xoso.com.vn Open in urlscan Pro
2606:4700:10::ac43:633 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://xoso.com.vn/
Effective URL:
https://xoso.com.vn/
Submission: On August 24 via manual (August 24th 2022, 10:32:19 am UTC) from VN — Scanned from DE

Summary HTTP 117 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 44 IPs in 9 countries across 34 domains to perform 117 HTTP transactions. The main IP is 2606:4700:10::ac43:633, located in United States and belongs to CLOUDFLARENET, US. The main domain is xoso.com.vn. The Cisco Umbrella rank of the primary domain is 59042.
TLS certificate: Issued by E1 on July 4th 2022. Valid for: 3 months.

This is the only time xoso.com.vn was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 13	2606:4700:10:... 2606:4700:10::ac43:633	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
12	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:600... 2a04:4e42:600::645	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:829::2008	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE)
1 3	2a00:1450:400... 2a00:1450:4001:810::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	34.102.146.192 34.102.146.192	15169 (GOOGLE) (GOOGLE)
1	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	34.208.243.53 34.208.243.53	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:10:... 2606:4700:10::ac43:266a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	108.138.7.49 108.138.7.49	16509 (AMAZON-02) (AMAZON-02)
1	18.225.2.19 18.225.2.19	16509 (AMAZON-02) (AMAZON-02)
1 2	34.120.135.53 34.120.135.53	15169 (GOOGLE) (GOOGLE)
1	141.95.98.67 141.95.98.67	16276 (OVH) (OVH)
1	18.203.96.202 18.203.96.202	16509 (AMAZON-02) (AMAZON-02)
4	18.66.112.66 18.66.112.66	16509 (AMAZON-02) (AMAZON-02)
11	2a00:1450:400... 2a00:1450:4001:809::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1	18.159.27.64 18.159.27.64	16509 (AMAZON-02) (AMAZON-02)
6	13.248.245.213 13.248.245.213	16509 (AMAZON-02) (AMAZON-02)
1 2	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	37.157.2.237 37.157.2.237	198622 (ADFORM) (ADFORM)
1	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	37.157.2.248 37.157.2.248	198622 (ADFORM) (ADFORM)
1	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1	2620:116:800d... 2620:116:800d:21:5ed4:8d5d:fed7:f5ef	16509 (AMAZON-02) (AMAZON-02)
1 1	18.195.201.66 18.195.201.66	16509 (AMAZON-02) (AMAZON-02)
4	172.217.18.2 172.217.18.2	15169 (GOOGLE) (GOOGLE)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	104.18.19.126 104.18.19.126	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a05:d01c:1d8... 2a05:d01c:1d8:8101:fce4:7d96:66d4:9311	16509 (AMAZON-02) (AMAZON-02)
12	2606:4700:20:... 2606:4700:20::681a:bd1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	104.96.132.42 104.96.132.42	16625 (AKAMAI-AS) (AKAMAI-AS)
1	148.251.139.77 148.251.139.77	24940 (HETZNER-AS) (HETZNER-AS)
1 1	145.239.193.130 145.239.193.130	16276 (OVH) (OVH)
1	88.198.250.30 88.198.250.30	24940 (HETZNER-AS) (HETZNER-AS)
2	18.133.111.12 18.133.111.12	16509 (AMAZON-02) (AMAZON-02)
1	18.66.122.63 18.66.122.63	16509 (AMAZON-02) (AMAZON-02)
2	18.168.156.122 18.168.156.122	16509 (AMAZON-02) (AMAZON-02)
117	44

13 2606:4700:10::ac43:633 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

xoso.com.vn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.xoso.com.vn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::645 (United States)

ASN54113 (FASTLY, US)

anymind360.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.208.243.53 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-208-243-53.us-west-2.compute.amazonaws.com

id.sharedid.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::ac43:266a (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.7.49 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-7-49.fra56.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.225.2.19 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-225-2-19.us-east-2.compute.amazonaws.com

prod.uidapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.135.53 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 53.135.120.34.bc.googleusercontent.com

oajs.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.95.98.67 (France)

ASN16276 (OVH, FR)
PTR: ns3216533.ip-141-95-98.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.203.96.202 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-203-96-202.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.66.112.66 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-66.fra56.r.cloudfront.net

ib.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.159.27.64 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-159-27-64.eu-central-1.compute.amazonaws.com

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 13.248.245.213 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::13 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.157.2.237 (Denmark)

ASN198622 (ADFORM, DK)

track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.2.248 (Denmark)

ASN198622 (ADFORM, DK)

s1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

google-bidout-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:5ed4:8d5d:fed7:f5ef (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.195.201.66 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-201-66.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.18.2 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s22-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.78 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.19.126 (None, ) 2 redirects

ASN13335 (CLOUDFLARENET, US)

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d01c:1d8:8101:fce4:7d96:66d4:9311 (London, United Kingdom)

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700:20::681a:bd1 (United States)

ASN13335 (CLOUDFLARENET, US)

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
as.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.96.132.42 (Vienna, Austria) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-96-132-42.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 148.251.139.77 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.77.139.251.148.clients.your-server.de

banner.congstar.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 145.239.193.130 (France) 1 redirects

ASN16276 (OVH, FR)

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.198.250.30 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88-198-250-30.clients.your-server.de

pb.media01.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.133.111.12 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-133-111-12.eu-west-2.compute.amazonaws.com

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.122.63 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-63.fra60.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.168.156.122 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-168-156-122.eu-west-2.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
23	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 123 081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 159	413 KB
16	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 218 googleads.g.doubleclick.net — Cisco Umbrella Rank: 52 stats.g.doubleclick.net — Cisco Umbrella Rank: 108 cm.g.doubleclick.net — Cisco Umbrella Rank: 214	207 KB
13	xoso.com.vn 1 redirects xoso.com.vn — Cisco Umbrella Rank: 59042 cdn.xoso.com.vn — Cisco Umbrella Rank: 260093	129 KB
12	ad4m.at ad4m.at — Cisco Umbrella Rank: 2302 as.ad4m.at — Cisco Umbrella Rank: 29608 assets.ad4m.at — Cisco Umbrella Rank: 38632	1 MB
11	3lift.com ib.3lift.com — Cisco Umbrella Rank: 1109 tlx.3lift.com — Cisco Umbrella Rank: 617 eb2.3lift.com — Cisco Umbrella Rank: 418	64 KB
5	adform.net track.adform.net — Cisco Umbrella Rank: 4130 s1.adform.net — Cisco Umbrella Rank: 8434	34 KB
5	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 88 www.google.com — Cisco Umbrella Rank: 9	2 KB
3	webgains.io analytics.webgains.io — Cisco Umbrella Rank: 22849 api.webgains.io — Cisco Umbrella Rank: 57585	85 KB
3	criteo.com 1 redirects gum.criteo.com — Cisco Umbrella Rank: 407 mug.criteo.com — Cisco Umbrella Rank: 2790	8 KB
3	openx.net 1 redirects oajs.openx.net — Cisco Umbrella Rank: 3064 google-bidout-d.openx.net — Cisco Umbrella Rank: 2947	567 B
3	google.de adservice.google.de — Cisco Umbrella Rank: 8811 www.google.de — Cisco Umbrella Rank: 6076	1 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 45	61 KB
2	webgains.com track.webgains.com — Cisco Umbrella Rank: 47115	3 KB
2	casalemedia.com 2 redirects ssum-sec.casalemedia.com — Cisco Umbrella Rank: 456	2 KB
2	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 194	87 KB
2	crwdcntrl.net tags.crwdcntrl.net — Cisco Umbrella Rank: 1220 bcp.crwdcntrl.net — Cisco Umbrella Rank: 820	10 KB
2	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 1301 id5-sync.com — Cisco Umbrella Rank: 508	13 KB
1	media01.eu pb.media01.eu — Cisco Umbrella Rank: 46022	629 B
1	medialead.de 1 redirects pv.medialead.de — Cisco Umbrella Rank: 47242	623 B
1	congstar.de banner.congstar.de — Cisco Umbrella Rank: 80104	518 B
1	awin1.com 1 redirects www.awin1.com — Cisco Umbrella Rank: 15871	689 B
1	innovid.com ag.innovid.com — Cisco Umbrella Rank: 1414	296 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 327	459 B
1	pubmatic.com image6.pubmatic.com — Cisco Umbrella Rank: 634	166 B
1	rlcdn.com id.rlcdn.com — Cisco Umbrella Rank: 592	98 B
1	agkn.com 1 redirects d.agkn.com — Cisco Umbrella Rank: 588	757 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 1072	463 B
1	uidapi.com prod.uidapi.com — Cisco Umbrella Rank: 3344	5 KB
1	sharedid.org id.sharedid.org — Cisco Umbrella Rank: 3504	904 B
1	criteo.net static.criteo.net — Cisco Umbrella Rank: 655	13 KB
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 3290	8 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 882	408 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 78	44 KB
1	anymind360.com anymind360.com — Cisco Umbrella Rank: 17845	28 KB
117	34

	Domain	Requested by
11	tpc.googlesyndication.com	081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com googleads.g.doubleclick.net securepubads.g.doubleclick.net tpc.googlesyndication.com
10	pagead2.googlesyndication.com	xoso.com.vn pagead2.googlesyndication.com googleads.g.doubleclick.net securepubads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
8	cdn.xoso.com.vn	xoso.com.vn
6	assets.ad4m.at	as.ad4m.at
6	eb2.3lift.com	081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com ib.3lift.com
6	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
5	securepubads.g.doubleclick.net	xoso.com.vn securepubads.g.doubleclick.net
5	xoso.com.vn	1 redirects xoso.com.vn cdn.xoso.com.vn
4	ad4m.at	s1.adform.net ad4m.at
4	cm.g.doubleclick.net	xoso.com.vn googleads.g.doubleclick.net
4	ib.3lift.com	081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com ib.3lift.com
3	track.adform.net	ib.3lift.com s1.adform.net
3	www.google.com	1 redirects xoso.com.vn tpc.googlesyndication.com
3	www.google-analytics.com	www.googletagmanager.com xoso.com.vn
2	api.webgains.io	analytics.webgains.io
2	track.webgains.com	as.ad4m.at
2	as.ad4m.at	ad4m.at as.ad4m.at
2	ssum-sec.casalemedia.com	2 redirects
2	s1.adform.net	track.adform.net s1.adform.net
2	gum.criteo.com	1 redirects static.criteo.net
2	www.googletagservices.com	081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com googleads.g.doubleclick.net
2	oajs.openx.net	1 redirects xoso.com.vn
2	081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	adservice.google.com	securepubads.g.doubleclick.net pagead2.googlesyndication.com
2	adservice.google.de	securepubads.g.doubleclick.net pagead2.googlesyndication.com
1	analytics.webgains.io	track.webgains.com
1	pb.media01.eu	as.ad4m.at
1	pv.medialead.de	1 redirects
1	banner.congstar.de	as.ad4m.at
1	www.awin1.com	1 redirects
1	ag.innovid.com	googleads.g.doubleclick.net
1	pixel.rubiconproject.com	1 redirects
1	image6.pubmatic.com	googleads.g.doubleclick.net
1	id.rlcdn.com	googleads.g.doubleclick.net
1	d.agkn.com	1 redirects
1	cms.quantserve.com	googleads.g.doubleclick.net
1	google-bidout-d.openx.net	oa.openxcdn.net
1	mug.criteo.com	xoso.com.vn
1	tlx.3lift.com	081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com
1	bcp.crwdcntrl.net	tags.crwdcntrl.net
1	id5-sync.com	cdn.id5-sync.com
1	prod.uidapi.com	securepubads.g.doubleclick.net
1	tags.crwdcntrl.net	securepubads.g.doubleclick.net
1	cdn.id5-sync.com	securepubads.g.doubleclick.net
1	id.sharedid.org	securepubads.g.doubleclick.net
1	static.criteo.net	securepubads.g.doubleclick.net
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	www.google.de	xoso.com.vn
1	stats.g.doubleclick.net	www.google-analytics.com
1	www.googletagmanager.com	xoso.com.vn
1	anymind360.com	xoso.com.vn
117	52

This site contains links to these domains. Also see Links.

Domain
lichngaytot.com
xosothudo.com.vn
play.google.com
apps.apple.com
www.dmca.com
www.facebook.com
www.youtube.com
twitter.com
bongda24h.vn
seothetop.com

Subject Issuer	Validity	Valid
*.xoso.com.vn E1	`2022-07-04` - `2022-10-02`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-08-01` - `2022-10-24`	3 months	crt.sh
anymind360.com R3	`2022-07-02` - `2022-09-30`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-08-01` - `2022-10-24`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-08-01` - `2022-10-24`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-08-01` - `2022-10-24`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-08-01` - `2022-10-24`	3 months	crt.sh
oa.openxcdn.net GTS CA 1D4	`2022-08-09` - `2022-11-07`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-06-21` - `2022-09-23`	3 months	crt.sh
id.sharedid.org Amazon	`2021-12-09` - `2023-01-06`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-07` - `2023-06-06`	a year	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2022-05-01` - `2023-06-02`	a year	crt.sh
*.uidapi.com Amazon	`2022-02-10` - `2023-03-11`	a year	crt.sh
*.id5-sync.com R3	`2022-08-18` - `2022-11-16`	3 months	crt.sh
*.3lift.com Amazon	`2022-05-13` - `2023-06-11`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-08-01` - `2022-10-24`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-06-15` - `2022-09-18`	3 months	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-09-06` - `2022-10-07`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2022-06-13` - `2023-07-14`	a year	crt.sh
*.innovid.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-03-15` - `2023-04-15`	a year	crt.sh
*.webgains.com Amazon	`2022-06-14` - `2023-07-13`	a year	crt.sh
*.webgains.io Amazon	`2022-08-23` - `2023-09-21`	a year	crt.sh

This page contains 18 frames:

Primary Page: https://xoso.com.vn/
Frame ID: 99291F25A9F62AC9CB6661627E24D2D8
Requests: 46 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220822/r20190131/zrt_lookup.html
Frame ID: AE583ECE808B92EF815E2CFFDEA0D9A6
Requests: 1 HTTP requests in this frame

Frame: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 0B63DABE81D029F2E94E2947B68C78D8
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6162392498535478&output=html&adk=1812271804&adf=3025194257&lmt=1661337134&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fxoso.com.vn%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661337134317&bpp=3&bdt=202&idt=274&shv=r20220822&mjsv=m202208160101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4300712307205&frm=20&pv=2&ga_vid=1373203678.1661337134&ga_sid=1661337134&ga_hid=446455031&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44768832%2C31068737&oid=2&pvsid=188221202543126&tmod=1828846614&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=292
Frame ID: 7BB5A5CA2BA99932B018DFF4896694F6
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6162392498535478&output=html&h=250&slotname=3702268378&adk=2629593577&adf=702317400&pi=t.ma~as.3702268378&w=300&lmt=1661337134&psa=0&format=300x250&url=https%3A%2F%2Fxoso.com.vn%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661337134320&bpp=2&bdt=205&idt=307&shv=r20220822&mjsv=m202208160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4300712307205&frm=20&pv=1&ga_vid=1373203678.1661337134&ga_sid=1661337134&ga_hid=446455031&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=377&ady=881&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44768832%2C31068737&oid=2&pvsid=188221202543126&tmod=1828846614&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=cUpGPHeChK&p=https%3A//xoso.com.vn&dtd=313
Frame ID: AA8D355057C72CAECC45173DCFF6A1F8
Requests: 10 HTTP requests in this frame

Frame: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 66CBDCC750A2C69339BB61173B9787AC
Requests: 17 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=xoso.com.vn
Frame ID: 20B5DC1D4B7FB9E35B0DDEA90C8EF250
Requests: 2 HTTP requests in this frame

Frame: data://truncated
Frame ID: CE2C0A75179D677626BFED97BCD1979A
Requests: 1 HTTP requests in this frame

Frame: https://track.adform.net/adfscript/?bn=50998862;rtbwp=0.032;rtbdata=eyNZsF0Hm3_szYWMZfnSe2zb06SJGBeYTUEbNNgAxnsJsLinYTfW0plbnB-LznzADz9bKHECUoXux7hcCSqlGO8ktMeo-9KfxiB3tMlHDlU-Pidw9UnisOfC1iDmiI3feTqcoE3up6OBHyMSwys1RlC44c6uZOnKu5bVUbWe5UR8slQ2KA_3LsN4iOtIBxgX0
Frame ID: 95F934F68B1859B96EC119EA28C5427E
Requests: 7 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: 21845ED45B5E1552360761B9C20360A9
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: B0ED7B8387E7D1B5CFBA51F72C82803E
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 14D7E78C1382130DFC2E7E0E78B0E184
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/932hlcctLOJRtLoo5sJe2QKRhL1SnC_Hox4lZlMNfoI.js
Frame ID: 8BD861A6AB0468B4883AC321E812D587
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?max=10&cb=29691
Frame ID: 19E41B1828CD9F4B575130578E94A822
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 5D99F502F4584936AD21F25161FBA5EC
Requests: 1 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=196438%2C56666%2C34817&b=1VbSbfKf4QDXs9HdH9tAt8qbc2SKT7JfA%2CWVYSrfdfppP7UYH5HjtxtA69t3SETJYf2%2CDkAa3fwfxWbU3HmH9t1tQY3sxSmTkjfV&f=wZzadfjfQeD8sEHRH2tECxZ8UzSATDxf5%2C55QTXfEfQQMpFpH7HMtkC4GYUYSVTV6f1%2Cd63TEfkfkQ4SEHjHwtqC3ERueS4TGefj&c=300&d=600&e=&g=0d4e655a9ca0a26e195f693e5f3f4890%2F6269371131800397767&i=25174%2C22427%2C27788&j=16%2C21%2C22&k=0&l=0&m=0&n=&p=&q=&o=reach_adf01netmixdc&r=1661337135807&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D50998862%3Bcrtbwp%3D0.032%3Bcrtbdata%3DeyNZsF0Hm3_szYWMZfnSe2zb06SJGBeYTUEbNNgAxnsJsLinYTfW0plbnB-LznzADz9bKHECUoXux7hcCSqlGO8ktMeo-9KfxiB3tMlHDlU-Pidw9UnisOfC1iDmiI3feTqcoE3up6OBHyMSwys1RlC44c6uZOnKu5bVUbWe5UR8slQ2KA_3LsN4iOtIBxgX0%3Badfibeg%3D0%3Bcdata%3DjDCLZOrqUvud7IcTWg7bPuS4cPvZBiwq5uQGulknX67JOC9xVgJH7CvZhEBkHI_cp4XJHBhTtjh7bdp-DsExYjjpF1hR219v4UFuhV40q881%3B%3BCREFURL%3Dhttps%253a%252f%252fxoso.com.vn%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
Frame ID: 1EDC680FF820369FBA38FA025615197A
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: EFC3F7E12A86222BCCB414D4C2BA64E2
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 53E23B6EDDBDF4721CE81C47BFFAEAC8
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Xổ Số - Kết Quả Xổ Số 3 Miền - KQXS Hôm Nay Nhanh và Chính xác

