k8ccwwesx.live Open in urlscan Pro
2606:4700:3035::6815:2914 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://k8ccwwesx.live/
Effective URL:
https://k8ccwwesx.live/indexasad.php
Submission: On May 03 via api (May 3rd 2023, 5:48:40 pm UTC) from US — Scanned from DE

Summary HTTP 171 Redirects Links 21 Behaviour Indicators

Summary

This website contacted 38 IPs in 9 countries across 31 domains to perform 171 HTTP transactions. The main IP is 2606:4700:3035::6815:2914, located in United States and belongs to CLOUDFLARENET, US. The main domain is k8ccwwesx.live.
TLS certificate: Issued by E1 on May 3rd 2023. Valid for: 3 months.

This is the only time k8ccwwesx.live was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3030::ac43:bd0a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	2606:4700:303... 2606:4700:3035::6815:2914	13335 (CLOUDFLAR...) (CLOUDFLARENET)
34	42.112.37.35 42.112.37.35	18403 (FPT-AS-AP...) (FPT-AS-AP FPT Telecom Company)
9	2405:f980::1:13 2405:f980::1:13	135905 (VNPT-AS-V...) (VNPT-AS-VN VIETNAM POSTS AND TELECOMMUNICATIONS GROUP)
8	2405:f980::1:10 2405:f980::1:10	135905 (VNPT-AS-V...) (VNPT-AS-VN VIETNAM POSTS AND TELECOMMUNICATIONS GROUP)
1	14.225.10.21 14.225.10.21	135905 (VNPT-AS-V...) (VNPT-AS-VN VIETNAM POSTS AND TELECOMMUNICATIONS GROUP)
4	2a00:1450:400... 2a00:1450:4001:809::2008	15169 (GOOGLE) (GOOGLE)
8	123.30.151.88 123.30.151.88	45899 (VNPT-AS-V...) (VNPT-AS-VN VNPT Corp)
4	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
3	2a03:2880:f17... 2a03:2880:f176:84:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	42.112.37.34 42.112.37.34	18403 (FPT-AS-AP...) (FPT-AS-AP FPT Telecom Company)
3	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1 2	52.31.187.235 52.31.187.235	16509 (AMAZON-02) (AMAZON-02)
1	107.178.244.119 107.178.244.119	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	65.9.95.124 65.9.95.124	16509 (AMAZON-02) (AMAZON-02)
6	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
4 11	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
3 5	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
3 4	185.89.210.141 185.89.210.141	29990 (ASN-APPNEX) (ASN-APPNEX)
1	172.217.18.6 172.217.18.6	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:80b::2006	15169 (GOOGLE) (GOOGLE)
3	2600:9000:212... 2600:9000:2127:2600:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a02:fa8:8806... 2a02:fa8:8806:13::1370	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 1	35.204.158.49 35.204.158.49	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1 1	2600:9000:212... 2600:9000:2127:7000:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
2 3	51.89.9.252 51.89.9.252	16276 (OVH) (OVH)
5	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
8	2600:1f18:1ac... 2600:1f18:1aca:4280:4aa4:b14:cc13:9bdb	14618 (AMAZON-AES) (AMAZON-AES)
6	65.9.95.105 65.9.95.105	16509 (AMAZON-02) (AMAZON-02)
1	123.30.151.81 123.30.151.81	() ()
171	38

1 2606:4700:3030::ac43:bd0a (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

k8ccwwesx.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3035::6815:2914 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

k8ccwwesx.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

34 42.112.37.35 (Ho Chi Minh City, Viet Nam)

ASN18403 (FPT-AS-AP FPT Telecom Company, VN)

gamek.mediacdn.vn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vccorp.mediacdn.vn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2405:f980::1:13 (Viet Nam)

ASN135905 (VNPT-AS-VN VIETNAM POSTS AND TELECOMMUNICATIONS GROUP, VN)

media1.admicro.vn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.contineljs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2405:f980::1:10 (Viet Nam)

ASN135905 (VNPT-AS-VN VIETNAM POSTS AND TELECOMMUNICATIONS GROUP, VN)

static.amcdn.vn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
deqik.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
amcdn.vn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lg.nanda.vn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.philacct.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 14.225.10.21 (Viet Nam)

ASN135905 (VNPT-AS-VN VIETNAM POSTS AND TELECOMMUNICATIONS GROUP, VN)
PTR: static.vnpt.vn

adminplayer.sohatv.vn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 123.30.151.88 (Viet Nam)

ASN45899 (VNPT-AS-VN VNPT Corp, VN)
PTR: static.vnpt.vn

lg1.logging.admicro.vn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f176:84:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 42.112.37.34 (Ho Chi Minh City, Viet Nam)

ASN18403 (FPT-AS-AP FPT Telecom Company, VN)

adi.admicro.vn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.31.187.235 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-31-187-235.eu-west-1.compute.amazonaws.com

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 107.178.244.119 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 119.244.178.107.bc.googleusercontent.com

beacon.sojern.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.95.124 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-95-124.prg50.r.cloudfront.net

choices.truste.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 172.217.18.98 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s42-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.80.39.216 (Canada) 3 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.89.210.141 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.6 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s28-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:80b::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2127:2600:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:13::1370 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.204.158.49 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 49.158.204.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2127:7000:1b:5138:8a40:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.89.9.252 (London, United Kingdom) 2 redirects

ASN16276 (OVH, FR)
PTR: ip252.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:1f18:1aca:4280:4aa4:b14:cc13:9bdb (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 65.9.95.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-95-105.prg50.r.cloudfront.net

choices.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 123.30.151.81 (None, )

ASN- ()

fgp.philacct.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
34	mediacdn.vn gamek.mediacdn.vn — Cisco Umbrella Rank: 698532 vccorp.mediacdn.vn — Cisco Umbrella Rank: 336233	1 MB
24	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 94 tpc.googlesyndication.com — Cisco Umbrella Rank: 137	280 KB
21	doubleclick.net 4 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 74 googleads.g.doubleclick.net — Cisco Umbrella Rank: 34 cm.g.doubleclick.net — Cisco Umbrella Rank: 215 ad.doubleclick.net — Cisco Umbrella Rank: 169 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 352	73 KB
17	admicro.vn media1.admicro.vn — Cisco Umbrella Rank: 49476 lg1.logging.admicro.vn — Cisco Umbrella Rank: 40623 adi.admicro.vn — Cisco Umbrella Rank: 66376	172 KB
15	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 292	2 MB
13	adsafeprotected.com 1 redirects pixel.adsafeprotected.com — Cisco Umbrella Rank: 726 static.adsafeprotected.com — Cisco Umbrella Rank: 632 dt.adsafeprotected.com — Cisco Umbrella Rank: 595	170 KB
6	trustarc.com choices.trustarc.com — Cisco Umbrella Rank: 770	19 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 523 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 444	4 KB
5	amcdn.vn static.amcdn.vn — Cisco Umbrella Rank: 58906 amcdn.vn — Cisco Umbrella Rank: 37509	17 KB
4	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 211	4 KB
4	google.com www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 70	1021 B
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 30 region1.google-analytics.com — Cisco Umbrella Rank: 2587	21 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 150	222 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 48	248 KB
4	k8ccwwesx.live 2 redirects k8ccwwesx.live	13 KB
3	onetag-sys.com 2 redirects onetag-sys.com — Cisco Umbrella Rank: 753	824 B
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 188	79 KB
3	google.de www.google.de — Cisco Umbrella Rank: 6386 adservice.google.de — Cisco Umbrella Rank: 9108	1 KB
3	facebook.com www.facebook.com — Cisco Umbrella Rank: 106	95 B
2	philacct.com static.philacct.com — Cisco Umbrella Rank: 103049 fgp.philacct.com	15 KB
1	smaato.net 1 redirects s.ad.smaato.net — Cisco Umbrella Rank: 725	445 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 318	461 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 740	713 B
1	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 2707	105 B
1	truste.com choices.truste.com — Cisco Umbrella Rank: 778	10 KB
1	sojern.com beacon.sojern.com — Cisco Umbrella Rank: 4841	230 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 945	607 B
1	nanda.vn lg.nanda.vn — Cisco Umbrella Rank: 66583	464 B
1	contineljs.com static.contineljs.com — Cisco Umbrella Rank: 54759	4 KB
1	deqik.com deqik.com — Cisco Umbrella Rank: 79119	13 KB
1	sohatv.vn adminplayer.sohatv.vn — Cisco Umbrella Rank: 57630	10 KB
171	31

	Domain	Requested by
33	gamek.mediacdn.vn	k8ccwwesx.live gamek.mediacdn.vn
18	pagead2.googlesyndication.com	media1.admicro.vn pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com ad.doubleclick.net s0.2mdn.net www.googletagservices.com
15	s0.2mdn.net	k8ccwwesx.live s0.2mdn.net
11	cm.g.doubleclick.net	4 redirects googleads.g.doubleclick.net
8	dt.adsafeprotected.com	googleads.g.doubleclick.net k8ccwwesx.live
8	lg1.logging.admicro.vn	k8ccwwesx.live media1.admicro.vn
8	media1.admicro.vn	k8ccwwesx.live media1.admicro.vn
6	choices.trustarc.com	choices.truste.com k8ccwwesx.live choices.trustarc.com
6	tpc.googlesyndication.com	googleads.g.doubleclick.net tpc.googlesyndication.com s0.2mdn.net
4	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	googleads.g.doubleclick.net	www.googletagmanager.com pagead2.googlesyndication.com googleads.g.doubleclick.net
4	connect.facebook.net	k8ccwwesx.live connect.facebook.net deqik.com
4	www.googletagmanager.com	k8ccwwesx.live deqik.com www.googletagmanager.com
4	k8ccwwesx.live	2 redirects k8ccwwesx.live
3	onetag-sys.com	2 redirects googleads.g.doubleclick.net
3	static.adsafeprotected.com	pixel.adsafeprotected.com googleads.g.doubleclick.net
3	www.googletagservices.com	googleads.g.doubleclick.net www.googletagservices.com
3	www.google.com	k8ccwwesx.live googleads.g.doubleclick.net
3	stats.g.doubleclick.net	deqik.com www.google-analytics.com k8ccwwesx.live
3	www.google-analytics.com	deqik.com www.google-analytics.com
3	www.facebook.com	connect.facebook.net k8ccwwesx.live
3	amcdn.vn	k8ccwwesx.live
2	googleads4.g.doubleclick.net	k8ccwwesx.live
2	pixel.adsafeprotected.com	1 redirects googleads.g.doubleclick.net
2	www.google.de	k8ccwwesx.live
2	static.amcdn.vn	k8ccwwesx.live lg1.logging.admicro.vn
1	fgp.philacct.com	k8ccwwesx.live
1	static.philacct.com	media1.admicro.vn
1	s.ad.smaato.net	1 redirects
1	ssum-sec.casalemedia.com	1 redirects
1	pixel.rubiconproject.com	1 redirects
1	um.simpli.fi	1 redirects
1	dclk-match.dotomi.com	googleads.g.doubleclick.net
1	ad.doubleclick.net	www.googletagservices.com
1	choices.truste.com	googleads.g.doubleclick.net
1	beacon.sojern.com	googleads.g.doubleclick.net
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	region1.google-analytics.com	www.googletagmanager.com
1	adi.admicro.vn	media1.admicro.vn
1	lg.nanda.vn	k8ccwwesx.live
1	static.contineljs.com	media1.admicro.vn
1	deqik.com	k8ccwwesx.live
1	adminplayer.sohatv.vn	k8ccwwesx.live
1	vccorp.mediacdn.vn	k8ccwwesx.live
171	47

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
www.youtube.com
hoso.gamek.vn
kto.vnggames.com
loe.vigo.vn
cuumong.vplay.vn
tranma.onelink.me
bit.ly
nhatmong.zing.vn
www.vccorp.vn
www.messenger.com

Subject Issuer	Validity	Valid
k8ccwwesx.live E1	`2023-05-03` - `2023-08-01`	3 months	crt.sh
*.mediacdn.vn Sectigo RSA Domain Validation Secure Server CA	`2022-07-02` - `2023-06-15`	a year	crt.sh
*.admicro.vn Sectigo RSA Domain Validation Secure Server CA	`2022-10-21` - `2023-11-21`	a year	crt.sh
*.amcdn.vn Sectigo RSA Domain Validation Secure Server CA	`2022-12-30` - `2023-12-08`	a year	crt.sh
*.sohatv.vn Sectigo RSA Domain Validation Secure Server CA	`2022-10-03` - `2023-11-03`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-04-17` - `2023-07-10`	3 months	crt.sh
deqik.com Sectigo RSA Domain Validation Secure Server CA	`2022-05-28` - `2023-06-28`	a year	crt.sh
*.logging.admicro.vn Sectigo RSA Domain Validation Secure Server CA	`2022-06-17` - `2023-07-18`	a year	crt.sh
*.contineljs.com Sectigo RSA Domain Validation Secure Server CA	`2022-10-14` - `2023-09-23`	a year	crt.sh
*.nanda.vn Sectigo RSA Domain Validation Secure Server CA	`2022-05-28` - `2023-06-28`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-02-10` - `2023-05-11`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-04-17` - `2023-07-10`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-04-17` - `2023-07-10`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-04-17` - `2023-07-10`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-04-17` - `2023-07-10`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-04-17` - `2023-07-10`	3 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-03-29` - `2024-04-27`	a year	crt.sh
*.sojern.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-17` - `2024-02-17`	a year	crt.sh
*.truste.com Amazon RSA 2048 M02	`2023-02-28` - `2024-01-16`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-04-17` - `2023-07-10`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-04-17` - `2023-07-10`	3 months	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M01	`2023-02-24` - `2023-09-04`	6 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2022-08-09` - `2023-09-10`	a year	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M01	`2023-03-01` - `2023-05-08`	2 months	crt.sh
*.philacct.com Sectigo RSA Domain Validation Secure Server CA	`2022-10-14` - `2023-09-23`	a year	crt.sh
*.trustarc.com Amazon RSA 2048 M02	`2023-04-17` - `2024-05-14`	a year	crt.sh

This page contains 14 frames:

Primary Page: https://k8ccwwesx.live/indexasad.php
Frame ID: 633F80EDCB0042C301FC21C076785D0C
Requests: 83 HTTP requests in this frame

Frame: https://lg1.logging.admicro.vn/_tracking1.gif?dg=b326c5d8ac2a27d73399bab31858fbb2&fl=-1.-1.&je=0&sr=1600x1200&sc=24&hn=k8ccwwesx.live&cat=%2Ftag%2Ftay-du-ky-online%2F&g=0&i=s%3B1683136112660%3B0%3B0%3B1%3B0%3B0%3B1600x1200%3B0%3B0%3Bb326c5d8ac2a27d73399bab31858fbb2%3Bb326c5d8ac2a27d73399bab31858fbb2%3B%3B-1683136108772%3B0%3B0%3B1561%3B1%3B441%3B-1683136108772%3B-1683136108772&rdm=0.6122430545277913&p=%2Findexasad.php&r=&dg=b326c5d8ac2a27d73399bab31858fbb2&ce=1&lc=&cr=&ui=
Frame ID: 65034A079FEB5492FC84BC8307FF2D61
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: E33F1A69F76129CA150CED2AE5A3076C
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: EACC8CC72DEBBDDC216315AF8EC0F8C2
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6366951472589375&output=html&h=90&slotname=6721968282&adk=3456145410&adf=3471351516&pi=t.ma~as.6721968282&w=728&lmt=1683136115&url=https%3A%2F%2Fk8ccwwesx.live%2Findexasad.php&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1683136114923&bpp=14&bdt=152&idt=184&shv=r20230501&mjsv=m202304270101&ptt=5&saldr=sa&correlator=2189790904806&frm=23&ife=1&pv=2&ga_vid=1394017374.1683136114&ga_sid=1683136114&ga_hid=1689191000&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=186&ady=160&biw=1600&bih=1200&isw=728&ish=90&ifk=4212140677&scr_x=0&scr_y=0&eid=44759927%2C44759876%2C44759842%2C44773809%2C44788441%2C44789761%2C44789923&oid=2&pvsid=3803969255231734&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.a5iller8jbfn&fsb=1&dtd=205
Frame ID: 0843D39C71A83ACCEE3BAD9236558E3A
Requests: 40 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJq9JBD1mXwYj-ub4gEwAQ&v=APEucNUqWsrdARTU0DNUHY2-gYmUmDAt6cpy3LxUIfx7QSHvD9pzxIQcpvzZkWQ7a4MiHQX9EyukRUrsWyKnUqphP1n0kHMDAWiAYWacx4Iajq4fovop4qnX4ZjjyATwV2du9s3Z5-3jNxNOmKHOqNTywVX7lS7pSi_YnIKxyTMC9v2q0RtkJNg
Frame ID: B8F77F094B6E30CFA90389F944186FAC
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 98D279BA6143CB18A1BF90FC3142452D
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 35FA13F0DBB324875AC970FEEC4C1B40
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 25CE9D1A87487437C7603C4443F65DDF
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/6931878516262699008/index.html?e=69&leftOffset=0&topOffset=0&c=Kv1vfMcHP1&t=1&renderingType=2&ev=01_247
Frame ID: 5414E1B34248C594AEE356275F7F90A2
Requests: 16 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: AF02A3DE9706A22AC4DC2FB87F601471
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/vL7o0N_rWuXUXr4zaznQwGRTzb1r1IdsCvpeVnelq_s.js
Frame ID: E0874C5B9766A993BBA25BC19B30AAD1
Requests: 1 HTTP requests in this frame

Frame: https://choices.trustarc.com/get?name=admarker-icon-tr.png
Frame ID: 5AB088F8C3459F56120084A1582BA808
Requests: 2 HTTP requests in this frame

Frame: https://fgp.philacct.com/genuuidpc
Frame ID: 76C8B7672E0C866D21172D2B6A91D0DA
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Tây Du Ký Online

Page URL History Show full URLs

http://k8ccwwesx.live/ HTTP 301
https://k8ccwwesx.live/ HTTP 301
https://k8ccwwesx.live/indexasad.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/pagead/show_ads\.js

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

171
Requests

94 %
HTTPS

59 %
IPv6

31
Domains

47
Subdomains

38
IPs

9
Countries

4236 kB
Transfer

7406 kB
Size

37
Cookies

21 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/gamek.vn

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCBEwTpFOP44fyi_7PbFYgXg

Search URL Search Domain Scan URL

URL: https://hoso.gamek.vn/?theloai=4543
Title: MMORPG

Search URL Search Domain Scan URL

URL: https://www.facebook.com/TayDuKyOfficial

Search URL Search Domain Scan URL

URL: https://kto.vnggames.com/alpha-test-1
Title: Kiếm Thế Origin

Search URL Search Domain Scan URL

URL: http://loe.vigo.vn/
Title: Chiến Binh Định Mệnh

Search URL Search Domain Scan URL

URL: https://www.facebook.com/tanomg3q.zing.vn/?ref=page_internal
Title: Tân OMG3Q VNG

Search URL Search Domain Scan URL

URL: https://www.facebook.com/lucdialorenadnxmobile
Title: Lục Địa Loren - ADNX

Search URL Search Domain Scan URL

URL: https://www.facebook.com/dragonhunters.vn/?brand_redir=100538892569633
Title: Dragon Hunters: Heroes Legend

Search URL Search Domain Scan URL

URL: https://www.facebook.com/auditionxperfect/
Title: Audition X

Search URL Search Domain Scan URL

URL: https://cuumong.vplay.vn/
Title: Cửu Mộng Tiên Vực

Search URL Search Domain Scan URL

URL: https://www.facebook.com/tkn.gamate.vn
Title: Tân Kỷ Nguyên

Search URL Search Domain Scan URL

URL: https://tranma.onelink.me/r92N/gamehot
Title: Trấn Ma AFK

Search URL Search Domain Scan URL

URL: https://www.facebook.com/ThanhVanKiemVGP
Title: Thanh Vân Kiếm 3D

Search URL Search Domain Scan URL

URL: https://www.facebook.com/thanvuongfuntap
Title: Thần Vương Chi Mộng

Search URL Search Domain Scan URL

URL: https://bit.ly/32MmxKT
Title: Viễn Chinh Mobile

Search URL Search Domain Scan URL

URL: https://bit.ly/3G7wnG7
Title: Tuyệt Thế Vô Song Mobile

Search URL Search Domain Scan URL

URL: https://nhatmong.zing.vn/
Title: Nhất Mộng Giang Hồ VNG

Search URL Search Domain Scan URL

URL: https://www.facebook.com/trials.official/
Title: Trials Fusion

Search URL Search Domain Scan URL

URL: http://www.vccorp.vn/

Search URL Search Domain Scan URL

URL: https://www.messenger.com/t/152595292913
Title: Chat với tư vấn viên

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://k8ccwwesx.live/ HTTP 301
https://k8ccwwesx.live/ HTTP 301
https://k8ccwwesx.live/indexasad.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 102

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOkBcKBhNHs5qro6JI2QEXU&google_cver=1

Request Chain 103

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZFKecxuLUi3uurPL6kVfQQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOkBcKBhNHs5qro6JI2QEXU&google_cver=1

Request Chain 104

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEKwhkkMSka0L-THcLfNgExA&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEKwhkkMSka0L-THcLfNgExA%26google_cver%3D1

Request Chain 105

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzkxMzc0NzAxMTczNzUyNTcwNg%3D%3D

