:56 GMT
shopping
encrypted-tbn2.gstatic.com/ Frame 11EA 		39 KB
39 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcRIs-yI03qYClT0YDnp6IqhyLsYEn88CsRhQqXx50uQQpgbYHPS0VLzLF8Umg&usqp=CAI
Requested by
Host: 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
URL: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:803::200e , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e99320565e3581bfbc8ed2e0865537fcb59e2861d8803704d30f9ad6bbbca9d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Mon, 12 Dec 2022 20:49:01 GMT
x-content-type-options
nosniff
age
341490
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39694
x-xss-protection
0
last-modified
Mon, 05 Dec 2022 04:12:42 GMT
server
sffe
report-to
{"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type
image/jpeg
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="images-tbn"
expires
Tue, 12 Dec 2023 20:49:01 GMT
shopping
encrypted-tbn0.gstatic.com/ Frame 11EA 		23 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcRYIzujrjQDtFTHJOld9sX6-p7fBJJeaOlzTnM_-6sDoxlUntPLZzzpBn05gg&usqp=CAI
Requested by
Host: 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
URL: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4fe0b9698dd1d1329451f563d06b2d330f587ec75db1558d1ff80e494757ef52
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 15 Dec 2022 16:56:13 GMT
x-content-type-options
nosniff
age
96258
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23806
x-xss-protection
0
last-modified
Tue, 22 Nov 2022 05:14:29 GMT
server
sffe
report-to
{"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type
image/jpeg
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="images-tbn"
expires
Fri, 15 Dec 2023 16:56:13 GMT
shopping
encrypted-tbn0.gstatic.com/ Frame 11EA 		38 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcQSA2JkgFqv1opBdemOqwxCLDnbmVJzLOXwJ2IjxBTUWNVzQL5Kkfd8ksIL16w&usqp=CAI
Requested by
Host: 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
URL: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e15aa0bfde2f8906f6e028b5f8f111e0f6b3a8437294d3707d5ec310881502a7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 15 Dec 2022 23:23:19 GMT
x-content-type-options
nosniff
age
73032
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38834
x-xss-protection
0
last-modified
Sun, 19 Dec 2021 21:30:20 GMT
server
sffe
report-to
{"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type
image/jpeg
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="images-tbn"
expires
Fri, 15 Dec 2023 23:23:19 GMT
15404334706985882
tpc.googlesyndication.com/simgad/ Frame 11EA
Redirect Chain
  • https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKC_l8j4kAEQsAkYsAkyCJcOr4HLZ_2F
  • https://tpc.googlesyndication.com/simgad/15404334706985882
49 KB
49 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/15404334706985882
Requested by
Host: 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
URL: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
50e9b5d3548f8e8c81befa8e43c3517c0dfa68cb4386d3a6386c0b04412d3637
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 15 Dec 2022 21:20:43 GMT
x-content-type-options
nosniff
age
80387
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
49778
x-xss-protection
0
last-modified
Wed, 07 Jul 2021 04:11:14 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Fri, 15 Dec 2023 21:20:43 GMT

Redirect headers

date
Fri, 16 Dec 2022 16:17:11 GMT
x-content-type-options
nosniff
server
cafe
age
12199
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://tpc.googlesyndication.com/simgad/15404334706985882
content-type
text/html; charset=UTF-8
cache-control
public, max-age=2592000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Sun, 15 Jan 2023 16:17:11 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 6079 		1 KB
643 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
URL: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:803::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

age
43947
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=86400
content-encoding
br
content-length
618
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 16 Dec 2022 07:28:03 GMT
etag
48472445140208031
expires
Sat, 17 Dec 2022 07:28:03 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame 11EA 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a0ee280bfb57f630f8bbbaaed07ab61ef0945624d59889bec9abe992c8c87a6a