Page URL History Show full URLs

http://xoso.com.vn/ HTTP 301
https://xoso.com.vn/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

Page Statistics

117
Requests

94 %
HTTPS

42 %
IPv6

34
Domains

52
Subdomains

44
IPs

9
Countries

2329 kB
Transfer

4333 kB
Size

24
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://lichngaytot.com/
Title: Lịch Ngày TỐT

Search URL Search Domain Scan URL

URL: http://xosothudo.com.vn/
Title: Công ty TNHH Một thành viên Xổ số kiến thiết Thủ đô

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.icsoft.xosotructiepv2

Search URL Search Domain Scan URL

URL: https://apps.apple.com/us/app/xo-so-truc-tiep-live-xo-so/id581461709

Search URL Search Domain Scan URL

URL: https://www.dmca.com/Protection/Status.aspx?ID=f6840964-090f-42e1-a789-cd18ce65d313

Search URL Search Domain Scan URL

URL: https://www.facebook.com/xoso.com.vn1

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCAnknwuIYFedg9MMqWP8PIQ

Search URL Search Domain Scan URL

URL: https://twitter.com/xosocomvn

Search URL Search Domain Scan URL

URL: https://bongda24h.vn/
Title: Bong Da

Search URL Search Domain Scan URL

URL: https://lichngaytot.com/xem-ngay-tot-xau.html
Title: Xem Ngay Tot Xau

Search URL Search Domain Scan URL

URL: https://seothetop.com/
Title: Hướng dẫn làm SEO web

Search URL Search Domain Scan URL

URL: https://lichngaytot.com/cung-hoang-dao.html
Title: 12 Cung Hoang Dao

Search URL Search Domain Scan URL

URL: https://lichngaytot.com/boi-vui-12-con-giap-c277-p0.html
Title: Tử Vi Hàng Ngày

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://xoso.com.vn/ HTTP 301
https://xoso.com.vn/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 43

https://oajs.openx.net/esp?url=https%3A%2F%2Fxoso.com.vn%2F&rid=esp HTTP 302
https://oajs.openx.net/esp?url=https%3A%2F%2Fxoso.com.vn%2F&rid=esp&cc=1

Request Chain 65

https://gum.criteo.com/sid/json?origin=publishertagids&domain=xoso.com.vn&sn=ChromeSyncframe&so=0&topUrl=xoso.com.vn&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=H_7Tn3xDTk9iTUh2ajVqeTZTUHZBNWhtMVArZ24vN3hDRkEzbHF6WjNrdUVFcVNueExFVFJxN2tXK3lBb21pSFk0YUV5RnRBMWRFZEJPdktIaExJdkg1ZzlDODUyRnkrL0wzMDZmcWJtamNSS2VOdzc1VkRnSyswdWk2LzNiZVdaR1JVbWc4ZEZFRm1TM0U4b0tMUEhLS0RudGIxN0daVkNtdWlLdEttbi9YQXYwOFBOMGFodVNkenNsNlBNTlc4Rm0zbko2UFliUlVNRldjZi9KZ2tGS3NKdFNNK3hTR2FROVZzVUtzVzhNaVFrVEdHd2Q5MEJ3aEQ1dnM3NTZOSUJQVmpPSzhpSVkwNEp3OXhXYUcySG5rWXBSQT09fA&cppv=2

Request Chain 79

https://d.agkn.com/pixel/2175/?google_gid=CAESEH8BzDarR1GBN963sKoT6Lc&google_cver=1&google_push=AehlK4AJVagBcsuA3oWi7fsWcJEAtr86z-Wok9pn7f2KkY7yY4iBKWA9kiWl_ilIgkC8PLB_PTpb5QWkUhbag-9tSLxUdBFrpQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AehlK4AJVagBcsuA3oWi7fsWcJEAtr86z-Wok9pn7f2KkY7yY4iBKWA9kiWl_ilIgkC8PLB_PTpb5QWkUhbag-9tSLxUdBFrpQ&google_hm=Q0FFU0VIOEJ6RGFyUjFHQk45NjNzS29UNkxj

Request Chain 82

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEFqmJtRn21d2eJOTYj3OMNk&google_cver=1&google_push=AehlK4Bal3qW20UU-6pYugk2vDUBrzqJBTpUHGrWjkyCN8V4kmv2vJbi7MQLTdr_Es1jEe5sggb6nJMcOHC8t0OZL-1seD_eTg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDc3SDhIV1ItMU0tR0ZVSg==&google_push=AehlK4Bal3qW20UU-6pYugk2vDUBrzqJBTpUHGrWjkyCN8V4kmv2vJbi7MQLTdr_Es1jEe5sggb6nJMcOHC8t0OZL-1seD_eTg

Request Chain 83

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEN8QqzOzKLJh9FBtLFTozQ8&google_cver=1&google_push=AehlK4DIkUEtczdxYNcek1bUANqQg3uFlsQZMx010-St-Zj0xG-mfkrz_TgoDvrt4COLPu9wvwuOr_zB63eTejiIXo0nthDldw HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEN8QqzOzKLJh9FBtLFTozQ8&google_push=AehlK4DIkUEtczdxYNcek1bUANqQg3uFlsQZMx010-St-Zj0xG-mfkrz_TgoDvrt4COLPu9wvwuOr_zB63eTejiIXo0nthDldw&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEN8QqzOzKLJh9FBtLFTozQ8&google_hm=YwX-L-mKdjMLKY-K1vWiTAAABGQAAAIB&google_nid=index&google_push=AehlK4DIkUEtczdxYNcek1bUANqQg3uFlsQZMx010-St-Zj0xG-mfkrz_TgoDvrt4COLPu9wvwuOr_zB63eTejiIXo0nthDldw

Request Chain 86

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 104

https://www.awin1.com/cawshow.php?v=11938&s=2542680&q=367022&r=412871&pv=1&pref3=pv_oneid1VbSbfKf4QDXs9HdH9tAt8qbc2SKT7JfAoneid__reach_adf01netmixdc&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1661337136_05ffba41-2398-11ed-94b9-2265b3bf8141

Request Chain 109

https://pv.medialead.de/trck/epv/2aed39855b5f46b7a748752d73036483?t=htlp&subid=oneidDkAa3fwfxWbU3HmH9t1tQY3sxSmTkjfVoneid__reach_adf01netmixdc&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=57372&dt_subid2=oneidDkAa3fwfxWbU3HmH9t1tQY3sxSmTkjfVoneid__reach_adf01netmixdc&actionid=981741&produktid=&dt_url=

117 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
xoso.com.vn/
Redirect Chain

http://xoso.com.vn/
https://xoso.com.vn/

95 KB
29 KB

286ms
237ms

Document
text/html

2606:4700:10::ac43:633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://xoso.com.vn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / xoso.com.vn-201
Resource Hash: 98aedab92e7605d23cc336993d030a8f57ef9914b4f85dcccb43bf934d6f31d0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=120
cf-cache-status: HIT
cf-ray: 73fb6c3ec9119220-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 24 Aug 2022 10:32:14 GMT
etag: "w491u-LR_yvZRc_wnF6F82D0S9g"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
vary: Accept-Encoding
via: 1.1 varnish-v4
x-cache-age: 244.120
x-cache-keep: 120.000
x-cache-ttl-remaining: -124.120
x-cache-ttl-requested: 45.000
x-cacheresult: stale-hit-so-fetch
x-html-minification-powered-by: WebMarkupMin
x-powered-by: xoso.com.vn-201
x-varnish: 46728939

Redirect headers

CF-Cache-Status: HIT
CF-RAY: 73fb6c3d0d99bbb9-FRA
Cache-Control: max-age=120
Connection: keep-alive
Content-Length: 0
Date: Wed, 24 Aug 2022 10:32:13 GMT
Server: cloudflare
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
location: https://xoso.com.vn/

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 164 KB
56 KB 139ms
86ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: xoso.com.vn
URL: https://xoso.com.vn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ab1eb3c8d6ca91778367540f6b494fc88aba03486612b84cedbb62ecc281fd60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57109
x-xss-protection: 0
server: cafe
etag: 2451265548373471539
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 24 Aug 2022 10:32:14 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 83 KB
28 KB 107ms
39ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: xoso.com.vn
URL: https://xoso.com.vn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

e4df3557d06800598422f1800623c1c0b1ce33b6ab44243fe8ae4e0d1ed5739e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28519
x-xss-protection: 0
server: sffe
etag: "1312 / 727 of 1000 / last-modified: 1661330793"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 24 Aug 2022 10:32:14 GMT

GET
H2 200 ats.js Show response
anymind360.com/js/1424/ 109 KB
28 KB 88ms
22ms Script
application/javascript 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://anymind360.com/js/1424/ats.js

Requested by

Host: xoso.com.vn
URL: https://xoso.com.vn/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

797495162e268287c01977105ba9d984e96bc5ff9698d261a7b52195f3d56008

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:14 GMT
content-encoding: gzip
age: 2288
x-guploader-uploadid: ADPycdttRcC2Oh9NqCgrqKY39lnowdxEshw2-hVxuPuCOqz-y3hKoFq_P4-eXzXlkfFp5mc1CEXoebeSdTX7FcpM5Su4Kg
x-cache: HIT, HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
strict-transport-security: max-age=300
content-length: 27728
x-served-by: cache-tyo11979-TYO, cache-hhn4081-HHN
access-control-allow-origin: *
expires: Wed, 24 Aug 2022 09:54:06 GMT
last-modified: Wed, 24 Aug 2022 09:54:05 GMT
server: UploadServer
x-timer: S1661337134.218220,VS0,VE1
etag: "eaffdb3fbc7803bf0957188c30ccb421"
vary: Accept-Encoding
x-goog-hash: crc32c=xgFN/A==, md5=6v/bP7x4A78JVxiMMMy0IQ==
x-goog-generation: 1661334845821912
via: 1.1 varnish, 1.1 varnish
access-control-expose-headers: Content-Type
cache-control: max-age=1200
x-goog-stored-content-length: 27728
accept-ranges: bytes
content-type: application/javascript; charset=UTF-8
x-cache-hits: 1, 1

GET
H2 200 ic_menu_24px.svg
cdn.xoso.com.vn/images/ 207 B
298 B 54ms
30ms Image
image/svg+xml 2606:4700:10::ac43:633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.xoso.com.vn/images/ic_menu_24px.svg
Requested by: Host: xoso.com.vn
URL: https://xoso.com.vn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 6bc365f19ae3702c3202b0c92f21d92d5d758c91a59e699da486a6e57ff5d14b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:14 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 07 May 2020 06:37:16 GMT
server: cloudflare
age: 47185
x-powered-by: ASP.NET
etag: W/"fb6d25f33924d61:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=691200
cf-ray: 73fb6c409b449220-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 logo.svg
cdn.xoso.com.vn/images/ 18 KB
8 KB 57ms
33ms Image
image/svg+xml 2606:4700:10::ac43:633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.xoso.com.vn/images/logo.svg
Requested by: Host: xoso.com.vn
URL: https://xoso.com.vn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: bb2bffccd876f1ce10470c0cb9bd61789bc87e3da8e806861b8eeea7beaec0b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:14 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 07 May 2020 06:39:24 GMT
server: cloudflare
age: 352441
x-powered-by: ASP.NET
etag: W/"76a6b3f3a24d61:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=691200
cf-ray: 73fb6c409b3e9220-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 ic_event_24px.svg
cdn.xoso.com.vn/images/ 312 B
391 B 51ms
28ms Image
image/svg+xml 2606:4700:10::ac43:633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.xoso.com.vn/images/ic_event_24px.svg
Requested by: Host: xoso.com.vn
URL: https://xoso.com.vn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 92c579e45d772498668ada99bbd2da0c6a5affa35cf01548505684ff23d19510

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:14 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 07 May 2020 06:38:53 GMT
server: cloudflare
age: 351802
x-powered-by: ASP.NET
etag: W/"176d262d3a24d61:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=691200
cf-ray: 73fb6c409b469220-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 imghome.png
cdn.xoso.com.vn/images/ 137 B
254 B 55ms
31ms Image
image/png 2606:4700:10::ac43:633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.xoso.com.vn/images/imghome.png
Requested by: Host: xoso.com.vn
URL: https://xoso.com.vn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 53d14d01075e5ca744315d8037957d2f422994be379f1dd06e4ba5cfe8d7aafc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:14 GMT
cf-cache-status: HIT
age: 351802
x-powered-by: ASP.NET
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 137
last-modified: Thu, 07 May 2020 06:37:31 GMT
server: cloudflare
etag: "859522fc3924d61:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 73fb6c409b419220-FRA

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 164 KB
56 KB 122ms
72ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6162392498535478

Requested by

Host: xoso.com.vn
URL: https://xoso.com.vn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a6f8372d8f1826d038b6fb1c9c8ea4945c6f8813486e7f6db5096141b7c60180

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xoso.com.vn/
Origin: https://xoso.com.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57092
x-xss-protection: 0
server: cafe
etag: 7872156197774079313
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 24 Aug 2022 10:32:14 GMT

GET
H2 200 top-arrow.svg
cdn.xoso.com.vn/images/ 557 B
496 B 57ms
34ms Image
image/svg+xml 2606:4700:10::ac43:633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.xoso.com.vn/images/top-arrow.svg
Requested by: Host: xoso.com.vn
URL: https://xoso.com.vn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: afa4e40e31012a7beaccfbd9afebc0136d0c386f58b8b1cbed71763ead3ecb6c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:14 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 07 May 2020 06:37:48 GMT
server: cloudflare
age: 351802
x-powered-by: ASP.NET
etag: W/"da48ee53a24d61:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=691200
cf-ray: 73fb6c409b439220-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 c.min.js Show response
cdn.xoso.com.vn/js/ 51 KB
16 KB 52ms
29ms Script
application/javascript 2606:4700:10::ac43:633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.xoso.com.vn/js/c.min.js?v=02012022
Requested by: Host: xoso.com.vn
URL: https://xoso.com.vn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 4fb5e059c8498f1903427718bef44b1669b491f703909734bc38f74dbf3ec086

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:14 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Sun, 02 Jan 2022 07:35:22 GMT
server: cloudflare
age: 350884
x-powered-by: ASP.NET
etag: W/"e6bdda4cabffd71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=691200
cf-ray: 73fb6c409b429220-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 jsall.min.js Show response
cdn.xoso.com.vn/js/ 156 KB
51 KB 27ms
25ms Script
application/javascript 2606:4700:10::ac43:633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.xoso.com.vn/js/jsall.min.js?v=02012022
Requested by: Host: xoso.com.vn
URL: https://xoso.com.vn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 27ef4db3f29eb0e2011d6159223ffd659ce5579505db3fea0f9665ed60d06652

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:14 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 16 Jun 2022 09:40:34 GMT
server: cloudflare
age: 47184
x-powered-by: ASP.NET
etag: W/"7554c5206581d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=691200
cf-ray: 73fb6c40cb769220-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 lottery_e_live_secu_all.min.js Show response
cdn.xoso.com.vn/js/ 77 KB
22 KB 29ms
27ms Script
application/javascript 2606:4700:10::ac43:633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.xoso.com.vn/js/lottery_e_live_secu_all.min.js?v=05072022
Requested by: Host: xoso.com.vn
URL: https://xoso.com.vn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: fec7432539b8f08643f6265cb66a46dcbb21e6b0e9dd34cd7bf7f4c779876f57

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:14 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 06 Jul 2022 10:51:54 GMT
server: cloudflare
age: 351802
x-powered-by: ASP.NET
etag: W/"5240bb672691d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=691200
cf-ray: 73fb6c40cb779220-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
DATA 200
OK truncated
/ 35 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 04c1bc744720c6e7542613e933c9a0f4bbd8f6ed45a5b1924223c256430dfd7b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 266 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 662294921ca6240beb0f2aecb7f7ac23dd085b782bbe52a369b20226d26afe33

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 arow.svg
xoso.com.vn/images/ 737 B
639 B 231ms
230ms Image
image/svg+xml 2606:4700:10::ac43:633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xoso.com.vn/images/arow.svg
Requested by: Host: xoso.com.vn
URL: https://xoso.com.vn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / xoso.com.vn-201
Resource Hash: 99984969b73a9759568e48a6e5e02f4fdc286cc3bd57f8e0fe94369b8dc920e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:14 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Sat, 06 Jun 2020 05:21:08 GMT
server: cloudflare
x-powered-by: xoso.com.vn-201
etag: W/"1d63bc2487f38e1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=604800
cf-ray: 73fb6c409b479220-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 114 KB
44 KB 83ms
33ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TR3FRW

Requested by

Host: xoso.com.vn
URL: https://xoso.com.vn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3ff4f23c79b76d3e747016b1c61979e8d83bf3ce1b070a0c1cd79a3382b31e26

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:14 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44626
x-xss-protection: 0
last-modified: Wed, 24 Aug 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 24 Aug 2022 10:32:14 GMT

GET
H3 200 pubads_impl_2022081701.js Show response
securepubads.g.doubleclick.net/gpt/ 384 KB
130 KB 66ms
21ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081701.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

83147c4cf00c61d77d068152fdb541e2ca7761e0990682db23e77fb7affdceb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:19:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 750
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133512
x-xss-protection: 0
last-modified: Wed, 17 Aug 2022 08:37:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 24 Aug 2023 10:19:44 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 300 B
176 B 100ms
56ms XHR
application/json 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=xoso.com.vn

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

8bae2c26aff0597a89bbb7c2a7cfd5d998a5eb3bdbb21fc400a82a7570d43329

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 24 Aug 2022 10:32:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 151
x-xss-protection: 0
expires: Wed, 24 Aug 2022 10:32:14 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208160101/ 341 KB
120 KB 121ms
78ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208160101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6162392498535478&plah=xoso.com.vn