Request Chain 121

https://um.simpli.fi/gp_match?google_gid=CAESENRQkuUx8sFZDe4UA7bgRFY&google_cver=1&google_push=ATf1kGNlYNYy1QJjfqAk1bOOyFwLNbfRDAcPtmVa0y95fA0QP6uIEIjSQXWBC44BTKLE9BC60iEhY3xArgzlYnsuvm1l8p767Z4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=2E467888155643A4915D6FF9292F17BF&google_push=ATf1kGNlYNYy1QJjfqAk1bOOyFwLNbfRDAcPtmVa0y95fA0QP6uIEIjSQXWBC44BTKLE9BC60iEhY3xArgzlYnsuvm1l8p767Z4

Request Chain 122

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEJeuvXe-UN0TRDn_j-Xaq5U&google_cver=1&google_push=ATf1kGNL3B5oC_YXpG89KZrwCesWgDIZGxj6JxpeOBqhJ1PKQoGrlAODzzm1VWoffDRxvVp01y2PIjY1wURvF8vwx8Kmlr3rzoqX HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEg3WlNCM1gtMUgtQUJTSQ==&google_push=ATf1kGNL3B5oC_YXpG89KZrwCesWgDIZGxj6JxpeOBqhJ1PKQoGrlAODzzm1VWoffDRxvVp01y2PIjY1wURvF8vwx8Kmlr3rzoqX

Request Chain 123

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEExwfa7YvetG_pgAPkCHnPY&google_cver=1&google_push=ATf1kGN6kn3XsaDul6cMpKbMjwz6qpG7Y9aGdKZNLJU9ZNA_ZS3fs0mkB5PvTRsT4_JdOofcQ2jAGBGQk29VCsSCddUVTIbh5wxz HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEExwfa7YvetG_pgAPkCHnPY&google_hm=ZFKecxuLUi3uurPL6kVfQQAABIUAAAIB&google_nid=index&google_push=ATf1kGN6kn3XsaDul6cMpKbMjwz6qpG7Y9aGdKZNLJU9ZNA_ZS3fs0mkB5PvTRsT4_JdOofcQ2jAGBGQk29VCsSCddUVTIbh5wxz

Request Chain 124

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEAt9_zhFDUkNyX16x_1fxMw&google_cver=1&google_push=ATf1kGOF8JjVMx9mFRKBfmCVj3LVkL0S8B2VYAxkN9WPl3FCwpIT8jDb3ZGNCHgjaSV5ZcG47j-VyTbH1RMPABHTPy9Efa6Q8iw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGOF8JjVMx9mFRKBfmCVj3LVkL0S8B2VYAxkN9WPl3FCwpIT8jDb3ZGNCHgjaSV5ZcG47j-VyTbH1RMPABHTPy9Efa6Q8iw

Request Chain 125

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEEiSaX-V_zlm-p8HGKQzx00&google_cver=1&google_push=ATf1kGO3W2bUGgwAyylb_A6r4DhdqePnJ5oQCcfvg5Za-GJsuYqjmS022SQ3TzWTf0Ap5t5q7yx58R6Q7sLDZ0CJlqbjGx4-fOq3 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGO3W2bUGgwAyylb_A6r4DhdqePnJ5oQCcfvg5Za-GJsuYqjmS022SQ3TzWTf0Ap5t5q7yx58R6Q7sLDZ0CJlqbjGx4-fOq3

Request Chain 126

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEEiSaX-V_zlm-p8HGKQzx00&google_cver=1&google_push=ATf1kGO88n8y4lfzqs3YGwQu-4B34PD641FBUdfxTV2TRlHiltQ2Ogy5k0tPu1KYxcRCRii4hWFMRx15-w4leiNg4UNcObOKcRfXIA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGO88n8y4lfzqs3YGwQu-4B34PD641FBUdfxTV2TRlHiltQ2Ogy5k0tPu1KYxcRCRii4hWFMRx15-w4leiNg4UNcObOKcRfXIA HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 131

https://pixel.adsafeprotected.com/rfw/st/1360115/69584918/skeleton.js?adsafe_url=https%3A%2F%2Fk8ccwwesx.live&adsafe_type=g&adsafe_url=https%3A%2F%2Fk8ccwwesx.live%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-6366951472589375%26output%3Dhtml%26h%3D90%26slotname%3D6721968282%26adk%3D3456145410%26adf%3D3471351516%26pi%3Dt.ma~as.6721968282%26w%3D728%26lmt%3D1683136115%26url%3Dhttps%253A%252F%252Fk8ccwwesx.live%252Findexasad.php%26ea%3D0%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd%26dt%3D1683136114923%26bpp%3D14%26bdt%3D152%26idt%3D184%26shv%3Dr20230501%26mjsv%3Dm202304270101%26ptt%3D5%26saldr%3Dsa%26correlator%3D2189790904806%26frm%3D23%26ife%3D1%26pv%3D2%26ga_vid%3D1394017374.1683136114%26ga_sid%3D1683136114%26ga_hid%3D1689191000%26ga_fc%3D1%26nhd%3D1%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D186%26ady%3D160%26biw%3D1600%26bih%3D1200%26isw%3D728%26ish%3D90%26ifk%3D4212140677%26scr_x%3D0%26scr_y%3D0%26eid%3D44759927%252C44759876%252C44759842%252C44773809%252C44788441%252C44789761%252C44789923%26oid%3D2%26pvsid%3D3803969255231734%26uas%3D0%26nvt%3D1%26fc%3D640%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C728%252C90%26vis%3D1%26rsz%3D%257C%257CE%257C%26abl%3DCS%26pfx%3D0%26fu%3D4%26bc%3D31%26ifi%3D1%26uci%3D1.a5iller8jbfn%26fsb%3D1%26dtd%3D205&adsafe_type=d&adsafe_jsinfo=,id:f726cf8a-30d5-097e-d2ad-c8eecc000638,c:bzH9b4,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-7d854c4bd6-tklwj,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:172,mot:0,app:0,maw:0,fm:tDdxC7s+11%7C121*.1360115-69584918%7C1211%7C1212%7C1213%7C1214%7C1215,idMap:121*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:DIV,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,tt:rjss,et:189,oid:ba55a2cf-e9da-11ed-9f27-42ce30d2505e,v:19.8.407,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/skeleton.js

171 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request indexasad.php Show response
k8ccwwesx.live/
Redirect Chain

http://k8ccwwesx.live/
https://k8ccwwesx.live/
https://k8ccwwesx.live/indexasad.php

30 KB
10 KB

1561ms
1561ms

Document
text/html

2606:4700:3035::6815:2914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://k8ccwwesx.live/indexasad.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:2914 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fe795b8347258d530366dab56cba84a7839b176eb2e6b555c689d69368a988a4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7c1a55ca9aeb365d-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 03 May 2023 17:48:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3ELMib4sfQ8bWGFLX7jojfQ6SrDBSiqhp1QKTcFFTEN2etm%2FGJWFWCtRfXh8L1W0RQKP4xl9evc41Abel1peSNywlwGnXz%2B478idmjzEhWSKq4YApWHlZV07aXqkTmzR237spHTIPBu6opIzWA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 7c1a55c8cf88365d-FRA
content-type: text/html; charset=UTF-8
date: Wed, 03 May 2023 17:48:29 GMT
location: https://k8ccwwesx.live/indexasad.php
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YaWevOMTo1npoampDRSArPM9DQoh%2Fcnz3E8t2KFFwOFBks0ofBVUMg8aifvet2yapkxgJsxuOGi7eVgY9l3GYSZlgRA2I%2FyP4nJXwJs9J1PNDnY3tBZ99%2Bo7GfEctpIXSeuMFe37r0PrzldjJw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 main-30012023v1.min.css
gamek.mediacdn.vn/web_css/ 156 KB
40 KB 1022ms
446ms Stylesheet
text/css 42.112.37.35
FPT-AS-AP FPT Tel...

General

Check archive.org

Show headers Download Go to

Full URL

https://gamek.mediacdn.vn/web_css/main-30012023v1.min.css

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

42.112.37.35 Ho Chi Minh City, Viet Nam, ASN18403 (FPT-AS-AP FPT Telecom Company, VN),

Reverse DNS

Software

VCCloud CDN / 562.509ddc901daae541869db25594c10668 /

Resource Hash

b9d5f3f6f18ec7d8d11e99e4d5296910252a92317fcc7526d6838dbee524792d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 31 Jan 2023 04:53:14 GMT
server: VCCloud CDN / 562.509ddc901daae541869db25594c10668
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
xcache-created-at: Saturday, 25-Mar-2023 11:14:35 +07
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
x-cache: HIT from VCCloud CDN
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Length,Content-Type,DNT,If-Modified-Since,Keep-Alive,Key,Origin,Range,User-Agent,X-Requested-With
x-xss-protection: 1; mode=block

GET
H2 200 adm_tracking.js Show response
media1.admicro.vn/core/ 26 KB
8 KB 1875ms
302ms Script
application/x-javascript 2405:f980::1:13
VNPT-AS-VN VIETNA...

General

Check archive.org

Show headers Download Go to

Full URL: https://media1.admicro.vn/core/adm_tracking.js?v=1
Requested by: Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2405:f980::1:13 , Viet Nam, ASN135905 (VNPT-AS-VN VIETNAM POSTS AND TELECOMMUNICATIONS GROUP, VN),
Reverse DNS
Software: ss1/17069 /
Resource Hash: 6e34e8696d51c15b5f0e261c0633ac2fb615ed51ac4795844e72b2a58fa12dee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:32 GMT
content-encoding: gzip
last-modified: Wed, 21 Dec 2022 09:41:58 GMT
server: ss1/17069
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=600, must-revalidate, proxy-revalidate
expires: Wed, 03 May 2023 17:58:32 GMT

GET
H2 200 cdn.js Show response
static.amcdn.vn/tka/ 26 KB
7 KB 1014ms
289ms Script
application/x-javascript 2405:f980::1:10
VNPT-AS-VN VIETNA...

General

Check archive.org

Show headers Download Go to

Full URL: https://static.amcdn.vn/tka/cdn.js
Requested by: Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2405:f980::1:10 , Viet Nam, ASN135905 (VNPT-AS-VN VIETNAM POSTS AND TELECOMMUNICATIONS GROUP, VN),
Reverse DNS
Software: ss1/17205 /
Resource Hash: 6a2959b48940ae172de360c0635dac0f6f8e57201b148c4828c5e84385a9a04f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:32 GMT
content-encoding: gzip
last-modified: Fri, 25 Nov 2022 03:18:21 GMT
server: ss1/17205
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=600, must-revalidate, proxy-revalidate
expires: Wed, 03 May 2023 17:58:32 GMT

GET
H2 200 home2424.png
gamek.mediacdn.vn/web_images/ 164 B
302 B 462ms
456ms Image
image/webp 42.112.37.35
FPT-AS-AP FPT Tel...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gamek.mediacdn.vn/web_images/home2424.png

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

42.112.37.35 Ho Chi Minh City, Viet Nam, ASN18403 (FPT-AS-AP FPT Telecom Company, VN),

Reverse DNS

Software

VCCloud CDN / 562.bb5b2eeb02d8efceafaaa10e98ba02b5 /

Resource Hash

9dfe40dabe3ad00b97db3025b3b13f88512570eb36c568229a45e387935e5143

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 30 Apr 2023 08:08:31 GMT
server: VCCloud CDN / 562.bb5b2eeb02d8efceafaaa10e98ba02b5
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: image/webp
access-control-allow-origin: *
xcache-created-at: Monday, 01-May-2023 11:31:24 +07
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
x-cache: HIT from VCCloud CDN
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Length,Content-Type,DNT,If-Modified-Since,Keep-Alive,Key,Origin,Range,User-Agent,X-Requested-With
content-length: 164
x-xss-protection: 1; mode=block

GET
H2 200 jquery.swiper.min.7.2.0.css
gamek.mediacdn.vn/web_css/ 15 KB
5 KB 221ms
221ms Stylesheet
text/css 42.112.37.35
FPT-AS-AP FPT Tel...

General

Check archive.org

Show headers Download Go to

Full URL

https://gamek.mediacdn.vn/web_css/jquery.swiper.min.7.2.0.css

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

42.112.37.35 Ho Chi Minh City, Viet Nam, ASN18403 (FPT-AS-AP FPT Telecom Company, VN),

Reverse DNS

Software

VCCloud CDN / 562.93aee2c25b226cae63b9f0feca3752be /

Resource Hash

f2a3140679d704bd07329d0768adc05ac21751dd5c558d3b9971ac504b48e79c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 09 May 2022 00:39:22 GMT
server: VCCloud CDN / 562.93aee2c25b226cae63b9f0feca3752be
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
xcache-created-at: Saturday, 25-Mar-2023 11:45:32 +07
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
x-cache: HIT from VCCloud CDN
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Length,Content-Type,DNT,If-Modified-Since,Keep-Alive,Key,Origin,Range,User-Agent,X-Requested-With
x-xss-protection: 1; mode=block

GET
H2 200 jquery.fancybox-1.3.4.css
gamek.mediacdn.vn/web_css/ 9 KB
2 KB 227ms
221ms Stylesheet
text/css 42.112.37.35
FPT-AS-AP FPT Tel...

General

Check archive.org

Show headers Download Go to

Full URL

https://gamek.mediacdn.vn/web_css/jquery.fancybox-1.3.4.css

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

42.112.37.35 Ho Chi Minh City, Viet Nam, ASN18403 (FPT-AS-AP FPT Telecom Company, VN),

Reverse DNS

Software

VCCloud CDN / 562.0678822395efa9f441ceccfb58a9ba22 /

Resource Hash

b16dc95bb0dee2be9a35dd088b2624c26b574a51611cf64aa9f04e9464e054a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 10 Nov 2022 03:55:18 GMT
server: VCCloud CDN / 562.0678822395efa9f441ceccfb58a9ba22
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
xcache-created-at: Saturday, 25-Mar-2023 00:19:04 +07
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
x-cache: HIT from VCCloud CDN
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Length,Content-Type,DNT,If-Modified-Since,Keep-Alive,Key,Origin,Range,User-Agent,X-Requested-With
x-xss-protection: 1; mode=block

GET
H2 200 tdk2-16112192212331729645322.jpg
gamek.mediacdn.vn/133514250583805952/2021/1/21/ 255 KB
255 KB 488ms
482ms Image
image/webp 42.112.37.35
FPT-AS-AP FPT Tel...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gamek.mediacdn.vn/133514250583805952/2021/1/21/tdk2-16112192212331729645322.jpg

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

42.112.37.35 Ho Chi Minh City, Viet Nam, ASN18403 (FPT-AS-AP FPT Telecom Company, VN),

Reverse DNS

Software

VCCloud CDN / 562.16c8850a1109e24c0490db59d266c746 /

Resource Hash

22b63ca0947dd61b3f366b844fce876fe872442d18a8f5c2d899b73ec55c381f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:32 GMT
x-content-type-options: nosniff
last-modified: Thu, 24 Nov 2022 11:21:55 GMT
server: VCCloud CDN / 562.16c8850a1109e24c0490db59d266c746
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: image/webp
access-control-allow-origin: *
xcache-created-at: Wednesday, 03-May-2023 14:10:53 +07
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
x-cache: HIT from VCCloud CDN
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Length,Content-Type,DNT,If-Modified-Since,Keep-Alive,Key,Origin,Range,User-Agent,X-Requested-With
content-length: 261092
x-xss-protection: 1; mode=block

GET
H2 200 tdk1-1611219221200522203487.jpg
gamek.mediacdn.vn/zoom/185_185/133514250583805952/2021/1/21/ 8 KB
8 KB 759ms
753ms Image
image/webp 42.112.37.35
FPT-AS-AP FPT Tel...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gamek.mediacdn.vn/zoom/185_185/133514250583805952/2021/1/21/tdk1-1611219221200522203487.jpg

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

42.112.37.35 Ho Chi Minh City, Viet Nam, ASN18403 (FPT-AS-AP FPT Telecom Company, VN),

Reverse DNS

Software

VCCloud CDN / 562.2bb8dff82fb0367e8285fb3e4940d3b0 /

Resource Hash

df924a34cd555ec19927d0fb74d89443d02b7c1307d1909e85cebe3aeebe7c76

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:32 GMT
x-content-type-options: nosniff
server: VCCloud CDN / 562.2bb8dff82fb0367e8285fb3e4940d3b0
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: image/webp
xcache-created-at: Wednesday, 03-May-2023 14:10:53 +07
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
x-cache: MISS from VCCloud CDN
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Length,Content-Type,DNT,If-Modified-Since,Keep-Alive,Key,Origin,Range,User-Agent,X-Requested-With
x-xss-protection: 1; mode=block

GET
H2 200 Mot_buoi_hop_mat_than_mat_giua_game_thu_Tay_Du_Ky_va_dai_dien_NPH-7b174.JPG
gamek.mediacdn.vn/zoom/450_270/DlBlzccccccccccccE5CT3hqq3xN9o/Image/2013/12/QAnh-4/ 66 KB
66 KB 759ms
754ms Image
image/webp 42.112.37.35
FPT-AS-AP FPT Tel...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gamek.mediacdn.vn/zoom/450_270/DlBlzccccccccccccE5CT3hqq3xN9o/Image/2013/12/QAnh-4/Mot_buoi_hop_mat_than_mat_giua_game_thu_Tay_Du_Ky_va_dai_dien_NPH-7b174.JPG

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

42.112.37.35 Ho Chi Minh City, Viet Nam, ASN18403 (FPT-AS-AP FPT Telecom Company, VN),

Reverse DNS

Software

VCCloud CDN / 562.291df3dfe22db94f51a46d3329b9f24e /

Resource Hash

99cbb0c3e9d1156138570d71f0bf03ecbf5b5b0e120806579f23cedefc3951ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:32 GMT
x-content-type-options: nosniff
server: VCCloud CDN / 562.291df3dfe22db94f51a46d3329b9f24e
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: image/webp
xcache-created-at: Wednesday, 03-May-2023 14:10:53 +07
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
x-cache: MISS from VCCloud CDN
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Length,Content-Type,DNT,If-Modified-Since,Keep-Alive,Key,Origin,Range,User-Agent,X-Requested-With
x-xss-protection: 1; mode=block

GET
H2 200 Mot_noi_tap_hop_cac_cao_thu_moi_hung_huc_khi_the_trong_Tay_Du_Ky-5f40b.jpg
gamek.mediacdn.vn/zoom/450_270/DlBlzccccccccccccE5CT3hqq3xN9o/Image/2013/12/QAnh2/ 66 KB
66 KB 759ms
754ms Image
image/webp 42.112.37.35
FPT-AS-AP FPT Tel...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gamek.mediacdn.vn/zoom/450_270/DlBlzccccccccccccE5CT3hqq3xN9o/Image/2013/12/QAnh2/Mot_noi_tap_hop_cac_cao_thu_moi_hung_huc_khi_the_trong_Tay_Du_Ky-5f40b.jpg

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

42.112.37.35 Ho Chi Minh City, Viet Nam, ASN18403 (FPT-AS-AP FPT Telecom Company, VN),

Reverse DNS

Software

VCCloud CDN / 562.4c754bbf9c2ad3ad782ba22c25adf6f9 /

Resource Hash

1c5684c1ddf04d63fab4630ca65f3a7b294bf64e9071d21a75f163845e69f6e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:32 GMT
x-content-type-options: nosniff
last-modified: Sat, 04 Mar 2023 18:53:15 GMT
server: VCCloud CDN / 562.4c754bbf9c2ad3ad782ba22c25adf6f9
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: image/webp
access-control-allow-origin: *
xcache-created-at: Wednesday, 03-May-2023 14:10:53 +07
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
x-cache: HIT from VCCloud CDN
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Length,Content-Type,DNT,If-Modified-Since,Keep-Alive,Key,Origin,Range,User-Agent,X-Requested-With
content-length: 67482
x-xss-protection: 1; mode=block

GET
H2 200 Tay_Du_Ky_tang_game_thu_suc_manh_cua_Sam_Than_Thor-c7940.jpg
gamek.mediacdn.vn/zoom/450_270/DlBlzccccccccccccE5CT3hqq3xN9o/Image/2013/12/QAnh2/ 74 KB
74 KB 759ms
754ms Image
image/webp 42.112.37.35
FPT-AS-AP FPT Tel...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gamek.mediacdn.vn/zoom/450_270/DlBlzccccccccccccE5CT3hqq3xN9o/Image/2013/12/QAnh2/Tay_Du_Ky_tang_game_thu_suc_manh_cua_Sam_Than_Thor-c7940.jpg

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

42.112.37.35 Ho Chi Minh City, Viet Nam, ASN18403 (FPT-AS-AP FPT Telecom Company, VN),

Reverse DNS

Software

VCCloud CDN / 562.72f55aabd06c84505acebaa29a449bd3 /

Resource Hash

679c248cd0e2f23ec4458100f283c750de53a1679ccd46e2e379c8d939c9016c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:32 GMT
x-content-type-options: nosniff
last-modified: Wed, 31 Aug 2022 20:47:54 GMT
server: VCCloud CDN / 562.72f55aabd06c84505acebaa29a449bd3
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: image/webp
access-control-allow-origin: *
xcache-created-at: Wednesday, 03-May-2023 14:10:53 +07
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
x-cache: HIT from VCCloud CDN
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Length,Content-Type,DNT,If-Modified-Since,Keep-Alive,Key,Origin,Range,User-Agent,X-Requested-With
content-length: 75400
x-xss-protection: 1; mode=block