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/png
current
dclk-match.dotomi.com/match/bounce/ Frame 6079 		0
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESENgVKkiLee0hi3DADwSejiE&google_cver=1&google_push=AavPq0PRBx0cBpdwj2NZ6--ygOqCqprPJvhYtOABn5w_E3ljLwKBZIpMgKFxfzLHBnPFr78XA-EdscS7rJfU6h8yr3qVP-vdksIs
Requested by
Host: 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
URL: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:13::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Dec 2022 19:40:31 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
expires
0
pixel
cm.g.doubleclick.net/ Frame 6079
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
  • https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEK6G5n82TF-hkEwpw9nBpZ0&google_push=AavPq0MroNJpbKX6qYK9cq0GRJJQyfe98p7nTMltk6Kd7Q4e5z5H8cNBfB...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEK6G5n82TF-hkEwpw9nBpZ0&google_push=AavPq0MroNJpbKX6qYK9cq0GRJJQyfe98p7nTMltk6Kd7Q4e5z5H8cNBfB68Zg2szx2PmI9Z9sVOsyVyqGZdHGASwK69NcZMjik
Protocol
H3
Server
142.251.39.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s37-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Dec 2022 19:40:31 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by
cache-ewr18140-EWR
pragma
no-cache
date
Fri, 16 Dec 2022 19:40:31 GMT
via
1.1 varnish
server
Jetty(9.4.35.v20201120)
x-timer
S1671219631.294005,VS0,VE8
x-cache
MISS
p3p
CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin
*
location
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEK6G5n82TF-hkEwpw9nBpZ0&google_push=AavPq0MroNJpbKX6qYK9cq0GRJJQyfe98p7nTMltk6Kd7Q4e5z5H8cNBfB68Zg2szx2PmI9Z9sVOsyVyqGZdHGASwK69NcZMjik
cache-control
no-cache
accept-ranges
bytes
content-length
0
x-cache-hits
0
pixel
cm.g.doubleclick.net/ Frame 6079
Redirect Chain
  • https://fksnk.com/cs/google?google_gid=CAESENR9-28NX6rR66GiPd8V164&google_cver=1&google_push=AavPq0NzcfAOe4x2882JUa4Vtk7j5vFcjc_4vuBNv1QhquloDHjkpt19rgb1jMxC7Np1C__cwhMYUr8ORB7SPjISUUexD1IVqXUU
  • https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=RTBBODM5RDExMTcwNDVDRg==
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=RTBBODM5RDExMTcwNDVDRg==
Protocol
H3
Server
142.251.39.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s37-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Dec 2022 19:40:31 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=RTBBODM5RDExMTcwNDVDRg==
date
Fri, 16 Dec 2022 19:40:31 GMT
content-language
en-US
content-type
text/html;charset=ISO-8859-1
pixel
cm.g.doubleclick.net/ Frame 6079
Redirect Chain
  • https://a.c.appier.net/gcm?google_gid=CAESEAlLUyltY7xaL8HKQnurDtY&google_cver=1&google_push=AavPq0NBcPZ2-ekFXEP9GjBCkQeFIylLMGas5hjvQh_Kz3A-9wiQtrTB2K0gICkoC0HmF1NM0d2PTV00jyG-9FQTmMW5K7F8V0UM
  • https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=VTRodVB0eTlDYXVOckwyZ3NNbWNZdw%3D%3D&google_push=AavPq0NBcPZ2-ekFXEP9GjBCkQeFIylLMGas5hjvQh_Kz3A-9wiQtrTB2K0gICkoC0HmF1NM0d2PTV00jyG-9...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=VTRodVB0eTlDYXVOckwyZ3NNbWNZdw%3D%3D&google_push=AavPq0NBcPZ2-ekFXEP9GjBCkQeFIylLMGas5hjvQh_Kz3A-9wiQtrTB2K0gICkoC0HmF1NM0d2PTV00jyG-9FQTmMW5K7F8V0UM
Protocol
H3
Server
142.251.39.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s37-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Dec 2022 19:40:32 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=VTRodVB0eTlDYXVOckwyZ3NNbWNZdw%3D%3D&google_push=AavPq0NBcPZ2-ekFXEP9GjBCkQeFIylLMGas5hjvQh_Kz3A-9wiQtrTB2K0gICkoC0HmF1NM0d2PTV00jyG-9FQTmMW5K7F8V0UM
date
Fri, 16 Dec 2022 19:40:32 GMT
cache-control
no-store
content-type
text/html; charset=utf-8
server
nginx
content-length
243
p3p
CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pixel
cm.g.doubleclick.net/ Frame 6079
Redirect Chain
  • https://s.uuidksinc.net/match/47/?remote_uid=CAESEK1lhzSpCzdn04F11a7cATA&c_param1=AavPq0OaVou4Bza9KG9lip9xXRIahy6hBY54djYxJh3QIo1GR_dLn66lc8uh4cIJrPjPXeDwgI5sVhDVGJW50SKGlKsYWw1ROrY2&gdpr=%%GDPR%%&...
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AavPq0OaVou4Bza9KG9lip9xXRIahy6hBY54djYxJh3QIo1GR_dLn66lc8uh4cIJrPjPXeDwgI5sVhDVGJW50SKGlKsYWw1ROrY2
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AavPq0OaVou4Bza9KG9lip9xXRIahy6hBY54djYxJh3QIo1GR_dLn66lc8uh4cIJrPjPXeDwgI5sVhDVGJW50SKGlKsYWw1ROrY2
Requested by
Host: 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
URL: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Server
142.251.39.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s37-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Dec 2022 19:40:31 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AavPq0OaVou4Bza9KG9lip9xXRIahy6hBY54djYxJh3QIo1GR_dLn66lc8uh4cIJrPjPXeDwgI5sVhDVGJW50SKGlKsYWw1ROrY2
date
Fri, 16 Dec 2022 19:40:31 GMT
server
nginx/1.19.0
content-length
0
dds
rtb.openx.net/sync/ Frame 6079 		43 B
350 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.openx.net/sync/dds?google_gid=CAESENfX72HFQGa30WAznYKPf9U&google_cver=1&google_push=AavPq0MAnI4mr6a7HEkdJMvIEo4tcHA_j2_4siVCz1W8zS71zpSSv-yC5iXuUWLcJrDDr---NvdrhSKkrikdPfjSBBfpFFAj172G
Requested by
Host: 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
URL: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
103.252.227.35.bc.googleusercontent.com
Software
Cowboy /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Dec 2022 19:40:30 GMT
via
1.1 google
server
Cowboy
vary
Origin
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
null
access-control-expose-headers
cache-control
private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials
true
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
x-request-id
vj1hsafs3p3ol22tgcvvld9grc4kcss4
/
cc.adingo.jp/adx/push/ Frame 6079 		0
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cc.adingo.jp/adx/push/?google_gid=CAESEOrgEGTBEZj5lAtFuVGH2Ps&google_cver=1&google_push=AavPq0OP0RrvcbRynw93AwXPtdzd_f-SYd65mLbFrLEMj6D7fS_ml1GA5Fuu2bR4E2atGYMcuAl-k_36hqfgeC_Mloaj8vKBFtVI
Requested by
Host: 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
URL: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.150.84.46 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-150-84-46.ap-northeast-1.compute.amazonaws.com
Software
awselb/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:31 GMT
server
awselb/2.0
attr
cm.g.doubleclick.net/pixel/ Frame 6079 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Ljm_3U4SfEW1X-vGRdlVm_kjwO_UyFnobPf3QqFaZx-aV4EInyBtiZy6NccqShygsylSgF
Requested by
Host: 1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
URL: https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.39.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s37-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:31 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2
fonts.gstatic.com/s/googlesansdisplay/v21/ Frame 11EA 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:802::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Mon, 12 Dec 2022 15:58:56 GMT
x-content-type-options
nosniff
age
358895
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20784
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 19:21:31 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 12 Dec 2023 15:58:56 GMT
GC5M5N_VN3lVd7ErmxmldCKoshgV9d2S74rLP9hyoZw.js
pagead2.googlesyndication.com/bg/ Frame B39E 		36 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/GC5M5N_VN3lVd7ErmxmldCKoshgV9d2S74rLP9hyoZw.js
Requested by
Host: xdarom.com
URL: https://xdarom.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:803::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
182e4ce4dfd537795577b12b9b19a57422a8b21815f5dd92ef8acb3fd872a19c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 13 Dec 2022 20:48:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
255114
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16025
x-xss-protection
0
last-modified
Mon, 05 Dec 2022 17:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 13 Dec 2023 20:48:37 GMT
army.gif
xdarom.com/porpoiseant/ 		0
504 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiODE5NjYzNjgzOTExOTE1NSIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiI3OSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU2NTMyNjk4NTExNzM0OSIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsImFkX3Bvc2l0aW9uIjoxMTA1LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MTYsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIyMiJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMzk3NTEwNzI3NzEzMjg3MiIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MTYsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIyNCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNTE0MjU3NDY3MzE2NDIxMyIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsImFkX3Bvc2l0aW9uIjoxMTAzLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiI3MiJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by
Host: xdarom.com
URL: https://xdarom.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y0b-6y0d-21y14-4y18-5y22-3y30-4y5a-2y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x0bx0dx14x18x22x30x5ax5ex65&abt=DynamicMedDec
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:32 GMT
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c6GkB7sVLJDnx31Xmyj3DzMTJ7faXqYhIwSI371BD9gF6O5GZqIf95C7ERzzStlJoz2fWtI%2FOQvnq64xJjGbdRlACkWlR1bW1aneHgdf80LieBGWfTH8dMjrD3mYYm%2Br46RWQFp7ABsv"}],"group":"cf-nel","max_age":604800}
x-middleton-display
ezp_sol
cache-control
private, max-age=0, must-revalidate, no-cache, no-store
cf-ray
77a9e42c0b48b725-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 15 Dec 2022 19:40:33 GMT
greenoaks.gif
xdarom.com/detroitchicago/ 		0
509 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2N2EwMGMyZC1jZWEzLTRmOGQtNDc0Ni05YWEwMGU5YjQ0YTEiLCJkb21haW5faWQiOiIxODg1MTMiLCJ0X2Vwb2NoIjoxNjcxMjE5NjIyLCJkYXRhIjpbeyJuYW1lIjoibmF2aWdhdGlvbl90eXBlIiwidmFsIjoiMCJ9LHsibmFtZSI6InJlZGlyZWN0X2NvdW50IiwidmFsIjoiMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInRfZXBvY2giOjE2NzEyMTk2MjIsImRhdGEiOlt7Im5hbWUiOiJwZXJmX2lzX3RyYWNrZWQiLCJ2YWwiOiIxIn0seyJuYW1lIjoicGVyZl9uYXZfdG9fY29ubmVjdCIsInZhbCI6IjE5MzMifSx7Im5hbWUiOiJwZXJmX2Nvbm5lY3RfdG9fcmVzcF9zdGFydCIsInZhbCI6IjM0MDUifSx7Im5hbWUiOiJwZXJmX3Jlc3BfdGltZSIsInZhbCI6IjEzIn0seyJuYW1lIjoicGVyZl9pbnRlcmFjdGl2ZSIsInZhbCI6IjE0MyJ9LHsibmFtZSI6InBlcmZfY29udGVudGxvYWRlZCIsInZhbCI6IjE1MyJ9LHsibmFtZSI6InBlcmZfY29tcGxldGUiLCJ2YWwiOiIyNTQ5In1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiNjdhMDBjMmQtY2VhMy00ZjhkLTQ3NDYtOWFhMDBlOWI0NGExIiwiZG9tYWluX2lkIjoiMTg4NTEzIiwidF9lcG9jaCI6MTY3MTIxOTYyMiwiZGF0YSI6W3sibmFtZSI6ImZpcnN0X3BhaW50IiwidmFsIjoiMzUxNiJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInRfZXBvY2giOjE2NzEyMTk2MjIsImRhdGEiOlt7Im5hbWUiOiJmaXJzdF9jb250ZW50ZnVsX3BhaW50IiwidmFsIjoiMzUxNiJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInRfZXBvY2giOjE2NzEyMTk2MjIsImRhdGEiOlt7Im5hbWUiOiJjb25uZWN0aW9uX2VmZmVjdGl2ZV90eXBlIiwidmFsIjoiNGcifV19XQ==
Requested by
Host: xdarom.com
URL: https://xdarom.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y0b-6y0d-21y14-4y18-5y22-3y30-4y5a-2y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x0bx0dx14x18x22x30x5ax5ex65&abt=DynamicMedDec
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:32 GMT
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fox4d%2BxBj%2B9V6Tgh092TUCacL1cHfW%2FRffjgqfU651aMIa1FsCfRcwtEfmrSNTMDOgru1uROlUfHaDL%2Bqn0FVmqT%2Bd4ZxxFa7AoxArIcAoIHkaYvSZSOJUdGufi5akPuW9UZ6S9Ru0JL"}],"group":"cf-nel","max_age":604800}
x-middleton-display
ezp_sol
cache-control
private, max-age=0, must-revalidate, no-cache, no-store
cf-ray
77a9e42d6cd9b725-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 15 Dec 2022 19:40:32 GMT
greenoaks.gif
xdarom.com/detroitchicago/ 		0
502 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2N2EwMGMyZC1jZWEzLTRmOGQtNDc0Ni05YWEwMGU5YjQ0YTEiLCJkb21haW5faWQiOiIxODg1MTMiLCJ0X2Vwb2NoIjoxNjcxMjE5NjIyLCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9kb3dubGluayIsInZhbCI6IjEwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiNjdhMDBjMmQtY2VhMy00ZjhkLTQ3NDYtOWFhMDBlOWI0NGExIiwiZG9tYWluX2lkIjoiMTg4NTEzIiwidF9lcG9jaCI6MTY3MTIxOTYyMiwiZGF0YSI6W3sibmFtZSI6ImNvbm5lY3Rpb25fcnR0IiwidmFsIjoiMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInRfZXBvY2giOjE2NzEyMTk2MjIsImRhdGEiOlt7Im5hbWUiOiJkaXNwbGF5X2FkX3ZpZXdwb3J0X3B4IiwidmFsIjoiMzQ3NjYwIn0seyJuYW1lIjoiZGlzcGxheV9hZF92aWV3cG9ydF9jb3VudCIsInZhbCI6IjQifSx7Im5hbWUiOiJuYXRpdmVfYWRfdmlld3BvcnRfcHgiLCJ2YWwiOiIwIn0seyJuYW1lIjoibmF0aXZlX2FkX3ZpZXdwb3J0X2NvdW50IiwidmFsIjoiMCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfZG9jX3B4IiwidmFsIjoiNjEzMzAwIn0seyJuYW1lIjoiZGlzcGxheV9hZF9kb2NfY291bnQiLCJ2YWwiOiI0In0seyJuYW1lIjoibmF0aXZlX2FkX2RvY19weCIsInZhbCI6IjAifSx7Im5hbWUiOiJuYXRpdmVfYWRfZG9jX2NvdW50IiwidmFsIjoiMCJ9LHsibmFtZSI6InZpZXdwb3J0X3NpemUiLCJ2YWwiOiIxNjAweDEyMDAifSx7Im5hbWUiOiJ2aWV3cG9ydF9weCIsInZhbCI6IjE5MjAwMDAifSx7Im5hbWUiOiJkb2NfcHgiLCJ2YWwiOiIxNTM1MjAwMCJ9LHsibmFtZSI6ImRvY19oZWlnaHQiLCJ2YWwiOiI5NTk1In1dfV0=
Requested by
Host: xdarom.com
URL: https://xdarom.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y0b-6y0d-21y14-4y18-5y22-3y30-4y5a-2y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x0bx0dx14x18x22x30x5ax5ex65&abt=DynamicMedDec
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:32 GMT
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1x0qinDsY3tn591gox3SwENnHYnG2b4igyMGXZifwHOsraVLWxKKb%2BqehtsEv5soPnQr2xPNzqoNTGztZM4YnbwfTqgeJ9Cj2ROZUCxHKtWnPN6maJFkKltlJcFmqxGUwCCuWU0nbjq7"}],"group":"cf-nel","max_age":604800}
x-middleton-display
ezp_sol
cache-control
private, max-age=0, must-revalidate, no-cache, no-store
cf-ray
77a9e42d6cdfb725-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 15 Dec 2022 19:40:30 GMT
widgets.js
platform.twitter.com/ 		97 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6BB0) /
Resource Hash
c02444f391e8655e79ff8d7d4cb69c3426c3bffbf8731a994fa23aed0f641d12