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

62ac82f2bf4862cc04ecce2899950b9c78395accdde19941c6e98ca9d5a949d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122626
x-xss-protection: 0
server: cafe
etag: 10692709890567082576
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 24 Aug 2022 10:32:14 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220822/r20190131/ Frame AE58 10 KB
5 KB 23ms
22ms Document
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220822/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xoso.com.vn/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 58130
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4412
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 23 Aug 2022 18:23:24 GMT
etag: 8616628553774171045
expires: Tue, 06 Sep 2022 18:23:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 optimize.js Show response
www.google-analytics.com/gtm/ 104 KB
41 KB 92ms
39ms Script
application/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/optimize.js?id=GTM-MQTDT44

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TR3FRW

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ed02cdf7a52e6ef65a1ca070b7a97b2d102a993837090051036b31a00ec5b7d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:14 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41195
x-xss-protection: 0
last-modified: Wed, 24 Aug 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 24 Aug 2022 10:32:14 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 75ms
24ms Script
text/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TR3FRW

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 5414
date: Wed, 24 Aug 2022 09:02:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Wed, 24 Aug 2022 11:02:00 GMT

GET
H3 200 manifest.json
xoso.com.vn/ 819 B
599 B 271ms
229ms Manifest
application/json 2606:4700:10::ac43:633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://xoso.com.vn/manifest.json
Requested by: Host: cdn.xoso.com.vn
URL: https://cdn.xoso.com.vn/js/jsall.min.js?v=02012022
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::ac43:633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / xoso.com.vn-201
Resource Hash: 3b96bc53332a1c661a76e6292f4a588e852c169e6c8d7cf4acc7ffebb74361ed

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:14 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 21 Aug 2020 06:49:53 GMT
server: cloudflare
x-powered-by: xoso.com.vn-201
etag: W/"1d6778745d6bdb3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json
cache-control: public, max-age=604800
cf-ray: 73fb6c421b459bbf-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 84ms
31ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=xoso.com.vn

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 24 Aug 2022 10:32:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 81ms
30ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=xoso.com.vn

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 24 Aug 2022 10:32:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 23 KB
10 KB 170ms
170ms XHR
text/plain 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=188221202543126&correlator=1411624318088235&eid=31068501&output=ldjh&gdfp_req=1&vrg=2022081701&ptt=17&impl=fifs&iu_parts=21622890900%3A89928475%2CVN_xoso.com.vn_pc_home_right_300x600%2C300x250&enc_prev_ius=%2F0%2F1%2F%2F2&prev_iu_szs=300x250%7C300x600&ifi=4&adks=875553960&sfv=1-0-38&fsapi=false&cust_params=url%3D%252F%26ref%3Dnull&sc=1&cookie_enabled=1&abxe=1&dt=1661337134439&lmt=1661337134&dlt=1661337134115&idt=293&adxs=1062&adys=1152&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fxoso.com.vn%2F&frm=20&vis=1&psz=307x0&msz=307x0&fws=4&ohw=307&ga_vid=1373203678.1661337134&ga_sid=1661337134&ga_hid=446455031&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

fe9d2dfa300054f8c69ddf1878bd3f47f98ed156580fd25ec3ac9704a02b649e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:14 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: 211995
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10206
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-mediationtag-id: 314490
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://xoso.com.vn
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 0B63 6 KB
4 KB 135ms
30ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xoso.com.vn/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 24 Aug 2022 10:32:14 GMT
expires: Thu, 24 Aug 2023 10:32:14 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
439 B 86ms
28ms XHR
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-10721740-3&cid=1373203678.1661337134&jid=1350009955&gjid=807671617&_gid=1116106333.1661337134&_u=aChAgAABQAAAAE~&z=1366452578

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://xoso.com.vn/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 24 Aug 2022 10:32:14 GMT
content-type: text/plain
access-control-allow-origin: https://xoso.com.vn
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 66ms
21ms Image
image/gif 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=446455031&t=pageview&_s=1&dl=https%3A%2F%2Fxoso.com.vn%2F&ul=en-us&de=UTF-8&dt=X%E1%BB%95%20S%E1%BB%91%20-%20K%E1%BA%BFt%20Qu%E1%BA%A3%20X%E1%BB%95%20S%E1%BB%91%203%20Mi%E1%BB%81n%20-%20KQXS%20H%C3%B4m%20Nay%20Nhanh%20v%C3%A0%20Ch%C3%ADnh%20x%C3%A1c&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aChAgAABQ~&jid=1350009955&gjid=807671617&cid=1373203678.1661337134&tid=UA-10721740-3&_gid=1116106333.1661337134&gtm=2wg8m0TR3FRW&z=438247539

Requested by

Host: xoso.com.vn
URL: https://xoso.com.vn/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Aug 2022 15:07:42 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 69872
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 108ms
58ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-10721740-3&cid=1373203678.1661337134&jid=1350009955&_u=aChAgAABQAAAAE~&z=1605510781

Requested by

Host: xoso.com.vn
URL: https://xoso.com.vn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Aug 2022 10:32:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 113ms
59ms Image
image/gif 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-10721740-3&cid=1373203678.1661337134&jid=1350009955&_u=aChAgAABQAAAAE~&z=1605510781

Requested by

Host: xoso.com.vn
URL: https://xoso.com.vn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Aug 2022 10:32:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 215 B
408 B 32ms
31ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=xoso.com.vn&callback=_gfp_s_&client=ca-pub-6162392498535478

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208160101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6162392498535478&plah=xoso.com.vn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

a481d1a3625b3e4a2da1ddfe38391d99c1d622f94a091f4139e0240003c0d330

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 200
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 79ms
33ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=xoso.com.vn

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 24 Aug 2022 10:32:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 74ms
32ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=xoso.com.vn

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 24 Aug 2022 10:32:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7BB5 0
19 B 67ms
66ms Document
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6162392498535478&output=html&adk=1812271804&adf=3025194257&lmt=1661337134&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fxoso.com.vn%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661337134317&bpp=3&bdt=202&idt=274&shv=r20220822&mjsv=m202208160101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4300712307205&frm=20&pv=2&ga_vid=1373203678.1661337134&ga_sid=1661337134&ga_hid=446455031&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44768832%2C31068737&oid=2&pvsid=188221202543126&tmod=1828846614&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=292

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xoso.com.vn/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 24 Aug 2022 10:32:14 GMT
expires: Wed, 24 Aug 2022 10:32:14 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame AA8D 81 KB
32 KB 519ms
519ms Document
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6162392498535478&output=html&h=250&slotname=3702268378&adk=2629593577&adf=702317400&pi=t.ma~as.3702268378&w=300&lmt=1661337134&psa=0&format=300x250&url=https%3A%2F%2Fxoso.com.vn%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661337134320&bpp=2&bdt=205&idt=307&shv=r20220822&mjsv=m202208160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4300712307205&frm=20&pv=1&ga_vid=1373203678.1661337134&ga_sid=1661337134&ga_hid=446455031&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=377&ady=881&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44768832%2C31068737&oid=2&pvsid=188221202543126&tmod=1828846614&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=cUpGPHeChK&p=https%3A//xoso.com.vn&dtd=313

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

5448eb2683ea621ef6c88fe6bcf6719322b555c064f6e6154f99b946c71f8cec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xoso.com.vn/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 32681
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 24 Aug 2022 10:32:15 GMT
expires: Wed, 24 Aug 2022 10:32:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 73ms
22ms Script
application/javascript 34.102.146.192
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081701.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 06:51:08 GMT
content-encoding: gzip
age: 790866
x-guploader-uploadid: ADPycdvqYWr4XlcgogWQv1CUKqMPpl5vfnpXVcXgwGPC8Zdt9c3EaH1AN9TP9qap5Fs6TeD5UJ3zYNvH-rbYbZWiqGonRQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7927
last-modified: Thu, 27 May 2021 18:30:51 GMT
server: UploadServer
etag: "df5542b88bc0e368c6999754a5b9e2ba"
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
x-goog-generation: 1622140251693895
cache-control: no-transform
x-goog-stored-content-length: 7927
accept-ranges: bytes
content-type: application/javascript
expires: Tue, 15 Aug 2023 06:51:08 GMT

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 39 KB
13 KB 189ms
93ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

afa1d5bcfbc58ede9d71fd9eb2c5b53c369f05f3255ea4a36398be35b52979b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:14 GMT
content-encoding: gzip
last-modified: Tue, 16 Aug 2022 07:20:46 GMT
server: nginx
etag: W/"62fb454e-9dbd"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 25 Aug 2022 10:32:14 GMT

GET
H2 200 pubcid.min.js Show response
id.sharedid.org/lib/ 732 B
904 B 642ms
190ms Script
application/javascript 34.208.243.53
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://id.sharedid.org/lib/pubcid.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081701.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.208.243.53 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-208-243-53.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:15 GMT
cache-control: public, max-age=86400
last-modified: Wed, 24 Aug 2022 01:44:02 GMT
accept-ranges: bytes
content-length: 732
vary: accept-encoding
content-type: application/javascript

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 44 KB
13 KB 78ms
31ms Script
text/javascript 2606:4700:10::ac43:266a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:266a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b8cd6a935771c335b708ce50bb07ff972f1e8d65185231435365bb0a66062411

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:14 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 2302
x-amz-server-side-encryption: AES256
x-amz-request-id: ZVCC3VM16HTHP1VH
x-amz-id-2: f3Sph9yTRrRpV7sD69hKmhNuZQQwp9+hYIjLvBP9VAZFEN/mVd9eILrUJQLw8z4pdkYtpdiXGA8=
last-modified: Tue, 23 Aug 2022 08:57:12 GMT
server: cloudflare
etag: W/"c812189e503819b30a1ac4c9187a58eb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 73fb6c43dc7390c0-FRA

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16589/ 29 KB
9 KB 81ms
22ms Script
text/javascript 108.138.7.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081701.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.7.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-7-49.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 094b946adc39ade08f6d927ea066c8fef3ba6ee5c12919873172315ef7428e92

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 04:14:27 GMT
content-encoding: gzip
etag: W/"2fa1275c04d6208db458c1ec8559f92d"
last-modified: Tue, 19 Jul 2022 18:12:40 GMT
server: AmazonS3
age: 26677
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
via: 1.1 61c90c70feca5f532bf48bc0dc85d516.cloudfront.net (CloudFront)
cache-control: max-age: 86400
x-amz-cf-pop: FRA56-P6
x-amz-cf-id: Hdj3JmlTNHqZxOgybgYp4hyBaabGTAG4zXVpFLEFIxl5Zc0sWzX_Ig==

GET
H2 200 uid2-sdk-0.0.1b.js Show response
prod.uidapi.com/static/js/ 4 KB
5 KB 447ms
175ms Script
application/javascript 18.225.2.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prod.uidapi.com/static/js/uid2-sdk-0.0.1b.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081701.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.225.2.19 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-225-2-19.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: 2a79d9d59e4c07752c78abc5f0243cecb939729e0728f347671fcd3a219e9b3f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:14 GMT
cache-control: public, max-age=86400
last-modified: Tue, 17 May 2022 17:30:07 GMT
accept-ranges: bytes
content-length: 4559
vary: accept-encoding
content-type: application/javascript

GET
H3 200 container.html Show response
081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 66CB 6 KB
3 KB 71ms
30ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xoso.com.vn/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 24 Aug 2022 10:32:14 GMT
expires: Thu, 24 Aug 2023 10:32:14 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

esp Show response
oajs.openx.net/
Redirect Chain

https://oajs.openx.net/esp?url=https%3A%2F%2Fxoso.com.vn%2F&rid=esp
https://oajs.openx.net/esp?url=https%3A%2F%2Fxoso.com.vn%2F&rid=esp&cc=1

85 B
103 B

242ms
135ms

Fetch
application/json

34.120.135.53
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://oajs.openx.net/esp?url=https%3A%2F%2Fxoso.com.vn%2F&rid=esp&cc=1
Requested by: Host: xoso.com.vn
URL: https://xoso.com.vn/
Protocol: H3
Server: 34.120.135.53 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 53.135.120.34.bc.googleusercontent.com
Software: / Express
Resource Hash: 6b198a6f15419238f411aa3865a2cd16eb8ec758a78d5c539f33d8a78dfce3a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:15 GMT
via: 1.1 google
etag: W/"55-cOBev9SJlQCaEkIPQrBn3cNj8gI"
x-powered-by: Express
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://xoso.com.vn
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85

Redirect headers

date: Wed, 24 Aug 2022 10:32:14 GMT
via: 1.1 google
access-control-allow-origin: https://xoso.com.vn
x-powered-by: Express
vary: Origin
location: /esp?url=https%3A%2F%2Fxoso.com.vn%2F&rid=esp&cc=1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H/1.1 204 increment Show response
id5-sync.com/api/esp/ 0
320 B 86ms
24ms XHR
text/plain 141.95.98.67
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.67 , France, ASN16276 (OVH, FR),

Reverse DNS

ns3216533.ip-141-95-98.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://xoso.com.vn/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://xoso.com.vn
date: Wed, 24 Aug 2022 10:32:14 GMT
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
strict-transport-security: max-age=63072000; includeSubDomains; preload

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 20 B
305 B 151ms
46ms XHR
application/json 18.203.96.202
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.203.96.202 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-96-202.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: ab612e26357285522cbacea29b729bfdff3b7342c75ee9438ab83a27ce4b297e

Request headers

Referer: https://xoso.com.vn/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 24 Aug 2022 10:32:14 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://xoso.com.vn
expires: 0
cache-control: no-cache
x-server: 10.45.4.216
access-control-allow-credentials: true
content-type: application/json;charset=utf-8
content-length: 20
x-consent: absent

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 66CB 0
0 62ms
61ms Fetch
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CY9V0Lv4FY8O0HuSJ9u8PrJW54APukrWTXL-ihcfkBcCNtwEQASAAYJXSmIKsB4IBF2NhLXB1Yi05MDU4MjkxODU0NDQzODgxoAGi4PyVA8gBCeACAKgDAaoEqQJP0DpQkJLWcT6hbcgZRhgR9VC8ZuSqQHWVvYPpIKIOKIA0BAleVU8T8A9EsUEBeb2rXpy8dNuFP8YgJdlPRtPLo7qdSbEsd5Ls-ZbOOjxlza5bWVeBg78VpMbXH5rVJt5Gsrau9svOtQPVMtsQEJozC1drJZpqiAPWzF2t7oXQr3Bjr8PUQjCHNTT_PPDhz7yV0PWdMKFztm_4iqNUZTA3xU675U2uHabzSWEzpc_vafVtjn1lCFnQ43882ZrPGWYHTPY3Tn3Ka55q-99c-VI2Vp4mruWQmmpZplHMX6vVJbfDlDdVjpw8fVmFasWquxPewHcCXGJX4X28-a5YJ9alnpnyxHIW1HV4xRNE4hRtUo0I--QMt28mxOYv76nu6jasSwAuUcjuGTPgBAGABv_h6J7zqa_9M6AGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBAIiOGAEBABMgOqggE6AoBA8ggbYWR4LXN1YnN5bi05OTk2MTQxMTE2MTM3ODg3gAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTkwNTgyOTE4NTQ0NDM4ODEYttdp&sigh=szR3bDlGAys&uach_m=[UACH]&cid=CAQSPgCsnQUxk-lJ63rVhavsDcdMX1do7fi1kR0xX3Ua6fzdfb1HNAeKuYKRJCFDtzo1RxKaCNidRtQaCjzDMWJaGAE
Requested by: Host: xoso.com.vn
URL: https://xoso.com.vn/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s06-in-f2.1e100.net
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

GET
H2 200 ttj Show response
ib.3lift.com/ Frame 66CB 4 KB
2 KB 108ms
22ms Script
application/javascript 18.66.112.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ib.3lift.com/ttj?inv_code=adasia_allpublishers_display
Requested by: Host: 081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com
URL: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-66.fra56.r.cloudfront.net
Software: /
Resource Hash: aaa7d4376bdc97484fd3ea89c5b81b81570bd9390e90a4a20c2d2978be1e7942

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:19:55 GMT
content-encoding: gzip
age: 746
etag: "0cd407d02f09a25a796b9b90a9e24935fb7c142d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 5e28951e5f2b6d7d562636473d26d7a6.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: FRA56-P5
content-length: 2095
x-amz-cf-id: ErRAVQs1JaPb77nu2-hYif1JLqc9_Py6bJn_ZE5759-dc6b8T30TIA==

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/ Frame 66CB 3 KB
1 KB 77ms
28ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/window_focus_fy2021.js

Requested by

Host: 081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com
URL: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:28:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 241
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 07 Sep 2022 10:28:13 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 66CB 140 KB
44 KB 87ms
36ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com
URL: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a4f8d308a537be4d8442135addd3a1637ad70c831ec8d6fb21b460dc392031e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44049
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1661168302676581"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 24 Aug 2022 10:32:14 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/ Frame 66CB 17 KB
8 KB 70ms
22ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com
URL: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:04:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1652
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
server: cafe
etag: 9215437806027971270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 07 Sep 2022 10:04:42 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 66CB 22 KB
7 KB 72ms
24ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com
URL: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 19 Aug 2022 06:50:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 445283
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 19 Aug 2023 06:50:51 GMT

GET
H2 200 notify
tlx.3lift.com/s2s/ Frame 66CB 37 B
184 B 74ms
20ms Image
image/gif 18.159.27.64
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tlx.3lift.com/s2s/notify?px=1&pr=YwX-LgAHmkMH_YTkAA5KrNeeTOLEnCcdfYe_Ag&ts=1661337134&aid=45042644978561212383170&ec=7354_112857_50998862&n=GgDyAr0BCAASFzQ1MDQyNjQ0OTc4NTYxMjEyMzgzMTcwGAAgASi6OTDZ8QZAAUgAUABgCmgAcLCiApABAJgBAKgBALgBCcABGcgBIPABAPgBIIACGZECAAAAAAAA8D%2BZAlK4HoXrUcg%2FqAIAsAIAyAIE2AIA8QJmZmZmZmbmP%2FgCkDeAA6wCiAPYBJADAJgDAKADALgDkp0CyAMA0gMINTA5OTg4NjLgA4%2BsL%2BkDAAAAAAAAAADwAyD5AwAAAAAAAAAA%2BAIFiAMAkgMEQUQyMJgDAKAD0bYCqAMA
Requested by: Host: 081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com
URL: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.159.27.64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-27-64.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Aug 2022 10:32:14 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H2 200 pe
eb2.3lift.com/ Frame 66CB 37 B
140 B 107ms
23ms Image
image/gif 13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/pe?fid=10&peid=0&aid=45042644978561212383170
Requested by: Host: 081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com
URL: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:14 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 20B5 15 KB
6 KB 119ms
40ms Document
text/html 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=xoso.com.vn