GET
H2 200 cac-nhan-vat-xep-hang-nhan-chien-vu-tai-may-chu-Loi-Dinh-Than-Tuong-be4d8.JPG
gamek.mediacdn.vn/zoom/450_270/DlBlzccccccccccccE5CT3hqq3xN9o/Image/2013/11/QAnh/ 59 KB
59 KB 760ms
754ms Image
image/jpeg 42.112.37.35
FPT-AS-AP FPT Tel...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gamek.mediacdn.vn/zoom/450_270/DlBlzccccccccccccE5CT3hqq3xN9o/Image/2013/11/QAnh/cac-nhan-vat-xep-hang-nhan-chien-vu-tai-may-chu-Loi-Dinh-Than-Tuong-be4d8.JPG

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

42.112.37.35 Ho Chi Minh City, Viet Nam, ASN18403 (FPT-AS-AP FPT Telecom Company, VN),

Reverse DNS

Software

VCCloud CDN / 562.4bcf66d6e3afd9c9347cfb12683d3d84 /

Resource Hash

55bc4c5878061f1b1d0a068ecb1602b91c1e80f0611c8c7ad3b18bb802299070

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:32 GMT
x-content-type-options: nosniff
last-modified: Mon, 20 Mar 2023 03:54:14 GMT
server: VCCloud CDN / 562.4bcf66d6e3afd9c9347cfb12683d3d84
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
xcache-created-at: Wednesday, 03-May-2023 14:10:53 +07
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
x-cache: HIT from VCCloud CDN
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Length,Content-Type,DNT,If-Modified-Since,Keep-Alive,Key,Origin,Range,User-Agent,X-Requested-With
content-length: 60096
x-xss-protection: 1; mode=block

GET
H2 200 31922006515466193991170113589026069338348019n-16710954880061514679125.jpg
gamek.mediacdn.vn/zoom/185_185/133514250583805952/2022/12/15/ 15 KB
15 KB 760ms
754ms Image
image/webp 42.112.37.35
FPT-AS-AP FPT Tel...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gamek.mediacdn.vn/zoom/185_185/133514250583805952/2022/12/15/31922006515466193991170113589026069338348019n-16710954880061514679125.jpg

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

42.112.37.35 Ho Chi Minh City, Viet Nam, ASN18403 (FPT-AS-AP FPT Telecom Company, VN),

Reverse DNS

Software

VCCloud CDN / 562.8264bf45cafdc2bd4c657616ac318de9 /

Resource Hash

f3f80e61346d7e6b9b88a36f1626eca327d5e2001280cd43149fcc33fa69fba6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:32 GMT
x-content-type-options: nosniff
last-modified: Thu, 15 Dec 2022 10:16:47 GMT
server: VCCloud CDN / 562.8264bf45cafdc2bd4c657616ac318de9
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: image/webp
access-control-allow-origin: *
xcache-created-at: Saturday, 22-Apr-2023 09:45:58 +07
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
x-cache: HIT from VCCloud CDN
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Length,Content-Type,DNT,If-Modified-Since,Keep-Alive,Key,Origin,Range,User-Agent,X-Requested-With
content-length: 15722
x-xss-protection: 1; mode=block

GET
H2 200 ava-91d59.jpg
gamek.mediacdn.vn/zoom/185_185/gzsOnkcdQ4Dg5q1e4Ckccccccccc/Image/2014/05/QAnh1/ 17 KB
17 KB 760ms
755ms Image
image/webp 42.112.37.35
FPT-AS-AP FPT Tel...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gamek.mediacdn.vn/zoom/185_185/gzsOnkcdQ4Dg5q1e4Ckccccccccc/Image/2014/05/QAnh1/ava-91d59.jpg

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

42.112.37.35 Ho Chi Minh City, Viet Nam, ASN18403 (FPT-AS-AP FPT Telecom Company, VN),

Reverse DNS

Software

VCCloud CDN / 562.0d66dc5788d9c674158311b065b9d421 /

Resource Hash

1ad374aca46cf36577a3379c638423d3121b11376701c99611405161ed925981

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:32 GMT
x-content-type-options: nosniff
last-modified: Tue, 28 Mar 2023 06:04:43 GMT
server: VCCloud CDN / 562.0d66dc5788d9c674158311b065b9d421
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: image/webp
access-control-allow-origin: *
xcache-created-at: Saturday, 22-Apr-2023 09:45:58 +07
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
x-cache: HIT from VCCloud CDN
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Length,Content-Type,DNT,If-Modified-Since,Keep-Alive,Key,Origin,Range,User-Agent,X-Requested-With
content-length: 16972
x-xss-protection: 1; mode=block

GET
H2 200 1621954611452048941684858485915712025524945o-16167568882801599917319.jpg
gamek.mediacdn.vn/zoom/185_185/133514250583805952/2021/3/26/ 10 KB
11 KB 760ms
755ms Image
image/webp 42.112.37.35
FPT-AS-AP FPT Tel...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gamek.mediacdn.vn/zoom/185_185/133514250583805952/2021/3/26/1621954611452048941684858485915712025524945o-16167568882801599917319.jpg

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

42.112.37.35 Ho Chi Minh City, Viet Nam, ASN18403 (FPT-AS-AP FPT Telecom Company, VN),

Reverse DNS

Software

VCCloud CDN / 562.fb5c310465ab1a797220e9efcfe6c1e2 /

Resource Hash

fbab43e6b9327e009eb054b919f240612be637534a4120d5e50b9301f428ac35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:32 GMT
x-content-type-options: nosniff
last-modified: Tue, 16 Aug 2022 08:33:37 GMT
server: VCCloud CDN / 562.fb5c310465ab1a797220e9efcfe6c1e2
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: image/webp
access-control-allow-origin: *
xcache-created-at: Saturday, 22-Apr-2023 09:45:58 +07
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
x-cache: HIT from VCCloud CDN
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Length,Content-Type,DNT,If-Modified-Since,Keep-Alive,Key,Origin,Range,User-Agent,X-Requested-With
content-length: 10704
x-xss-protection: 1; mode=block

GET
H2 200 28466607624175949650493141015766180211981170n-16551770124322037779274.jpg
gamek.mediacdn.vn/zoom/185_185/133514250583805952/2022/6/14/ 12 KB
12 KB 760ms
755ms Image
image/webp 42.112.37.35
FPT-AS-AP FPT Tel...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gamek.mediacdn.vn/zoom/185_185/133514250583805952/2022/6/14/28466607624175949650493141015766180211981170n-16551770124322037779274.jpg

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

42.112.37.35 Ho Chi Minh City, Viet Nam, ASN18403 (FPT-AS-AP FPT Telecom Company, VN),

Reverse DNS

Software

VCCloud CDN / 562.a3b386e421a192811826a04571ae7397 /

Resource Hash

ffb4b4818815b4a60d06ba867cfb18069d85f5743509f17c13d5cb8d437e7be4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:32 GMT
x-content-type-options: nosniff
server: VCCloud CDN / 562.a3b386e421a192811826a04571ae7397
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: image/webp
access-control-allow-origin: *
x-cache: HIT from VCCloud CDN
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Length,Content-Type,DNT,If-Modified-Since,Keep-Alive,Key,Origin,Range,User-Agent,X-Requested-With
x-xss-protection: 1; mode=block

GET
H2 200 photo2022-04-0813-36-16-1649403520257976311331.jpg
gamek.mediacdn.vn/zoom/185_185/133514250583805952/2022/4/8/ 16 KB
16 KB 760ms
755ms Image
image/webp 42.112.37.35
FPT-AS-AP FPT Tel...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gamek.mediacdn.vn/zoom/185_185/133514250583805952/2022/4/8/photo2022-04-0813-36-16-1649403520257976311331.jpg

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

42.112.37.35 Ho Chi Minh City, Viet Nam, ASN18403 (FPT-AS-AP FPT Telecom Company, VN),

Reverse DNS

Software

VCCloud CDN / 562.998902ef48abfb81dcad5315577a6718 /

Resource Hash

185b0400b76da94d07d26fd06b2f31d3908650595fe5196f6f7e1acddbac53e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:32 GMT
x-content-type-options: nosniff
last-modified: Fri, 17 Feb 2023 02:40:48 GMT
server: VCCloud CDN / 562.998902ef48abfb81dcad5315577a6718
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: image/webp
access-control-allow-origin: *
xcache-created-at: Saturday, 22-Apr-2023 09:45:58 +07
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
x-cache: HIT from VCCloud CDN
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Length,Content-Type,DNT,If-Modified-Since,Keep-Alive,Key,Origin,Range,User-Agent,X-Requested-With
content-length: 16736
x-xss-protection: 1; mode=block

GET
H2 200 827066741313149650164782968600413386833920o-15813219897102055096769.jpg
gamek.mediacdn.vn/zoom/185_185/133514250583805952/2020/2/10/ 16 KB
16 KB 760ms
755ms Image
image/webp 42.112.37.35
FPT-AS-AP FPT Tel...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gamek.mediacdn.vn/zoom/185_185/133514250583805952/2020/2/10/827066741313149650164782968600413386833920o-15813219897102055096769.jpg

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

42.112.37.35 Ho Chi Minh City, Viet Nam, ASN18403 (FPT-AS-AP FPT Telecom Company, VN),

Reverse DNS

Software

VCCloud CDN / 562.455654bf7229fdc86ebd28a98a4cb012 /

Resource Hash

106c896480d87ae62ce2ecd2a671ec849f7c2d43a49e008a2f812a8978cd8b4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:32 GMT
x-content-type-options: nosniff
last-modified: Wed, 30 Mar 2022 10:35:51 GMT
server: VCCloud CDN / 562.455654bf7229fdc86ebd28a98a4cb012
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: image/webp
access-control-allow-origin: *
xcache-created-at: Saturday, 22-Apr-2023 09:45:58 +07
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
x-cache: HIT from VCCloud CDN
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Length,Content-Type,DNT,If-Modified-Since,Keep-Alive,Key,Origin,Range,User-Agent,X-Requested-With
content-length: 16694
x-xss-protection: 1; mode=block

GET
H2 200 2671001971164738575342461235637967784173882n-16461275731131041274760.jpg
gamek.mediacdn.vn/zoom/185_185/133514250583805952/2022/3/1/ 18 KB
18 KB 760ms
755ms Image
image/webp 42.112.37.35
FPT-AS-AP FPT Tel...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gamek.mediacdn.vn/zoom/185_185/133514250583805952/2022/3/1/2671001971164738575342461235637967784173882n-16461275731131041274760.jpg

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

42.112.37.35 Ho Chi Minh City, Viet Nam, ASN18403 (FPT-AS-AP FPT Telecom Company, VN),

Reverse DNS

Software

VCCloud CDN / 562.8a3abc57b1b752a334ff1ae1edf77871 /

Resource Hash

38568f34c511bb7d4238fce637b55f783a64608a9cea86f1b3087e946706c9cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:32 GMT
x-content-type-options: nosniff
last-modified: Fri, 28 Apr 2023 03:56:45 GMT
server: VCCloud CDN / 562.8a3abc57b1b752a334ff1ae1edf77871
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: image/webp
access-control-allow-origin: *
xcache-created-at: Friday, 28-Apr-2023 11:00:43 +07
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
x-cache: HIT from VCCloud CDN
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Length,Content-Type,DNT,If-Modified-Since,Keep-Alive,Key,Origin,Range,User-Agent,X-Requested-With
content-length: 18490
x-xss-protection: 1; mode=block

GET
H2 200 27356753213732025877027611060072186290899n-16461286713791729361988.jpg
gamek.mediacdn.vn/zoom/185_185/133514250583805952/2022/3/1/ 16 KB
16 KB 760ms
756ms Image
image/webp 42.112.37.35
FPT-AS-AP FPT Tel...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gamek.mediacdn.vn/zoom/185_185/133514250583805952/2022/3/1/27356753213732025877027611060072186290899n-16461286713791729361988.jpg

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

42.112.37.35 Ho Chi Minh City, Viet Nam, ASN18403 (FPT-AS-AP FPT Telecom Company, VN),

Reverse DNS

Software

VCCloud CDN / 562.8dcb803b2669228b676ef8320176b2a4 /

Resource Hash

54b3ba3509da21554f72cac5a68716631997f3f0ebcbc62c55f17e8294c4b346

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:32 GMT
x-content-type-options: nosniff
last-modified: Sat, 22 Apr 2023 02:45:58 GMT
server: VCCloud CDN / 562.8dcb803b2669228b676ef8320176b2a4
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: image/webp
access-control-allow-origin: *
xcache-created-at: Saturday, 22-Apr-2023 21:53:18 +07
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
x-cache: HIT from VCCloud CDN
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Length,Content-Type,DNT,If-Modified-Since,Keep-Alive,Key,Origin,Range,User-Agent,X-Requested-With
content-length: 16546
x-xss-protection: 1; mode=block

GET
H2 200 2735609101044448755015572274147577584933572n-16461285429342100479617.jpg
gamek.mediacdn.vn/zoom/185_185/133514250583805952/2022/3/1/ 16 KB
17 KB 760ms
756ms Image
image/webp 42.112.37.35
FPT-AS-AP FPT Tel...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gamek.mediacdn.vn/zoom/185_185/133514250583805952/2022/3/1/2735609101044448755015572274147577584933572n-16461285429342100479617.jpg

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

42.112.37.35 Ho Chi Minh City, Viet Nam, ASN18403 (FPT-AS-AP FPT Telecom Company, VN),

Reverse DNS

Software

VCCloud CDN / 562.68d69d7a1f51ab89977df6b761f78667 /

Resource Hash

764fc3d36570abe9c466b074a2ba2dc57319b25c4b0173711f276ccd76b726c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:32 GMT
x-content-type-options: nosniff
last-modified: Thu, 16 Feb 2023 02:14:57 GMT
server: VCCloud CDN / 562.68d69d7a1f51ab89977df6b761f78667
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: image/webp
access-control-allow-origin: *
xcache-created-at: Saturday, 22-Apr-2023 09:45:58 +07
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
x-cache: HIT from VCCloud CDN
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Length,Content-Type,DNT,If-Modified-Since,Keep-Alive,Key,Origin,Range,User-Agent,X-Requested-With
content-length: 16788
x-xss-protection: 1; mode=block

GET
H2 200 2737007311025878690225584346576579656015919n-1646128350197818732753.jpg
gamek.mediacdn.vn/zoom/185_185/133514250583805952/2022/3/1/ 15 KB
15 KB 760ms
756ms Image
image/webp 42.112.37.35
FPT-AS-AP FPT Tel...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gamek.mediacdn.vn/zoom/185_185/133514250583805952/2022/3/1/2737007311025878690225584346576579656015919n-1646128350197818732753.jpg

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

42.112.37.35 Ho Chi Minh City, Viet Nam, ASN18403 (FPT-AS-AP FPT Telecom Company, VN),

Reverse DNS

Software

VCCloud CDN / 562.96ad0268e992b8e553dd96b566aa27e4 /

Resource Hash

835ddc3354ced95a191e577a804523613b09b03c4925ff442642b7e3ea442d67

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:32 GMT
x-content-type-options: nosniff
last-modified: Tue, 21 Mar 2023 13:24:10 GMT
server: VCCloud CDN / 562.96ad0268e992b8e553dd96b566aa27e4
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: image/webp
access-control-allow-origin: *
xcache-created-at: Saturday, 22-Apr-2023 09:45:58 +07
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
x-cache: HIT from VCCloud CDN
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Length,Content-Type,DNT,If-Modified-Since,Keep-Alive,Key,Origin,Range,User-Agent,X-Requested-With
content-length: 14900
x-xss-protection: 1; mode=block

GET
H2 200 2720841601015784691012142367583949367222210n-1646127908129345968564.jpg
gamek.mediacdn.vn/zoom/185_185/133514250583805952/2022/3/1/ 15 KB
15 KB 760ms
756ms Image
image/webp 42.112.37.35
FPT-AS-AP FPT Tel...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gamek.mediacdn.vn/zoom/185_185/133514250583805952/2022/3/1/2720841601015784691012142367583949367222210n-1646127908129345968564.jpg

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

42.112.37.35 Ho Chi Minh City, Viet Nam, ASN18403 (FPT-AS-AP FPT Telecom Company, VN),

Reverse DNS

Software

VCCloud CDN / 562.bff0f0f154061e030465ac6de5dcc494 /

Resource Hash

2473b3c91596758d0d127c3571019e5550503b2196ce737b53b0c3ffe8e9ec27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:32 GMT
x-content-type-options: nosniff
last-modified: Wed, 26 Apr 2023 03:38:31 GMT
server: VCCloud CDN / 562.bff0f0f154061e030465ac6de5dcc494
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: image/webp
access-control-allow-origin: *
xcache-created-at: Friday, 28-Apr-2023 11:00:43 +07
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
x-cache: HIT from VCCloud CDN
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Length,Content-Type,DNT,If-Modified-Since,Keep-Alive,Key,Origin,Range,User-Agent,X-Requested-With
content-length: 15210
x-xss-protection: 1; mode=block

GET
H2 200 icon-1638433858794381197976.png
gamek.mediacdn.vn/zoom/185_185/133514250583805952/2021/12/2/ 46 KB
46 KB 760ms
756ms Image
image/webp 42.112.37.35
FPT-AS-AP FPT Tel...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gamek.mediacdn.vn/zoom/185_185/133514250583805952/2021/12/2/icon-1638433858794381197976.png

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

42.112.37.35 Ho Chi Minh City, Viet Nam, ASN18403 (FPT-AS-AP FPT Telecom Company, VN),

Reverse DNS

Software

VCCloud CDN / 562.c5d22ce6f416ce863aea705979cb0644 /

Resource Hash

028c81a32aad1469b222e89a8a8cfbfad2eaf00bd35507ba5c1424cb7e582cb1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:32 GMT
x-content-type-options: nosniff
last-modified: Wed, 15 Feb 2023 01:30:14 GMT
server: VCCloud CDN / 562.c5d22ce6f416ce863aea705979cb0644
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: image/webp
access-control-allow-origin: *
xcache-created-at: Saturday, 22-Apr-2023 09:45:58 +07
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
x-cache: HIT from VCCloud CDN
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Length,Content-Type,DNT,If-Modified-Since,Keep-Alive,Key,Origin,Range,User-Agent,X-Requested-With
content-length: 47280
x-xss-protection: 1; mode=block

GET
H2 200 tuyet-the-vo-song-iconnew-1636342895808582543386.png
gamek.mediacdn.vn/zoom/185_185/133514250583805952/2021/11/8/ 47 KB
48 KB 760ms
757ms Image
image/webp 42.112.37.35
FPT-AS-AP FPT Tel...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gamek.mediacdn.vn/zoom/185_185/133514250583805952/2021/11/8/tuyet-the-vo-song-iconnew-1636342895808582543386.png

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

42.112.37.35 Ho Chi Minh City, Viet Nam, ASN18403 (FPT-AS-AP FPT Telecom Company, VN),

Reverse DNS

Software

VCCloud CDN / 562.79e56b0d58daa9aff36b597e0351b524 /

Resource Hash

242e5db71e533b96f66b03819432c6d8544dbb5318d584a85fc551d868b208d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:32 GMT
x-content-type-options: nosniff
last-modified: Wed, 25 Jan 2023 02:27:12 GMT
server: VCCloud CDN / 562.79e56b0d58daa9aff36b597e0351b524
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: image/webp
access-control-allow-origin: *
xcache-created-at: Saturday, 22-Apr-2023 09:45:58 +07
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
x-cache: HIT from VCCloud CDN
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Length,Content-Type,DNT,If-Modified-Since,Keep-Alive,Key,Origin,Range,User-Agent,X-Requested-With
content-length: 48488
x-xss-protection: 1; mode=block

GET
H2 200 32daf2f872c4bb9ae2d5-1-16337983279462046521052.jpg
gamek.mediacdn.vn/zoom/185_185/133514250583805952/2021/10/9/ 10 KB
11 KB 760ms
757ms Image
image/webp 42.112.37.35
FPT-AS-AP FPT Tel...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gamek.mediacdn.vn/zoom/185_185/133514250583805952/2021/10/9/32daf2f872c4bb9ae2d5-1-16337983279462046521052.jpg

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

42.112.37.35 Ho Chi Minh City, Viet Nam, ASN18403 (FPT-AS-AP FPT Telecom Company, VN),

Reverse DNS

Software

VCCloud CDN / 562.5402fb96c427489801fe4b3d321ce34f /

Resource Hash

91941a78259a38fe741f8d4b70149a2febc1d9f84f060281d043b5a180ede54b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:32 GMT
x-content-type-options: nosniff
last-modified: Thu, 31 Mar 2022 00:03:32 GMT
server: VCCloud CDN / 562.5402fb96c427489801fe4b3d321ce34f
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: image/webp
access-control-allow-origin: *
xcache-created-at: Saturday, 22-Apr-2023 09:45:58 +07
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
x-cache: HIT from VCCloud CDN
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Length,Content-Type,DNT,If-Modified-Since,Keep-Alive,Key,Origin,Range,User-Agent,X-Requested-With
content-length: 10730
x-xss-protection: 1; mode=block

GET
H2 200 r-12437418-1535283411-2537jpeg-16311742905092102168322.jpg
gamek.mediacdn.vn/zoom/185_185/133514250583805952/2021/9/9/ 14 KB
14 KB 760ms
757ms Image
image/webp 42.112.37.35
FPT-AS-AP FPT Tel...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gamek.mediacdn.vn/zoom/185_185/133514250583805952/2021/9/9/r-12437418-1535283411-2537jpeg-16311742905092102168322.jpg

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

42.112.37.35 Ho Chi Minh City, Viet Nam, ASN18403 (FPT-AS-AP FPT Telecom Company, VN),

Reverse DNS

Software

VCCloud CDN / 562.d690f40f78784bb996d87811dad0343e /

Resource Hash

7571605de47e3db8fb44c70fce8006953f4a0dc9da5e977a4854a3e818aec509

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:32 GMT
x-content-type-options: nosniff
last-modified: Fri, 25 Nov 2022 11:17:04 GMT
server: VCCloud CDN / 562.d690f40f78784bb996d87811dad0343e
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: image/webp
access-control-allow-origin: *
xcache-created-at: Saturday, 22-Apr-2023 09:45:58 +07
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
x-cache: HIT from VCCloud CDN
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Length,Content-Type,DNT,If-Modified-Since,Keep-Alive,Key,Origin,Range,User-Agent,X-Requested-With
content-length: 13998
x-xss-protection: 1; mode=block

GET
H2 200 vccorp-s.png
vccorp.mediacdn.vn/ 8 KB
8 KB 761ms
458ms Image
image/png 42.112.37.35
FPT-AS-AP FPT Tel...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://vccorp.mediacdn.vn/vccorp-s.png

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

42.112.37.35 Ho Chi Minh City, Viet Nam, ASN18403 (FPT-AS-AP FPT Telecom Company, VN),

Reverse DNS

Software

VCCloud CDN / 562.e1edc8403f74916d6775fa68e85409b1 /

Resource Hash

fa696f5f1aa34c6b3b3bd4dd87edcd587ac891fc2c03a68fe9b82f975241ebb2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:32 GMT
x-content-type-options: nosniff
server: VCCloud CDN / 562.e1edc8403f74916d6775fa68e85409b1
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: image/png; charset=utf-8
xcache-created-at: Wednesday, 03-May-2023 11:12:46 +07
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
x-cache: HIT from VCCloud CDN
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Length,Content-Type,DNT,If-Modified-Since,Keep-Alive,Key,Origin,Range,User-Agent,X-Requested-With
content-length: 7687
x-xss-protection: 1; mode=block

GET
H3 200 email-decode.min.js Show response
k8ccwwesx.live/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 17ms
12ms Script
application/javascript 2606:4700:3035::6815:2914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://k8ccwwesx.live/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:2914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/indexasad.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 25 Apr 2023 11:29:10 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"6447b986-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o5IelRvVf4cwlHpKVnOweJw6zQ0TteO3u%2BXrZhy5cQSDf6iZ6%2BgBXGRHbgF%2FY3qTc%2FNpFpxO813PWMM2Skt6MINx9HZXPBo5nO75l8sDoHFo4myvoyPIQjysqpu6JgAzC4rG4A%2FjOkbUi0vtaA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 7c1a55dc5e3a3a4a-FRA
expires: Fri, 05 May 2023 17:48:32 GMT

GET
H2 200 gamek-09092022v1.min.js Show response
gamek.mediacdn.vn/web_js/ 263 KB
97 KB 760ms
757ms Script
application/javascript 42.112.37.35
FPT-AS-AP FPT Tel...