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Fri, 16 Dec 2022 19:40:32 GMT
Content-Encoding
gzip
Age
1078
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=
Content-Length
29221
Last-Modified
Wed, 02 Nov 2022 19:43:37 GMT
Server
ECS (amb/6BB0)
Etag
"6633f9603c759c40d9b200995454f17c+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
x-tw-cdn
VZ
Cache-Control
public, max-age=1800
activeview
pagead2.googlesyndication.com/pcs/ Frame 11EA 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstCAlcsDVkBCJmEIqYIA1BYy51kmox3ebC9KdVpnWeovqI45T6Z0srPBaA5Y7oz5fTAuQMvUUbP1A-z5eeQ9LfIRjLAAHER6Xufz8FJcGejVOR-yizu54Px-jmcJjkDbFm9WJcTjA&sai=AMfl-YRz3li1BCZGmT0zxHpNMIMbd0z82sJJsfRR2gIrst8UbRE8KbownGEnP2KA7pagr5jttX9y6-x-ld899fyTsdrXoBFc2XP2QicchK4FjrkP0w9_nRu2rbmnwjpJ-Q&sig=Cg0ArKJSzDciD72lSK9lEAE&cid=CAQSOwDq26N9W_vOtgSjXrf1fkqXic1zgsTz4XkAw5RoHSd0TKb-eJzSL8xmslSKcnzdeX7y8mjBYP9SaH0uGAEgEw&id=lidar2&mcvt=1000&p=632,1203,1682,1503&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&v=20221207&bin=7&avms=nio&bs=0,0&mc=0.54&if=1&vu=1&app=0&itpl=22&adk=329616143&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1671219630844&rpt=395&isd=0&lsd=0&met=mue&wmsd=0&pbe=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:803::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Dec 2022 19:40:32 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
army.gif
xdarom.com/porpoiseant/ 		0
505 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNTE0MjU3NDY3MzE2NDIxMyIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTEwMywiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by
Host: xdarom.com
URL: https://xdarom.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y0b-6y0d-21y14-4y18-5y22-3y30-4y5a-2y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x0bx0dx14x18x22x30x5ax5ex65&abt=DynamicMedDec
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:32 GMT
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PhVLW6zVuDCfXOI3oXBTevAW7rbFLZ8hrKEeczjGaRe6r1NSsQG3N6bi1yZUsS0NY509oqevOnSi2MEuZN6OFG6MMVx6B%2FrfSUK5LC30PTJyOCTVVExSAJQqIktHuzu%2Bh5Ol6obUPFjj"}],"group":"cf-nel","max_age":604800}
x-middleton-display
ezp_sol
cache-control
private, max-age=0, must-revalidate, no-cache, no-store
cf-ray
77a9e42dad60b725-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 15 Dec 2022 19:40:32 GMT
army.gif
xdarom.com/porpoiseant/ 		0
524 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://xdarom.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNTE0MjU3NDY3MzE2NDIxMyIsImRvbWFpbl9pZCI6IjE4ODUxMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXhkYXJvbV9jb20tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2NzEyMTk2MjIsImFkX3Bvc2l0aW9uIjoxMTAzLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6IjY3YTAwYzJkLWNlYTMtNGY4ZC00NzQ2LTlhYTAwZTliNDRhMSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6IlszMDAsMTA1MF0ifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjUxNDI1NzQ2NzMxNjQyMTMiLCJkb21haW5faWQiOiIxODg1MTMiLCJ1bml0IjoiZGl2LWdwdC1hZC14ZGFyb21fY29tLWxhcmdlLWJpbGxib2FyZC0yLTAiLCJ0X2Vwb2NoIjoxNjcxMjE5NjIyLCJhZF9wb3NpdGlvbiI6MTEwMywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6Ik5MIiwicGFnZXZpZXdfaWQiOiI2N2EwMGMyZC1jZWEzLTRmOGQtNDc0Ni05YWEwMGU5YjQ0YTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTA3LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by
Host: xdarom.com
URL: https://xdarom.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y0b-6y0d-21y14-4y18-5y22-3y30-4y5a-2y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x0bx0dx14x18x22x30x5ax5ex65&abt=DynamicMedDec
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:32 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EHza3B3TzrrHI8F2SbCke2bjPJwEg%2FQ29yYpaKoaHyTTiUrshjUDjA4gz%2BuTDzrbYuhDj1p7hqPZnbqKRaXeK7B8oUfEDHAz4ag%2BtxcQDQkHRw4puRO%2By2%2BK1oAmH9NOX7agkks7G8gy"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://xdarom.com
x-middleton-display
ezp_sol
cache-control
private, max-age=0, must-revalidate, no-cache, no-store
cf-ray
77a9e42e4deab725-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 15 Dec 2022 19:40:28 GMT
json
gum.criteo.com/sid/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fxdarom.com%2F&domain=xdarom.com&bundle=iP6tn18lMkJGRGdKZkQlMkZBZWZ5dzY4UTJIYzVxSG9MUHlkWG42UVMyQmglMkZ3ciUyQmRiRE0lMkJmM3dBUCUyRnduM0MlMkJ3OUdhUjJOJTJCd2h2WkxqMU5qdEpGQTlrTG96MFNFM0E4MXUxdm44NHNVS0VWaG1Rd28xaHNXOUtFZmZESXFjcmc1SGJoS3NIaTZBWnllJTJGTXJwdmw4SmRDMnRmblAxWGclM0QlM0Q&cw=1&pbt=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://xdarom.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
https://xdarom.com
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Fri, 16 Dec 2022 19:40:33 GMT
expires
0
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
476417
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
sid
mug.criteo.com/
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fxdarom.com%2F&domain=xdarom.com&bundle=iP6tn18lMkJGRGdKZkQlMkZBZWZ5dzY4UTJIYzVxSG9MUHlkWG42UVMyQmglMkZ3ciUyQmRiRE0lMkJmM3dBUCUyRnd...
  • https://mug.criteo.com/sid?cpp=e0bCFHxyYk02d2E2VENYVTBPd0dDb3lxQlRQL3c0UTJYSmw1MURCQ0xrQk5xcm1PYzFyS0xGUG5QTW9hKzB0UUJrRElCdEp6cXh2ZzJKMWsrS2t3OXpld3RqSDBoNUtrUUsxQlBtaERKYjRjK1MvQUtOend2Z3F5OC9Pb0...
442 B
700 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=e0bCFHxyYk02d2E2VENYVTBPd0dDb3lxQlRQL3c0UTJYSmw1MURCQ0xrQk5xcm1PYzFyS0xGUG5QTW9hKzB0UUJrRElCdEp6cXh2ZzJKMWsrS2t3OXpld3RqSDBoNUtrUUsxQlBtaERKYjRjK1MvQUtOend2Z3F5OC9Pb01CL0VTNG9zd3UyMVJaNmJoWHRWdGFLWmkrUkRxclA3K0RkSCtMY3ZlbEhmTTJmdWtKSEUwN2drSlBnMnpCUS9Pdm1YZUF1ZDJpeEpGSENrY1U4MmowWm1hajJVQzFkc3Z3YTRJZGY0clpOWlc3NXhJRzA3OHQ3TTJDVFBRRWxONFJYOUdYL2hvTjhUT3BhWjRFSkFaclBHQVUrb1BrR0tKMU5rZlFUWW40UklvSjBHdGRwVT18&cppv=2
Protocol
H2
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
62479b83229b8029fdff81cf48374e3bd811c6b2d1f406aefad120b605a38d39
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Dec 2022 19:40:32 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
2341746
expires
0