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

96250b0de15d90f6e2e2ee39329e3060c7bc4a15e69cb6933039664f024f7efd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://xoso.com.vn/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-length: 6144
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 24 Aug 2022 10:32:14 GMT
server-processing-duration-in-ticks: 2933
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 bundle.js Show response
ib.3lift.com/rev/d4dfc0c2854e9f9372edd516b9dab7e92cb1de3d/dist/ Frame 66CB 166 KB
53 KB 26ms
26ms Script
application/javascript 18.66.112.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ib.3lift.com/rev/d4dfc0c2854e9f9372edd516b9dab7e92cb1de3d/dist/bundle.js
Requested by: Host: ib.3lift.com
URL: https://ib.3lift.com/ttj?inv_code=adasia_allpublishers_display
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-66.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 14617ac5dba86061ae843e682417f7d0abfbfd5ca9ba3c44a9bbedb4d57bb2ed

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 16:53:31 GMT
content-encoding: gzip
last-modified: Mon, 22 Aug 2022 16:44:07 GMT
server: AmazonS3
age: 149924
etag: "e75bdc7bc4fc4b4a312c758166c89150"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 5e28951e5f2b6d7d562636473d26d7a6.cloudfront.net (CloudFront)
cache-control: max-age=31536000, immutable
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
content-length: 53961
x-amz-cf-id: NzypZ5wbMP319TXvUyMvQ6rtsVCa6Qn9_xJK5swf2EMTVWM6u6igAA==

GET
DATA 200
OK truncated
/ Frame 66CB 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 941dfac8cd0afbc3d8aa282f394dd29f8c11cb6027d89736ad743f021b285615

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 r
eb2.3lift.com/ Frame 66CB 37 B
139 B 23ms
23ms Image
image/gif 13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/r?inv_code=adasia_allpublishers_display&aid=45042644978561212383170&rev=d4dfc0c&pr=can%27t%2520access%2520top%2520document&bc=0.032&bmid=7354&biid=7056&sid=112857&brid=37168&adid=50998862&crid=775695&ts=1661337134&bcud=32&ss=5&caid=0&unid=0&domain=081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com&ref=https%253A%252F%252Fxoso.com.vn%252F&rr=creative&fid=10&rb=0&g=0&cb=70722
Requested by: Host: 081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com
URL: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:14 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

GET
DATA 200
OK truncated Show response
/ Frame CE2C 26 B
0 Script
image/gif

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c00a759275b8628823a9809f24cbeca08cb48b52713adf221f70284e66d9c82f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 OBA_TRANS.png
ib.3lift.com/static/buttons/edaa/ Frame 66CB 3 KB
3 KB 23ms
22ms Image
image/png 18.66.112.66
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ib.3lift.com/static/buttons/edaa/OBA_TRANS.png
Requested by: Host: 081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com
URL: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-66.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2fd4c3ae6afc2b4026d9f0b64b8ff1110ecfcf47b90bc988c06e844b3921cbf6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 04:27:47 GMT
via: 1.1 5e28951e5f2b6d7d562636473d26d7a6.cloudfront.net (CloudFront)
last-modified: Thu, 05 Aug 2021 17:23:36 GMT
server: AmazonS3
age: 541023
etag: "ddf020e069f1706b72b7698b28fede09"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=604800,s-maxage=604800,public
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
content-length: 3125
x-amz-cf-id: Waf9zAGJiVrwAIf7o23GDeHxY-yxF1Q3YI0cqUo6I3JYANLiWWQ6zg==

GET
H2 200 OBA_UK.png
ib.3lift.com/static/buttons/edaa/ Frame 66CB 3 KB
4 KB 24ms
23ms Image
image/png 18.66.112.66
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ib.3lift.com/static/buttons/edaa/OBA_UK.png
Requested by: Host: 081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com
URL: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-66.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 08285afd2f0c11a2a9d89f00dce769479e4d164e62caa39eceea9f1eb551afa9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 13:30:14 GMT
via: 1.1 5e28951e5f2b6d7d562636473d26d7a6.cloudfront.net (CloudFront)
last-modified: Thu, 05 Aug 2021 17:23:31 GMT
server: AmazonS3
age: 456848
etag: "7ceab27af00fa466072a3c3360041755"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=604800,s-maxage=604800,public
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
content-length: 3518
x-amz-cf-id: FTMb507uzB_j25t9J5wx-yMOWv380cgHaKQwM0N_UHq1SioGkL5C9Q==

GET
H2 200 ctar
eb2.3lift.com/ Frame 66CB 37 B
139 B 24ms
23ms Image
image/gif 13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/ctar?inv_code=adasia_allpublishers_display&aid=45042644978561212383170&rev=d4dfc0c&cta_render_method=1&cta_render_text=&cb=78311
Requested by: Host: 081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com
URL: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:14 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame 95F9 909 B
1 KB 218ms
41ms Script
text/javascript 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=50998862;rtbwp=0.032;rtbdata=eyNZsF0Hm3_szYWMZfnSe2zb06SJGBeYTUEbNNgAxnsJsLinYTfW0plbnB-LznzADz9bKHECUoXux7hcCSqlGO8ktMeo-9KfxiB3tMlHDlU-Pidw9UnisOfC1iDmiI3feTqcoE3up6OBHyMSwys1RlC44c6uZOnKu5bVUbWe5UR8slQ2KA_3LsN4iOtIBxgX0

Requested by

Host: ib.3lift.com
URL: https://ib.3lift.com/rev/d4dfc0c2854e9f9372edd516b9dab7e92cb1de3d/dist/bundle.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

218e60fc24d8dd0d74950b2ce5ee1979eb6ce59706565ada9df20419576cd8bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Aug 2022 10:32:15 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 750
expires: -1

GET
H2 200 aop
eb2.3lift.com/ Frame 66CB 37 B
139 B 105ms
104ms Image
image/gif 13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/aop?inv_code=adasia_allpublishers_display&aid=45042644978561212383170&rev=d4dfc0c&pr=can%27t%2520access%2520top%2520document&bc=0.032&bmid=7354&biid=7056&sid=112857&brid=37168&adid=50998862&crid=775695&ts=1661337134&bcud=32&ss=5&caid=0&unid=0&domain=081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com&ref=https%253A%252F%252Fxoso.com.vn%252F&rr=creative&fid=10&rb=0&g=0&cb=82804
Requested by: Host: 081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com
URL: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:14 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

GET
H2 200 ev1
eb2.3lift.com/ Frame 66CB 37 B
139 B 98ms
98ms Image
image/gif 13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/ev1?inv_code=adasia_allpublishers_display&aid=45042644978561212383170&rev=d4dfc0c&pr=YwX-LgAHmkMH_YTkAA5KrNeeTOLEnCcdfYe_Ag&bc=0.032&bmid=7354&biid=7056&sid=112857&brid=37168&adid=50998862&crid=775695&ts=1661337134&bcud=32&ss=5&caid=0&unid=0&cepos=0&ceid=0&cb=18078
Requested by: Host: 081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com
URL: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:15 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

GET
H2

200

sid Show response
mug.criteo.com/ Frame 20B5
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertagids&domain=xoso.com.vn&sn=ChromeSyncframe&so=0&topUrl=xoso.com.vn&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=H_7Tn3xDTk9iTUh2ajVqeTZTUHZBNWhtMVArZ24vN3hDRkEzbHF6WjNrdUVFcVNueExFVFJxN2tXK3lBb21pSFk0YUV5RnRBMWRFZEJPdktIaExJdkg1ZzlDODUyRnkrL0wzMDZmcWJtamNSS2VOdzc1VkRnSyswdWk2Lz...

423 B
629 B

301ms
41ms

Fetch
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=H_7Tn3xDTk9iTUh2ajVqeTZTUHZBNWhtMVArZ24vN3hDRkEzbHF6WjNrdUVFcVNueExFVFJxN2tXK3lBb21pSFk0YUV5RnRBMWRFZEJPdktIaExJdkg1ZzlDODUyRnkrL0wzMDZmcWJtamNSS2VOdzc1VkRnSyswdWk2LzNiZVdaR1JVbWc4ZEZFRm1TM0U4b0tMUEhLS0RudGIxN0daVkNtdWlLdEttbi9YQXYwOFBOMGFodVNkenNsNlBNTlc4Rm0zbko2UFliUlVNRldjZi9KZ2tGS3NKdFNNK3hTR2FROVZzVUtzVzhNaVFrVEdHd2Q5MEJ3aEQ1dnM3NTZOSUJQVmpPSzhpSVkwNEp3OXhXYUcySG5rWXBSQT09fA&cppv=2

Requested by

Host: xoso.com.vn
URL: https://xoso.com.vn/

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

7a595ac7abc48d00434b95a59d4faed4a42d3443e9af27da601b0cee8d38086a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Aug 2022 10:32:14 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 5019
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 24 Aug 2022 10:32:14 GMT
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=H_7Tn3xDTk9iTUh2ajVqeTZTUHZBNWhtMVArZ24vN3hDRkEzbHF6WjNrdUVFcVNueExFVFJxN2tXK3lBb21pSFk0YUV5RnRBMWRFZEJPdktIaExJdkg1ZzlDODUyRnkrL0wzMDZmcWJtamNSS2VOdzc1VkRnSyswdWk2LzNiZVdaR1JVbWc4ZEZFRm1TM0U4b0tMUEhLS0RudGIxN0daVkNtdWlLdEttbi9YQXYwOFBOMGFodVNkenNsNlBNTlc4Rm0zbko2UFliUlVNRldjZi9KZ2tGS3NKdFNNK3hTR2FROVZzVUtzVzhNaVFrVEdHd2Q5MEJ3aEQ1dnM3NTZOSUJQVmpPSzhpSVkwNEp3OXhXYUcySG5rWXBSQT09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 1573
content-length: 541
expires: 0

GET
H3 200 396602296069851707
tpc.googlesyndication.com/simgad/ Frame AA8D 75 KB
75 KB 74ms
26ms Image
image/gif 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/396602296069851707

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6162392498535478&output=html&h=250&slotname=3702268378&adk=2629593577&adf=702317400&pi=t.ma~as.3702268378&w=300&lmt=1661337134&psa=0&format=300x250&url=https%3A%2F%2Fxoso.com.vn%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661337134320&bpp=2&bdt=205&idt=307&shv=r20220822&mjsv=m202208160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4300712307205&frm=20&pv=1&ga_vid=1373203678.1661337134&ga_sid=1661337134&ga_hid=446455031&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=377&ady=881&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44768832%2C31068737&oid=2&pvsid=188221202543126&tmod=1828846614&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=cUpGPHeChK&p=https%3A//xoso.com.vn&dtd=313

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61af25545f6b844c647f7ad58dcfa85f8588ac93243da06d791eba77fc229844

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 17 Aug 2022 13:15:37 GMT
x-content-type-options: nosniff
age: 594998
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 76797
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 12:04:55 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 17 Aug 2023 13:15:37 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220822/r20110914/ Frame AA8D 23 KB
9 KB 71ms
24ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220822/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ba7beca0f5402387b359ad40d2af0dda9632f6b81e2aa0c26336324c358c3e10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:27:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 293
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9668
x-xss-protection: 0
server: cafe
etag: 3250940068065303693
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 07 Sep 2022 10:27:22 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/ Frame AA8D 3 KB
1 KB 63ms
21ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:28:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 242
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 07 Sep 2022 10:28:13 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/ Frame AA8D 17 KB
7 KB 105ms
63ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:04:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1653
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
server: cafe
etag: 9215437806027971270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 07 Sep 2022 10:04:42 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame AA8D 140 KB
43 KB 93ms
48ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a4f8d308a537be4d8442135addd3a1637ad70c831ec8d6fb21b460dc392031e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44049
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1661168302676581"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 24 Aug 2022 10:32:15 GMT

GET
H3 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/ Frame AA8D 32 KB
13 KB 63ms
22ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9091dec867a1dc7341bf0aa79915415e24203019aa46230a6210b98187493570

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 08:21:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7829
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13566
x-xss-protection: 0
server: cafe
etag: 1188449327864671977
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 07 Sep 2022 08:21:46 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame AA8D 0
0 65ms
65ms Fetch
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CqZrSLv4FY4fdKYWN-cAPppWhuAav16Hba6jux4iEENzZHhABINP7iyVgldKYgqwHoAHq64m7A8gBA6gDAcgDyQSqBPQBT9DH3i-gFcdXgW4j2u3worLdL9XQ7hHxMJZOYquVkrAqo5vQzlNAFz3NGe821luzCbpAP6KHIA5LrbCrdCyF2ovWz40NGd1EIbvUXWU42FK-kkR6RLTkA-sGA6uD7Eo3Mp3igbuKjL33jBHEBVKsiZvUvlVUKjRQxyyh5gV-0C8LQnDd8YXP476onMx9J4VPPRpUYqkm9MiXn3ZEK3Tx-jvbRXgvrm51Ef1Jv_tVgNq0FUgF2yIqtNfwsLEtcoKzvc1t66AVSErkqvfUmdXd2FtTBUWB-aOXEkMr7qCn6pbj98m5A9N7xJ7CkQcAVY19AsCgjcAEg678vZ4EkgUECAQYAZIFBAgFGASgBgOAB_6T9kSoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBCpvwjSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAdgTDNAVAZgWAYAXAbIXHAoaCAASFHB1Yi02MTYyMzkyNDk4NTM1NDc4GAA&sigh=Vawumgqtrjc&uach_m=[UACH]

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6162392498535478&output=html&h=250&slotname=3702268378&adk=2629593577&adf=702317400&pi=t.ma~as.3702268378&w=300&lmt=1661337134&psa=0&format=300x250&url=https%3A%2F%2Fxoso.com.vn%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661337134320&bpp=2&bdt=205&idt=307&shv=r20220822&mjsv=m202208160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4300712307205&frm=20&pv=1&ga_vid=1373203678.1661337134&ga_sid=1661337134&ga_hid=446455031&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=377&ady=881&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44768832%2C31068737&oid=2&pvsid=188221202543126&tmod=1828846614&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=cUpGPHeChK&p=https%3A//xoso.com.vn&dtd=313
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 24 Aug 2022 10:32:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame 95F9 33 KB
16 KB 214ms
44ms Script
text/javascript 37.157.2.248
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=50998862;rtbwp=0.032;rtbdata=eyNZsF0Hm3_szYWMZfnSe2zb06SJGBeYTUEbNNgAxnsJsLinYTfW0plbnB-LznzADz9bKHECUoXux7hcCSqlGO8ktMeo-9KfxiB3tMlHDlU-Pidw9UnisOfC1iDmiI3feTqcoE3up6OBHyMSwys1RlC44c6uZOnKu5bVUbWe5UR8slQ2KA_3LsN4iOtIBxgX0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.248 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 0ce978a7907fdf3a7b393ff68e8c0c17703c7f2eae4772b4bdce769668118dda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:15 GMT
content-encoding: gzip
last-modified: Wed, 27 Jul 2022 07:02:09 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Thu, 25 Aug 2022 14:16:33 GMT

GET
H2 200 pd Show response
google-bidout-d.openx.net/w/1.0/ Frame 2184 0
176 B 164ms
33ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by: Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://xoso.com.vn/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Wed, 24 Aug 2022 10:32:15 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B0ED 143 B
163 B 21ms
21ms Document
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6162392498535478&output=html&h=250&slotname=3702268378&adk=2629593577&adf=702317400&pi=t.ma~as.3702268378&w=300&lmt=1661337134&psa=0&format=300x250&url=https%3A%2F%2Fxoso.com.vn%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661337134320&bpp=2&bdt=205&idt=307&shv=r20220822&mjsv=m202208160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4300712307205&frm=20&pv=1&ga_vid=1373203678.1661337134&ga_sid=1661337134&ga_hid=446455031&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=377&ady=881&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44768832%2C31068737&oid=2&pvsid=188221202543126&tmod=1828846614&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=cUpGPHeChK&p=https%3A//xoso.com.vn&dtd=313
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1257
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Wed, 24 Aug 2022 10:11:18 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 14D7 1 KB
749 B 22ms
20ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 18009
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 24 Aug 2022 05:32:06 GMT
etag: 48472445140208031
expires: Thu, 25 Aug 2022 05:32:06 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame AA8D 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d2b8e1aa28db146a7330200cdf757d7a69e03ef2c37b71b90db0ee141b63ad67

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dpixel
cms.quantserve.com/ Frame 14D7 35 B
463 B 92ms
22ms Image
image/gif 2620:116:800d:21:5ed4:8d5d:fed7:f5ef
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEBnCSRfjrWTwb4P9_FC7CDI&google_cver=1&google_push=AehlK4DmNbnWkPI-Lo9iJFsN3Hc2KRX-Y6GEKe7ywHaBVLjUmQ3EXAJUEbetcbfU6Hadn6tVg6To88g5ZcwNYJflxvuK2-UnvQ

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5ed4:8d5d:fed7:f5ef , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Aug 2022 10:32:15 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 14D7
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEH8BzDarR1GBN963sKoT6Lc&google_cver=1&google_push=AehlK4AJVagBcsuA3oWi7fsWcJEAtr86z-Wok9pn7f2KkY7yY4iBKWA9kiWl_ilIgkC8PLB_PTpb5QWkUhbag-9tSLxUdBFrpQ
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AehlK4AJVagBcsuA3oWi7fsWcJEAtr86z-Wok9pn7f2KkY7yY4iBKWA9kiWl_ilIgkC8PLB_PTpb5QWkUhbag-9tSLxUdBFrpQ&google_hm=Q0FFU0VIOEJ6RGFyUjFHQk4...