General

Check archive.org

Show headers Download Go to

Full URL

https://gamek.mediacdn.vn/web_js/gamek-09092022v1.min.js

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

42.112.37.35 Ho Chi Minh City, Viet Nam, ASN18403 (FPT-AS-AP FPT Telecom Company, VN),

Reverse DNS

Software

VCCloud CDN / 562.a95132b4466c3cbaaf97876f1d8cd95d /

Resource Hash

c8e1eebc02599c9896e78d721eb085cf848d4de35b795b0c704928230ac43d95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 17 Apr 2023 12:04:15 GMT
server: VCCloud CDN / 562.a95132b4466c3cbaaf97876f1d8cd95d
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
xcache-created-at: Thursday, 20-Apr-2023 19:04:26 +07
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
x-cache: HIT from VCCloud CDN
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Length,Content-Type,DNT,If-Modified-Since,Keep-Alive,Key,Origin,Range,User-Agent,X-Requested-With
x-xss-protection: 1; mode=block

GET
H2 200 playerInitScript.js Show response
adminplayer.sohatv.vn/resource/init-script/ 25 KB
10 KB 801ms
223ms Script
application/javascript 14.225.10.21
VNPT-AS-VN VIETNA...

General

Check archive.org

Show headers Download Go to

Full URL: https://adminplayer.sohatv.vn/resource/init-script/playerInitScript.js
Requested by: Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 14.225.10.21 , Viet Nam, ASN135905 (VNPT-AS-VN VIETNAM POSTS AND TELECOMMUNICATIONS GROUP, VN),
Reverse DNS: static.vnpt.vn
Software: / X3-PLAYER
Resource Hash: 2cffcfaacd57b1261f9528bf5cf177907f5dbfc64d5f39796a8bb329e8d1a430

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

x-response-time: 1.050ms
date: Wed, 03 May 2023 17:48:45 GMT
content-encoding: gzip
x-powered-by: X3-PLAYER
etag: W/"64e6-AlsgVvW/MvfywaUw1cv7LgBWh9A"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=120
x-content-length: 25830
x-host-name: SVR576R-NPS-16-40-56

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 103 KB
41 KB 292ms
24ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MZ4QL46

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c3e611acfcb54e3524ca2b8cf57e81e20268ee3fee39facdfe528930445659e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:32 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41214
x-xss-protection: 0
last-modified: Wed, 03 May 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 03 May 2023 17:48:32 GMT

GET
H2 200 ATMJGB0YKY21R.js Show response
deqik.com/tag/corejs/ 42 KB
13 KB 1427ms
586ms Script
application/x-javascript 2405:f980::1:10
VNPT-AS-VN VIETNA...

General

Check archive.org

Show headers Download Go to

Full URL: https://deqik.com/tag/corejs/ATMJGB0YKY21R.js
Requested by: Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2405:f980::1:10 , Viet Nam, ASN135905 (VNPT-AS-VN VIETNAM POSTS AND TELECOMMUNICATIONS GROUP, VN),
Reverse DNS
Software: aws/v1 /
Resource Hash: a263eac2ad4afa7f7c974e9676e0fb60bc735b450b57ce30f08bd37a575d5e5f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:32 GMT
content-encoding: gzip
last-modified: Tue, 19 Apr 2022 06:58:29 GMT
server: aws/v1
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=600, must-revalidate, proxy-revalidate
content-length: 13154
expires: Wed, 03 May 2023 17:58:33 GMT

GET
H2 200 admcore.js Show response
media1.admicro.vn/core/ 156 KB
43 KB 894ms
600ms Script
application/x-javascript 2405:f980::1:13
VNPT-AS-VN VIETNA...

General

Check archive.org

Show headers Download Go to

Full URL: https://media1.admicro.vn/core/admcore.js
Requested by: Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2405:f980::1:13 , Viet Nam, ASN135905 (VNPT-AS-VN VIETNAM POSTS AND TELECOMMUNICATIONS GROUP, VN),
Reverse DNS
Software: ss1/17077 /
Resource Hash: 5796dad7ea6e51f9ebcb34f34a0494c63afe5ebb32edf14e25987404e89640c8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:32 GMT
content-encoding: gzip
last-modified: Wed, 29 Mar 2023 08:28:02 GMT
server: ss1/17077
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=600, must-revalidate, proxy-revalidate
expires: Wed, 03 May 2023 17:58:32 GMT

GET
H2 200 ftest
lg1.logging.admicro.vn/ 35 B
620 B 785ms
218ms Image
image/gif 123.30.151.88
VNPT-AS-VN VNPT Corp

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lg1.logging.admicro.vn/ftest?url=https%3A%2F%2Fk8ccwwesx.live%2Findexasad.php
Requested by: Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 123.30.151.88 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS: static.vnpt.vn
Software: aws/v1/76R454R0A1 /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:32 GMT
last-modified: Sun, 17 May 1998 07:00:00 GMT
server: aws/v1/76R454R0A1
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ftest
amcdn.vn/ 35 B
458 B 1295ms
322ms Image
image/gif 2405:f980::1:10
VNPT-AS-VN VIETNA...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://amcdn.vn/ftest?url=https%3A%2F%2Fk8ccwwesx.live%2Findexasad.php
Requested by: Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2405:f980::1:10 , Viet Nam, ASN135905 (VNPT-AS-VN VIETNAM POSTS AND TELECOMMUNICATIONS GROUP, VN),
Reverse DNS
Software: aws/a1496 /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:33 GMT
last-modified: Sun, 17 May 1998 07:00:00 GMT
server: aws/a1496
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sprite20150608.png
gamek.mediacdn.vn/web_images/ 86 KB
86 KB 759ms
757ms Image
image/webp 42.112.37.35
FPT-AS-AP FPT Tel...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gamek.mediacdn.vn/web_images/sprite20150608.png

Requested by

Host: gamek.mediacdn.vn
URL: https://gamek.mediacdn.vn/web_css/main-30012023v1.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

42.112.37.35 Ho Chi Minh City, Viet Nam, ASN18403 (FPT-AS-AP FPT Telecom Company, VN),

Reverse DNS

Software

VCCloud CDN / 562.4666edfb9b19eef42dd5152ab4c6fe62 /

Resource Hash

03be794e44ad160f12bf6b73957424002f5f78a2af4dc291295f0420f68b2a54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gamek.mediacdn.vn/web_css/main-30012023v1.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:32 GMT
x-content-type-options: nosniff
last-modified: Tue, 07 Feb 2023 02:11:51 GMT
server: VCCloud CDN / 562.4666edfb9b19eef42dd5152ab4c6fe62
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: image/webp
access-control-allow-origin: *
xcache-created-at: Saturday, 25-Mar-2023 09:41:13 +07
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
x-cache: HIT from VCCloud CDN
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Length,Content-Type,DNT,If-Modified-Since,Keep-Alive,Key,Origin,Range,User-Agent,X-Requested-With
content-length: 88068
x-xss-protection: 1; mode=block

GET
H2 200 gamek_logo_30052022.svg
gamek.mediacdn.vn/web_images/ 11 KB
4 KB 759ms
757ms Image
image/svg+xml 42.112.37.35
FPT-AS-AP FPT Tel...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gamek.mediacdn.vn/web_images/gamek_logo_30052022.svg

Requested by

Host: gamek.mediacdn.vn
URL: https://gamek.mediacdn.vn/web_css/main-30012023v1.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

42.112.37.35 Ho Chi Minh City, Viet Nam, ASN18403 (FPT-AS-AP FPT Telecom Company, VN),

Reverse DNS

Software

VCCloud CDN / 562.7c5451444b4c7e3ceec43b7e664be9fc /

Resource Hash

8455c1c2d1cfbcc4d91725ec2d6ff649c6479110951dac890fdf6bb9da74ba5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gamek.mediacdn.vn/web_css/main-30012023v1.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 27 Jan 2023 04:50:24 GMT
server: VCCloud CDN / 562.7c5451444b4c7e3ceec43b7e664be9fc
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: image/svg+xml
access-control-allow-origin: *
xcache-created-at: Saturday, 25-Mar-2023 11:11:44 +07
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
x-cache: HIT from VCCloud CDN
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Length,Content-Type,DNT,If-Modified-Since,Keep-Alive,Key,Origin,Range,User-Agent,X-Requested-With
x-xss-protection: 1; mode=block

GET
H2 200 UTM_Bebas.woff2
gamek.mediacdn.vn/web_font/ 9 KB
10 KB 2738ms
222ms Font
application/octet-stream 42.112.37.35
FPT-AS-AP FPT Tel...

General

Check archive.org

Show headers Download Go to

Full URL

https://gamek.mediacdn.vn/web_font/UTM_Bebas.woff2

Requested by

Host: gamek.mediacdn.vn
URL: https://gamek.mediacdn.vn/web_css/main-30012023v1.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

42.112.37.35 Ho Chi Minh City, Viet Nam, ASN18403 (FPT-AS-AP FPT Telecom Company, VN),

Reverse DNS

Software

VCCloud CDN / 562.dc9ccb7de2e57cf2b6638cf502c1d286 /

Resource Hash

16b023e36e0629c09639934fa6f0872b35128d821011b19a269cd7677b3007b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gamek.mediacdn.vn/web_css/main-30012023v1.min.css
Origin: https://k8ccwwesx.live
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:34 GMT
x-content-type-options: nosniff
server: VCCloud CDN / 562.dc9ccb7de2e57cf2b6638cf502c1d286
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: application/octet-stream; charset=utf-8
xcache-created-at: Wednesday, 03-May-2023 11:21:34 +07
access-control-allow-origin: *
cache-control: private, max-age=0
x-cache: HIT from VCCloud CDN
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Length,Content-Type,DNT,If-Modified-Since,Keep-Alive,Key,Origin,Range,User-Agent,X-Requested-With
content-length: 9272
x-xss-protection: 1; mode=block

GET
H2 200 gamedownload.png
gamek.mediacdn.vn/web_images/ 5 KB
5 KB 525ms
524ms Image
image/webp 42.112.37.35
FPT-AS-AP FPT Tel...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gamek.mediacdn.vn/web_images/gamedownload.png

Requested by

Host: gamek.mediacdn.vn
URL: https://gamek.mediacdn.vn/web_css/main-30012023v1.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

42.112.37.35 Ho Chi Minh City, Viet Nam, ASN18403 (FPT-AS-AP FPT Telecom Company, VN),

Reverse DNS

Software

VCCloud CDN / 562.9c8f112ce9a3f39c51bae91039fd6fdd /

Resource Hash

24ea4c2c61ca2c85134e67a282327c7c13da9c70c8a8e9466b93fdd71385d4db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gamek.mediacdn.vn/web_css/main-30012023v1.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:32 GMT
x-content-type-options: nosniff
last-modified: Fri, 25 Nov 2022 01:02:51 GMT
server: VCCloud CDN / 562.9c8f112ce9a3f39c51bae91039fd6fdd
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: image/webp
access-control-allow-origin: *
xcache-created-at: Thursday, 23-Mar-2023 09:33:34 +07
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
x-cache: HIT from VCCloud CDN
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Length,Content-Type,DNT,If-Modified-Since,Keep-Alive,Key,Origin,Range,User-Agent,X-Requested-With
content-length: 5152
x-xss-protection: 1; mode=block

GET
H2 200 ads_code_1.ads Show response
media1.admicro.vn/ads_codes/ 0
242 B 592ms
592ms Script
application/x-javascript 2405:f980::1:13
VNPT-AS-VN VIETNA...

General

Check archive.org

Show headers Download Go to

Full URL: https://media1.admicro.vn/ads_codes/ads_code_1.ads
Requested by: Host: media1.admicro.vn
URL: https://media1.admicro.vn/core/adm_tracking.js?v=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2405:f980::1:13 , Viet Nam, ASN135905 (VNPT-AS-VN VIETNAM POSTS AND TELECOMMUNICATIONS GROUP, VN),
Reverse DNS
Software: ss1/17069 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:32 GMT
content-encoding: gzip
last-modified: Tue, 27 Apr 2021 04:47:24 GMT
server: ss1/17069
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=600, must-revalidate, proxy-revalidate
content-length: 23
expires: Wed, 03 May 2023 17:58:32 GMT

GET
H2 200 lgnews.js Show response
static.contineljs.com/core/ 11 KB
4 KB 901ms
294ms Script
application/x-javascript 2405:f980::1:13
VNPT-AS-VN VIETNA...

General

Check archive.org

Show headers Download Go to

Full URL: https://static.contineljs.com/core/lgnews.js
Requested by: Host: media1.admicro.vn
URL: https://media1.admicro.vn/core/adm_tracking.js?v=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2405:f980::1:13 , Viet Nam, ASN135905 (VNPT-AS-VN VIETNAM POSTS AND TELECOMMUNICATIONS GROUP, VN),
Reverse DNS
Software: ss1/17206 /
Resource Hash: 8de73b8c9c9d8b3359c9e50a046f1cc12277e3fbbe4f19c8d47434b2fdccebe8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:33 GMT
content-encoding: gzip
last-modified: Fri, 21 Apr 2023 08:41:29 GMT
server: ss1/17206
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=600, must-revalidate, proxy-revalidate
expires: Wed, 03 May 2023 17:58:33 GMT

GET
H2 200 ftest
amcdn.vn/ 35 B
458 B 691ms
322ms Image
image/gif 2405:f980::1:10
VNPT-AS-VN VIETNA...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://amcdn.vn/ftest?lsn=b326c5d8ac2a27d73399bab31858fbb2&dg=b326c5d8ac2a27d73399bab31858fbb2&ui=&url=http%3A%2F%2F1k8ccwwesx.live%2Findexasad.php&rd=0.08623396883464585
Requested by: Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2405:f980::1:10 , Viet Nam, ASN135905 (VNPT-AS-VN VIETNAM POSTS AND TELECOMMUNICATIONS GROUP, VN),
Reverse DNS
Software: aws/a1574 /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:33 GMT
last-modified: Sun, 17 May 1998 07:00:00 GMT
server: aws/a1574
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ftest
lg1.logging.admicro.vn/ 35 B
619 B 218ms
217ms Image
image/gif 123.30.151.88
VNPT-AS-VN VNPT Corp

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lg1.logging.admicro.vn/ftest?lsn=b326c5d8ac2a27d73399bab31858fbb2&dg=b326c5d8ac2a27d73399bab31858fbb2&ui=&url=http%3A%2F%2F2k8ccwwesx.live%2Findexasad.php&rd=0.4633118637036284
Requested by: Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 123.30.151.88 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS: static.vnpt.vn
Software: aws/v1/86R225L0A1 /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:32 GMT
last-modified: Sun, 17 May 1998 07:00:00 GMT
server: aws/v1/86R225L0A1
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 _tracking1.gif
lg1.logging.admicro.vn/ 35 B
715 B 216ms
215ms Image
image/gif 123.30.151.88
VNPT-AS-VN VNPT Corp

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg1.logging.admicro.vn/_tracking1.gif?dg=b326c5d8ac2a27d73399bab31858fbb2&fl=-1.-1.&je=0&sr=1600x1200&sc=24&hn=k8ccwwesx.live&cat=%2Ftag%2Ftay-du-ky-online%2F&g=0&i=v%3B1683136112660%3B0%3B0%3B1%3B0%3B0%3B1600x1200%3B0%3B0%3Bb326c5d8ac2a27d73399bab31858fbb2%3Bb326c5d8ac2a27d73399bab31858fbb2%3B%3B-1683136108772%3B0%3B0%3B1561%3B1%3B441%3B-1683136108772%3B-1683136108772&rdm=0.5478278874041478&p=%2Findexasad.php&r=&dg=b326c5d8ac2a27d73399bab31858fbb2&ce=1&lc=&cr=&ui=

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

123.30.151.88 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),

Reverse DNS

static.vnpt.vn

Software

aws/v1/55R3440A1B /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Frame-Options	allowall

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:32 GMT
last-modified: Sun, 17 May 1998 07:00:00 GMT
server: aws/v1/55R3440A1B
x-frame-options: allowall
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 mapid
lg.nanda.vn/ 35 B
464 B 1072ms
315ms Image
image/gif 2405:f980::1:10
VNPT-AS-VN VIETNA...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lg.nanda.vn/mapid?src=admicro&dguid=b326c5d8ac2a27d73399bab31858fbb2&3guid=
Requested by: Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2405:f980::1:10 , Viet Nam, ASN135905 (VNPT-AS-VN VIETNAM POSTS AND TELECOMMUNICATIONS GROUP, VN),
Reverse DNS
Software: aws/n2427 /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:33 GMT
last-modified: Sun, 17 May 1998 07:00:00 GMT
server: aws/n2427
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cmd_track
amcdn.vn/ 35 B
239 B 318ms
318ms Image
image/gif 2405:f980::1:10
VNPT-AS-VN VIETNA...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://amcdn.vn/cmd_track?lsn=b326c5d8ac2a27d73399bab31858fbb2&dg=b326c5d8ac2a27d73399bab31858fbb2&ui=&fl=-1.-1.&je=0&sr=1600x1200&sc=24&hn=k8ccwwesx.live&p=%2Findexasad.php&r=&cat=%2Ftag%2Ftay-du-ky-online%2F&vp=1600x1200
Requested by: Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2405:f980::1:10 , Viet Nam, ASN135905 (VNPT-AS-VN VIETNAM POSTS AND TELECOMMUNICATIONS GROUP, VN),
Reverse DNS
Software: aws/a2417 /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:33 GMT
last-modified: Sun, 17 May 1998 07:00:00 GMT
server: aws/a2417
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 all.js Show response
connect.facebook.net/vi_VN/ 3 KB
2 KB 39ms
9ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/vi_VN/all.js

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

80dda122ffbd6798f6854c78267fa4d2279a0c54846f1af93bb842c7320f2bfa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 03 May 2023 17:48:33 GMT
content-md5: y9021oN5/wuxoN89PBHI8Q==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1688
x-fb-rlafr: 0
x-fb-debug: KFOi9gFiuAbKI9GNVWL4l/gf+J363P2v+KWcXGecRW4ATkA2xsYYtflc/ax/cFoCyK2zSlWOpr5ke/vC1JQauw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 1679558926
x-fb-content-md5: 8b200430a7bdfa86f6a6138247b98f8e
cross-origin-opener-policy: same-origin-allow-popups
etag: "c7293fd49e340e518bd39d7f51ee31a3"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
x-frame-options: DENY
timing-allow-origin: *
expires: Wed, 03 May 2023 17:56:06 GMT