Redirect headers

pragma
no-cache
date
Fri, 16 Dec 2022 19:40:32 GMT
strict-transport-security
max-age=31536000; preload;
server
Kestrel
access-control-allow-methods
GET
location
https://mug.criteo.com/sid?cpp=e0bCFHxyYk02d2E2VENYVTBPd0dDb3lxQlRQL3c0UTJYSmw1MURCQ0xrQk5xcm1PYzFyS0xGUG5QTW9hKzB0UUJrRElCdEp6cXh2ZzJKMWsrS2t3OXpld3RqSDBoNUtrUUsxQlBtaERKYjRjK1MvQUtOend2Z3F5OC9Pb01CL0VTNG9zd3UyMVJaNmJoWHRWdGFLWmkrUkRxclA3K0RkSCtMY3ZlbEhmTTJmdWtKSEUwN2drSlBnMnpCUS9Pdm1YZUF1ZDJpeEpGSENrY1U4MmowWm1hajJVQzFkc3Z3YTRJZGY0clpOWlc3NXhJRzA3OHQ3TTJDVFBRRWxONFJYOUdYL2hvTjhUT3BhWjRFSkFaclBHQVUrb1BrR0tKMU5rZlFUWW40UklvSjBHdGRwVT18&cppv=2
access-control-allow-origin
https://xdarom.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
778205
content-length
0
expires
0
prebid
id5-sync.com/api/config/ 		135 B
539 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/api/config/prebid
Requested by
Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=adyoulike,yieldmo&cb=195-0-50
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
141.95.98.64 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3216658.ip-141-95-98.eu
Software
/
Resource Hash
e6cead609d342bd202f23b8fa86aff54f2503372d68ae63acca87e7dca2bec15
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://xdarom.com/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://xdarom.com
date
Fri, 16 Dec 2022 19:40:32 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
content-type
application/json;charset=UTF-8
/
id.a-mx.com/sync/ 		99 B
621 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id.a-mx.com/sync/?tagId=&ref=null&u=https://xdarom.com/&v=7.17.0&vg=epbjs&us_privacy=null&gdpr=0&gdpr_consent=
Requested by
Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=adyoulike,yieldmo&cb=195-0-50
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::c -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
9949064d19e3e704ee828d46fd41c771a12761c582aca32b6213e945502c6e49

Request headers

Referer
https://xdarom.com/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 16 Dec 2022 19:40:33 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ts2banaBLe6OIsXi2ZfMSWI7Um%2FpdCInug2VtBiq3jNEKPdzEnODXDdgfyCumTtVbdwJMmQ0eewiNfD7LJlfvW%2Bw4dW6mGAlCXBd5X9pINZViUdM2GeDSGMbRGKVG61VNdjc2r%2F%2B0uhocw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET,OPTIONS
access-control-allow-origin
*
content-type
application/json
cache-control
private,max-age=3600
access-control-allow-credentials
true
cf-ray
77a9e4350df50e6c-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
id
id.crwdcntrl.net/ 		43 B
313 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id.crwdcntrl.net/id
Requested by
Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=adyoulike,yieldmo&cb=195-0-50
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.213.183.227 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-213-183-227.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
a96e1e97d62ab9747678b947bdf0a0ea5f81790b1e3a1df2d4607a86bf802596