170 B
188 B

32ms
32ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AehlK4AJVagBcsuA3oWi7fsWcJEAtr86z-Wok9pn7f2KkY7yY4iBKWA9kiWl_ilIgkC8PLB_PTpb5QWkUhbag-9tSLxUdBFrpQ&google_hm=Q0FFU0VIOEJ6RGFyUjFHQk45NjNzS29UNkxj

Requested by

Host: xoso.com.vn
URL: https://xoso.com.vn/

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Aug 2022 10:32:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 24 Aug 2022 10:32:15 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AehlK4AJVagBcsuA3oWi7fsWcJEAtr86z-Wok9pn7f2KkY7yY4iBKWA9kiWl_ilIgkC8PLB_PTpb5QWkUhbag-9tSLxUdBFrpQ&google_hm=Q0FFU0VIOEJ6RGFyUjFHQk45NjNzS29UNkxj
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 451 466606.gif
id.rlcdn.com/ Frame 14D7 0
98 B 94ms
31ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/466606.gif?cparams=google_push%3DAehlK4Ao83BrCbSqUtxcLRHcV8xwAMnREGymPr5ZxbpPw2nHYqZbG8hszUKMh3X05-b0OKkLCZkYDKkIn-qxTRLsmEId0GBHuA&google_gid=CAESEIcO2fzEq1YZxWcwc-aFsFg&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6162392498535478&output=html&h=250&slotname=3702268378&adk=2629593577&adf=702317400&pi=t.ma~as.3702268378&w=300&lmt=1661337134&psa=0&format=300x250&url=https%3A%2F%2Fxoso.com.vn%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661337134320&bpp=2&bdt=205&idt=307&shv=r20220822&mjsv=m202208160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4300712307205&frm=20&pv=1&ga_vid=1373203678.1661337134&ga_sid=1661337134&ga_hid=446455031&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=377&ady=881&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44768832%2C31068737&oid=2&pvsid=188221202543126&tmod=1828846614&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=cUpGPHeChK&p=https%3A//xoso.com.vn&dtd=313
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:15 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 14D7 0
166 B 152ms
31ms Image
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEJKODNf3kkXpn387OGsxPrI&google_cver=1&google_push=AehlK4Au0FrwsyYpxBtPaefjfd5XUtboWNkhP4oFs05CuIb38JpR2f-EuNsKQ37PqrpA9c8to6Quz5eI1jYyrPwJlX4vUxjjoQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6162392498535478&output=html&h=250&slotname=3702268378&adk=2629593577&adf=702317400&pi=t.ma~as.3702268378&w=300&lmt=1661337134&psa=0&format=300x250&url=https%3A%2F%2Fxoso.com.vn%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661337134320&bpp=2&bdt=205&idt=307&shv=r20220822&mjsv=m202208160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4300712307205&frm=20&pv=1&ga_vid=1373203678.1661337134&ga_sid=1661337134&ga_hid=446455031&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=377&ady=881&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44768832%2C31068737&oid=2&pvsid=188221202543126&tmod=1828846614&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=cUpGPHeChK&p=https%3A//xoso.com.vn&dtd=313
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:15 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 14D7
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEFqmJtRn21d2eJOTYj3OMNk&google_cver=1&google_push=AehlK4Bal3qW20UU-6pYugk2vDUBrzqJBTpUHGrWjkyCN8V4kmv2vJbi7MQLTdr_Es1jEe5sggb...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDc3SDhIV1ItMU0tR0ZVSg==&google_push=AehlK4Bal3qW20UU-6pYugk2vDUBrzqJBTpUHGrWjkyCN8V4kmv2vJbi7MQLTdr_Es1jEe5sggb6nJMcOHC8t0OZL-1seD_eTg

170 B
188 B

79ms
34ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDc3SDhIV1ItMU0tR0ZVSg==&google_push=AehlK4Bal3qW20UU-6pYugk2vDUBrzqJBTpUHGrWjkyCN8V4kmv2vJbi7MQLTdr_Es1jEe5sggb6nJMcOHC8t0OZL-1seD_eTg

Requested by

Host: xoso.com.vn
URL: https://xoso.com.vn/

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Aug 2022 10:32:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDc3SDhIV1ItMU0tR0ZVSg==&google_push=AehlK4Bal3qW20UU-6pYugk2vDUBrzqJBTpUHGrWjkyCN8V4kmv2vJbi7MQLTdr_Es1jEe5sggb6nJMcOHC8t0OZL-1seD_eTg
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 14D7
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEN8QqzOzKLJh9FBtLFTozQ8&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEN8QqzOzKLJh9FBtLFTozQ8&google_push=Ae...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEN8QqzOzKLJh9FBtLFTozQ8&google_hm=YwX-L-mKdjMLKY-K1vWiTAAABGQAAAIB&google_nid=index&google_push=AehlK4DIkUEtczdxYNcek1bUANqQg3uFlsQZM...

170 B
188 B

33ms
33ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEN8QqzOzKLJh9FBtLFTozQ8&google_hm=YwX-L-mKdjMLKY-K1vWiTAAABGQAAAIB&google_nid=index&google_push=AehlK4DIkUEtczdxYNcek1bUANqQg3uFlsQZMx010-St-Zj0xG-mfkrz_TgoDvrt4COLPu9wvwuOr_zB63eTejiIXo0nthDldw

Requested by

Host: xoso.com.vn
URL: https://xoso.com.vn/

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Aug 2022 10:32:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 24 Aug 2022 10:32:15 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2By3MT4wQop4lMx1OamZ9TvegjDDHVRhyOkivHKiP1MZ4I5YIlE493%2BhGxAQE2rfT2tmBwMlplziPnesmInWD8IbMXBFkyQN5300a421e0P8Y%2FSrQOINbRAEUi5HwdJ5LM9ZEfUDKJmz5Jw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEN8QqzOzKLJh9FBtLFTozQ8&google_hm=YwX-L-mKdjMLKY-K1vWiTAAABGQAAAIB&google_nid=index&google_push=AehlK4DIkUEtczdxYNcek1bUANqQg3uFlsQZMx010-St-Zj0xG-mfkrz_TgoDvrt4COLPu9wvwuOr_zB63eTejiIXo0nthDldw
cache-control: no-cache
cf-ray: 73fb6c495cf39170-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H2 200 trk
ag.innovid.com/ Frame 14D7 43 B
296 B 229ms
34ms Image
image/gif 2a05:d01c:1d8:8101:fce4:7d96:66d4:9311
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEM8JG1zDjTM8yPv8lCpp3-E&google_cver=1&google_push=AehlK4DLIjO6PchMgKqq-vZ2ijVLK5Mgtg2yJ4EGNzEhAfkQN1axUmyq43xzjwmNXBkZK7VvoMVKGjIFl9Qez-AyQ9Ox-7wDbTo
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6162392498535478&output=html&h=250&slotname=3702268378&adk=2629593577&adf=702317400&pi=t.ma~as.3702268378&w=300&lmt=1661337134&psa=0&format=300x250&url=https%3A%2F%2Fxoso.com.vn%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661337134320&bpp=2&bdt=205&idt=307&shv=r20220822&mjsv=m202208160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4300712307205&frm=20&pv=1&ga_vid=1373203678.1661337134&ga_sid=1661337134&ga_hid=446455031&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=377&ady=881&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44768832%2C31068737&oid=2&pvsid=188221202543126&tmod=1828846614&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=cUpGPHeChK&p=https%3A//xoso.com.vn&dtd=313
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8101:fce4:7d96:66d4:9311 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Aug 2022 10:32:15 GMT
cache-control: no-cache
content-type: image/gif
content-length: 43
request-time: 0
expires: -1

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 14D7 0
232 B 93ms
28ms Image
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J5ulz51NYFMLg997H_HhRq9ViiZ_t5IdSqzCyJmP7pd7w-1f9F3NplUjNEfDmAlAVb2oWh

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:15 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B0ED
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

33ms
33ms

Document
text/html

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 24 Aug 2022 10:32:15 GMT
expires: Wed, 24 Aug 2022 10:32:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 24 Aug 2022 10:32:15 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 932hlcctLOJRtLoo5sJe2QKRhL1SnC_Hox4lZlMNfoI.js Show response
pagead2.googlesyndication.com/bg/ Frame 8BD8 36 KB
14 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/932hlcctLOJRtLoo5sJe2QKRhL1SnC_Hox4lZlMNfoI.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f77da195c72d2ce251b4ba28e6c25ed9029184bd529c2fc7a31e2566530d7e82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:28:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 202
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14036
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 08:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 24 Aug 2023 10:28:53 GMT

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame 95F9 5 KB
2 KB 42ms
42ms Script
text/javascript 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?bn=50998862;rtbwp=0.032;rtbdata=eyNZsF0Hm3_szYWMZfnSe2zb06SJGBeYTUEbNNgAxnsJsLinYTfW0plbnB-LznzADz9bKHECUoXux7hcCSqlGO8ktMeo-9KfxiB3tMlHDlU-Pidw9UnisOfC1iDmiI3feTqcoE3up6OBHyMSwys1RlC44c6uZOnKu5bVUbWe5UR8slQ2KA_3LsN4iOtIBxgX0;js=1;adfxid=1x;2125;set=en-US|en-US|1600X1200|0|300|600|24|8|3|7|1|;fd=0|0&CREFURL=https%3A%2F%2Fxoso.com.vn

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

f184e8a5ddc65ba2f6b5bccef92fcd2d4eb856b18683bee79e3e7e8456021d0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Aug 2022 10:32:15 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 2214
expires: -1

GET
H2 200 fxpcopuw.js Show response
ad4m.at/ Frame 95F9 36 KB
13 KB 94ms
37ms Script
application/javascript 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/fxpcopuw.js
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 22cadce4f1aad2a4af3657f90efa02d4e3d32217fdf307ff69512771d1fb08ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:15 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 85918
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 27 Jul 2022 10:39:36 GMT
server: cloudflare
etag: W/"1a2552545a3303319c45b19addfd8947"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Run9r0IzTfCDEiurhhOJFhdL0EgYSly02zhQlokpFoSO8vH88aJI5pcY%2BbPpHRl2Nw9Rs85AuIK%2FrS8Lo3CZcUkLa%2BNwF7YB35KxKIHQlNOdul0M%2BufRU0Xo90m9EMGkIZ7sS%2F8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
expires: Mon, 22 Aug 2022 14:06:18 GMT
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
cf-ray: 73fb6c497fa59000-FRA
cf-bgj: minify

POST
H2 200 /
track.adform.net/csimpr/ Frame 95F9 35 B
502 B 42ms
41ms Ping
image/gif 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=50998862&csi=SplZKrJ9kWigCM5mlzoXLJN0hZpGOe0u4o-MMVUHH2PZKGWOLEEutt6vWmW1dlSa0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 24 Aug 2022 10:32:15 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 ThirdParty Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.221/e/2gSBggDQ/i/vCAv.IAAAAAoAA/r:types/ Frame 95F9 34 KB
15 KB 52ms
52ms Script
text/javascript 37.157.2.248
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.221/e/2gSBggDQ/i/vCAv.IAAAAAoAA/r:types/ThirdParty
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.248 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 06289e11ae03a6a17deb90c51e873bc616e28822001c6d6132069b39aefeb7d9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:15 GMT
content-encoding: gzip
last-modified: Wed, 27 Jul 2022 07:02:09 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Thu, 25 Aug 2022 13:26:12 GMT

GET
H2 200 sync Show response
eb2.3lift.com/ Frame 19E4 37 B
139 B 23ms
23ms Document
image/gif 13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?max=10&cb=29691
Requested by: Host: ib.3lift.com
URL: https://ib.3lift.com/rev/d4dfc0c2854e9f9372edd516b9dab7e92cb1de3d/dist/bundle.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif
date: Wed, 24 Aug 2022 10:32:15 GMT

GET
H3 200 frame.html Show response
ad4m.at/ Frame 5D99 2 KB
1 KB 55ms
30ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bdd681451ace45b4f9e4ea032868c87b80da96240a2adb696bd59ed6a238497b

Request headers

Referer: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2394775
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: public, max-age=3600
cf-cache-status: HIT
cf-ray: 73fb6c49fee25b38-FRA
content-encoding: br
content-language: en
content-type: text/html; charset=utf-8
date: Wed, 24 Aug 2022 10:32:15 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Wed, 24 Aug 2022 11:32:15 GMT
last-modified: Wed, 06 May 2020 15:09:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mjVs27lzazgvhyuCRo%2ByelE0caJIB2M8z3Imr22hVVnA5tr2noTed%2FPyapaJRPwHV3quCCzZzL%2FPCFk0Ngz9da%2BrYS%2BhwKsWyovqBjrthMcrSgJqJ3rqnwlBYibyLfu2jqZz5sk%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 109ms
67ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022081701&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c862ff13e20b2c5749d36046bd04e0c3aca0e0bd573d465686a5a482db2018e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 24 Aug 2022 10:32:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11062
x-xss-protection: 0

POST
H3 200 rs Show response
ad4m.at/ Frame 95F9 924 B
1 KB 48ms
48ms XHR
text/plain 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b919c60c533d26ef2552924c5a100c7838708ed37ca81bad2574b59dd0749b46

Request headers

Referer: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 24 Aug 2022 10:32:15 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 73fb6c4aacdb9b57-FRA
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uo2uuquSVWlXHauiRL52g%2FxNaUvZdkq%2BB%2FRBkjRI4q0prL9TpObhiM2GCHJWJMLv84CghRFi48qyKQ%2FTOdRIBWVlcqR%2BH62vpA%2BF3tfQ8XGR4UIFg73mpu22OIAuVWt9KK%2Fe%2BUU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
access-control-allow-credentials: true
content-encoding: br
x-backend-server: aa-reachservice-group-europe-west1-2p34

OPTIONS
H3 200 rs
ad4m.at/ Frame 0
0 61ms
39ms Preflight
text/plain 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-origin: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com
access-control-max-age: 1800
allow: HEAD,POST,GET,OPTIONS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 73fb6c4a6c809b57-FRA
content-length: 24
content-type: text/plain
date: Wed, 24 Aug 2022 10:32:15 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HZ%2BBmDi2j8aaBd1xjAvMvs3UcXxSReChc%2FDf0pYRcncyVjiUE4J8sVgVJKSLgme5jy9yBIU5Sw9%2Bn6Wo0Uh0nUArb9aWYFkMTaEMGsPquVGsxs2I3LeU6v6iA1Aea0ywE0dRgEo%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
via: 1.1 google
x-backend-server: aa-reachservice-group-europe-west1-2p34

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 24 Aug 2022 10:32:15 GMT

GET
H2 200 rar Show response
as.ad4m.at/ad/ Frame 1EDC 8 KB
4 KB 48ms
35ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=196438%2C56666%2C34817&b=1VbSbfKf4QDXs9HdH9tAt8qbc2SKT7JfA%2CWVYSrfdfppP7UYH5HjtxtA69t3SETJYf2%2CDkAa3fwfxWbU3HmH9t1tQY3sxSmTkjfV&f=wZzadfjfQeD8sEHRH2tECxZ8UzSATDxf5%2C55QTXfEfQQMpFpH7HMtkC4GYUYSVTV6f1%2Cd63TEfkfkQ4SEHjHwtqC3ERueS4TGefj&c=300&d=600&e=&g=0d4e655a9ca0a26e195f693e5f3f4890%2F6269371131800397767&i=25174%2C22427%2C27788&j=16%2C21%2C22&k=0&l=0&m=0&n=&p=&q=&o=reach_adf01netmixdc&r=1661337135807&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D50998862%3Bcrtbwp%3D0.032%3Bcrtbdata%3DeyNZsF0Hm3_szYWMZfnSe2zb06SJGBeYTUEbNNgAxnsJsLinYTfW0plbnB-LznzADz9bKHECUoXux7hcCSqlGO8ktMeo-9KfxiB3tMlHDlU-Pidw9UnisOfC1iDmiI3feTqcoE3up6OBHyMSwys1RlC44c6uZOnKu5bVUbWe5UR8slQ2KA_3LsN4iOtIBxgX0%3Badfibeg%3D0%3Bcdata%3DjDCLZOrqUvud7IcTWg7bPuS4cPvZBiwq5uQGulknX67JOC9xVgJH7CvZhEBkHI_cp4XJHBhTtjh7bdp-DsExYjjpF1hR219v4UFuhV40q881%3B%3BCREFURL%3Dhttps%253a%252f%252fxoso.com.vn%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3393b62f9f2b9463c193386493b3926a89f5daa403bf3d308ed8fab72b89823f

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 73fb6c4b09ce9000-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Wed, 24 Aug 2022 10:32:15 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: 0
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame EFC3 13 KB
5 KB 23ms
21ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xoso.com.vn/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 193
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 24 Aug 2022 10:29:02 GMT
expires: Thu, 24 Aug 2023 10:29:02 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 53E2 783 B
535 B 32ms
32ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

fae2a834f61ede31a14fe3c7f10cb502dc7cc537d803059cf57bfd52e7b1653e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-OiZWrx6TqPAcDjJCusdZMA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://xoso.com.vn/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-OiZWrx6TqPAcDjJCusdZMA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 24 Aug 2022 10:32:15 GMT
expires: Wed, 24 Aug 2022 10:32:15 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.21/one-ad/ Frame 1EDC 84 KB
11 KB 32ms
31ms Stylesheet
text/css 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.21/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=196438%2C56666%2C34817&b=1VbSbfKf4QDXs9HdH9tAt8qbc2SKT7JfA%2CWVYSrfdfppP7UYH5HjtxtA69t3SETJYf2%2CDkAa3fwfxWbU3HmH9t1tQY3sxSmTkjfV&f=wZzadfjfQeD8sEHRH2tECxZ8UzSATDxf5%2C55QTXfEfQQMpFpH7HMtkC4GYUYSVTV6f1%2Cd63TEfkfkQ4SEHjHwtqC3ERueS4TGefj&c=300&d=600&e=&g=0d4e655a9ca0a26e195f693e5f3f4890%2F6269371131800397767&i=25174%2C22427%2C27788&j=16%2C21%2C22&k=0&l=0&m=0&n=&p=&q=&o=reach_adf01netmixdc&r=1661337135807&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D50998862%3Bcrtbwp%3D0.032%3Bcrtbdata%3DeyNZsF0Hm3_szYWMZfnSe2zb06SJGBeYTUEbNNgAxnsJsLinYTfW0plbnB-LznzADz9bKHECUoXux7hcCSqlGO8ktMeo-9KfxiB3tMlHDlU-Pidw9UnisOfC1iDmiI3feTqcoE3up6OBHyMSwys1RlC44c6uZOnKu5bVUbWe5UR8slQ2KA_3LsN4iOtIBxgX0%3Badfibeg%3D0%3Bcdata%3DjDCLZOrqUvud7IcTWg7bPuS4cPvZBiwq5uQGulknX67JOC9xVgJH7CvZhEBkHI_cp4XJHBhTtjh7bdp-DsExYjjpF1hR219v4UFuhV40q881%3B%3BCREFURL%3Dhttps%253a%252f%252fxoso.com.vn%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a57b918c3515ced748a8b0d297202db9b15fefd82acfddaf11f977761407b2ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/rar?a=196438%2C56666%2C34817&b=1VbSbfKf4QDXs9HdH9tAt8qbc2SKT7JfA%2CWVYSrfdfppP7UYH5HjtxtA69t3SETJYf2%2CDkAa3fwfxWbU3HmH9t1tQY3sxSmTkjfV&f=wZzadfjfQeD8sEHRH2tECxZ8UzSATDxf5%2C55QTXfEfQQMpFpH7HMtkC4GYUYSVTV6f1%2Cd63TEfkfkQ4SEHjHwtqC3ERueS4TGefj&c=300&d=600&e=&g=0d4e655a9ca0a26e195f693e5f3f4890%2F6269371131800397767&i=25174%2C22427%2C27788&j=16%2C21%2C22&k=0&l=0&m=0&n=&p=&q=&o=reach_adf01netmixdc&r=1661337135807&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D50998862%3Bcrtbwp%3D0.032%3Bcrtbdata%3DeyNZsF0Hm3_szYWMZfnSe2zb06SJGBeYTUEbNNgAxnsJsLinYTfW0plbnB-LznzADz9bKHECUoXux7hcCSqlGO8ktMeo-9KfxiB3tMlHDlU-Pidw9UnisOfC1iDmiI3feTqcoE3up6OBHyMSwys1RlC44c6uZOnKu5bVUbWe5UR8slQ2KA_3LsN4iOtIBxgX0%3Badfibeg%3D0%3Bcdata%3DjDCLZOrqUvud7IcTWg7bPuS4cPvZBiwq5uQGulknX67JOC9xVgJH7CvZhEBkHI_cp4XJHBhTtjh7bdp-DsExYjjpF1hR219v4UFuhV40q881%3B%3BCREFURL%3Dhttps%253a%252f%252fxoso.com.vn%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:15 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 430468
cross-origin-embedder-policy: unsafe-none
cf-polished: origSize=86749
surrogate-control: no-store
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
last-modified: Fri, 19 Aug 2022 10:57:47 GMT
server: cloudflare
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: accept-encoding
x-download-options: noopen
content-type: text/css; charset=utf-8
expires: 0
cache-control: max-age=3600, must-revalidate, proxy-revalidate
cf-ray: 73fb6c4b58305b38-FRA
cf-bgj: minify