GET
H2 200 _tracking1.gif Show response
lg1.logging.admicro.vn/ Frame 6503 720 B
1 KB 217ms
216ms Document
text/html 123.30.151.88
VNPT-AS-VN VNPT Corp

General

Check archive.org

Show headers Download Go to

Full URL

https://lg1.logging.admicro.vn/_tracking1.gif?dg=b326c5d8ac2a27d73399bab31858fbb2&fl=-1.-1.&je=0&sr=1600x1200&sc=24&hn=k8ccwwesx.live&cat=%2Ftag%2Ftay-du-ky-online%2F&g=0&i=s%3B1683136112660%3B0%3B0%3B1%3B0%3B0%3B1600x1200%3B0%3B0%3Bb326c5d8ac2a27d73399bab31858fbb2%3Bb326c5d8ac2a27d73399bab31858fbb2%3B%3B-1683136108772%3B0%3B0%3B1561%3B1%3B441%3B-1683136108772%3B-1683136108772&rdm=0.6122430545277913&p=%2Findexasad.php&r=&dg=b326c5d8ac2a27d73399bab31858fbb2&ce=1&lc=&cr=&ui=

Requested by

Host: media1.admicro.vn
URL: https://media1.admicro.vn/core/adm_tracking.js?v=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

123.30.151.88 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),

Reverse DNS

static.vnpt.vn

Software

aws/v1/87R454L0A1 /

Resource Hash

fef6cbea444546594c6a0ed587d637d739d0c7edefe52ada9c5afbf868ebc207

Security Headers

Name	Value
X-Frame-Options	allowall

Request headers

Referer: https://k8ccwwesx.live/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 720
content-type: text/html; charset=utf-8
date: Wed, 03 May 2023 17:48:33 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
last-modified: Sun, 17 May 1998 07:00:00 GMT
pragma: no-cache
server: aws/v1/87R454L0A1
x-frame-options: allowall

GET
H3 200 all.js Show response
connect.facebook.net/vi_VN/ 303 KB
85 KB 24ms
11ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/vi_VN/all.js?hash=02e4c234acd477406c91167f190b08c6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/vi_VN/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2815303d3b0b23269b57e4a5ff8494cbfc8ff0cc65e67180f250f1a6dfdabcac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://k8ccwwesx.live/
Origin: https://k8ccwwesx.live
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 03 May 2023 17:48:33 GMT
content-md5: Ix8mCg1nQOBhSD3kvh63Lw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 87143
x-fb-rlafr: 0
x-fb-debug: 3cetW5N40esnKrWi3uZvAMpUIyLpjSMA9eEpqUMI6OluaVhEXhO9BDI2GarrD72Ah19pLoletNiVxIi0JOLDow==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: c340eea193a432614c66b9be2bf31061
cross-origin-opener-policy: same-origin-allow-popups
etag: "33dd20b658ad4ad0393e881594585931"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Thu, 02 May 2024 12:45:53 GMT

GET
H2 200 status
www.facebook.com/x/oauth/ 0
0 78ms
47ms Fetch
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/x/oauth/status?client_id=618158328194206&input_token&origin=1&redirect_uri=https%3A%2F%2Fk8ccwwesx.live%2Findexasad.php&sdk=joey&wants_cookie_data=false

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/vi_VN/all.js?hash=02e4c234acd477406c91167f190b08c6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
date: Wed, 03 May 2023 17:48:33 GMT
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: YNTy19v4gaKOyrIthcpeS9fZT7NldZK4zd0Vbu2STEWvCuMK7HfUMdf6xE7pC/LUD3yUTlHRqQOi8XEyeDbpAQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
fb-s: unknown
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://k8ccwwesx.live
origin-agent-cluster: ?0
access-control-expose-headers: fb-s
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 admcoreext.js Show response
media1.admicro.vn/core/ 14 KB
5 KB 299ms
299ms Script
application/x-javascript 2405:f980::1:13
VNPT-AS-VN VIETNA...

General

Check archive.org

Show headers Download Go to

Full URL: https://media1.admicro.vn/core/admcoreext.js
Requested by: Host: media1.admicro.vn
URL: https://media1.admicro.vn/core/admcore.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2405:f980::1:13 , Viet Nam, ASN135905 (VNPT-AS-VN VIETNAM POSTS AND TELECOMMUNICATIONS GROUP, VN),
Reverse DNS
Software: ss1/17205 /
Resource Hash: 8c6dc32d121be2319e6605e1f583ef12a9d76a9d0d68ab1a6dd76049e35d87a4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:33 GMT
content-encoding: gzip
last-modified: Mon, 21 Nov 2022 09:02:41 GMT
server: ss1/17205
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=600, must-revalidate, proxy-revalidate
expires: Wed, 03 May 2023 17:58:33 GMT

GET
H2 200 arf-57.min.js Show response
media1.admicro.vn/cms/ 89 KB
9 KB 299ms
299ms Script
application/x-javascript 2405:f980::1:13
VNPT-AS-VN VIETNA...

General

Check archive.org

Show headers Download Go to

Full URL: https://media1.admicro.vn/cms/arf-57.min.js
Requested by: Host: media1.admicro.vn
URL: https://media1.admicro.vn/core/admcore.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2405:f980::1:13 , Viet Nam, ASN135905 (VNPT-AS-VN VIETNAM POSTS AND TELECOMMUNICATIONS GROUP, VN),
Reverse DNS
Software: ss1/17206 /
Resource Hash: cf0cf3a4991aa017eea8141c9918da7f32a776fcf779f37cdd9505a3c50539d3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:33 GMT
content-encoding: gzip
last-modified: Wed, 03 May 2023 17:30:57 GMT
server: ss1/17206
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=600, must-revalidate, proxy-revalidate
expires: Wed, 03 May 2023 17:58:33 GMT

GET
H2 200 genjs_ht26032019.js Show response
adi.admicro.vn/adt/cpc/tvcads/tracking/ 28 B
529 B 816ms
224ms Script
application/javascript 42.112.37.34
FPT-AS-AP FPT Tel...

General

Check archive.org

Show headers Download Go to

Full URL

https://adi.admicro.vn/adt/cpc/tvcads/tracking/genjs_ht26032019.js?v=0.9219513705770068

Requested by

Host: media1.admicro.vn
URL: https://media1.admicro.vn/core/admcore.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

42.112.37.34 Ho Chi Minh City, Viet Nam, ASN18403 (FPT-AS-AP FPT Telecom Company, VN),

Reverse DNS

Software

VCCloud CDN / 564.2d7a046f7a08082e46365acb139b438f /

Resource Hash

e8fab4708422172956dd7b3e03593b6158704e6c1a1cc8a5313e461c166afa5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: VCCloud CDN / 564.2d7a046f7a08082e46365acb139b438f
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: application/javascript; charset=utf-8
xcache-created-at: Thursday, 04-May-2023 00:45:02 +07
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
x-cache: HIT from VCCloud CDN
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Length,Content-Type,DNT,If-Modified-Since,Keep-Alive,Key,Origin,Range,User-Agent,X-Requested-With
x-xss-protection: 1; mode=block

GET
H2 200 persist.js Show response
static.amcdn.vn/core/ Frame 6503 26 KB
8 KB 290ms
289ms Script
application/x-javascript 2405:f980::1:10
VNPT-AS-VN VIETNA...

General

Check archive.org

Show headers Download Go to

Full URL: https://static.amcdn.vn/core/persist.js
Requested by: Host: lg1.logging.admicro.vn
URL: https://lg1.logging.admicro.vn/_tracking1.gif?dg=b326c5d8ac2a27d73399bab31858fbb2&fl=-1.-1.&je=0&sr=1600x1200&sc=24&hn=k8ccwwesx.live&cat=%2Ftag%2Ftay-du-ky-online%2F&g=0&i=s%3B1683136112660%3B0%3B0%3B1%3B0%3B0%3B1600x1200%3B0%3B0%3Bb326c5d8ac2a27d73399bab31858fbb2%3Bb326c5d8ac2a27d73399bab31858fbb2%3B%3B-1683136108772%3B0%3B0%3B1561%3B1%3B441%3B-1683136108772%3B-1683136108772&rdm=0.6122430545277913&p=%2Findexasad.php&r=&dg=b326c5d8ac2a27d73399bab31858fbb2&ce=1&lc=&cr=&ui=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2405:f980::1:10 , Viet Nam, ASN135905 (VNPT-AS-VN VIETNAM POSTS AND TELECOMMUNICATIONS GROUP, VN),
Reverse DNS
Software: ss1/17205 /
Resource Hash: 9e9efcb83c65b19c1e5beda26cfd017576e8ed57bd67876ca87f7634ffc8bf8e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lg1.logging.admicro.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:33 GMT
content-encoding: gzip
last-modified: Tue, 04 Jan 2022 06:49:30 GMT
server: ss1/17205
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=600, must-revalidate, proxy-revalidate
expires: Wed, 03 May 2023 17:58:33 GMT

GET
H2 200 adm_tracking.js Show response
media1.admicro.vn/core/ 26 KB
8 KB 303ms
298ms Script
application/x-javascript 2405:f980::1:13
VNPT-AS-VN VIETNA...

General

Check archive.org

Show headers Download Go to

Full URL: https://media1.admicro.vn/core/adm_tracking.js?id=1
Requested by: Host: media1.admicro.vn
URL: https://media1.admicro.vn/core/admcore.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2405:f980::1:13 , Viet Nam, ASN135905 (VNPT-AS-VN VIETNAM POSTS AND TELECOMMUNICATIONS GROUP, VN),
Reverse DNS
Software: ss1/17068 /
Resource Hash: 6e34e8696d51c15b5f0e261c0633ac2fb615ed51ac4795844e72b2a58fa12dee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:33 GMT
content-encoding: gzip
last-modified: Wed, 21 Dec 2022 09:41:58 GMT
server: ss1/17068
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=600, must-revalidate, proxy-revalidate
expires: Wed, 03 May 2023 17:58:33 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 51 KB
21 KB 37ms
9ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: deqik.com
URL: https://deqik.com/tag/corejs/ATMJGB0YKY21R.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 03 May 2023 17:05:04 GMT
last-modified: Mon, 17 Apr 2023 22:36:01 GMT
server: Golfe2
age: 2609
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20737
expires: Wed, 03 May 2023 19:05:04 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 105 KB
27 KB 9ms
9ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: deqik.com
URL: https://deqik.com/tag/corejs/ATMJGB0YKY21R.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9f7b103418c76d3c630fa9ac6128249bebab1e97454948c2fcfc22fc88f4ea3a

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 03 May 2023 17:48:33 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27428
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: BF2NWx/HIs7V+d/yIGbQrzIDq/DhwExS2D3wi+MqeaKf/xqbvTtjPx/9GAhOQofz1ncweH0gvuCiEo7TLlUsIg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 1679558926
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 dc.js Show response
stats.g.doubleclick.net/ 45 KB
17 KB 72ms
19ms Script
text/javascript 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/dc.js

Requested by

Host: deqik.com
URL: https://deqik.com/tag/corejs/ATMJGB0YKY21R.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6181cd98fe270c2826d416574446841f86778bc45a0ab0bdd0c667b4e70fd6e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 03 May 2023 16:40:21 GMT
last-modified: Mon, 17 Apr 2023 22:36:01 GMT
server: Golfe2
age: 4092
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17093
expires: Wed, 03 May 2023 18:40:21 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 221 KB
78 KB 24ms
24ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-SPFXF87NXW

Requested by

Host: deqik.com
URL: https://deqik.com/tag/corejs/ATMJGB0YKY21R.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bdf68ba60fc222d7592d13020c4e4560bcb6d37c318c3acd001053da01458018

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:33 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 79640
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 03 May 2023 17:48:33 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 221 KB
78 KB 27ms
26ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-SPFXF87NXW&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ4QL46

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

76274d373cda7a0dce2e4d082123d719aab0454eb1e720c30b1fa32e002bbbc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:33 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 79645
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 03 May 2023 17:48:33 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 133 KB
51 KB 39ms
38ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-748929497

Requested by

Host: deqik.com
URL: https://deqik.com/tag/corejs/ATMJGB0YKY21R.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e4dba4712c4d961e8b4c110147806fb7e7d1123c06a2da2cf8b76f6840524d69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:33 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52436
x-xss-protection: 0
last-modified: Wed, 03 May 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 03 May 2023 17:48:33 GMT

GET
H3 200 272928993613453 Show response
connect.facebook.net/signals/config/ 375 KB
107 KB 10ms
9ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/272928993613453?v=2.9.103&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1562d52e7ec908dc77567979eefa514e785555a51fa6ecddd56f7edf67e909a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 03 May 2023 17:48:33 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 109688
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: vBZ5EKM87XAWTjiuW2eAHopqZ1ZJqJqor16cExnXDCgFvKFnBDMVAlM6JVZdRdX+gzEUOm+tU6xvPfLQOpGPtw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
210 B 15ms
14ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j100&a=70517844&t=pageview&_s=1&dl=https%3A%2F%2Fk8ccwwesx.live%2Findexasad.php&ul=en-us&de=UTF-8&dt=T%C3%A2y%20Du%20K%C3%BD%20Online&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=2025816603&gjid=870945950&cid=1394017374.1683136114&tid=UA-34575478-19&_gid=2126664350.1683136114&_r=1&_slc=1&z=1362727202

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://k8ccwwesx.live/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:33 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://k8ccwwesx.live
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
71 B 16ms
15ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j100&a=70517844&t=pageview&_s=1&dl=https%3A%2F%2Fk8ccwwesx.live%2Findexasad.php&ul=en-us&de=UTF-8&dt=T%C3%A2y%20Du%20K%C3%BD%20Online&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEDAAEABAAAAACAAI~&jid=992059250&gjid=1165438139&cid=1394017374.1683136114&tid=UA-143999657-2&_gid=2126664350.1683136114&_r=1&_slc=1&z=1470111972

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://k8ccwwesx.live/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:33 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://k8ccwwesx.live
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
77 B 10ms
9ms Image
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=272928993613453&ev=PageView&dl=https%3A%2F%2Fk8ccwwesx.live%2Findexasad.php&rl=&if=false&ts=1683136113590&sw=1600&sh=1200&v=2.9.103&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1683136113589.1206427401&it=1683136113515&coo=false&rqm=GET

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 03 May 2023 17:48:33 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
211 B 21ms
20ms XHR
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j100&tid=UA-34575478-19&cid=1394017374.1683136114&jid=2025816603&gjid=870945950&_gid=2126664350.1683136114&_u=IEBAAEAAAAAAACAAI~&z=568662485

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://k8ccwwesx.live/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 03 May 2023 17:48:33 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://k8ccwwesx.live
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
255 B 40ms
15ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-SPFXF87NXW&gtm=45je3510&_p=70517844&cid=1394017374.1683136114&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1683136113&sct=1&seg=0&dl=https%3A%2F%2Fk8ccwwesx.live%2Findexasad.php&dt=T%C3%A2y%20Du%20K%C3%BD%20Online&en=page_view&_fv=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-SPFXF87NXW
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:33 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://k8ccwwesx.live
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Arf.min.js Show response
media1.admicro.vn/cms/ 289 KB
91 KB 299ms
299ms Script
application/x-javascript 2405:f980::1:13
VNPT-AS-VN VIETNA...

General

Check archive.org

Show headers Download Go to

Full URL: https://media1.admicro.vn/cms/Arf.min.js
Requested by: Host: media1.admicro.vn
URL: https://media1.admicro.vn/cms/arf-57.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2405:f980::1:13 , Viet Nam, ASN135905 (VNPT-AS-VN VIETNAM POSTS AND TELECOMMUNICATIONS GROUP, VN),
Reverse DNS
Software: ss1/17206 /
Resource Hash: 9b69708c866676e9c188a7727e93b0c10d9e4c37945f1a8490ed6a24d692f8bc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:33 GMT
content-encoding: gzip
last-modified: Wed, 03 May 2023 14:28:53 GMT
server: ss1/17206
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=600, must-revalidate, proxy-revalidate
expires: Wed, 03 May 2023 17:58:33 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/748929497/ 3 KB
2 KB 51ms
21ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/748929497/?random=1683136113674&cv=11&fst=1683136113674&bg=ffffff&guid=ON&async=1&gtm=45be3510&u_w=1600&u_h=1200&url=https%3A%2F%2Fk8ccwwesx.live%2Findexasad.php&hn=www.googleadservices.com&frm=0&tiba=T%C3%A2y%20Du%20K%C3%BD%20Online&auid=2140392436.1683136114&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-748929497

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8466b44e34def91d96fa22d7491d586e306797c6e02677f7274c9befd4260743

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:33 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1221
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
108 B 71ms
46ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-34575478-19&cid=1394017374.1683136114&jid=2025816603&_u=IEBAAEAAAAAAACAAI~&z=601960548

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
108 B 81ms
49ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-34575478-19&cid=1394017374.1683136114&jid=2025816603&_u=IEBAAEAAAAAAACAAI~&z=601960548

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 __utm.gif
stats.g.doubleclick.net/r/ 35 B
55 B 25ms
25ms Image
image/gif 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/__utm.gif?utmwv=5.7.2dc&utms=1&utmn=295164132&utmhn=k8ccwwesx.live&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=T%C3%A2y%20Du%20K%C3%BD%20Online&utmhid=70517844&utmr=-&utmp=%2Findexasad.php&utmht=1683136113706&utmac=UA-46362619-5&utmcc=__utma%3D64151541.1394017374.1683136114.1683136114.1683136114.1%3B%2B__utmz%3D64151541.1683136114.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1936811268&utmredir=3&utmu=qAAAAAAAAAAAAAAAAAABAAAE~

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 03 May 2023 17:48:33 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/748929497/ 42 B
456 B 20ms
19ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/748929497/?random=1683136113674&cv=11&fst=1683133200000&bg=ffffff&guid=ON&async=1&gtm=45be3510&u_w=1600&u_h=1200&url=https%3A%2F%2Fk8ccwwesx.live%2Findexasad.php&frm=0&tiba=T%C3%A2y%20Du%20K%C3%BD%20Online&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=147968964&rmt_tld=0&ipr=y

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:33 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/748929497/ 42 B
456 B 21ms
21ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/748929497/?random=1683136113674&cv=11&fst=1683133200000&bg=ffffff&guid=ON&async=1&gtm=45be3510&u_w=1600&u_h=1200&url=https%3A%2F%2Fk8ccwwesx.live%2Findexasad.php&frm=0&tiba=T%C3%A2y%20Du%20K%C3%BD%20Online&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=147968964&rmt_tld=1&ipr=y

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:33 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 jquery.swiper.min.7.2.0.js Show response
gamek.mediacdn.vn/web_js/ 132 KB
45 KB 224ms
224ms Script
application/javascript 42.112.37.35
FPT-AS-AP FPT Tel...

General

Check archive.org

Show headers Download Go to

Full URL

https://gamek.mediacdn.vn/web_js/jquery.swiper.min.7.2.0.js

Requested by

Host: gamek.mediacdn.vn
URL: https://gamek.mediacdn.vn/web_js/gamek-09092022v1.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

42.112.37.35 Ho Chi Minh City, Viet Nam, ASN18403 (FPT-AS-AP FPT Telecom Company, VN),

Reverse DNS

Software

VCCloud CDN / 562.61f15037d4d130d140407d8c27a325ca /

Resource Hash

62eb35c7dfb8f9d5bf358c805f3c8063fda32dbf0a81608f2179e8af2ca4ad0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 07 Nov 2022 07:00:49 GMT
server: VCCloud CDN / 562.61f15037d4d130d140407d8c27a325ca
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
xcache-created-at: Saturday, 25-Mar-2023 12:00:14 +07
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
x-cache: HIT from VCCloud CDN
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Length,Content-Type,DNT,If-Modified-Since,Keep-Alive,Key,Origin,Range,User-Agent,X-Requested-With
x-xss-protection: 1; mode=block

GET
H2 200 jquery.fancybox-1.3.4.js Show response
gamek.mediacdn.vn/web_js/ 29 KB
9 KB 231ms
230ms Script
application/javascript 42.112.37.35
FPT-AS-AP FPT Tel...

General

Check archive.org

Show headers Download Go to

Full URL

https://gamek.mediacdn.vn/web_js/jquery.fancybox-1.3.4.js

Requested by

Host: gamek.mediacdn.vn
URL: https://gamek.mediacdn.vn/web_js/gamek-09092022v1.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

42.112.37.35 Ho Chi Minh City, Viet Nam, ASN18403 (FPT-AS-AP FPT Telecom Company, VN),

Reverse DNS

Software

VCCloud CDN / 562.4e0bd95cd76d48c794c0e4c37b5b5800 /

Resource Hash

550da296bfff54193e141d0934e2dcb71a210b975c547eb56bdd96f3adab2281

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sat, 26 Nov 2022 04:45:04 GMT
server: VCCloud CDN / 562.4e0bd95cd76d48c794c0e4c37b5b5800
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
xcache-created-at: Saturday, 25-Mar-2023 12:00:14 +07
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
x-cache: HIT from VCCloud CDN
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Length,Content-Type,DNT,If-Modified-Since,Keep-Alive,Key,Origin,Range,User-Agent,X-Requested-With
x-xss-protection: 1; mode=block

GET
H2 200 list-09092022v1.min.js Show response
gamek.mediacdn.vn/web_js/ 1 KB
586 B 218ms
218ms Script
application/javascript 42.112.37.35
FPT-AS-AP FPT Tel...