Request headers

Referer
https://xdarom.com/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 16 Dec 2022 19:40:33 GMT
server
Jetty(9.4.38.v20210224)
content-type
application/json;charset=utf-8
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
https://xdarom.com
cache-control
no-cache
x-server
10.45.21.132
access-control-allow-credentials
true
content-length
43
expires
0
fpc
xdarom.com/cvx/client/sync/ 		678 B
678 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://xdarom.com/cvx/client/sync/fpc?name=_sharedid&id=pubcid%3Aded728c0-fdf6-4a84-b5b6-034fb3e5adb8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xdarom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:40:33 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wFb3xB2HjsdwUFbMyIWNWnjUj07OtidsqeRooDqSXSHEliDSCMcZIwa%2FnokbuCpt6jQcfl0F0IHIY%2FayQFMA6bKW0rxH4IK97LU4%2FZPXWqqOy9TublczvblqaPj0tfo1TDlJFn2N8ZjW"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cache-control
max-age=0, no-store
cf-ray
77a9e4348d50b725-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
pbcas
ads.yieldmo.com/ Frame 7BC6 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.yieldmo.com/pbcas?us_privacy=&gdpr=0&gdpr_consent=&type=iframe
Requested by
Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=adyoulike,yieldmo&cb=195-0-50
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.76.72.156 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-72-156.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
https://xdarom.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

date
Fri, 16 Dec 2022 19:40:33 GMT
v1
lb.eu-1-id5-sync.com/lb/ 		33 B
397 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://lb.eu-1-id5-sync.com/lb/v1
Requested by
Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=adyoulike,yieldmo&cb=195-0-50
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.83 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
2baa24597f3974e5b8d0cef041767474762be084869656db802806341e311d05
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://xdarom.com/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://xdarom.com
date
Fri, 16 Dec 2022 19:40:32 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
content-type
application/json;charset=UTF-8
sid
mug.criteo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=e0bCFHxyYk02d2E2VENYVTBPd0dDb3lxQlRQL3c0UTJYSmw1MURCQ0xrQk5xcm1PYzFyS0xGUG5QTW9hKzB0UUJrRElCdEp6cXh2ZzJKMWsrS2t3OXpld3RqSDBoNUtrUUsxQlBtaERKYjRjK1MvQUtOend2Z3F5OC9Pb01CL0VTNG9zd3UyMVJaNmJoWHRWdGFLWmkrUkRxclA3K0RkSCtMY3ZlbEhmTTJmdWtKSEUwN2drSlBnMnpCUS9Pdm1YZUF1ZDJpeEpGSENrY1U4MmowWm1hajJVQzFkc3Z3YTRJZGY0clpOWlc3NXhJRzA3OHQ3TTJDVFBRRWxONFJYOUdYL2hvTjhUT3BhWjRFSkFaclBHQVUrb1BrR0tKMU5rZlFUWW40UklvSjBHdGRwVT18&cppv=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
null
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Fri, 16 Dec 2022 19:40:33 GMT
expires
0
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
574927
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
457.json
id5-sync.com/g/v2/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
s7.addthis.com
URL
https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Domain
id5-sync.com
URL
https://id5-sync.com/g/v2/457.json

Verdicts & Comments Add Verdict or Comment

369 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| 20 object| 21 object| 22 object| 23 object| 24 object| 25 object| 26 object| 27 object| 28 object| 29 object| 30 object| oncontentvisibilityautostatechange object| __ez string| __sellerid string| __schain_domain string| __ez_nid object| ezasVars object| ezslots_raw object| __advertiserRule object| google_reactive_ads_global_state function| ezasvEvent function| ezaslEvent function| ezoAdBackFill object| ezoSTPixels function| ezoSTPixelAdd function| ezoGetSlotById function| ezoGetSlotNum function| ezoSTPixelFire boolean| ezhbopt boolean| ezpbCache object| __banger_pmp_deals object| _ebcids number| ezobv object| ez_ad_units object| ezslots object| ezrpos object| ezsrqt boolean| __ez_fad_haspo boolean| __ez_fad_hascp object| __ez_fad_po boolean| __ez_fad_floatshowd function| __ez_fad_csnt function| __ez_fad_rdy function| __ez_fad_position function| __ez_fad_display function| ezSetTargetingFromMap function| ezSetSlotTargeting function| ezGetSlotById function| __ez_close_anchor boolean| isEZABL number| ezmadspc boolean| ezoViewCheck boolean| ezDisableInitialLoad object| googletag object| ezaxmns object| ezaucmns object| __ez_fad_floating boolean| __ez_fad_gptd boolean| __ez_fad_ezpbinitd number| __ez_fad_pbt function| __ez_fad_gpt function| __ez_fad_pb function| __ez_init_slot function| ezogetbrkey boolean| ezoll string| ezoadxnc string| ezoadhb boolean| ezoicTestActive object| _ezaq object| _ezim_d object| _ezat undefined| $ function| jQuery object| cookieconsent_options boolean| hasCookieConsent string| ezouid string| ezoTemplate string| ezoFormfactor object| ezo_elements_to_check string| soc_app_id number| did string| ezdomain number| ezoicSearchable function| create_ezolpl function| attach_ezolpl string| _audins_dom number| _audins_did object| tocplus function| _createClass function| _classCallCheck function| RocketBrowserCompatibilityChecker object| RocketPreloadLinksConfig object| generatepressMenu object| generatepressNavSearch object| generatepressBackToTop object| lazyLoadOptions string| addthis_product string| wp_product_version object| addthis_share object| addthis_config object| addthis_layers object| addthis_layers_tools object| addthis_plugin_info function| __ez_fad_ezpbinit object| ezYieldmo object| ezAYL function| ezjsps object| epbjs boolean| __enableAnalytics object| __s2sbidders object| __s2sinstreambidders object| __allBidders string| __id5pd string| __uIdHash string| __sspDomain function| __ez_tkn_evnt undefined| __ez_dims function| ezoChar function| ezoCharSize string| ezoScriptHost object| IL11ILILIIlLLLILILLLLIILLLIIL11111LLILiiLIliLlILlLiiLLIiILL function| ezoSyncToDfp function| ezoGetDFPSlot object| ezomash boolean| ezowwinit function| ezbanger function| ezvt function| ezvb function| ezsr function| ezosethbbid function| ezosethbbids function| ezGetSlotViewedTime function| formatBid function| fetchezoibfh object| ezoibfh number| ezoibfhHF function| adjustHbValues function| ezasBuild function| ezorefgsl function| LazyLoad function| epbjsRequestAdUnits function| epbjsRefreshSlot object| ezoptbid function| ez_attachEvent function| ez_attachEventWithCapture function| ez_detachEvent function| ez_getQueryString object| ezux object| metricNameMap function| ezlogVital object| ezRBA function| __ezDotData object| _ezfd object| riveted number| ez_tos_track_count number| ez_last_activity_count object| webVitals object| _qevents function| uglipop object| images boolean| is_image object| iframes boolean| is_iframe object| rocket_lazy object| ggeac object| google_tag_data object| google_js_reporting_queue object| ezmt object| ezua object| ezuxgoals object| ezdent object| ezDenty object| ct function| quantserve function| __qc object| ezt object| _qoptions undefined| google_measure_js_timing number| i3 object| ezslot_0 object| googleToken object| googleIMState function| processGoogleToken number| google_unique_id object| gaGlobal object| ezslot_2 object| ezslot_1 object| ezslot_6 function| atwpjp string| _atd function| _euc function| _duc object| _atc string| _atr object| addthis string| addthis_pub function| emdot object| _ate object| _adr object| addthis_conf function| addthis_open function| addthis_close function| addthis_sendto boolean| __@@##MUH number| ezouspvv object| _atw object| criteo_syncframe_state object| criteo_pubtag object| criteo_identitytag_132 object| Criteo object| Criteo_identitytag_132 object| regeneratorRuntime object| ox_esp function| setImmediate function| clearImmediate object| __uid2SecureSignalProvider object| __uid2 function| lotameIsCompatible function| sync16589_ba function| sync16589_b undefined| sync16589_c undefined| sync16589_ca undefined| sync16589_d function| sync16589_e object| sync16589_g function| sync16589_da function| sync16589_ea object| sync16589_ object| sync16589_ha object| sync16589_o object| sync16589_ta object| sync16589_K function| sync16589_aa function| sync16589_a function| sync16589_f function| sync16589_h function| sync16589_i function| sync16589_j function| sync16589_k function| sync16589_ga function| sync16589_fa function| sync16589_l function| sync16589_m function| sync16589_n function| sync16589_p function| sync16589_ia function| sync16589_ja function| sync16589_r function| sync16589_ka function| sync16589_s function| sync16589_t function| sync16589_q function| sync16589_u function| sync16589_la function| sync16589_v function| sync16589_w function| sync16589_x function| sync16589_y function| sync16589_z function| sync16589_A function| sync16589_B function| sync16589_D function| sync16589_E function| sync16589_F function| sync16589_C function| sync16589_ma function| sync16589_G function| sync16589_H function| sync16589_na function| sync16589_oa function| sync16589_I function| sync16589_J function| sync16589_pa function| sync16589_qa function| sync16589_ra function| sync16589_sa function| sync16589_L function| sync16589_M function| sync16589_N function| sync16589_O function| sync16589_P function| sync16589_Q function| sync16589_R function| sync16589_S function| sync16589_T function| sync16589_U function| sync16589_V function| sync16589_W function| sync16589_Z function| sync16589_X function| sync16589__ function| sync16589_Y function| sync16589_0 function| sync16589_1 function| sync16589_2 function| sync16589_3 function| sync16589_8 function| sync16589_ua function| sync16589_4 function| sync16589_6 function| sync16589_va function| sync16589_wa function| sync16589_9 function| sync16589_7 function| sync16589_5 function| sync16589_xa function| sync16589_ya function| sync16589_za function| sync16589_Aa function| sync16589_$ function| sync16589_Ba function| sync16589_Ca function| sync16589_Da function| sync16589_Ea object| lotame_sync_16589 object| signal_decrypted object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager object| pbjs string| addthis_exclude boolean| addthis_use_personalization string| addthis_options_default string| addthis_options_rank string| addthis_options object| __callbacks number| len object| oattr function| update_cookieconsent_options object| perf_vals string| token object| slots string| slot object| GoogleGcLKhOms string| passthrough function| __orig__fbAsyncInit function| fbAsyncInit object| __twttrll object| twttr object| __twttr object| FB object| __buffer number| PIN_19342 object| PIN_1671219628003 string| value object| key object| PinUtils object| google_image_requests object| epbjsChunk object| ezSchain