GET
H2 200 188CB8AAD064EA4A8191591B373E95EFBB15091EC45B736DE282B2519499BCCBCAB6FDEDC5113C2A7BE7DE03216809B9DDF8A0A0594CFE95168D455C315D4410
assets.ad4m.at/logo/ Frame 1EDC 8 KB
9 KB 44ms
29ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/188CB8AAD064EA4A8191591B373E95EFBB15091EC45B736DE282B2519499BCCBCAB6FDEDC5113C2A7BE7DE03216809B9DDF8A0A0594CFE95168D455C315D4410
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=196438%2C56666%2C34817&b=1VbSbfKf4QDXs9HdH9tAt8qbc2SKT7JfA%2CWVYSrfdfppP7UYH5HjtxtA69t3SETJYf2%2CDkAa3fwfxWbU3HmH9t1tQY3sxSmTkjfV&f=wZzadfjfQeD8sEHRH2tECxZ8UzSATDxf5%2C55QTXfEfQQMpFpH7HMtkC4GYUYSVTV6f1%2Cd63TEfkfkQ4SEHjHwtqC3ERueS4TGefj&c=300&d=600&e=&g=0d4e655a9ca0a26e195f693e5f3f4890%2F6269371131800397767&i=25174%2C22427%2C27788&j=16%2C21%2C22&k=0&l=0&m=0&n=&p=&q=&o=reach_adf01netmixdc&r=1661337135807&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D50998862%3Bcrtbwp%3D0.032%3Bcrtbdata%3DeyNZsF0Hm3_szYWMZfnSe2zb06SJGBeYTUEbNNgAxnsJsLinYTfW0plbnB-LznzADz9bKHECUoXux7hcCSqlGO8ktMeo-9KfxiB3tMlHDlU-Pidw9UnisOfC1iDmiI3feTqcoE3up6OBHyMSwys1RlC44c6uZOnKu5bVUbWe5UR8slQ2KA_3LsN4iOtIBxgX0%3Badfibeg%3D0%3Bcdata%3DjDCLZOrqUvud7IcTWg7bPuS4cPvZBiwq5uQGulknX67JOC9xVgJH7CvZhEBkHI_cp4XJHBhTtjh7bdp-DsExYjjpF1hR219v4UFuhV40q881%3B%3BCREFURL%3Dhttps%253a%252f%252fxoso.com.vn%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8e49b984d20b3e7cb3f2c4a08805dc3f66bb8a58ec08c365d0cf955dd57c77c7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:15 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 51237
cf-polished: qual=85, origFmt=jpeg, origSize=16723
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8354
last-modified: Wed, 22 Jan 2020 13:13:07 GMT
server: cloudflare
etag: "04cb7ec205cea351157aeffb998f3a85"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JSe975B2YbciyvjK9M5zxJ5vpCDVFIFCbyP55ok%2BOI3M6FL2PSxrpR7dfCUSEBaOeicwbkmFR6Iqfo%2ByG2oLhMNdUTlYTV4F6No3ZE7Rx%2BsbXKmaNXEJJjD13LVgDvKUx1wEWTRtXyvLm2hx"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Thu, 25 Aug 2022 10:32:15 GMT
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 73fb6c4b6a4e9000-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 18B94174251C2CF76EA99FD460FAC2CAEA3A9035BC0DAFA1AFA37FFB175B78880F10C9B121A8ACC31AC23630DA7466A11649951F161682DA76B2C6E951030B12
assets.ad4m.at/product_image/ Frame 1EDC 317 KB
318 KB 44ms
30ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/18B94174251C2CF76EA99FD460FAC2CAEA3A9035BC0DAFA1AFA37FFB175B78880F10C9B121A8ACC31AC23630DA7466A11649951F161682DA76B2C6E951030B12
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=196438%2C56666%2C34817&b=1VbSbfKf4QDXs9HdH9tAt8qbc2SKT7JfA%2CWVYSrfdfppP7UYH5HjtxtA69t3SETJYf2%2CDkAa3fwfxWbU3HmH9t1tQY3sxSmTkjfV&f=wZzadfjfQeD8sEHRH2tECxZ8UzSATDxf5%2C55QTXfEfQQMpFpH7HMtkC4GYUYSVTV6f1%2Cd63TEfkfkQ4SEHjHwtqC3ERueS4TGefj&c=300&d=600&e=&g=0d4e655a9ca0a26e195f693e5f3f4890%2F6269371131800397767&i=25174%2C22427%2C27788&j=16%2C21%2C22&k=0&l=0&m=0&n=&p=&q=&o=reach_adf01netmixdc&r=1661337135807&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D50998862%3Bcrtbwp%3D0.032%3Bcrtbdata%3DeyNZsF0Hm3_szYWMZfnSe2zb06SJGBeYTUEbNNgAxnsJsLinYTfW0plbnB-LznzADz9bKHECUoXux7hcCSqlGO8ktMeo-9KfxiB3tMlHDlU-Pidw9UnisOfC1iDmiI3feTqcoE3up6OBHyMSwys1RlC44c6uZOnKu5bVUbWe5UR8slQ2KA_3LsN4iOtIBxgX0%3Badfibeg%3D0%3Bcdata%3DjDCLZOrqUvud7IcTWg7bPuS4cPvZBiwq5uQGulknX67JOC9xVgJH7CvZhEBkHI_cp4XJHBhTtjh7bdp-DsExYjjpF1hR219v4UFuhV40q881%3B%3BCREFURL%3Dhttps%253a%252f%252fxoso.com.vn%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2bcef052d0d99b56c7a9b9b0ce076ca020219e6ecccad2b46b0267ffc2fc8bc8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:15 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 50376
cf-polished: origFmt=png, origSize=451997
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 324760
last-modified: Tue, 14 Jun 2022 08:21:28 GMT
server: cloudflare
etag: "7dada3f3f6321a7ee4badc53b11da1f3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WqI%2BJhfvgYGggio%2Ft6g7lj0oui4cZclEckpARe3cJ6%2F0gBufQzCYSOlSNLWKM0DiD%2B%2B4mVPr1btqlPNVv82Qe%2FGorFoOAHHpbSjtDWdWPpOJSgJxKkGpgkBdR7v09IFwAL99%2BIS0GDug%2BkK7"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Thu, 25 Aug 2022 10:32:15 GMT
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 73fb6c4b6a4b9000-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1

200

/
banner.congstar.de/cookie/ Frame 1EDC
Redirect Chain

https://www.awin1.com/cawshow.php?v=11938&s=2542680&q=367022&r=412871&pv=1&pref3=pv_oneid1VbSbfKf4QDXs9HdH9tAt8qbc2SKT7JfAoneid__reach_adf01netmixdc&gdpr_consent=&gdpr=0&gdpr_pd=0
https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1661337136_05ffba41-2398-11ed-94b9-2265b3bf8141

0
518 B

110ms
26ms

Image
text/plain

148.251.139.77
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1661337136_05ffba41-2398-11ed-94b9-2265b3bf8141
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=196438%2C56666%2C34817&b=1VbSbfKf4QDXs9HdH9tAt8qbc2SKT7JfA%2CWVYSrfdfppP7UYH5HjtxtA69t3SETJYf2%2CDkAa3fwfxWbU3HmH9t1tQY3sxSmTkjfV&f=wZzadfjfQeD8sEHRH2tECxZ8UzSATDxf5%2C55QTXfEfQQMpFpH7HMtkC4GYUYSVTV6f1%2Cd63TEfkfkQ4SEHjHwtqC3ERueS4TGefj&c=300&d=600&e=&g=0d4e655a9ca0a26e195f693e5f3f4890%2F6269371131800397767&i=25174%2C22427%2C27788&j=16%2C21%2C22&k=0&l=0&m=0&n=&p=&q=&o=reach_adf01netmixdc&r=1661337135807&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D50998862%3Bcrtbwp%3D0.032%3Bcrtbdata%3DeyNZsF0Hm3_szYWMZfnSe2zb06SJGBeYTUEbNNgAxnsJsLinYTfW0plbnB-LznzADz9bKHECUoXux7hcCSqlGO8ktMeo-9KfxiB3tMlHDlU-Pidw9UnisOfC1iDmiI3feTqcoE3up6OBHyMSwys1RlC44c6uZOnKu5bVUbWe5UR8slQ2KA_3LsN4iOtIBxgX0%3Badfibeg%3D0%3Bcdata%3DjDCLZOrqUvud7IcTWg7bPuS4cPvZBiwq5uQGulknX67JOC9xVgJH7CvZhEBkHI_cp4XJHBhTtjh7bdp-DsExYjjpF1hR219v4UFuhV40q881%3B%3BCREFURL%3Dhttps%253a%252f%252fxoso.com.vn%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
Protocol: HTTP/1.1
Server: 148.251.139.77 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.77.139.251.148.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 24 Aug 2022 10:32:15 GMT
Server: Apache
P3P: CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 0

Redirect headers

Date: Wed, 24 Aug 2022 10:32:16 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1661337136_05ffba41-2398-11ed-94b9-2265b3bf8141
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Length: 0

GET
H2 200 DE7723A3AFDAF019578E8DC48EFCA5260074D3BD31078DAB30E39934BDB537A7756DE8A298EFEBC96FD918DCFB3DF6E8EFF3AA5A7830C15D1026723FEFAFAC4A
assets.ad4m.at/logo/ Frame 1EDC 46 KB
47 KB 64ms
51ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/DE7723A3AFDAF019578E8DC48EFCA5260074D3BD31078DAB30E39934BDB537A7756DE8A298EFEBC96FD918DCFB3DF6E8EFF3AA5A7830C15D1026723FEFAFAC4A
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=196438%2C56666%2C34817&b=1VbSbfKf4QDXs9HdH9tAt8qbc2SKT7JfA%2CWVYSrfdfppP7UYH5HjtxtA69t3SETJYf2%2CDkAa3fwfxWbU3HmH9t1tQY3sxSmTkjfV&f=wZzadfjfQeD8sEHRH2tECxZ8UzSATDxf5%2C55QTXfEfQQMpFpH7HMtkC4GYUYSVTV6f1%2Cd63TEfkfkQ4SEHjHwtqC3ERueS4TGefj&c=300&d=600&e=&g=0d4e655a9ca0a26e195f693e5f3f4890%2F6269371131800397767&i=25174%2C22427%2C27788&j=16%2C21%2C22&k=0&l=0&m=0&n=&p=&q=&o=reach_adf01netmixdc&r=1661337135807&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D50998862%3Bcrtbwp%3D0.032%3Bcrtbdata%3DeyNZsF0Hm3_szYWMZfnSe2zb06SJGBeYTUEbNNgAxnsJsLinYTfW0plbnB-LznzADz9bKHECUoXux7hcCSqlGO8ktMeo-9KfxiB3tMlHDlU-Pidw9UnisOfC1iDmiI3feTqcoE3up6OBHyMSwys1RlC44c6uZOnKu5bVUbWe5UR8slQ2KA_3LsN4iOtIBxgX0%3Badfibeg%3D0%3Bcdata%3DjDCLZOrqUvud7IcTWg7bPuS4cPvZBiwq5uQGulknX67JOC9xVgJH7CvZhEBkHI_cp4XJHBhTtjh7bdp-DsExYjjpF1hR219v4UFuhV40q881%3B%3BCREFURL%3Dhttps%253a%252f%252fxoso.com.vn%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fb99807d9c2d9b98d417acd2a3e897a28cc0829d4815642cb9bd1ab640b98454

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:15 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 49070
cf-polished: origFmt=png, origSize=74333
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 47320
last-modified: Mon, 11 May 2020 10:44:44 GMT
server: cloudflare
etag: "51f3d45cd5a8ea4b88e8dd266a535ea4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7Mj1ICdqTI681md6iSkQNTJEqmIrx4%2BueY1QVCkqS0yM%2ButIKdGVNpLfEdaA5lV0Cq1a6GDP5mJVWNXLMv6ZrvygED0xe9K5qQaBw8vRh7H7PDOD1bfoI9OMncuemlQwcjRgbHjnaHxzBwPy"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Thu, 25 Aug 2022 10:32:15 GMT
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 73fb6c4b6a479000-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 E158872B571029E3E20F7B79790588A099EC8F077F856868794A4EA52ED013FC9129FAD340A51F8CD7B6A46733F8D275D86DF117AF4AF8DD766F13FB8A4CAA9A
assets.ad4m.at/product_image/ Frame 1EDC 290 KB
290 KB 65ms
51ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/E158872B571029E3E20F7B79790588A099EC8F077F856868794A4EA52ED013FC9129FAD340A51F8CD7B6A46733F8D275D86DF117AF4AF8DD766F13FB8A4CAA9A
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=196438%2C56666%2C34817&b=1VbSbfKf4QDXs9HdH9tAt8qbc2SKT7JfA%2CWVYSrfdfppP7UYH5HjtxtA69t3SETJYf2%2CDkAa3fwfxWbU3HmH9t1tQY3sxSmTkjfV&f=wZzadfjfQeD8sEHRH2tECxZ8UzSATDxf5%2C55QTXfEfQQMpFpH7HMtkC4GYUYSVTV6f1%2Cd63TEfkfkQ4SEHjHwtqC3ERueS4TGefj&c=300&d=600&e=&g=0d4e655a9ca0a26e195f693e5f3f4890%2F6269371131800397767&i=25174%2C22427%2C27788&j=16%2C21%2C22&k=0&l=0&m=0&n=&p=&q=&o=reach_adf01netmixdc&r=1661337135807&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D50998862%3Bcrtbwp%3D0.032%3Bcrtbdata%3DeyNZsF0Hm3_szYWMZfnSe2zb06SJGBeYTUEbNNgAxnsJsLinYTfW0plbnB-LznzADz9bKHECUoXux7hcCSqlGO8ktMeo-9KfxiB3tMlHDlU-Pidw9UnisOfC1iDmiI3feTqcoE3up6OBHyMSwys1RlC44c6uZOnKu5bVUbWe5UR8slQ2KA_3LsN4iOtIBxgX0%3Badfibeg%3D0%3Bcdata%3DjDCLZOrqUvud7IcTWg7bPuS4cPvZBiwq5uQGulknX67JOC9xVgJH7CvZhEBkHI_cp4XJHBhTtjh7bdp-DsExYjjpF1hR219v4UFuhV40q881%3B%3BCREFURL%3Dhttps%253a%252f%252fxoso.com.vn%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 46b98a3787c3de05a63a522c71300ef713f78660098ae524fda5e19bb8567a83