General

Check archive.org

Show headers Download Go to

Full URL

https://gamek.mediacdn.vn/web_js/list-09092022v1.min.js

Requested by

Host: gamek.mediacdn.vn
URL: https://gamek.mediacdn.vn/web_js/gamek-09092022v1.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

42.112.37.35 Ho Chi Minh City, Viet Nam, ASN18403 (FPT-AS-AP FPT Telecom Company, VN),

Reverse DNS

Software

VCCloud CDN / 562.362161ee0c7ed826698b4c902249f0c1 /

Resource Hash

0fb48768d4afbe2ae2b680b90443bf4e458c755622e2550bf3989e93ca3c3c1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sun, 12 Mar 2023 08:42:59 GMT
server: VCCloud CDN / 562.362161ee0c7ed826698b4c902249f0c1
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
xcache-created-at: Friday, 24-Mar-2023 22:21:19 +07
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
x-cache: HIT from VCCloud CDN
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Length,Content-Type,DNT,If-Modified-Since,Keep-Alive,Key,Origin,Range,User-Agent,X-Requested-With
x-xss-protection: 1; mode=block

POST
H3 200 / Show response
www.facebook.com/tr/ Frame E33F 0
18 B 9ms
7ms Document
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://k8ccwwesx.live
Referer: https://k8ccwwesx.live/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://k8ccwwesx.live
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Wed, 03 May 2023 17:48:34 GMT
priority: u=0,i
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 advbcms
lg1.logging.admicro.vn/ 35 B
543 B 219ms
219ms Image
image/gif 123.30.151.88
VNPT-AS-VN VNPT Corp

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg1.logging.admicro.vn/advbcms?dmn=https%3A%2F%2Fk8ccwwesx.live%2Findexasad.php&zid=57&pgid=1683136114280131043&uid=5731361121358891718&ui=5731361121358891718&cr=1683136112

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

123.30.151.88 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),

Reverse DNS

static.vnpt.vn

Software

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Frame-Options	allowall

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:34 GMT
x-frame-options: allowall
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
access-control-allow-origin: *
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
content-length: 35
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 arf-jxjxpls5.min.js Show response
media1.admicro.vn/cms/ 12 KB
3 KB 304ms
304ms Script
application/x-javascript 2405:f980::1:13
VNPT-AS-VN VIETNA...

General

Check archive.org

Show headers Download Go to

Full URL: https://media1.admicro.vn/cms/arf-jxjxpls5.min.js
Requested by: Host: media1.admicro.vn
URL: https://media1.admicro.vn/cms/Arf.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2405:f980::1:13 , Viet Nam, ASN135905 (VNPT-AS-VN VIETNAM POSTS AND TELECOMMUNICATIONS GROUP, VN),
Reverse DNS
Software: ss1/17206 /
Resource Hash: fa852ae558d81f45f70172edda0888aa0bc9d2a9b8dd0af065c5fdafd2b66404

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:34 GMT
content-encoding: gzip
last-modified: Wed, 03 May 2023 17:30:57 GMT
server: ss1/17206
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=600, must-revalidate, proxy-revalidate
expires: Wed, 03 May 2023 17:58:34 GMT

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame EACC 91 KB
32 KB 124ms
92ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: media1.admicro.vn
URL: https://media1.admicro.vn/cms/Arf.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c26f755e5bd8861cdae2d1ddca5a5391adb102f78122499f6bdc3a6696438d73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:34 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32210
x-xss-protection: 0
server: cafe
etag: 8159324398555318601
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 03 May 2023 17:48:34 GMT

GET
H2 200 cpx_cms
lg1.logging.admicro.vn/ 35 B
477 B 215ms
215ms Image
image/gif 123.30.151.88
VNPT-AS-VN VNPT Corp

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lg1.logging.admicro.vn/cpx_cms?dmn=https%3A%2F%2Fk8ccwwesx.live%2Findexasad.php&zid=57&pli=276920&cmpg=1042600&items=276920&cat=%2ftag%2ftay-du-ky-online%2f&cov=0&pgid=1683136114280131043&uid=5731361121358891718
Requested by: Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 123.30.151.88 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS: static.vnpt.vn
Software: aws/v1/55R3440A1B /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:34 GMT
last-modified: Sun, 17 May 1998 07:00:00 GMT
server: aws/v1/55R3440A1B
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 advbcms
lg1.logging.admicro.vn/ 35 B
543 B 216ms
216ms Image
image/gif 123.30.151.88
VNPT-AS-VN VNPT Corp

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg1.logging.admicro.vn/advbcms?dmn=https%3A%2F%2Fk8ccwwesx.live%2Findexasad.php&zid=jxjxpls5&pgid=1683136114280131043&uid=5731361121358891718&ui=5731361121358891718&cr=1683136112

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

123.30.151.88 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),

Reverse DNS

static.vnpt.vn

Software

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Frame-Options	allowall

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:34 GMT
x-frame-options: allowall
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
access-control-allow-origin: *
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
content-length: 35
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304270101/ Frame EACC 354 KB
119 KB 76ms
75ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304270101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6366951472589375&plah=k8ccwwesx.live

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

785478bc6f76861eb290bee5248963190d0ed9026aafe8a30518180415e78de0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:34 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 122070
x-xss-protection: 0
server: cafe
etag: 6165119986612683646
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 03 May 2023 17:48:34 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame EACC 395 B
607 B 58ms
16ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=k8ccwwesx.live&callback=_gfp_s_&client=ca-pub-6366951472589375

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304270101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6366951472589375&plah=k8ccwwesx.live

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e780b6647e90598ccb9d6082dc377ab2c4afe9c217406ef07cc3ae1ef5c951b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 254
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame EACC 107 B
532 B 295ms
18ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=k8ccwwesx.live

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame EACC 107 B
457 B 60ms
18ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=k8ccwwesx.live

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0843 21 KB
10 KB 443ms
438ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6366951472589375&output=html&h=90&slotname=6721968282&adk=3456145410&adf=3471351516&pi=t.ma~as.6721968282&w=728&lmt=1683136115&url=https%3A%2F%2Fk8ccwwesx.live%2Findexasad.php&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1683136114923&bpp=14&bdt=152&idt=184&shv=r20230501&mjsv=m202304270101&ptt=5&saldr=sa&correlator=2189790904806&frm=23&ife=1&pv=2&ga_vid=1394017374.1683136114&ga_sid=1683136114&ga_hid=1689191000&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=186&ady=160&biw=1600&bih=1200&isw=728&ish=90&ifk=4212140677&scr_x=0&scr_y=0&eid=44759927%2C44759876%2C44759842%2C44773809%2C44788441%2C44789761%2C44789923&oid=2&pvsid=3803969255231734&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.a5iller8jbfn&fsb=1&dtd=205

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f1cad5f65623850f402375ed8ebad7a0cc1f255f5a286a23ceb74ed4626d53a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://k8ccwwesx.live/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 9494
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 03 May 2023 17:48:35 GMT
expires: Wed, 03 May 2023 17:48:35 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cpx_cms
lg1.logging.admicro.vn/ 35 B
477 B 216ms
215ms Image
image/gif 123.30.151.88
VNPT-AS-VN VNPT Corp

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lg1.logging.admicro.vn/cpx_cms?dmn=https%3A%2F%2Fk8ccwwesx.live%2Findexasad.php&zid=57&pli=276920&cmpg=1042600&items=276920&cat=%2ftag%2ftay-du-ky-online%2f&cov=2&pgid=1683136114280131043&uid=5731361121358891718
Requested by: Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 123.30.151.88 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS: static.vnpt.vn
Software: aws/v1/87R454L0A1 /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:35 GMT
last-modified: Sun, 17 May 1998 07:00:00 GMT
server: aws/v1/87R454L0A1
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0843 42 B
63 B 121ms
120ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BquTkcfMLCQtCB1TwDRFxVXiJZDJ8W8-NZEMhQfpbS-7SwGLbzlFxqYgGF4vAcA-Q5FSdHmYIQlpGrl-WjJzXTKGJZIBYo_8cLLxT8bly9nQSRUyw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6366951472589375&output=html&h=90&slotname=6721968282&adk=3456145410&adf=3471351516&pi=t.ma~as.6721968282&w=728&lmt=1683136115&url=https%3A%2F%2Fk8ccwwesx.live%2Findexasad.php&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1683136114923&bpp=14&bdt=152&idt=184&shv=r20230501&mjsv=m202304270101&ptt=5&saldr=sa&correlator=2189790904806&frm=23&ife=1&pv=2&ga_vid=1394017374.1683136114&ga_sid=1683136114&ga_hid=1689191000&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=186&ady=160&biw=1600&bih=1200&isw=728&ish=90&ifk=4212140677&scr_x=0&scr_y=0&eid=44759927%2C44759876%2C44759842%2C44773809%2C44788441%2C44789761%2C44789923&oid=2&pvsid=3803969255231734&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.a5iller8jbfn&fsb=1&dtd=205

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0843 0
20 B 122ms
122ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=9126536034760637242&x=1&ct=77

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 0843 78 KB
27 KB 222ms
220ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

46b3e081067e631f9a1049fbfa37844da854f741b7f9a45900dc02a19a4ef143

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:35 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28043
x-xss-protection: 0
server: cafe
etag: 15270303690107644053
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 03 May 2023 17:48:35 GMT

GET
H2 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame 0843 16 KB
7 KB 52ms
10ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7bc0c4519150a490750c0f9f77857d5af952bca0bad56e3db6d24bd79f18b4e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:04:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2649
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6883
x-xss-protection: 0
last-modified: Wed, 15 Feb 2023 19:52:36 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Wed, 03 May 2023 18:04:26 GMT

GET
H2 200 skeleton.js Show response
pixel.adsafeprotected.com/rjss/st/1360115/69584918/ Frame 0843 46 KB
12 KB 132ms
60ms Script
application/javascript 52.31.187.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/rjss/st/1360115/69584918/skeleton.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6366951472589375&output=html&h=90&slotname=6721968282&adk=3456145410&adf=3471351516&pi=t.ma~as.6721968282&w=728&lmt=1683136115&url=https%3A%2F%2Fk8ccwwesx.live%2Findexasad.php&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1683136114923&bpp=14&bdt=152&idt=184&shv=r20230501&mjsv=m202304270101&ptt=5&saldr=sa&correlator=2189790904806&frm=23&ife=1&pv=2&ga_vid=1394017374.1683136114&ga_sid=1683136114&ga_hid=1689191000&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=186&ady=160&biw=1600&bih=1200&isw=728&ish=90&ifk=4212140677&scr_x=0&scr_y=0&eid=44759927%2C44759876%2C44759842%2C44773809%2C44788441%2C44789761%2C44789923&oid=2&pvsid=3803969255231734&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.a5iller8jbfn&fsb=1&dtd=205
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.31.187.235 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-187-235.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 1a5a1b67580849df550ca4c454ca3933b811dccabe20156a844731d5ffea85ae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:35 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 dbm
beacon.sojern.com/imp/ Frame 0843 42 B
230 B 50ms
20ms Image
image/gif 107.178.244.119
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.sojern.com/imp/dbm?auc=ABAjH0h0L5IQGsy5uZZBzqRKNSSr&li=19741853029&cr=474412431&io=1010692601&seg=&src=https://k8ccwwesx.live/indexasad.php&ord=1683136115214205
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6366951472589375&output=html&h=90&slotname=6721968282&adk=3456145410&adf=3471351516&pi=t.ma~as.6721968282&w=728&lmt=1683136115&url=https%3A%2F%2Fk8ccwwesx.live%2Findexasad.php&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1683136114923&bpp=14&bdt=152&idt=184&shv=r20230501&mjsv=m202304270101&ptt=5&saldr=sa&correlator=2189790904806&frm=23&ife=1&pv=2&ga_vid=1394017374.1683136114&ga_sid=1683136114&ga_hid=1689191000&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=186&ady=160&biw=1600&bih=1200&isw=728&ish=90&ifk=4212140677&scr_x=0&scr_y=0&eid=44759927%2C44759876%2C44759842%2C44773809%2C44788441%2C44789761%2C44789923&oid=2&pvsid=3803969255231734&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.a5iller8jbfn&fsb=1&dtd=205
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.178.244.119 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 119.244.178.107.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

p3p: policyref="/w3c/p3p.xml", CP="ADMa OUR IND DSP NON LAW"
date: Wed, 03 May 2023 17:48:35 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
vary: Accept-Encoding
content-type: image/gif

GET
H2 200 ca Show response
choices.truste.com/ Frame 0843 27 KB
10 KB 156ms
116ms Script
text/javascript 65.9.95.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://choices.truste.com/ca?pid=sojern01&aid=sojern02_d&c=1683136115214205&js=pmw0&w=728&h=90&admarker=dynamic&cid=sojern

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-124.prg50.r.cloudfront.net

Software

nginx /

Resource Hash

7966d4a424bc69f137da58cc6a426ad36c67d0579c554ba044cf3a67e4286755

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' ; prefetch-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f631e696fd022598ec39e248ac48b192.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *; prefetch-src 'self' *;
x-amz-cf-pop: PRG50-C1
cross-origin-embedder-policy: unsafe-none
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Accept-Encoding, Origin
content-type: text/javascript;charset=UTF-8
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: VJExbHcdur15zYizAbpTgt9qsq1Dq1KaN0ya1VC091k_RBSHQH2t8A==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230501/r20110914/client/ Frame 0843 3 KB
1 KB 39ms
10ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230501/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 07:37:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36691
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 17 May 2023 07:37:04 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230501/r20110914/client/ Frame 0843 19 KB
8 KB 38ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230501/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7141471cf38c1e5f68499d03fc12899c1d4f91358d533881a7c5e8ddf10a5ad5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:34:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 854
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7957
x-xss-protection: 0
server: cafe
etag: 10936619172403307163
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 17 May 2023 17:34:21 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 0843 0
0 17ms
15ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS-CdNpDw5iocs5i9jEBDPt3PTesW7Q7LRRUVETMqpW6eogAitq3Y1epf0muMwByL-P-_tcOFQxD2E-OddtkA94gxN2cw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6366951472589375&output=html&h=90&slotname=6721968282&adk=3456145410&adf=3471351516&pi=t.ma~as.6721968282&w=728&lmt=1683136115&url=https%3A%2F%2Fk8ccwwesx.live%2Findexasad.php&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1683136114923&bpp=14&bdt=152&idt=184&shv=r20230501&mjsv=m202304270101&ptt=5&saldr=sa&correlator=2189790904806&frm=23&ife=1&pv=2&ga_vid=1394017374.1683136114&ga_sid=1683136114&ga_hid=1689191000&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=186&ady=160&biw=1600&bih=1200&isw=728&ish=90&ifk=4212140677&scr_x=0&scr_y=0&eid=44759927%2C44759876%2C44759842%2C44773809%2C44788441%2C44789761%2C44789923&oid=2&pvsid=3803969255231734&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.a5iller8jbfn&fsb=1&dtd=205
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0843 160 KB
49 KB 66ms
24ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcef0a2eb37a3d8e32ddf11f664b3375a06980cf33792aa7bfb798b15cb646d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50021
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1682940967289926"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 May 2023 17:48:35 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame B8F7 624 B
242 B 54ms
53ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJq9JBD1mXwYj-ub4gEwAQ&v=APEucNUqWsrdARTU0DNUHY2-gYmUmDAt6cpy3LxUIfx7QSHvD9pzxIQcpvzZkWQ7a4MiHQX9EyukRUrsWyKnUqphP1n0kHMDAWiAYWacx4Iajq4fovop4qnX4ZjjyATwV2du9s3Z5-3jNxNOmKHOqNTywVX7lS7pSi_YnIKxyTMC9v2q0RtkJNg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6366951472589375&output=html&h=90&slotname=6721968282&adk=3456145410&adf=3471351516&pi=t.ma~as.6721968282&w=728&lmt=1683136115&url=https%3A%2F%2Fk8ccwwesx.live%2Findexasad.php&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1683136114923&bpp=14&bdt=152&idt=184&shv=r20230501&mjsv=m202304270101&ptt=5&saldr=sa&correlator=2189790904806&frm=23&ife=1&pv=2&ga_vid=1394017374.1683136114&ga_sid=1683136114&ga_hid=1689191000&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=186&ady=160&biw=1600&bih=1200&isw=728&ish=90&ifk=4212140677&scr_x=0&scr_y=0&eid=44759927%2C44759876%2C44759842%2C44773809%2C44788441%2C44789761%2C44789923&oid=2&pvsid=3803969255231734&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.a5iller8jbfn&fsb=1&dtd=205
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 03 May 2023 17:48:35 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame B8F7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOkBcKBhNHs5qro6JI2QEXU&google_cver=1

43 B
766 B

19ms
9ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOkBcKBhNHs5qro6JI2QEXU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJq9JBD1mXwYj-ub4gEwAQ&v=APEucNUqWsrdARTU0DNUHY2-gYmUmDAt6cpy3LxUIfx7QSHvD9pzxIQcpvzZkWQ7a4MiHQX9EyukRUrsWyKnUqphP1n0kHMDAWiAYWacx4Iajq4fovop4qnX4ZjjyATwV2du9s3Z5-3jNxNOmKHOqNTywVX7lS7pSi_YnIKxyTMC9v2q0RtkJNg
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 03 May 2023 17:48:35 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:35 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOkBcKBhNHs5qro6JI2QEXU&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame B8F7
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZFKecxuLUi3uurPL6kVfQQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOkBcKBhNHs5qro6JI2QEXU&google_cver=1

43 B
766 B

9ms
9ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOkBcKBhNHs5qro6JI2QEXU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJq9JBD1mXwYj-ub4gEwAQ&v=APEucNUqWsrdARTU0DNUHY2-gYmUmDAt6cpy3LxUIfx7QSHvD9pzxIQcpvzZkWQ7a4MiHQX9EyukRUrsWyKnUqphP1n0kHMDAWiAYWacx4Iajq4fovop4qnX4ZjjyATwV2du9s3Z5-3jNxNOmKHOqNTywVX7lS7pSi_YnIKxyTMC9v2q0RtkJNg
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 03 May 2023 17:48:35 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:35 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOkBcKBhNHs5qro6JI2QEXU&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame B8F7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEKwhkkMSka0L-THcLfNgExA&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEKwhkkMSka0L-THcLfNgExA%26google_cver%3D1

43 B
1 KB

21ms
21ms

Image
image/gif

185.89.210.141
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEKwhkkMSka0L-THcLfNgExA%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJq9JBD1mXwYj-ub4gEwAQ&v=APEucNUqWsrdARTU0DNUHY2-gYmUmDAt6cpy3LxUIfx7QSHvD9pzxIQcpvzZkWQ7a4MiHQX9EyukRUrsWyKnUqphP1n0kHMDAWiAYWacx4Iajq4fovop4qnX4ZjjyATwV2du9s3Z5-3jNxNOmKHOqNTywVX7lS7pSi_YnIKxyTMC9v2q0RtkJNg

Protocol

HTTP/1.1

Server

185.89.210.141 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 03 May 2023 17:48:35 GMT
AN-X-Request-Uuid: e863da38-4d07-4d24-b660-a5b80c80addf
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 80.255.10.198; 80.255.10.198; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 03 May 2023 17:48:35 GMT
AN-X-Request-Uuid: 8c19e308-f47f-4d86-bae1-6ba6e32909ff
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEKwhkkMSka0L-THcLfNgExA%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 80.255.10.198; 80.255.10.198; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame B8F7
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzkxMzc0NzAxMTczNzUyNTcwNg%3D%3D

170 B
244 B

23ms
23ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzkxMzc0NzAxMTczNzUyNTcwNg%3D%3D