45 Cookies

Domain/Path Name / Value
.xdarom.com/ Name: ezoadgid_188513
Value: -1
.xdarom.com/ Name: ezoref_188513
Value:
.xdarom.com/ Name: ezosuibasgeneris-1
Value: 7eac6e25-d6d1-4463-550f-204236f4b18c
.xdarom.com/ Name: ezoab_188513
Value: mod59
.xdarom.com/ Name: active_template::188513
Value: pub_site.1671219622
.xdarom.com/ Name: ezopvc_188513
Value: 1
.xdarom.com/ Name: ezepvv
Value: 0
.xdarom.com/ Name: ezovid_188513
Value: 205757927
.xdarom.com/ Name: lp_188513
Value: https://xdarom.com/
.xdarom.com/ Name: ezovuuidtime_188513
Value: 1671219624
.xdarom.com/ Name: ezovuuid_188513
Value: e4bc45e6-9899-4fb3-7019-31e7bc44d2db
xdarom.com/ Name: ezds
Value: ffid%3D1%2Cw%3D1600%2Ch%3D1200
xdarom.com/ Name: ezohw
Value: w%3D1600%2Ch%3D1200
.quantserve.com/ Name: mc
Value: 639cc9a9-0548a-7ce41-3cbfa
.xdarom.com/ Name: __qca
Value: P0-179098142-1671219624788
.criteo.com/ Name: uid
Value: bdbd764e-7a29-41cd-bae3-4cc4d45948a3
.xdarom.com/ Name: __gads
Value: ID=4a0d87061a0293f3:T=1671219625:S=ALNI_MYrkqS5Alcp_HNu6Jbq9cVj94IKfQ
.xdarom.com/ Name: __gpi
Value: UID=00000b938891b518:T=1671219625:RT=1671219625:S=ALNI_MaEthC9tqK9DpahSFuvw8UUm9ps_A
.openx.net/ Name: i
Value: 71c391d5-f0c5-4b0e-9ab3-7819d7392478|1671219625
.doubleclick.net/ Name: IDE
Value: AHWqTUknoUj9znntAa_D0c4uHxsSRvj1H5jpGJUYfnZJAS3Tb6eFAGvFMtd95JiWJDs
.xdarom.com/ Name: cto_bundle
Value: iP6tn18lMkJGRGdKZkQlMkZBZWZ5dzY4UTJIYzVxSG9MUHlkWG42UVMyQmglMkZ3ciUyQmRiRE0lMkJmM3dBUCUyRnduM0MlMkJ3OUdhUjJOJTJCd2h2WkxqMU5qdEpGQTlrTG96MFNFM0E4MXUxdm44NHNVS0VWaG1Rd28xaHNXOUtFZmZESXFjcmc1SGJoS3NIaTZBWnllJTJGTXJwdmw4SmRDMnRmblAxWGclM0QlM0Q
.adnxs.com/ Name: uuid2
Value: 2888471378858764883
.casalemedia.com/ Name: CMID
Value: Y5zJqktPUTql5tJtV4DerQAA
.casalemedia.com/ Name: CMPS
Value: 5221
.casalemedia.com/ Name: CMPRO
Value: 5221
.adnxs.com/ Name: anj
Value: dTM7k!M41.D>6NRF']wIg2E>5kxD86!]tbPl1M>e)ZlrFUfJ+tGXxo7V^W]mOV`Fv_]`R>`Xh'@@1PrEOyxd4XFIJQ3If)y3KL9D3I?+FSvst<
.krxd.net/ Name: _kuid_
Value: PQwMvXZ9
.doubleclick.net/ Name: DSID
Value: NO_DATA
xdarom.com/ Name: ezux_lpl_188513
Value: 1671219626958|67a00c2d-cea3-4f8d-4746-9aa00e9b44a1|false
xdarom.com/ Name: __atuvc
Value: 1%7C50
xdarom.com/ Name: __atuvs
Value: 639cc9a9a6ea28a8000
.addthis.com/ Name: uvc
Value: 1%7C50
.addthis.com/ Name: loc
Value: MDAwMDBFVU5MWkgyMzE5MTg0NjAwMDAwMDBDSA==
xdarom.com/ Name: _pbjs_userid_consent_data
Value: 3524755945110770
.xdarom.com/ Name: _sharedid
Value: ded728c0-fdf6-4a84-b5b6-034fb3e5adb8
xdarom.com/ Name: ezouspvv
Value: 2
xdarom.com/ Name: ezouspva
Value: 4
xdarom.com/ Name: ezouspvh
Value: 2
.uuidksinc.net/ Name: jcsuuid
Value: uQGh2lIAa1N2Jp8ca33X
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~Y5zJrwAEhIJh3AAp
fksnk.com/ Name: AWSALBCORS
Value: drtPN0AW7i2ddt9yM5Ew3glwhSlEcFZozHYnmiX63tCU2Awrr8ofTvlSu0zfnqmyc1cBPM4kBhdet+aD0TLOuhab8vnkAnIbq03lJr9QPk1FcmKYxeAgBiKwbpt5
.fksnk.com/ Name: f_001
Value: E0A839D1117045CF
.fksnk.com/ Name: g_001
Value: 1
.c.appier.net/ Name: _auid
Value: U4huPty9CauNrL2gsMmcYw
.c.appier.net/ Name: _gu
Value: CAESEAlLUyltY7xaL8HKQnurDtY