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:15 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 54752
cf-polished: origFmt=png, origSize=489686
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 296674
last-modified: Tue, 17 Nov 2020 11:24:27 GMT
server: cloudflare
etag: "e3cf70a0e5e86792e426bcf3dabd6105"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dQ2FhGmdCa6RTT4PQzjvhaQfHheTfftIEcGkNAe8zPwx0JCNblFpq%2B5MDxLYZNAzYVOV2JzZdCitU1KsZgrE5Guk%2FTPJwpfgjUeIoELxB4MGBPpiXNu7wGr6JhVlwQltQy5J9UF49EyRAeIl"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Thu, 25 Aug 2022 10:32:15 GMT
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 73fb6c4b6a4a9000-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 A936526A7BBD1A3667304FF9801CD69D64491F536141498A04EE917B95C4F41805FB0684491C85587102A447B68BEB66A82BA2BA68F7C41066BBF7DD19871BB8
assets.ad4m.at/logo/ Frame 1EDC 15 KB
15 KB 64ms
51ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/A936526A7BBD1A3667304FF9801CD69D64491F536141498A04EE917B95C4F41805FB0684491C85587102A447B68BEB66A82BA2BA68F7C41066BBF7DD19871BB8
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=196438%2C56666%2C34817&b=1VbSbfKf4QDXs9HdH9tAt8qbc2SKT7JfA%2CWVYSrfdfppP7UYH5HjtxtA69t3SETJYf2%2CDkAa3fwfxWbU3HmH9t1tQY3sxSmTkjfV&f=wZzadfjfQeD8sEHRH2tECxZ8UzSATDxf5%2C55QTXfEfQQMpFpH7HMtkC4GYUYSVTV6f1%2Cd63TEfkfkQ4SEHjHwtqC3ERueS4TGefj&c=300&d=600&e=&g=0d4e655a9ca0a26e195f693e5f3f4890%2F6269371131800397767&i=25174%2C22427%2C27788&j=16%2C21%2C22&k=0&l=0&m=0&n=&p=&q=&o=reach_adf01netmixdc&r=1661337135807&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D50998862%3Bcrtbwp%3D0.032%3Bcrtbdata%3DeyNZsF0Hm3_szYWMZfnSe2zb06SJGBeYTUEbNNgAxnsJsLinYTfW0plbnB-LznzADz9bKHECUoXux7hcCSqlGO8ktMeo-9KfxiB3tMlHDlU-Pidw9UnisOfC1iDmiI3feTqcoE3up6OBHyMSwys1RlC44c6uZOnKu5bVUbWe5UR8slQ2KA_3LsN4iOtIBxgX0%3Badfibeg%3D0%3Bcdata%3DjDCLZOrqUvud7IcTWg7bPuS4cPvZBiwq5uQGulknX67JOC9xVgJH7CvZhEBkHI_cp4XJHBhTtjh7bdp-DsExYjjpF1hR219v4UFuhV40q881%3B%3BCREFURL%3Dhttps%253a%252f%252fxoso.com.vn%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d5661858a1ac96084163595f8a5da3f9c0208037dbe609d6a8bbe48ada46c3b5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:15 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 51943
cf-polished: origFmt=png, origSize=26777
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15238
last-modified: Tue, 07 Jul 2020 09:20:40 GMT
server: cloudflare
etag: "018a5f3736332bfa050998ec8f72beb4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5JqAdYrLJ1%2FA5tfCJngtXqKfTGJuiWxI4j1HKZkndTf3Hn8nY%2Fa05euR99w1nkop3KHDVoXNnwBlTiyip39xTlJ37tPZ2hn1ZKHMf7tFHLEZ8sDH%2FWAjYN7uUxtxm3I9j06swz6hi3nWv9q%2F"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Thu, 25 Aug 2022 10:32:15 GMT
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 73fb6c4b6a499000-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 52C7C866C7F644A8C39C4B78EFE0EFBE1B0FFFD5D2B44A8751709DAD31620FC583834239268074FF9E49DB6C08DE61E47C3537B120811B878B4ABF91B03376DA
assets.ad4m.at/product_image/ Frame 1EDC 403 KB
404 KB 63ms
50ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/52C7C866C7F644A8C39C4B78EFE0EFBE1B0FFFD5D2B44A8751709DAD31620FC583834239268074FF9E49DB6C08DE61E47C3537B120811B878B4ABF91B03376DA
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=196438%2C56666%2C34817&b=1VbSbfKf4QDXs9HdH9tAt8qbc2SKT7JfA%2CWVYSrfdfppP7UYH5HjtxtA69t3SETJYf2%2CDkAa3fwfxWbU3HmH9t1tQY3sxSmTkjfV&f=wZzadfjfQeD8sEHRH2tECxZ8UzSATDxf5%2C55QTXfEfQQMpFpH7HMtkC4GYUYSVTV6f1%2Cd63TEfkfkQ4SEHjHwtqC3ERueS4TGefj&c=300&d=600&e=&g=0d4e655a9ca0a26e195f693e5f3f4890%2F6269371131800397767&i=25174%2C22427%2C27788&j=16%2C21%2C22&k=0&l=0&m=0&n=&p=&q=&o=reach_adf01netmixdc&r=1661337135807&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D50998862%3Bcrtbwp%3D0.032%3Bcrtbdata%3DeyNZsF0Hm3_szYWMZfnSe2zb06SJGBeYTUEbNNgAxnsJsLinYTfW0plbnB-LznzADz9bKHECUoXux7hcCSqlGO8ktMeo-9KfxiB3tMlHDlU-Pidw9UnisOfC1iDmiI3feTqcoE3up6OBHyMSwys1RlC44c6uZOnKu5bVUbWe5UR8slQ2KA_3LsN4iOtIBxgX0%3Badfibeg%3D0%3Bcdata%3DjDCLZOrqUvud7IcTWg7bPuS4cPvZBiwq5uQGulknX67JOC9xVgJH7CvZhEBkHI_cp4XJHBhTtjh7bdp-DsExYjjpF1hR219v4UFuhV40q881%3B%3BCREFURL%3Dhttps%253a%252f%252fxoso.com.vn%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 643cf24f7569d3cda7d4598dd4b96f90d8d60671dc4b6c243f5c6914611f9492

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:15 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 47289
cf-polished: origFmt=png, origSize=669222
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 412660
last-modified: Mon, 22 Aug 2022 11:16:04 GMT
server: cloudflare
etag: "ad814cb2316f0d12219f879b7a2dee5e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=01MuGGPiBRfZXdpdX4IHHECHmHCK%2FhR4zvJnk2ci6%2BBZKbVH0j8ScLGQRBsqSt%2FHS2UOQtrJT%2FIBB83HkwZ4gORLz4mFQfvnoK%2FFRSVh%2FQC7IVL2R6PAviyy%2FxJdswn1287EA4feOTM5pUAh"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Thu, 25 Aug 2022 10:32:15 GMT
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 73fb6c4b6a4d9000-FRA
cf-bgj: imgq:85,h2pri

GET
H2

200

view.aspx
pb.media01.eu/ Frame 1EDC
Redirect Chain

https://pv.medialead.de/trck/epv/2aed39855b5f46b7a748752d73036483?t=htlp&subid=oneidDkAa3fwfxWbU3HmH9t1tQY3sxSmTkjfVoneid__reach_adf01netmixdc&gdpr_consent=&gdpr=0&gdpr_pd=0
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=57372&dt_subid2=oneidDkAa3fwfxWbU3HmH9t1tQY3sxSmTkjfVoneid__reach_adf01netmixdc&actionid=981741&produktid=&dt_url=

0
629 B

124ms
40ms

Image
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=57372&dt_subid2=oneidDkAa3fwfxWbU3HmH9t1tQY3sxSmTkjfVoneid__reach_adf01netmixdc&actionid=981741&produktid=&dt_url=

Requested by

Protocol

Server

88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:15 GMT
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
content-length: 0
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Wed, 24 Aug 2022 12:32:15 GMT
server: Microsoft-IIS/10.0
access-control-allow-methods: GET,POST
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Wed, 24 Aug 2022 10:32:16 GMT
Server: nginx/1.17.5
Host: pv.medialead.de
X-IPLB-Request-ID: D972DA19:E2A2_91EFC182:01BB_6305FE2F_2BF87AA:1F22E
X-IPLB-Instance: 40028
Strict-Transport-Security: max-age=15768000
Content-Type: application/javascript
Location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=57372&dt_subid2=oneidDkAa3fwfxWbU3HmH9t1tQY3sxSmTkjfVoneid__reach_adf01netmixdc&actionid=981741&produktid=&dt_url=
Keep-Alive: timeout=20
Content-Length: 0
Proxy-Host: pv.medialead.de

GET
H3 200 BcUHUABoavvpRAX3o-C5BfAq8AHsMXRVb9HgeqDHxZ8.js Show response
pagead2.googlesyndication.com/bg/ Frame EFC3 36 KB
14 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/BcUHUABoavvpRAX3o-C5BfAq8AHsMXRVb9HgeqDHxZ8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

05c5075000686afbe94405f7a3e0b905f02af001ec3174556fd1e07aa0c7c59f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 06:15:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15428
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14190
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 08:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 24 Aug 2023 06:15:07 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 53E2 0
0 54ms
53ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022081701&jk=188221202543126&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

GET
H2 200 link.html Show response
track.webgains.com/ Frame 1EDC 1 KB
2 KB 176ms
92ms Script
text/html 18.133.111.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=496305&wgcampaignid=1384975&js=1&nw=1&wgtarget=https%3A%2F%2Fas.ad4m.at%2Fad%2Frct%3Fed%3D1gdn33ecswvgxys6vf7jdqcajcqd8gsrf5992ywwr4gx5k5bw9yqbz31k9189vg9qjx7axhqewn3d26t42ddvgn3r9h5t2fg6cqwaj63wwbhxj5mjepyzdvavwajzjp864es81grn5ey3kxkd8ek4c72vjjmvj82hkkkeqfk8xw1px71j2ayyq561vw8g58s9cmsrg60r1x8gv9sjzrpkxw7j572enz0d7mdjw5c5r0haz6k41692k7s56npaeg%26a%3Dhttps%253A%252F%252Ftrack.adform.net%252FC%252F%253Fbn%253D50998862%253Bcrtbwp%253D0.032%253Bcrtbdata%253DeyNZsF0Hm3_szYWMZfnSe2zb06SJGBeYTUEbNNgAxnsJsLinYTfW0plbnB-LznzADz9bKHECUoXux7hcCSqlGO8ktMeo-9KfxiB3tMlHDlU-Pidw9UnisOfC1iDmiI3feTqcoE3up6OBHyMSwys1RlC44c6uZOnKu5bVUbWe5UR8slQ2KA_3LsN4iOtIBxgX0%253Badfibeg%253D0%253Bcdata%253DjDCLZOrqUvud7IcTWg7bPuS4cPvZBiwq5uQGulknX67JOC9xVgJH7CvZhEBkHI_cp4XJHBhTtjh7bdp-DsExYjjpF1hR219v4UFuhV40q881%253B%253BCREFURL%253Dhttps%25253a%25252f%25252fxoso.com.vn%253BC%253D1%253Bcpdir%253D&clickref=oneid55QTXfEfQQMpFpH7HMtkC4GYUYSVTV6f1oneid__reach_adf01netmixdc&viewref=oneidWVYSrfdfppP7UYH5HjtxtA69t3SETJYf2oneid__reach_adf01netmixdc
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=196438%2C56666%2C34817&b=1VbSbfKf4QDXs9HdH9tAt8qbc2SKT7JfA%2CWVYSrfdfppP7UYH5HjtxtA69t3SETJYf2%2CDkAa3fwfxWbU3HmH9t1tQY3sxSmTkjfV&f=wZzadfjfQeD8sEHRH2tECxZ8UzSATDxf5%2C55QTXfEfQQMpFpH7HMtkC4GYUYSVTV6f1%2Cd63TEfkfkQ4SEHjHwtqC3ERueS4TGefj&c=300&d=600&e=&g=0d4e655a9ca0a26e195f693e5f3f4890%2F6269371131800397767&i=25174%2C22427%2C27788&j=16%2C21%2C22&k=0&l=0&m=0&n=&p=&q=&o=reach_adf01netmixdc&r=1661337135807&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D50998862%3Bcrtbwp%3D0.032%3Bcrtbdata%3DeyNZsF0Hm3_szYWMZfnSe2zb06SJGBeYTUEbNNgAxnsJsLinYTfW0plbnB-LznzADz9bKHECUoXux7hcCSqlGO8ktMeo-9KfxiB3tMlHDlU-Pidw9UnisOfC1iDmiI3feTqcoE3up6OBHyMSwys1RlC44c6uZOnKu5bVUbWe5UR8slQ2KA_3LsN4iOtIBxgX0%3Badfibeg%3D0%3Bcdata%3DjDCLZOrqUvud7IcTWg7bPuS4cPvZBiwq5uQGulknX67JOC9xVgJH7CvZhEBkHI_cp4XJHBhTtjh7bdp-DsExYjjpF1hR219v4UFuhV40q881%3B%3BCREFURL%3Dhttps%253a%252f%252fxoso.com.vn%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.133.111.12 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-133-111-12.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: afd9717e587095f66f85333202956d4c9dceacfef7df6e2f7006b37b26d1fca5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:16 GMT
last-modified: Wed, 24 Aug 2022 10:32:16 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Wed, 24 Aug 2022 10:33:16 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame EFC3 0
10 B 21ms
21ms Image
text/plain 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?lQvU9g
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:16 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 1EDC 85 KB
85 KB 112ms
24ms Script
text/javascript 18.66.122.63
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=496305&wgcampaignid=1384975&js=1&nw=1&wgtarget=https%3A%2F%2Fas.ad4m.at%2Fad%2Frct%3Fed%3D1gdn33ecswvgxys6vf7jdqcajcqd8gsrf5992ywwr4gx5k5bw9yqbz31k9189vg9qjx7axhqewn3d26t42ddvgn3r9h5t2fg6cqwaj63wwbhxj5mjepyzdvavwajzjp864es81grn5ey3kxkd8ek4c72vjjmvj82hkkkeqfk8xw1px71j2ayyq561vw8g58s9cmsrg60r1x8gv9sjzrpkxw7j572enz0d7mdjw5c5r0haz6k41692k7s56npaeg%26a%3Dhttps%253A%252F%252Ftrack.adform.net%252FC%252F%253Fbn%253D50998862%253Bcrtbwp%253D0.032%253Bcrtbdata%253DeyNZsF0Hm3_szYWMZfnSe2zb06SJGBeYTUEbNNgAxnsJsLinYTfW0plbnB-LznzADz9bKHECUoXux7hcCSqlGO8ktMeo-9KfxiB3tMlHDlU-Pidw9UnisOfC1iDmiI3feTqcoE3up6OBHyMSwys1RlC44c6uZOnKu5bVUbWe5UR8slQ2KA_3LsN4iOtIBxgX0%253Badfibeg%253D0%253Bcdata%253DjDCLZOrqUvud7IcTWg7bPuS4cPvZBiwq5uQGulknX67JOC9xVgJH7CvZhEBkHI_cp4XJHBhTtjh7bdp-DsExYjjpF1hR219v4UFuhV40q881%253B%253BCREFURL%253Dhttps%25253a%25252f%25252fxoso.com.vn%253BC%253D1%253Bcpdir%253D&clickref=oneid55QTXfEfQQMpFpH7HMtkC4GYUYSVTV6f1oneid__reach_adf01netmixdc&viewref=oneidWVYSrfdfppP7UYH5HjtxtA69t3SETJYf2oneid__reach_adf01netmixdc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-63.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ddf89cdacf98bb3a625393cc6301c0e57d1a40b9aab4e246c21c9a37301580dc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 14:19:26 GMT
via: 1.1 508d9aac3b0097e502b117c1e7390bb0.cloudfront.net (CloudFront)
last-modified: Tue, 23 Aug 2022 13:40:24 GMT
server: AmazonS3
age: 72771
etag: "42f12532a1be9c2d028e26e9b82a99a2"
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-pop: FRA60-P2
content-length: 86537
x-amz-cf-id: AGmj41mZdDFUbTog-rBsZf-bKwEnjWOm7ZVjPnCV2RrHIZZyOVLfvA==

GET
H2 200 link.html
track.webgains.com/ Frame 1EDC 1 KB
2 KB 89ms
89ms Image
image/gif 18.133.111.12
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.webgains.com/link.html?wgdedup=1&wgcampaignid=1384975&viewref=oneidWVYSrfdfppP7UYH5HjtxtA69t3SETJYf2oneid__reach_adf01netmixdc&wglinkid=496305
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=196438%2C56666%2C34817&b=1VbSbfKf4QDXs9HdH9tAt8qbc2SKT7JfA%2CWVYSrfdfppP7UYH5HjtxtA69t3SETJYf2%2CDkAa3fwfxWbU3HmH9t1tQY3sxSmTkjfV&f=wZzadfjfQeD8sEHRH2tECxZ8UzSATDxf5%2C55QTXfEfQQMpFpH7HMtkC4GYUYSVTV6f1%2Cd63TEfkfkQ4SEHjHwtqC3ERueS4TGefj&c=300&d=600&e=&g=0d4e655a9ca0a26e195f693e5f3f4890%2F6269371131800397767&i=25174%2C22427%2C27788&j=16%2C21%2C22&k=0&l=0&m=0&n=&p=&q=&o=reach_adf01netmixdc&r=1661337135807&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D50998862%3Bcrtbwp%3D0.032%3Bcrtbdata%3DeyNZsF0Hm3_szYWMZfnSe2zb06SJGBeYTUEbNNgAxnsJsLinYTfW0plbnB-LznzADz9bKHECUoXux7hcCSqlGO8ktMeo-9KfxiB3tMlHDlU-Pidw9UnisOfC1iDmiI3feTqcoE3up6OBHyMSwys1RlC44c6uZOnKu5bVUbWe5UR8slQ2KA_3LsN4iOtIBxgX0%3Badfibeg%3D0%3Bcdata%3DjDCLZOrqUvud7IcTWg7bPuS4cPvZBiwq5uQGulknX67JOC9xVgJH7CvZhEBkHI_cp4XJHBhTtjh7bdp-DsExYjjpF1hR219v4UFuhV40q881%3B%3BCREFURL%3Dhttps%253a%252f%252fxoso.com.vn%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.133.111.12 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-133-111-12.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: 32b5ea0410bbd7fa1aef6686a84aeb567739bcd71a935ff6214d538b61353f0b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:32:16 GMT
last-modified: Wed, 24 Aug 2022 10:32:16 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Wed, 24 Aug 2022 10:33:16 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame AA8D 42 B
64 B 63ms
63ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstgIjVpiQ0voO7DNpjyzZhMcvnYrGxr3BQlOWuGOqNHMVKN3m0gwhK5iuGpOBgBjbSDxpgjYXYAlNzqXJ_UXKJ0HdpSjPufl-9EZopaQQoMJufzM3Bz-lKZlClZeiLK9aFyST-ahfUYDRx_yBAtLdLixH5LQYDFbwMUp90xUxQ&sai=AMfl-YSwXMbz2Vu0CbFhp9f7k8IBgp519kq2wN8Tx7p2shtE62MP_6Pk_jKGpFVK2mEDG0qCKBC5NTdtx20444rNaXdo6gGUn94w5pU&sig=Cg0ArKJSzEo8fBYQV7HhEAE&cid=CAASF-RoawhtodsmaQa35s1aHVHVxI3B1hYH&id=lidar2&mcvt=1000&p=0,0,250,300&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220822&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=4&adk=2629593577&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1661337134634&rpt=673&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Aug 2022 10:32:16 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 57ms
57ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022081701&jk=188221202543126&bg=!X1ylXBjNAAYUOm8VNDo7ACkAdvg8WnZJtULBGT5wtV1QdPO5LwFKDVhD6t5WbRG6rWCV4sDe_e86NgIAAAB1UgAAAAJoAQeZAtT17GQHiCDtijrQ8UjeYItCD6QtDKaUJxtLKJsQEEAZVlmcxif-n5m3BEfQp43cSpKshwBUPZdvQr0W5mJj1oIbCuJxtTMHG9X_HkL-6BTy0x6AXnAvlcNtD-ev3DKiz4-bQQ0E6JCqANdzMGzZ2mCSzut1PO4ErgUFqRSw_jxQ90vOiMgPHs_2R4J46oEliX_Nr3YVj6nrux5DwcGq0TlMF5NOpRAGIKdSD2yWQXiruOX7dqytCIO-S16fd_ufZKxmxBTjTVOXEyw138qH2ZV_m5ajCDTZ9LI7Hr-jka_sOYfWM1W_njp-wohKOTfTYI8oS60v2JVG9RRlL56_rNSSdHwzRXIN-irz8jnFB-L9Wj8uDtDULJkFAj0kaHI1712cCtbokDuwg7PjhD758kkbawbV_e9EUtB3fxJIh7Xp9l5gsjgx_Bu0QhSiUyvEugT6mp7wkUaCfw9K8zLpzrHwz5YIKhzhJKMxoX1VCc38dMcoXJ1OU8CWG0U88cTStbMIR4F3r0fKCQRQ1stjhZfBCf8on9hgrqH44ztVAt3FxLWea5VnQcisnJh05DolQOzPeZ8pjmyYpgkPQMmcYqOyNZUPGIu-ZG3RCNGXplOT7AfNVF3qd5PHW8ts6yf_Sh57vvCLw19hlzyu6A2Wb5Y95SyQOnJnNHWaWCDgftCpEU36b6HyugqSqltmyvPqVorFhR09kDASIPnlZBzTq8fmKZZWT_FOwR5or8cxk83jemxP-amkQ4znSnVV22quoVPC9A-Y3oiZ3PHS1HTHS0_0eoh0bLBstLkkzDA_HJcgLrIzne2ARftxDzehWGx4w70Ur514gJCebUIwRNuYo_UsYE4eJu0iALBhHESaG3D_1ZjfExq7jQIjI4E-zANCd60MKIgK-kdbj28BxD6Whh3Jf9Iy5WxbPMGpsp-tvcex2gUbGZjPXm4I5XGR6wlVs0swYruP
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xoso.com.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 1EDC 16 B
232 B 70ms
70ms Fetch
application/json 18.168.156.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.168.156.122 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-168-156-122.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/7.4.26