Requested by

Protocol

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 03 May 2023 17:48:35 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 80.255.10.198; 80.255.10.198; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 97f04dca-feb3-4dd7-839f-401c7c20d21f
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzkxMzc0NzAxMTczNzUyNTcwNg%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0843 0
20 B 104ms
104ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=4931111145344&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0843 0
20 B 103ms
102ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=4931111145344&version=m202301230201&ct=77&x=1&cor=9126536034760637000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 0843 15 KB
11 KB 88ms
87ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AbVPAKASe1K7j6KQLlaW3PuDcBl460fi3joEoIx3xSfIhueUaNf8JIxcv_JOg2K-BxLjxVEGPx1-ZWnXMrUlNsZ7u1N33-VnTIiTLeTDNtxwisDlTDFdUxTVAZHpdfvPvpOMm0ZTOYb1qLX6WQbYzg7QzT3UU2Qrl43AGmRlz5WcGaMAE&cry=1&dbm_d=AKAmf-DILQuo7eZT58JK9NViXVh3d_Z6vOu-JJZOKiEhTIzjooWR2K37BHMK5drnj8FsdVFlZlQciM45bAF-O8_sYucB6U9_g2GLJc46QQkqXCJFwFAVF0QNq5nL2SR9-VmZLuESyyhDa_Y8VL-5NuoWbOBEXwlnsY73daY-g-jVF_vf_ddpLvsPgaYiOomoOLvC8QPIuU-Ms48j3zXRMooqOI3YS0D_zSFWxv1JfBbm8bB-nTvNTVKI9MRg9PGhrU5S4ChO0hnAH8A6ICaJdNu7jgVPBVCKUNR1B7J-APHxH--w3atlI7-yzJr0hYgoZj69gH4qpJVo8AO-F8MClf_kedjRjtc1hK388uL_HCvt-oXpaj0ZKZHYlXro5de0NvjT_YTyGEeNro_xV8s8z6-hr67wqe0Q3Pu6e_O3xwzXxAck0XsGCFz_6zMiMV82wv72IdtJLee6_cLjzzcdefTgQH3GF2Df43F4mSEusci8tZeYmDjZ6S0QYm-3JdusZR55Y52r1IxijCfwP5zEQbQTrehNQyzlPir4gyq942vW69-3eFK3B4eiqM-9YUViA-3k5DO23BzfiG0MpcXUaWCTJcCESlfDccsi3NwBLpXl1Y2g-LpPFFZiQ1INHsBgln327MJnkAwcdj0ebqaKzYy7uDTbxRN92XY08FsnrBqLAIrFhptB-izHvdYUiQsjg2PeuaI3VSNECEk-_BhiJitfabaupoA9eYJqXNLsOBCyxZ_PnOn5DETbOfWqhhaq4ihB2hbh4afd_qRVq-i_eZJkg_o-UIMxoiitNeJ2cFYmelrZo7QLVQOML8YHo29clMnLyhsKyCkBy6W8lZ2_RS-8VRm1IJSvvv9HHN0qX-5cEM28KqVkOgqCHyMU2FL4xYQxTgsrQlJYcblaVe5ZIHBS1ufRhdKbqtHLaWLqwkdxRKIwbAPQgMiNMZhZ-OlzOdOy3mNb3EyJYzj7zmgLqempgS66u0-72cAB167EEIZLNihzbngZWWX5yRiaWLwGfdyufI1Z2ZxfyuBun-zIqHNoZB7h-LrHMK81gNpbCqZgHM8OP8kAH_Ls0OoiI-zh8T_2QzOovrZE3RXS-WxQPl9q-uw0Dv8cXJJiPUWVENrDbSBy8P6zS6Y8hoewULg_0mkhx374TMqWzu5LSamC04_q9TeJ0FLV_Ctnme0_nealB485sduHa35EtsHm7aEG1zMVijpnCZVFS-9Siiv19_pXSaxphxVrzeXGZD-jm37G9pf6HdeNECwolRh40H9aqMgrekuf28W4iaZX-FGJkCKt83wrYrDxxRy5K2PS2YaYXGxP4S6lJ0sTe2jjFfEH-wQtXN2_-lRe8KfK2CrCRZyyxrE6oHjUFaZq_oVgbZKn976TlxBuv1LddXZdSEEyFJvcOXuJmtLwSxL6DcgIy8Gk3DymYLD57KQzGrvmoz6jsutzC93OLtzjje-sNFivXWqXmjMPrLL4OspHkvzNlZFGnxGSoA3_i96m6n07-UVkoClckfa4PN8zgqS5bdb3fpq-LbG5s0bibZWlxfBnJHqfH14wyaulZ1zllf_GCe5t4b-JxlUmopePLf6Oy-5MjsPbjGeEg_eKe9C6-0FHDpUWM8r7yH2oSBrW4MPICG3grRxHOjhbwvElasf3AzKSnBaP0VCYw_pdiwUd4belvuCqG9Afz_XBpwp3408bYB7A6mfQWloU7Q4pQJsN3tC6fgkLlUBcYP5SYDEBwXlCBAKzfhdIfhyG7xeoi07dApDhtT8KAMFt4kQ2f7LvgZ1SK0Kuk8TpQ4Z7G-MV1BlUNI_7ayYieU-3yE7XgUQtOOBBgDuAeiX8452djrFjkEnPDVxUnDpoI_P30t57rpLpwKY5y1RHkWvS8ihIfTztOjgVDdE1BKAWwCndT0nPmZyMIehGKir0U-9qT-VbAbvgM_jirMb6mopWrbZpqnC-j1ZOAr2xA9UwnjE7mM8rCrJpV8QHdFbZP2uAPezvG2bc8FFJeP14a15lR-_W1wsyGZh7p4BQgNpmNxteTe64LxCUQgCu-fXvOCDs0KCzwX9XfcRGAjelJqEDCm1qmoyEEe1cw4rNPHOuCHpTyn2_AAKVqgiRF6vE4ui7EQLD9V1R1sBwsrrkoEch2YVsLjIjgrH6lpjdxDyXvBjtWz8_xO8qMAR-iLsEkr5le6h-eL0xvlWcSf6fKWk1Ou9QY0aEM1c7o7HIp_g-IhKrhKYMv7d4uqSxlzWdCK0TpJwffAImb6kwrmkg5WpdXvUqgwKOY7PbBXa-wZNYXDQenoalWxY_RKU3QHfoseZ8LuF4lniMlAtzNCA0peO_ZdTXlYRgFw-Ap2maDq2CuYCpEdgOLQkgxX4_uSA7fKGT5_C-pZHAD9mG_mWZAIcb3NoZ3hKD8V2oqjxXjqKLGOlaTM9395AH7e1vbMIigjTKIvWnYz7_zvJG_xfkVBOrrepGo31OyvgINtHQitTch6t0jNarU9ha_iQWZD-NpbPuhDdKf_DvgJZznO9Tgps7JFATNA2EeUTVqih8__e5Y6Se7ttg_Ke6ef8n1YL2W2v8LgYB7sICLbKc0kIGkGZmd8tn2jDDJ97tcS0UY5L3K7-j5eJisdE9hvYXSYh4kdot8jr0R-DgKDZFXHHZeYGA3t-dewti7HQAgvGd2lTIEky9kzMQzjVPvmj9JlUeMqJLrzsEd1djw3lldwThlyQcTHeVw883Y5iToew9UnAf05IaLykgssqXDWR-GGadfd4UVqSTHh-wKz67VCkz8mz941LA0KFTGTecvtKZePv3nocCAtbYjDznuimUYf-jiW6ZNGhkuM62n57qt3lsRFdkaCsHXQLrlsS6PfYLQuKdTO5e8pblTItK4eh49NPMiHMfFjAUTderXbUwfqyz6TPpdq0IGGh9cG_lq4LIkwwB-st6SnWoEKPoQgfz_ranzvn6JHjJ1U9-KunPNhwZz3ENfNLbZyPv--wdd5wKjcOE75V-7ZUeJ50AcjOUMHB3Frey_mmlD6gOa60nr2NZzMjjpSe0e92fjxl2UT6Y9TNOAuHIaDCyqULL5ksVnBdba-quMfKSdOmLtH_78lFO1XYzmexMe1_dBK0QGtxdKUVEwmwTcVn1TbdOaNLMSummn4KTxdOjUZLco3I7F93wRsDKNmbjzDgmlVvL5SEAhFg0dCd0BQAcPnyKiQk9o-QbEaV-E80pj5ph7Lx4XmZY3HCf20V5iYjm6lsn71HtkLseytEK8XsKkGdjwkjQjGHf37wK4zH5yKc_VUJ2Hh-Jzjyp_R2hG-8s3ljh2xX23buCpIvLzjIRf8I6UVWzTqg3NABewAckHo-FCTLEqcFhaUofiyzcNgqTD1a2m3TaIhHs8yMMcb3kLWVEiOlAJwt_2d3E1E7VtTM53gqbgBXnbXgf9Nb5WF2VmDQXjtM-xmF4r2AoFWapxwqglq5KtpT0EDJOXxBRJ5oi3E1uS3C2fy7yHA&cid=CAQSKQBygQiD7NDq5Tz4cAU4G_CfaPxDKbgcz_FMm5GMTUg0p09k8u-flLaXGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fk8ccwwesx.live&ds=l&xdt=1&iif=1&cor=9126536034760637000&adk=2307692975&idt=243&cac=0&dtd=11

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4772f2f7031a64c872f6b8623216a713839a24f7633338970ac1d6bfe15755eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6366951472589375&output=html&h=90&slotname=6721968282&adk=3456145410&adf=3471351516&pi=t.ma~as.6721968282&w=728&lmt=1683136115&url=https%3A%2F%2Fk8ccwwesx.live%2Findexasad.php&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1683136114923&bpp=14&bdt=152&idt=184&shv=r20230501&mjsv=m202304270101&ptt=5&saldr=sa&correlator=2189790904806&frm=23&ife=1&pv=2&ga_vid=1394017374.1683136114&ga_sid=1683136114&ga_hid=1689191000&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=186&ady=160&biw=1600&bih=1200&isw=728&ish=90&ifk=4212140677&scr_x=0&scr_y=0&eid=44759927%2C44759876%2C44759842%2C44773809%2C44788441%2C44789761%2C44789923&oid=2&pvsid=3803969255231734&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.a5iller8jbfn&fsb=1&dtd=205
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:35 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11310
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 0843 41 KB
15 KB 12ms
9ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AbVPAKASe1K7j6KQLlaW3PuDcBl460fi3joEoIx3xSfIhueUaNf8JIxcv_JOg2K-BxLjxVEGPx1-ZWnXMrUlNsZ7u1N33-VnTIiTLeTDNtxwisDlTDFdUxTVAZHpdfvPvpOMm0ZTOYb1qLX6WQbYzg7QzT3UU2Qrl43AGmRlz5WcGaMAE&cry=1&dbm_d=AKAmf-DILQuo7eZT58JK9NViXVh3d_Z6vOu-JJZOKiEhTIzjooWR2K37BHMK5drnj8FsdVFlZlQciM45bAF-O8_sYucB6U9_g2GLJc46QQkqXCJFwFAVF0QNq5nL2SR9-VmZLuESyyhDa_Y8VL-5NuoWbOBEXwlnsY73daY-g-jVF_vf_ddpLvsPgaYiOomoOLvC8QPIuU-Ms48j3zXRMooqOI3YS0D_zSFWxv1JfBbm8bB-nTvNTVKI9MRg9PGhrU5S4ChO0hnAH8A6ICaJdNu7jgVPBVCKUNR1B7J-APHxH--w3atlI7-yzJr0hYgoZj69gH4qpJVo8AO-F8MClf_kedjRjtc1hK388uL_HCvt-oXpaj0ZKZHYlXro5de0NvjT_YTyGEeNro_xV8s8z6-hr67wqe0Q3Pu6e_O3xwzXxAck0XsGCFz_6zMiMV82wv72IdtJLee6_cLjzzcdefTgQH3GF2Df43F4mSEusci8tZeYmDjZ6S0QYm-3JdusZR55Y52r1IxijCfwP5zEQbQTrehNQyzlPir4gyq942vW69-3eFK3B4eiqM-9YUViA-3k5DO23BzfiG0MpcXUaWCTJcCESlfDccsi3NwBLpXl1Y2g-LpPFFZiQ1INHsBgln327MJnkAwcdj0ebqaKzYy7uDTbxRN92XY08FsnrBqLAIrFhptB-izHvdYUiQsjg2PeuaI3VSNECEk-_BhiJitfabaupoA9eYJqXNLsOBCyxZ_PnOn5DETbOfWqhhaq4ihB2hbh4afd_qRVq-i_eZJkg_o-UIMxoiitNeJ2cFYmelrZo7QLVQOML8YHo29clMnLyhsKyCkBy6W8lZ2_RS-8VRm1IJSvvv9HHN0qX-5cEM28KqVkOgqCHyMU2FL4xYQxTgsrQlJYcblaVe5ZIHBS1ufRhdKbqtHLaWLqwkdxRKIwbAPQgMiNMZhZ-OlzOdOy3mNb3EyJYzj7zmgLqempgS66u0-72cAB167EEIZLNihzbngZWWX5yRiaWLwGfdyufI1Z2ZxfyuBun-zIqHNoZB7h-LrHMK81gNpbCqZgHM8OP8kAH_Ls0OoiI-zh8T_2QzOovrZE3RXS-WxQPl9q-uw0Dv8cXJJiPUWVENrDbSBy8P6zS6Y8hoewULg_0mkhx374TMqWzu5LSamC04_q9TeJ0FLV_Ctnme0_nealB485sduHa35EtsHm7aEG1zMVijpnCZVFS-9Siiv19_pXSaxphxVrzeXGZD-jm37G9pf6HdeNECwolRh40H9aqMgrekuf28W4iaZX-FGJkCKt83wrYrDxxRy5K2PS2YaYXGxP4S6lJ0sTe2jjFfEH-wQtXN2_-lRe8KfK2CrCRZyyxrE6oHjUFaZq_oVgbZKn976TlxBuv1LddXZdSEEyFJvcOXuJmtLwSxL6DcgIy8Gk3DymYLD57KQzGrvmoz6jsutzC93OLtzjje-sNFivXWqXmjMPrLL4OspHkvzNlZFGnxGSoA3_i96m6n07-UVkoClckfa4PN8zgqS5bdb3fpq-LbG5s0bibZWlxfBnJHqfH14wyaulZ1zllf_GCe5t4b-JxlUmopePLf6Oy-5MjsPbjGeEg_eKe9C6-0FHDpUWM8r7yH2oSBrW4MPICG3grRxHOjhbwvElasf3AzKSnBaP0VCYw_pdiwUd4belvuCqG9Afz_XBpwp3408bYB7A6mfQWloU7Q4pQJsN3tC6fgkLlUBcYP5SYDEBwXlCBAKzfhdIfhyG7xeoi07dApDhtT8KAMFt4kQ2f7LvgZ1SK0Kuk8TpQ4Z7G-MV1BlUNI_7ayYieU-3yE7XgUQtOOBBgDuAeiX8452djrFjkEnPDVxUnDpoI_P30t57rpLpwKY5y1RHkWvS8ihIfTztOjgVDdE1BKAWwCndT0nPmZyMIehGKir0U-9qT-VbAbvgM_jirMb6mopWrbZpqnC-j1ZOAr2xA9UwnjE7mM8rCrJpV8QHdFbZP2uAPezvG2bc8FFJeP14a15lR-_W1wsyGZh7p4BQgNpmNxteTe64LxCUQgCu-fXvOCDs0KCzwX9XfcRGAjelJqEDCm1qmoyEEe1cw4rNPHOuCHpTyn2_AAKVqgiRF6vE4ui7EQLD9V1R1sBwsrrkoEch2YVsLjIjgrH6lpjdxDyXvBjtWz8_xO8qMAR-iLsEkr5le6h-eL0xvlWcSf6fKWk1Ou9QY0aEM1c7o7HIp_g-IhKrhKYMv7d4uqSxlzWdCK0TpJwffAImb6kwrmkg5WpdXvUqgwKOY7PbBXa-wZNYXDQenoalWxY_RKU3QHfoseZ8LuF4lniMlAtzNCA0peO_ZdTXlYRgFw-Ap2maDq2CuYCpEdgOLQkgxX4_uSA7fKGT5_C-pZHAD9mG_mWZAIcb3NoZ3hKD8V2oqjxXjqKLGOlaTM9395AH7e1vbMIigjTKIvWnYz7_zvJG_xfkVBOrrepGo31OyvgINtHQitTch6t0jNarU9ha_iQWZD-NpbPuhDdKf_DvgJZznO9Tgps7JFATNA2EeUTVqih8__e5Y6Se7ttg_Ke6ef8n1YL2W2v8LgYB7sICLbKc0kIGkGZmd8tn2jDDJ97tcS0UY5L3K7-j5eJisdE9hvYXSYh4kdot8jr0R-DgKDZFXHHZeYGA3t-dewti7HQAgvGd2lTIEky9kzMQzjVPvmj9JlUeMqJLrzsEd1djw3lldwThlyQcTHeVw883Y5iToew9UnAf05IaLykgssqXDWR-GGadfd4UVqSTHh-wKz67VCkz8mz941LA0KFTGTecvtKZePv3nocCAtbYjDznuimUYf-jiW6ZNGhkuM62n57qt3lsRFdkaCsHXQLrlsS6PfYLQuKdTO5e8pblTItK4eh49NPMiHMfFjAUTderXbUwfqyz6TPpdq0IGGh9cG_lq4LIkwwB-st6SnWoEKPoQgfz_ranzvn6JHjJ1U9-KunPNhwZz3ENfNLbZyPv--wdd5wKjcOE75V-7ZUeJ50AcjOUMHB3Frey_mmlD6gOa60nr2NZzMjjpSe0e92fjxl2UT6Y9TNOAuHIaDCyqULL5ksVnBdba-quMfKSdOmLtH_78lFO1XYzmexMe1_dBK0QGtxdKUVEwmwTcVn1TbdOaNLMSummn4KTxdOjUZLco3I7F93wRsDKNmbjzDgmlVvL5SEAhFg0dCd0BQAcPnyKiQk9o-QbEaV-E80pj5ph7Lx4XmZY3HCf20V5iYjm6lsn71HtkLseytEK8XsKkGdjwkjQjGHf37wK4zH5yKc_VUJ2Hh-Jzjyp_R2hG-8s3ljh2xX23buCpIvLzjIRf8I6UVWzTqg3NABewAckHo-FCTLEqcFhaUofiyzcNgqTD1a2m3TaIhHs8yMMcb3kLWVEiOlAJwt_2d3E1E7VtTM53gqbgBXnbXgf9Nb5WF2VmDQXjtM-xmF4r2AoFWapxwqglq5KtpT0EDJOXxBRJ5oi3E1uS3C2fy7yHA&cid=CAQSKQBygQiD7NDq5Tz4cAU4G_CfaPxDKbgcz_FMm5GMTUg0p09k8u-flLaXGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fk8ccwwesx.live&ds=l&xdt=1&iif=1&cor=9126536034760637000&adk=2307692975&idt=243&cac=0&dtd=11

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 29 Apr 2023 19:45:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 338593
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Apr 2024 19:45:22 GMT

GET
H2 200 impl_v95.js Show response
www.googletagservices.com/dcm/ Frame 0843 60 KB
23 KB 15ms
13ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v95.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a818561b7f93e0f7664504ef5993250ab3f2e6420b5d73cf708fba0f5665e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 29 Apr 2023 23:36:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 324739
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23368
x-xss-protection: 0
last-modified: Mon, 13 Feb 2023 18:47:20 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 28 Apr 2024 23:36:16 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 98D2 22 KB
8 KB 21ms
19ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 346895
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 29 Apr 2023 17:27:00 GMT
expires: Sun, 28 Apr 2024 17:27:00 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 B29263621.358421753;dc_ver=95.280;sz=728x90;u_sd=1;dc_adk=2307692971;ord=eojabm;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCRtA7c55SZL2JDdiKvPIPmNau2Ayw3dmycLzE4tXh... Show response
ad.doubleclick.net/ddm/adj/N547802.135351SOJERN12/ Frame 0843 74 KB
31 KB 106ms
55ms Script
text/javascript 172.217.18.6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N547802.135351SOJERN12/B29263621.358421753;dc_ver=95.280;sz=728x90;u_sd=1;dc_adk=2307692971;ord=eojabm;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCRtA7c55SZL2JDdiKvPIPmNau2Ayw3dmycLzE4tXhEPAuEAEgic2rImCVqp-CsAegAbq3hIwDyAEJqQK4Sb-1M2eyPqgDAaoE5QFP0IrxDN-HS0C5xNKKRPF3MFgbXEDmP3qKyuSr8KCkoXeWDx7QLEvSlZ3S2B00biQZVxD-2WGiiNtBer8ErhraPLLdiioUw4OjqPKvGck-8n4NwN_jLxsMsPrrPl4-P78Ey_xzKeg-yRjfbE4P1AKse6drKOxmfB87pFCpoW6ROM-UN4yDQrZc4Byss0DpZjZBD19bjTN8xCsRRn2rDHwvQNjLyNt0p-d_KV6eX5LQgqEoO0tcXLPG5nxJF7M_fApt-N2YzmzhDYsgqF4F9R3lVOdHz8nGDOKbzyKC7QpitpnDPDxxwATDkPnxtgTgBAOQBgGgBk2AB67I-3OoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARhdMgKqAjoCgEBIvf3BOoAKA5gLAcgLAYAMAbAT_vufE9ATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSKQBygQiD7NDq5Tz4cAU4G_CfaPxDKbgcz_FMm5GMTUg0p09k8u-flLaXGAE%26sig%3DAOD64_3Y1Q60YgGINm5eXO3QR-Xm_U0fSg%26client%3Dca-pub-6366951472589375%26dbm_c%3DAKAmf-A-qXhmm3EiOZ84kZYc4wUacGpw5R4A3ECg4mVuDAYlNfG_V3eFN-AYGjmlPHti8Z-e0zmN3_zwMxD0oRGTQ345GrQD8SLqrDwfdmgvzq1m4W8od6iXaH54akLXB5r7q86gt63GXkrKcbH3SyvgvjwGFZaQF3-yRoRl1uBwO4lUyYDrcBs%26cry%3D1%26dbm_d%3DAKAmf-C6VgJfPep61W1f5aVp0pMqlkI26Fq-amrhCG8aWg26UN8eSxKmVbVgTyPV2q7Njzg9a6B6z8Y34_f1d0KScwUTcLJx_xu_IXvAHbyo4Xja43MOoHAIlPPOCAyJxDjcknzYtjvnCM1i06fJz6O9-rzacdW8YHJfx4VIGUXYKwkrL2aqhgjgWW4qDoKO-RKClWXF4h-cUH_PFZDll3PVQyaEV_nXlqMXPL6CimpevNlnPMurJ1GgOEE15QTHLOEHiHSYwpXuLgo_QgZKs7-1lUu0M5aHp5YiAKSZCUvQ5Vo1Tuqlku-z8vrSyRS9T2uOdckFmNJkJo--kRB_5QQeBDp0YvbfyKDvjalXteAp8zpMLI88jTo06EAGe0YT3NbuvRBuaPt9Anx0S5xV0M5LOiA4EiYvjh60PdPvxw4nnBxlkYSATZ5DHycZeswOZvVqXujP5KznK4y6vVTWWGSMldwafbv2-v4X8YFLUrWJj27T8QQYS4zvl1UorVqVrpsHWM46SSpf%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd;dc_rfl=2,https%3A%2F%2Fk8ccwwesx.live$2,https%3A%2F%2Fk8ccwwesx.live%2F$0;xdt=1;crlt=_pKLJjIlXK;stc=1;chaa=1;sttr=37;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v95.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.6 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f6.1e100.net