2 Console Messages

Source Level URL
Text
other warning URL: https://cdn.ampproject.org/rtv/022211060024000/v0/amp-ad-exit-0.1.mjs(Line 1)
Message:
Unrecognized feature: 'attribution-reporting'.
network error URL: https://xdarom.com/cvx/client/sync/fpc?name=_sharedid&id=pubcid%3Aded728c0-fdf6-4a84-b5b6-034fb3e5adb8
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1abe16b74e07af620065a5fa2dc0f3b7.safeframe.googlesyndication.com
a.c.appier.net
ads.yieldmo.com
adservice.google.com
adservice.google.nl
api-public.addthis.com
assets.pinterest.com
basher.ezodn.com
bcp.crwdcntrl.net
beacon.krxd.net
cc.adingo.jp
cdn.ampproject.org
cdn.id5-sync.com
cdn.jsdelivr.net
cdn.prod.uidapi.com
cm.g.doubleclick.net
connect.facebook.net
dclk-match.dotomi.com
dsum-sec.casalemedia.com
encrypted-tbn0.gstatic.com
encrypted-tbn2.gstatic.com
esp.rtbhouse.com
fksnk.com
fonts.googleapis.com
fonts.gstatic.com
go.ezodn.com
go.ezoic.net
google-bidout-d.openx.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
hb-api.omnitagjs.com
ib.adnxs.com
id.a-mx.com
id.crwdcntrl.net
id5-sync.com
invstatic101.creativecdn.com
lb.eu-1-id5-sync.com
log.pinterest.com
m.addthis.com
mug.criteo.com
oa.openxcdn.net
oajs.openx.net
pagead2.googlesyndication.com
pixel.quantserve.com
platform.twitter.com
rtb.openx.net
rules.quantcount.com
s.uuidksinc.net
s0.2mdn.net
s7.addthis.com
secure.quantserve.com
securepubads.g.doubleclick.net
static.criteo.net
sync-tm.everesttech.net
syndication.twitter.com
tags.crwdcntrl.net
tpc.googlesyndication.com
www.facebook.com
www.google.com
www.googletagservices.com
www.gstatic.com
www.xdarom.com
xdarom.com
z.moatads.com
id5-sync.com
s7.addthis.com
104.244.42.72
141.95.98.64
142.250.186.162
142.251.39.2
151.101.128.84
151.101.130.49
162.19.138.83
172.105.220.23
178.250.0.157
185.255.84.151
185.80.39.216
23.203.125.127
23.62.220.135
2600:9000:214f:3400:2:cb38:840:93a1
2600:9000:2304:4600:a:e047:752:5701
2600:9000:2304:5000:6:44e3:f8c0:93a1
2606:2800:234:59:254c:406:2366:268c
2606:4700:10::6816:3556
2606:4700:e6::ac40:ca05
2620:116:800d:21:93ca:31d8:d86e:38f6
2a00:1450:4001:809::200e
2a00:1450:4001:80e::2001
2a00:1450:4001:813::2002
2a00:1450:4001:827::2001
2a00:1450:4001:827::2003
2a00:1450:4001:829::2001
2a00:1450:4001:829::2002
2a00:1450:4001:831::2002
2a00:1450:400d:802::2003
2a00:1450:400d:803::2002
2a00:1450:400d:803::2006
2a00:1450:400d:803::200e
2a00:1450:400d:807::2004
2a00:1450:400d:80a::2002
2a00:1450:400d:80d::200a
2a02:2638:1::3
2a02:2638::1c
2a02:26f0:3500:88e::1931
2a02:fa8:8806:13::1370
2a03:2880:f007:8:face:b00c:0:1
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42:200::485
2a06:98c1:3120::3
2a06:98c1:3120::c
2a06:98c1:3121::c
31.220.27.134
34.102.146.192
34.120.135.53
34.96.70.87
35.190.39.111
35.227.252.103
35.244.159.8
37.252.171.53
52.213.183.227
52.55.14.74
54.150.84.46
54.76.72.156
54.77.217.9
99.86.240.129
000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c
04681f7bb0e948a2d514f053800b8eb2a63ace4bad7552b71bed7fabc0481abd
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0d2fd5a42a1849ad0d820611e243fd81fe81ee767716b639ff7e88c1e9f78bb6
10d4b728888654e0b85c706a9310b551087d3321fb8ebfff147d07b13fa73bf0
11b02d867229718fbe9cab0046e5dd3613683de845141b99ba5017973b0bc39b
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
163b372fb12a537962f1888850272906e1713b2d6889ecdaff4ecfe82426a883
174100392260d3ce21229f8839bab8067707979712660dfab0f9e07431d55002
182e4ce4dfd537795577b12b9b19a57422a8b21815f5dd92ef8acb3fd872a19c
196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e
1b1c3ea8b3d9fec1913ac70c81c83f2172acc41988e747bd24d22bf779fd19a0
1b2ed9d7e8a59e44543420cc3c1572177e6e995ce7bcd5238142f4689c845ce0
1d146231180457b43c5e75b6b38d0a71d8a8b77e92c8dbce0589de947b5b7777
1d49aa620c0f7fe03d96000efb3d9a812cc1bdf0f14696681ca16e146ec7b3c8
1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87
1e288c4dc57f72a69a497baef524f41c57e1c6a414b09a5bde22cd5b2f1b7cdf
1e57530eb708eb75ca4319717836a7ec580b1b6b09ba69a384392bfa5dd564a9
207250956dee49c6a1ef59194bd1c5a956a5377c4f504ddde7209678541706f4
20f0315c97ff7007f2e7a94d659e094a7efc01b8306da53987538c1101489e0e
213cdc73309f973f10c0508d6169f03c205526e29b9fa4916e5e0f93fbc8507e
22411e2bcae3b8094e39c5b0b9e38a3257b78fe2e8b9fcf994a98e14534d9d44
236dca679b9983d1fbea0415d584b17d80f1c6942506fc508a5384db924e8795
23bc1d893ce2d2f30b68e549aa3cb991c2a7b7dd87e3df67d9fbb6a8dd113bf8
27413b363c0f1971ab6ce378c362623bf92782aa5c7928f04f93a2a0b38055cb
2baa24597f3974e5b8d0cef041767474762be084869656db802806341e311d05
2ca6a1e448f56870627c459225a0d39627b369618117e28770725b87a1fb83e9
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3467899160318fc9669302f7ac232dd9f8e43cd921386880e661061e7535363b
34b5493c7ce4b0a1558ab99cbe8e19961944a143a028429048140f8d962a89e2
35d05550e6b74af381716ccae2c9d1a5e6eb8ae78eb80c43a4f1d55ecc4d2250
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
36bf7f3a24472138d74c0f902abcbcaf42bad8526a3d485b5960e515b7e6766e
3dd5067ca76de54fffbe534ee19be0563145246385994907a76670d85335ad4e
3faadebc89cdb21d11634a032816f152462d1cb8903eb21d0642501fcad065de
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
469e50ea8f0d43a44c19c5fa440e14caa9492f159e96470c9e774ee034bda6e2
4718dd9f68e969d1cb5e1b6172206b7150ad1d8cd5c5c1fe5812dd0e1646d426
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b6401d619d6c3856f68f15e68d25a538cb817939fd39ace661cd5e38da99672
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e46dc91d6c7f01d9f73b866739e2a1971589f1cd421c7b971ec21c50d3c378a
4fe0b9698dd1d1329451f563d06b2d330f587ec75db1558d1ff80e494757ef52
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50e9b5d3548f8e8c81befa8e43c3517c0dfa68cb4386d3a6386c0b04412d3637
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
582c2586c49819d9dfe5cb88653679a40bf930ca86f1dc01a4afd821a9eab97e
5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba
6070049215ef9b98d1b389d67963816172ff29513d34335c5061cd9619a3ea17
60cb9141c5c49d893985bae795f7bcc1530188cde1fdc8a83cf706f78de87df1
6121ca306ad1045453d52517b8f436eb5a68055c82aefa46a9a77de36996a3df
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62479b83229b8029fdff81cf48374e3bd811c6b2d1f406aefad120b605a38d39