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 24 Aug 2022 10:32:17 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.4.26
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 134ms
34ms Preflight 18.168.156.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.168.156.122 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-168-156-122.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://as.ad4m.at
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Wed, 24 Aug 2022 10:32:17 GMT
server: nginx

HEAD
H3 200 / Show response
xoso.com.vn/ 0
430 B 241ms
241ms XHR
text/html 2606:4700:10::ac43:633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://xoso.com.vn/
Requested by: Host: cdn.xoso.com.vn
URL: https://cdn.xoso.com.vn/js/lottery_e_live_secu_all.min.js?v=05072022
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::ac43:633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / xoso.com.vn-201
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://xoso.com.vn/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/html

Response headers

x-cacheresult: stale-hit-so-fetch
x-html-minification-powered-by: WebMarkupMin
date: Wed, 24 Aug 2022 10:32:19 GMT
content-encoding: gzip
cf-cache-status: HIT
x-powered-by: xoso.com.vn-201
content-type: text/html; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-cache-keep: 120.000
x-cache-age: 244.120
server: cloudflare
x-cache-ttl-remaining: -124.120
etag: "w491u-LR_yvZRc_wnF6F82D0S9g"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-varnish: 46728939
via: 1.1 varnish-v4
cache-control: max-age=120
cf-ray: 73fb6c607fdebb85-FRA
x-cache-ttl-requested: 45.000

Verdicts & Comments Add Verdict or Comment

341 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

24 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.xoso.com.vn/	1970-01-20 15:04:57	Name: _ga Value: GA1.3.1373203678.1661337134
.xoso.com.vn/	1970-01-20 05:30:23	Name: _gid Value: GA1.3.1116106333.1661337134
.xoso.com.vn/	1970-01-20 05:28:57	Name: _dc_gtm_UA-10721740-3 Value: 1
.xoso.com.vn/	1970-01-20 14:50:33	Name: __gads Value: ID=ae1bc0cc26bdfadf-22528e7c00ce005b:T=1661337134:RT=1661337134:S=ALNI_MYr3f-QiYD9v7BgjfZztGrvIRG4QQ
.xoso.com.vn/	1970-01-20 05:28:57	Name: lotame_domain_check Value: xoso.com.vn
.criteo.com/	1970-01-20 14:50:33	Name: uid Value: d5ff84be-01db-4183-9e18-08e1964f5da7
.openx.net/	1970-01-20 14:14:33	Name: i Value: f98d1089-0e27-4a46-8cff-6a8b2e3a167b\|1661337134
.doubleclick.net/	1970-01-20 14:50:33	Name: IDE Value: AHWqTUl7B-OX5MBP3V5WuifNeG8CQZQ8SPkrm0ZPa9P1dGSJ9BhitQUHRz1_i0kXM5o
.xoso.com.vn/	1970-01-20 14:50:33	Name: cto_bundle Value: l10gz19xQldtUTlOMG56VWJ3d244VGlaR3pJMHlYYXJsRkNMOW1UM3VwSFc3dFU5V2ZKREZ4MlNsZk8wdjRLSXppQkRoMmNtSyUyQnRiMnRURXZrdmtaJTJCck5paFNrVTJRemZNeFBiUXdVTlRSRjlOJTJCWFAlMkZlc2xORW4xb1ZDQTd2UzdBMUFDRW9FOUdoNzR3V0p4TDNhc2RLa2JNdyUzRCUzRA
.quantserve.com/	1970-01-20 07:38:33	Name: d Value: EEkBCQH3JoEA
.quantserve.com/	1970-01-20 14:59:11	Name: mc Value: 6305fe2f-798b5-2c282-e77fd
.casalemedia.com/	1970-01-20 14:14:33	Name: CMID Value: YwX.L.mKdjMLKY.K1vWiTAAA
.casalemedia.com/	1970-01-20 07:38:33	Name: CMPS Value: 1124
.casalemedia.com/	1970-01-20 07:38:33	Name: CMPRO Value: 1124
.doubleclick.net/	1970-01-20 05:29:00	Name: DSID Value: NO_DATA
.casalemedia.com/	1970-01-20 07:38:33	Name: CMTS Value: 1191
.agkn.com/	1970-01-20 14:14:33	Name: ab Value: 0001%3AIHTnFuNO5lGP2e0TKzMeHC37HCUc287F
.agkn.com/	1970-01-20 14:14:33	Name: u Value: C\|0CEAqmLqvKpi6rwAAAAAAAQ13AQCAAQpAAAAAAA
.innovid.com/	1970-01-20 07:38:33	Name: uuid Value: c15a874c-7dd4-48e0-8145-00921a3cdac1-20220824 06:32:15
.awin1.com/	1970-01-20 05:39:01	Name: awpv11938 Value: 412871\|1661337136\|05ffba41-2398-11ed-94b9-2265b3bf8141
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 367022:2542680
pb.media01.eu/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: unquxlj1jrrutaevnprqkvm2
pb.media01.eu/	1970-01-20 15:04:57	Name: DTU Value: EA3C8F66447803B2F4392FBEE9606C9C
.congstar.de/	1970-01-20 05:39:09	Name: staticentry Value: %7B%22spfr%22%3A%22412871%22%2C%22awc%22%3A%2211938_412871_1661337136_05ffba41-2398-11ed-94b9-2265b3bf8141%22%2C%22sp%22%3A%22awin%22%7D

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	error	URL: https://xoso.com.vn/ Message: Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.
network	error	URL: https://id.rlcdn.com/466606.gif?cparams=google_push%3DAehlK4Ao83BrCbSqUtxcLRHcV8xwAMnREGymPr5ZxbpPw2nHYqZbG8hszUKMh3X05-b0OKkLCZkYDKkIn-qxTRLsmEId0GBHuA&google_gid=CAESEIcO2fzEq1YZxWcwc-aFsFg&google_cver=1 Message: Failed to load resource: the server responded with a status of 451 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

081e3a886ad8dc86f2b70234c1124c49.safeframe.googlesyndication.com
ad4m.at
adservice.google.com
adservice.google.de
ag.innovid.com
analytics.webgains.io
anymind360.com
api.webgains.io
as.ad4m.at
assets.ad4m.at
banner.congstar.de
bcp.crwdcntrl.net
cdn.id5-sync.com
cdn.xoso.com.vn
cm.g.doubleclick.net
cms.quantserve.com
d.agkn.com
eb2.3lift.com
google-bidout-d.openx.net
googleads.g.doubleclick.net
gum.criteo.com
ib.3lift.com
id.rlcdn.com
id.sharedid.org
id5-sync.com
image6.pubmatic.com
mug.criteo.com
oa.openxcdn.net
oajs.openx.net
pagead2.googlesyndication.com
partner.googleadservices.com
pb.media01.eu
pixel.rubiconproject.com
prod.uidapi.com
pv.medialead.de
s1.adform.net
securepubads.g.doubleclick.net
ssum-sec.casalemedia.com
static.criteo.net
stats.g.doubleclick.net
tags.crwdcntrl.net
tlx.3lift.com
tpc.googlesyndication.com
track.adform.net
track.webgains.com
www.awin1.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
xoso.com.vn
104.18.19.126
104.96.132.42
108.138.7.49
13.248.245.213
141.95.98.67
142.250.186.98
145.239.193.130
148.251.139.77
172.217.18.2
178.250.0.157
18.133.111.12
18.159.27.64
18.168.156.122
18.195.201.66
18.203.96.202
18.225.2.19
18.66.112.66
18.66.122.63
185.64.190.78
2606:4700:10::ac43:266a
2606:4700:10::ac43:633
2606:4700:20::681a:bd1
2620:116:800d:21:5ed4:8d5d:fed7:f5ef
2a00:1450:4001:800::200e
2a00:1450:4001:809::2001
2a00:1450:4001:80f::2002
2a00:1450:4001:810::2004
2a00:1450:4001:813::2002
2a00:1450:4001:827::2001
2a00:1450:4001:827::2002
2a00:1450:4001:828::2002
2a00:1450:4001:829::2008
2a00:1450:4001:82a::2003
2a00:1450:4001:82f::2002
2a00:1450:400c:c00::9c
2a02:2638:1::13
2a02:2638:1::3
2a04:4e42:600::645
2a05:d01c:1d8:8101:fce4:7d96:66d4:9311
34.102.146.192
34.120.135.53
34.208.243.53
35.244.159.8
35.244.174.68
37.157.2.237
37.157.2.248
69.173.144.139
88.198.250.30
04c1bc744720c6e7542613e933c9a0f4bbd8f6ed45a5b1924223c256430dfd7b
05c5075000686afbe94405f7a3e0b905f02af001ec3174556fd1e07aa0c7c59f
06289e11ae03a6a17deb90c51e873bc616e28822001c6d6132069b39aefeb7d9
08285afd2f0c11a2a9d89f00dce769479e4d164e62caa39eceea9f1eb551afa9
094b946adc39ade08f6d927ea066c8fef3ba6ee5c12919873172315ef7428e92
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
0ce978a7907fdf3a7b393ff68e8c0c17703c7f2eae4772b4bdce769668118dda
14617ac5dba86061ae843e682417f7d0abfbfd5ca9ba3c44a9bbedb4d57bb2ed
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
218e60fc24d8dd0d74950b2ce5ee1979eb6ce59706565ada9df20419576cd8bf
22cadce4f1aad2a4af3657f90efa02d4e3d32217fdf307ff69512771d1fb08ab
27ef4db3f29eb0e2011d6159223ffd659ce5579505db3fea0f9665ed60d06652
2a79d9d59e4c07752c78abc5f0243cecb939729e0728f347671fcd3a219e9b3f
2bcef052d0d99b56c7a9b9b0ce076ca020219e6ecccad2b46b0267ffc2fc8bc8
2fd4c3ae6afc2b4026d9f0b64b8ff1110ecfcf47b90bc988c06e844b3921cbf6
32b5ea0410bbd7fa1aef6686a84aeb567739bcd71a935ff6214d538b61353f0b
3393b62f9f2b9463c193386493b3926a89f5daa403bf3d308ed8fab72b89823f
3b96bc53332a1c661a76e6292f4a588e852c169e6c8d7cf4acc7ffebb74361ed
3ff4f23c79b76d3e747016b1c61979e8d83bf3ce1b070a0c1cd79a3382b31e26
46b98a3787c3de05a63a522c71300ef713f78660098ae524fda5e19bb8567a83
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4fb5e059c8498f1903427718bef44b1669b491f703909734bc38f74dbf3ec086
53d14d01075e5ca744315d8037957d2f422994be379f1dd06e4ba5cfe8d7aafc
5448eb2683ea621ef6c88fe6bcf6719322b555c064f6e6154f99b946c71f8cec
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621
61af25545f6b844c647f7ad58dcfa85f8588ac93243da06d791eba77fc229844
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62ac82f2bf4862cc04ecce2899950b9c78395accdde19941c6e98ca9d5a949d9
643cf24f7569d3cda7d4598dd4b96f90d8d60671dc4b6c243f5c6914611f9492
662294921ca6240beb0f2aecb7f7ac23dd085b782bbe52a369b20226d26afe33
6b198a6f15419238f411aa3865a2cd16eb8ec758a78d5c539f33d8a78dfce3a8
6bc365f19ae3702c3202b0c92f21d92d5d758c91a59e699da486a6e57ff5d14b
797495162e268287c01977105ba9d984e96bc5ff9698d261a7b52195f3d56008
7a595ac7abc48d00434b95a59d4faed4a42d3443e9af27da601b0cee8d38086a
83147c4cf00c61d77d068152fdb541e2ca7761e0990682db23e77fb7affdceb4
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8bae2c26aff0597a89bbb7c2a7cfd5d998a5eb3bdbb21fc400a82a7570d43329
8e49b984d20b3e7cb3f2c4a08805dc3f66bb8a58ec08c365d0cf955dd57c77c7
9091dec867a1dc7341bf0aa79915415e24203019aa46230a6210b98187493570
92c579e45d772498668ada99bbd2da0c6a5affa35cf01548505684ff23d19510
941dfac8cd0afbc3d8aa282f394dd29f8c11cb6027d89736ad743f021b285615
96250b0de15d90f6e2e2ee39329e3060c7bc4a15e69cb6933039664f024f7efd
98aedab92e7605d23cc336993d030a8f57ef9914b4f85dcccb43bf934d6f31d0
99984969b73a9759568e48a6e5e02f4fdc286cc3bd57f8e0fe94369b8dc920e4
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a481d1a3625b3e4a2da1ddfe38391d99c1d622f94a091f4139e0240003c0d330
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4f8d308a537be4d8442135addd3a1637ad70c831ec8d6fb21b460dc392031e3
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a57b918c3515ced748a8b0d297202db9b15fefd82acfddaf11f977761407b2ad
a6f8372d8f1826d038b6fb1c9c8ea4945c6f8813486e7f6db5096141b7c60180
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
aaa7d4376bdc97484fd3ea89c5b81b81570bd9390e90a4a20c2d2978be1e7942
ab1eb3c8d6ca91778367540f6b494fc88aba03486612b84cedbb62ecc281fd60
ab612e26357285522cbacea29b729bfdff3b7342c75ee9438ab83a27ce4b297e
afa1d5bcfbc58ede9d71fd9eb2c5b53c369f05f3255ea4a36398be35b52979b9
afa4e40e31012a7beaccfbd9afebc0136d0c386f58b8b1cbed71763ead3ecb6c
afd9717e587095f66f85333202956d4c9dceacfef7df6e2f7006b37b26d1fca5
b8cd6a935771c335b708ce50bb07ff972f1e8d65185231435365bb0a66062411
b919c60c533d26ef2552924c5a100c7838708ed37ca81bad2574b59dd0749b46
ba7beca0f5402387b359ad40d2af0dda9632f6b81e2aa0c26336324c358c3e10
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb2bffccd876f1ce10470c0cb9bd61789bc87e3da8e806861b8eeea7beaec0b1
bdd681451ace45b4f9e4ea032868c87b80da96240a2adb696bd59ed6a238497b
c00a759275b8628823a9809f24cbeca08cb48b52713adf221f70284e66d9c82f
c862ff13e20b2c5749d36046bd04e0c3aca0e0bd573d465686a5a482db2018e6
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
d2b8e1aa28db146a7330200cdf757d7a69e03ef2c37b71b90db0ee141b63ad67
d5661858a1ac96084163595f8a5da3f9c0208037dbe609d6a8bbe48ada46c3b5
ddf89cdacf98bb3a625393cc6301c0e57d1a40b9aab4e246c21c9a37301580dc
de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4df3557d06800598422f1800623c1c0b1ce33b6ab44243fe8ae4e0d1ed5739e
ed02cdf7a52e6ef65a1ca070b7a97b2d102a993837090051036b31a00ec5b7d0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f184e8a5ddc65ba2f6b5bccef92fcd2d4eb856b18683bee79e3e7e8456021d0b
f77da195c72d2ce251b4ba28e6c25ed9029184bd529c2fc7a31e2566530d7e82
fae2a834f61ede31a14fe3c7f10cb502dc7cc537d803059cf57bfd52e7b1653e
fb99807d9c2d9b98d417acd2a3e897a28cc0829d4815642cb9bd1ab640b98454
fe9d2dfa300054f8c69ddf1878bd3f47f98ed156580fd25ec3ac9704a02b649e
fec7432539b8f08643f6265cb66a46dcbb21e6b0e9dd34cd7bf7f4c779876f57

xoso.com.vn Open in urlscan Pro 2606:4700:10::ac43:633 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

117 Requests

94 %HTTPS

42 %IPv6

34 Domains

52 Subdomains

44 IPs

9 Countries

2329 kBTransfer

4333 kBSize

24 Cookies

13 Outgoing links

Page URL History

Redirected requests

117 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

xoso.com.vn Open in urlscan Pro
2606:4700:10::ac43:633 Public Scan

Screenshot
Live screenshot

Full Image

117
Requests

94 %
HTTPS

42 %
IPv6

34
Domains

52
Subdomains

44
IPs

9
Countries

2329 kB
Transfer

4333 kB
Size

24
Cookies

117 HTTP transactions
5 data transactions