639257a93794b6c22a1909eb4039fd338d7a1463055d9f6830c405210eff81b2
66a8dfcc4572e000bf5b4351bae2a763b3357a65ed373ff27a7e7b38ec9486ae
674efa4ed02ae3e7c515c39ad26891b579699d4e6c71641cb4567cecf8119cc2
684dfe949ae87a38c2afbcee199f51b0025dd9121b524d62e881cf40846cdd21
6a416e2a4fd815e44bd37b0407d5f2a1820f637b776f7540cb73e6df905ad0b8
6b23e94a0591e43f749074a39df5a5e700d5bd6c40d1b8016a1a2e44a3176037
70402126ef3130514c8b5d7af05bf15d8fea6a5b58f2dc0b314b2cc672cf6473
7099b0a5636275b29bf77167ad5d60c566b1162e67cb1fe6e790a82a4cf9e791
76f6856efd23a1088c9f31317ed29d0adb87b0cd759853419bed690db406791e
783e66087c6c2ac7ba1a2c006a9f87af0e6453131295c0d58522696633dc2d4b
7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d
7c24775142a8ef7a607925bd1f0145d81bd92e20daec68832f0a86e798df2fcf
7c5b697d010f6cdd7343aa97dc0bfb0c29278555192f430d05aa98e07e9a4620
7e1d92767b18f0058557e5d935d73112a095c798db5be4501112c227eb6b0457
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
80ba090472301810eb1683e1fd67cfd51997bff76c70e0eb3b157738a0e68ba2
859adbfc48bb0b06c58fe109db4909585fbca5df398d49185fc0f486bad1ac96
85d6ce28368977acc9fbcaf2fce4c1fa337ea64ffdb7cbd97491405f58e99645
86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a
877b53d3e74515e85b2b25b3937f334260d2107cb30a8e29c34fddc0281a2e7d
896a64a908337c3ed77d9bd3284b5f2a7611e85566056766b9143be502cb497b
8c0531412c543b9bd978e29acb8f5cf330db9891115d1e9924519d9a675b7b74
8ceb3992861ed1fda25855c2e500e76842ae0d788405e50e3a9f45df36499cf6
8d4760a6aa7f6fdba7e29114a884ea592eb532db4e41b6dbbca912c464f45586
8ee5f53d3752309af021002b2199a06523b1fd03f3ea1cdaf5d59e911d4d8178
9185925985d621f388439c646b3a0fac4f43512e592840ed4879712052d5498a
94edf973e9deb80b5eccf17f8f3108eafe15209fe25fe417e8f8962a4d8f48b3
9949064d19e3e704ee828d46fd41c771a12761c582aca32b6213e945502c6e49
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0ee280bfb57f630f8bbbaaed07ab61ef0945624d59889bec9abe992c8c87a6a
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a96e1e97d62ab9747678b947bdf0a0ea5f81790b1e3a1df2d4607a86bf802596
a97afd769b3d774563606be9e943789398af5a1bf3583c2bc9a81f99832aa2b2
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ac990171fc2a8993d659ce8f10bc0a7815c43835ba1dc00c2246f3556c6eeecd
acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
ad01e0fed80d20dabbb85eca33b1d6546eb4e9c0fcdabe1d704b684a51e62b9a
aeb779d96af4bfa1b664c203d52fbd9ef573b84a31b34314668325fc784e1b13
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b4e08d09079cadf61c2bc3e58e1150341c83fbb95236edfa9f34e3d1a1b430ce
b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a
b71a6b77e163fd099743f25a86338b67abf11b79b044b7153cf06131c6a30c13
b785d8b7378b3afcd6022aff46d080b8108e000bd13435834c2bae03f65ec962
bc43953155ac6498e5e7ce107955dd3e5b2807fedc0f36a6bb73c64f5afe0b36
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4
bfe1f346fdc4c58512a773da0993070cb2d4dbf33c3c3269f5ae884135690c0b
c02444f391e8655e79ff8d7d4cb69c3426c3bffbf8731a994fa23aed0f641d12
c3b9597a90a43830b2a92897a5ef015ce5310e7f32dbb5cd1db2c807c5e6b036
c3f73b989e0620a4d2e12ed57a0d538e4580b8fefaa1fefbad73e0abad6d227f
c4d60e53476012ab254ca2f3f479903a6be9ead3cb39a9ea353c51ec75c618c8
c69e528427c8218cb4bc5fe647db3366146403d53593a3f96482479a14eca234
ca8d096ba331e9e56e006f72e4d43879e61b70c4090c68e8be1f2aa30830b339
cae236a8ec4b7820d67c78b1682e83e1b179204e448023dd7a2ad6e9402062aa
cbb902604c82ee121392e4a250e9eb49b5dbb1b71cdd2ec6a0362e921ed5f8a0
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981
cc7aba6a7b03056b699ac6b3cdd1708f9876aaee2f995302196cb53b28acbb78
cf4e42ab19ce65873e9ccb11decb22e6507e58451e18c0e8ffaae314e528c5c0
d197c23c96319df42881161b8f4f7a1869781d8f33ffd620a22cd0af32e0c370
d2331f028b326f5d6725e177e28be7b84c3d7cc2e5ca56ed20400b31eec5ff20
d2e66b2ad63e3dc299510d35b2c0d8860bffe0629ce3ba0589e39a8e0c7dcafc
d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a
d61ed2d6f691389596fad09cd95740f4408165d19d3c424152a68a29111b15de
d6a7e2822c14081dc26a7f7439fcec3c1ac551f09da75ea9d8eac0966a45056a
d7aacdd483dd88c140cccb36ba42f82981311524c06ef15f976ddb094d0d6ba6
d854082be0173c977aad8f65cdb9b88fd005f3dd3f34f894ab9fdba5a283780f
d89cb9800cc62dcc44a0ba866b4a080ad06f735f60a6afecbd6d691d2e8939dd
da7d071b5dbde50f6e1f03862b660f07f4b4c457f012165b612c18f93dd347e5
dcc0b6437eeec474b65774198371749c6e3f11c12b0bc14f3a971714d0d0e52b
dce9f5afda30bc387f9f1090b155cbb90596e3c7c1374ea9e135b7184c8fc707
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd97dc3377ddfc4c7624520ca973742124db0653d480238ed5d371dd4f64e065
deeee8fbc78cac2401826b8c486f4c1767a619343c9f8158ac54165874c98249
e15aa0bfde2f8906f6e028b5f8f111e0f6b3a8437294d3707d5ec310881502a7
e1a156c3daa4ae0c41f21ef266131ca5a34d56695e3d860b232da142ef031234
e3265eae2ee55c90716ce5fc662a9fd0c6529ac5f2416665c7dc869990e1fc71
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3beba43f7399f0472709abffa9f60cfa64c93a274d2d38295b02589b1937aef
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e44458c2c9acea446178d73575b53255ee7ba669c33cb20cfea94b90908f921d
e4f924eac92aa3cc4ea64f2891447e8bd3af49e1a5c0bcd04b7356e2f7f1c04c
e5a098542163dc535e0e3c4ed1bca8fcc8a13f0b827027385af73b8d3db5fa38
e5cee22f85b52f926dce4e95080b16790ac5639fa40b4ce410a9a2cc3fa0cc43
e6cead609d342bd202f23b8fa86aff54f2503372d68ae63acca87e7dca2bec15
e99320565e3581bfbc8ed2e0865537fcb59e2861d8803704d30f9ad6bbbca9d4
ec04fdd4815525fb6e4cca8b41073a0cc887d66f77ec49b100e806a48441cf74
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f066a6392f3732829e95d97ac2a3dfb7dc7d35fc88d71a4ef62ff8f70399326c
f08bda7e60fadca736bd7ed81684d6dd9bd11951aada10c84e66cbeac3c52197
f08bed819ea0227fe91ff47b2989567759edd6db1e057ab9695a3f2ed6fbacae
f14e37aa81530cba139699ee6f70eb5dc3427c54dd97b3e24b114de7fe75d3ee
f2b7ea44f5cc51d49a3235f198623da9f4a976bfc183fd233b4a5a9441579f1f
f30fc304efd9598611811b052d0723a0054059039d5276a45f0a345534926dd5
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f6f6366f12a6233acc872f46f99274bbdff4e4f473c98f1464f8419c5857b660
f7d1cde7dd6457ab3780699765fe535407e971c7037713d38374036f80a44db9
f8e239b7b868f38fb8966120c8e93cef9c8efbe1ca4d3c6f9928d86b2ad3b820
fb2762da134a39eadf5f1e1071d5d76414648b895fad153055aff7999f40f272
fc756d6d9c13b68a78cf9dcd159d5c1658e2d7162ffedc9b4a98fdb9c82ccc09