Software

cafe /

Resource Hash

ca97bb417c0dad1ade2b73d1dabe8dde5b60dad317a4144333e8fd62c97bcf35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:36 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30980
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 layuLwmq3jdBuTYQxid3_BliAeBVpa3hzTsmkPzdK-E.js Show response
pagead2.googlesyndication.com/bg/ Frame 98D2 37 KB
14 KB 26ms
13ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/layuLwmq3jdBuTYQxid3_BliAeBVpa3hzTsmkPzdK-E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

95acae2f09aade3741b93610c62777fc196201e055a5ade1cd3b2690fcdd2be1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Thu, 27 Apr 2023 12:54:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 536036
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14580
x-xss-protection: 0
last-modified: Tue, 25 Apr 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 26 Apr 2024 12:54:40 GMT

GET
H2 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 0843 170 KB
59 KB 49ms
7ms Script
text/javascript 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 11:36:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22337
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 04 May 2023 11:36:19 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230501/r20110914/elements/html/ Frame 0843 11 KB
4 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230501/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N547802.135351SOJERN12/B29263621.358421753;dc_ver=95.280;sz=728x90;u_sd=1;dc_adk=2307692971;ord=eojabm;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCRtA7c55SZL2JDdiKvPIPmNau2Ayw3dmycLzE4tXhEPAuEAEgic2rImCVqp-CsAegAbq3hIwDyAEJqQK4Sb-1M2eyPqgDAaoE5QFP0IrxDN-HS0C5xNKKRPF3MFgbXEDmP3qKyuSr8KCkoXeWDx7QLEvSlZ3S2B00biQZVxD-2WGiiNtBer8ErhraPLLdiioUw4OjqPKvGck-8n4NwN_jLxsMsPrrPl4-P78Ey_xzKeg-yRjfbE4P1AKse6drKOxmfB87pFCpoW6ROM-UN4yDQrZc4Byss0DpZjZBD19bjTN8xCsRRn2rDHwvQNjLyNt0p-d_KV6eX5LQgqEoO0tcXLPG5nxJF7M_fApt-N2YzmzhDYsgqF4F9R3lVOdHz8nGDOKbzyKC7QpitpnDPDxxwATDkPnxtgTgBAOQBgGgBk2AB67I-3OoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARhdMgKqAjoCgEBIvf3BOoAKA5gLAcgLAYAMAbAT_vufE9ATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSKQBygQiD7NDq5Tz4cAU4G_CfaPxDKbgcz_FMm5GMTUg0p09k8u-flLaXGAE%26sig%3DAOD64_3Y1Q60YgGINm5eXO3QR-Xm_U0fSg%26client%3Dca-pub-6366951472589375%26dbm_c%3DAKAmf-A-qXhmm3EiOZ84kZYc4wUacGpw5R4A3ECg4mVuDAYlNfG_V3eFN-AYGjmlPHti8Z-e0zmN3_zwMxD0oRGTQ345GrQD8SLqrDwfdmgvzq1m4W8od6iXaH54akLXB5r7q86gt63GXkrKcbH3SyvgvjwGFZaQF3-yRoRl1uBwO4lUyYDrcBs%26cry%3D1%26dbm_d%3DAKAmf-C6VgJfPep61W1f5aVp0pMqlkI26Fq-amrhCG8aWg26UN8eSxKmVbVgTyPV2q7Njzg9a6B6z8Y34_f1d0KScwUTcLJx_xu_IXvAHbyo4Xja43MOoHAIlPPOCAyJxDjcknzYtjvnCM1i06fJz6O9-rzacdW8YHJfx4VIGUXYKwkrL2aqhgjgWW4qDoKO-RKClWXF4h-cUH_PFZDll3PVQyaEV_nXlqMXPL6CimpevNlnPMurJ1GgOEE15QTHLOEHiHSYwpXuLgo_QgZKs7-1lUu0M5aHp5YiAKSZCUvQ5Vo1Tuqlku-z8vrSyRS9T2uOdckFmNJkJo--kRB_5QQeBDp0YvbfyKDvjalXteAp8zpMLI88jTo06EAGe0YT3NbuvRBuaPt9Anx0S5xV0M5LOiA4EiYvjh60PdPvxw4nnBxlkYSATZ5DHycZeswOZvVqXujP5KznK4y6vVTWWGSMldwafbv2-v4X8YFLUrWJj27T8QQYS4zvl1UorVqVrpsHWM46SSpf%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd;dc_rfl=2,https%3A%2F%2Fk8ccwwesx.live$2,https%3A%2F%2Fk8ccwwesx.live%2F$0;xdt=1;crlt=_pKLJjIlXK;stc=1;chaa=1;sttr=37;prcl=s

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a9b847c681a24b03ba8acc0b4dcd8aab9acf8c4d3131be784d488e2402d57427

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:34:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 861
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4122
x-xss-protection: 0
server: cafe
etag: 11429739870029468282
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 17 May 2023 17:34:15 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 35FA 22 KB
8 KB 8ms
7ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 346896
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 29 Apr 2023 17:27:00 GMT
expires: Sun, 28 Apr 2024 17:27:00 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 main.19.8.407.js Show response
static.adsafeprotected.com/ Frame 0843 201 KB
63 KB 40ms
10ms Script
application/javascript 2600:9000:2127:2600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.19.8.407.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/rjss/st/1360115/69584918/skeleton.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:2600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 692dce411dc2c30076ffdfc6f3bd17cef0b34c50efc1906715a506f194906828

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 14:10:16 GMT
x-amz-version-id: R9x_EOONO0W83NrSD2NjL1a_bZEemDq4
content-encoding: gzip
via: 1.1 c76f57c516237f120f723cde4dab446e.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 13101
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Mon, 01 May 2023 19:30:35 GMT
server: AmazonS3
etag: W/"092be129c629bc7d7a2eb25844f1b9ef"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: TdxVPs4NreiBLUR6niBnp74MG-llQ71XN3oU_H2eLULZqcvvE_tWgg==

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 25CE 1 KB
643 B 9ms
8ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 82091
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 02 May 2023 19:00:25 GMT
etag: 48472445140208031
expires: Wed, 03 May 2023 19:00:25 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 0843 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 17a2a4f5cc936210d3e119f1e655302971200675f4e1dafb0c6fb5c7fcbea36a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 25CE 0
105 B 114ms
32ms Image
text/plain 2a02:fa8:8806:13::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEHJjdVMYV5Mjn6sbQff5ELE&google_cver=1&google_push=ATf1kGNR6_G3ABWzm-P726LtCG7I7mx36AVaxx7hgjcixlS6V5ysnY0pJUA0mOUn9YTPolHF-4793KV01rpBuU-677dGeg_LnepC
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6366951472589375&output=html&h=90&slotname=6721968282&adk=3456145410&adf=3471351516&pi=t.ma~as.6721968282&w=728&lmt=1683136115&url=https%3A%2F%2Fk8ccwwesx.live%2Findexasad.php&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1683136114923&bpp=14&bdt=152&idt=184&shv=r20230501&mjsv=m202304270101&ptt=5&saldr=sa&correlator=2189790904806&frm=23&ife=1&pv=2&ga_vid=1394017374.1683136114&ga_sid=1683136114&ga_hid=1689191000&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=186&ady=160&biw=1600&bih=1200&isw=728&ish=90&ifk=4212140677&scr_x=0&scr_y=0&eid=44759927%2C44759876%2C44759842%2C44773809%2C44788441%2C44789761%2C44789923&oid=2&pvsid=3803969255231734&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.a5iller8jbfn&fsb=1&dtd=205
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:36 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 25CE
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESENRQkuUx8sFZDe4UA7bgRFY&google_cver=1&google_push=ATf1kGNlYNYy1QJjfqAk1bOOyFwLNbfRDAcPtmVa0y95fA0QP6uIEIjSQXWBC44BTKLE9BC60iEhY3xArgzlYnsuvm1l8p767Z4
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=2E467888155643A4915D6FF9292F17BF&google_push=ATf1kGNlYNYy1QJjfqAk1bOOyFwLNbfRDAcPtmVa0y95fA0QP6uIEIjSQXWBC44BTKLE9BC60iEhY3xArgzlYns...

170 B
233 B

20ms
19ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=2E467888155643A4915D6FF9292F17BF&google_push=ATf1kGNlYNYy1QJjfqAk1bOOyFwLNbfRDAcPtmVa0y95fA0QP6uIEIjSQXWBC44BTKLE9BC60iEhY3xArgzlYnsuvm1l8p767Z4

Requested by

Protocol

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 03 May 2023 17:48:36 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=2E467888155643A4915D6FF9292F17BF&google_push=ATf1kGNlYNYy1QJjfqAk1bOOyFwLNbfRDAcPtmVa0y95fA0QP6uIEIjSQXWBC44BTKLE9BC60iEhY3xArgzlYnsuvm1l8p767Z4
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Tue, 02 May 2023 17:48:36 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 25CE
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEJeuvXe-UN0TRDn_j-Xaq5U&google_cver=1&google_push=ATf1kGNL3B5oC_YXpG89KZrwCesWgDIZGxj6JxpeOBqhJ1PKQoGrlAODzzm1VWoffDRxvVp01y2...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEg3WlNCM1gtMUgtQUJTSQ==&google_push=ATf1kGNL3B5oC_YXpG89KZrwCesWgDIZGxj6JxpeOBqhJ1PKQoGrlAODzzm1VWoffDRxvVp01y2PIjY1wURvF8vwx8Kmlr3rzoqX

170 B
233 B

47ms
44ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEg3WlNCM1gtMUgtQUJTSQ==&google_push=ATf1kGNL3B5oC_YXpG89KZrwCesWgDIZGxj6JxpeOBqhJ1PKQoGrlAODzzm1VWoffDRxvVp01y2PIjY1wURvF8vwx8Kmlr3rzoqX

Requested by

Protocol

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEg3WlNCM1gtMUgtQUJTSQ==&google_push=ATf1kGNL3B5oC_YXpG89KZrwCesWgDIZGxj6JxpeOBqhJ1PKQoGrlAODzzm1VWoffDRxvVp01y2PIjY1wURvF8vwx8Kmlr3rzoqX
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: f5982f4f9cc79eb2b489dda8b92e3144
Expires: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 25CE
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEExwfa7YvetG_pgAPkCHnPY&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEExwfa7YvetG_pgAPkCHnPY&google_hm=ZFKecxuLUi3uurPL6kVfQQAABIUAAAIB&google_nid=index&google_push=ATf1kGN6kn3XsaDul6cMpKbMjwz6qpG7Y9aGd...

170 B
233 B

39ms
35ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEExwfa7YvetG_pgAPkCHnPY&google_hm=ZFKecxuLUi3uurPL6kVfQQAABIUAAAIB&google_nid=index&google_push=ATf1kGN6kn3XsaDul6cMpKbMjwz6qpG7Y9aGdKZNLJU9ZNA_ZS3fs0mkB5PvTRsT4_JdOofcQ2jAGBGQk29VCsSCddUVTIbh5wxz

Requested by

Protocol

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 03 May 2023 17:48:36 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEExwfa7YvetG_pgAPkCHnPY&google_hm=ZFKecxuLUi3uurPL6kVfQQAABIUAAAIB&google_nid=index&google_push=ATf1kGN6kn3XsaDul6cMpKbMjwz6qpG7Y9aGdKZNLJU9ZNA_ZS3fs0mkB5PvTRsT4_JdOofcQ2jAGBGQk29VCsSCddUVTIbh5wxz
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 25CE
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEAt9_zhFDUkNyX16x_1fxMw&google_cver=1&google_push=ATf1kGOF8JjVMx9mFRKBfmCVj3LVkL0S8B2VYAxkN9WPl3FCwpIT8jDb3ZGNCHgjaSV5ZcG47j-VyTbH1RMPABHT...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGOF8JjVMx9mFRKBfmCVj3LVkL0S8B2VYAxkN9WPl3FCwpIT8jDb3ZGNCHgjaSV5ZcG47j-VyTbH1RMPABHTPy9Efa6Q8iw

170 B
233 B

39ms
36ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGOF8JjVMx9mFRKBfmCVj3LVkL0S8B2VYAxkN9WPl3FCwpIT8jDb3ZGNCHgjaSV5ZcG47j-VyTbH1RMPABHTPy9Efa6Q8iw

Requested by

Protocol

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 03 May 2023 17:48:36 GMT
via: 1.1 9b9ab8e6e595847652a9158c684a8926.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: PRG50-C1
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGOF8JjVMx9mFRKBfmCVj3LVkL0S8B2VYAxkN9WPl3FCwpIT8jDb3ZGNCHgjaSV5ZcG47j-VyTbH1RMPABHTPy9Efa6Q8iw
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: FqIqYQvH8Heo0bDEXF7sGjQbV_XJ-Z7d8juLmtUGJdDzhx7NLRAR8Q==

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 25CE
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEEiSaX-V_zlm-p8HGKQzx00&google_cver=1&google_push=ATf1kGO3W2bUGgwAyylb_A6r4DhdqePnJ5oQCcfvg5Za-GJsuYqjmS022SQ3TzWTf0Ap5t5q7yx58R6Q7sLD...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGO3W2bUGgwAyylb_A6r4DhdqePnJ5oQCcfvg5Za-GJsuYqjmS022SQ3TzWTf0Ap5t5q7yx58R6Q7sLDZ0CJlqbjGx4-fOq3

170 B
233 B

39ms
20ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGO3W2bUGgwAyylb_A6r4DhdqePnJ5oQCcfvg5Za-GJsuYqjmS022SQ3TzWTf0Ap5t5q7yx58R6Q7sLDZ0CJlqbjGx4-fOq3

Requested by

Protocol

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGO3W2bUGgwAyylb_A6r4DhdqePnJ5oQCcfvg5Za-GJsuYqjmS022SQ3TzWTf0Ap5t5q7yx58R6Q7sLDZ0CJlqbjGx4-fOq3
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2

200

/
onetag-sys.com/match/ Frame 25CE
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEEiSaX-V_zlm-p8HGKQzx00&google_cver=1&google_push=ATf1kGO88n8y4lfzqs3YGwQu-4B34PD641FBUdfxTV2TRlHiltQ2Ogy5k0tPu1KYxcRCRii4hWFMRx15-w4...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGO88n8y4lfzqs3YGwQu-4B34PD641FBUdfxTV2TRlHiltQ2Ogy5k0tPu1KYxcRCRii4hWFMRx15-w4leiNg4UNcObOKcRfXIA
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

18ms
18ms

Image
text/plain

51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Protocol

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:36 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 25CE 0
51 B 19ms
18ms Image
text/html 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KkBooyATQj1kOQF_r-of7mttCGg-c9VWl8O1qTDedaWGBtPvxZTYVHiwPSH7aCZLo0PQqEZg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:36 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/6931878516262699008/ Frame 5414 4 KB
668 B 48ms
17ms Document
text/html 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6931878516262699008/index.html?e=69&leftOffset=0&topOffset=0&c=Kv1vfMcHP1&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

af9c5ae71ceedae1f5ab6362b2866b8e5fbe29612fd4c364da538b8b566ef190

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 640
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 03 May 2023 17:48:36 GMT
expires: Thu, 02 May 2024 17:48:36 GMT
last-modified: Fri, 10 Feb 2023 12:22:02 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0843 0
0 96ms
53ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstxTbslBRoULcdM6ZOKqD88qfofkROPMAzot2nwWwY5EvkmHGJioFSeTbWLRA-LY_pcfbKj3eWOl_vL0UjRaQI94GhnGygwisAkAPQJ7LR4mhesMOvX3TegKhPHWSI2-1zM9gd4mJZCPv0sGE3vToOLPZD4CsvOc3GICdAS1Nw8NUEKWz8n7kuwdAEi90riHA-k-kixofYJ6A&sai=AMfl-YT8mG5n5rTkX2DVwzCQ_FWAdAImUkAa7ySqg2UEex3k5RVDjoflQscG9Wqu6LRRzCNqp5hqluUrJK_-R53JqCcgKP5SukS9JWE4rg&sig=Cg0ArKJSzOjfm-GwPCmlEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=136&cbvp=1&cstd=126&cisv=r20230501.61583&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:36 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 03 May 2023 17:48:36 GMT

GET
H3 200 vL7o0N_rWuXUXr4zaznQwGRTzb1r1IdsCvpeVnelq_s.js Show response
pagead2.googlesyndication.com/bg/ Frame 35FA 37 KB
14 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/vL7o0N_rWuXUXr4zaznQwGRTzb1r1IdsCvpeVnelq_s.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bcbee8d0dfeb5ae5d45ebe336b39d0c06453cdbd6bd4876c0afa5e5677a5abfb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 12:12:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20143
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14722
x-xss-protection: 0
last-modified: Tue, 25 Apr 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 02 May 2024 12:12:53 GMT

GET
H2

200

skeleton.js Show response
static.adsafeprotected.com/ Frame 0843
Redirect Chain

https://pixel.adsafeprotected.com/rfw/st/1360115/69584918/skeleton.js?adsafe_url=https%3A%2F%2Fk8ccwwesx.live&adsafe_type=g&adsafe_url=https%3A%2F%2Fk8ccwwesx.live%2F&adsafe_type=e&adsafe_url=https...
https://static.adsafeprotected.com/skeleton.js

17 B
465 B

9ms
9ms

Script
application/javascript

2600:9000:2127:2600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/skeleton.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6366951472589375&output=html&h=90&slotname=6721968282&adk=3456145410&adf=3471351516&pi=t.ma~as.6721968282&w=728&lmt=1683136115&url=https%3A%2F%2Fk8ccwwesx.live%2Findexasad.php&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1683136114923&bpp=14&bdt=152&idt=184&shv=r20230501&mjsv=m202304270101&ptt=5&saldr=sa&correlator=2189790904806&frm=23&ife=1&pv=2&ga_vid=1394017374.1683136114&ga_sid=1683136114&ga_hid=1689191000&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=186&ady=160&biw=1600&bih=1200&isw=728&ish=90&ifk=4212140677&scr_x=0&scr_y=0&eid=44759927%2C44759876%2C44759842%2C44773809%2C44788441%2C44789761%2C44789923&oid=2&pvsid=3803969255231734&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.a5iller8jbfn&fsb=1&dtd=205
Protocol: H2
Server: 2600:9000:2127:2600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 03:51:51 GMT
x-amz-version-id: nylqTweorRThFHMBJSrf_fHcWx3KVKN3
via: 1.1 c76f57c516237f120f723cde4dab446e.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 9295006
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 17
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: AmazonS3
etag: "53fab767ecbd3bf07990b10246befbd4"
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: IMaGudYHdrIe4_ivCW8e2E7wHwhDVmxqSkz9-8mPh2hjlKLyxCMPDw==

Redirect headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:36 GMT
server: nginx
x-server-name: app11.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame AF02 91 KB
92 KB 16ms
16ms Script
application/javascript 2600:9000:2127:2600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6366951472589375&output=html&h=90&slotname=6721968282&adk=3456145410&adf=3471351516&pi=t.ma~as.6721968282&w=728&lmt=1683136115&url=https%3A%2F%2Fk8ccwwesx.live%2Findexasad.php&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1683136114923&bpp=14&bdt=152&idt=184&shv=r20230501&mjsv=m202304270101&ptt=5&saldr=sa&correlator=2189790904806&frm=23&ife=1&pv=2&ga_vid=1394017374.1683136114&ga_sid=1683136114&ga_hid=1689191000&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=186&ady=160&biw=1600&bih=1200&isw=728&ish=90&ifk=4212140677&scr_x=0&scr_y=0&eid=44759927%2C44759876%2C44759842%2C44773809%2C44788441%2C44789761%2C44789923&oid=2&pvsid=3803969255231734&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.a5iller8jbfn&fsb=1&dtd=205
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:2600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 01:38:18 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
via: 1.1 c76f57c516237f120f723cde4dab446e.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 4810218
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 93606
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: "1f3488247c90bb5de253d3d0cb3b7458"
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: X4Ao65spNkHKU8X2PJry1BapY4C_5OsF9T4055gE_en5tF6wr2XVog==

GET
H3 200 style.css
s0.2mdn.net/sadbundle/6931878516262699008/ Frame 5414 5 KB
1 KB 36ms
26ms Stylesheet
text/css 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6931878516262699008/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6931878516262699008/index.html?e=69&leftOffset=0&topOffset=0&c=Kv1vfMcHP1&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6bf785ff447ff31eca6a173b9ea1efc27d81821fc7276f59f9eda0b63cffc8ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6931878516262699008/index.html?e=69&leftOffset=0&topOffset=0&c=Kv1vfMcHP1&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 29 Apr 2023 16:07:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 351675
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1347
x-xss-protection: 0
last-modified: Fri, 10 Feb 2023 12:22:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 28 Apr 2024 16:07:21 GMT

GET
H3 200 Enabler_01_246.js Show response
s0.2mdn.net/879366/ Frame 5414 116 KB
39 KB 36ms
27ms Script
text/javascript 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_246.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6931878516262699008/index.html?e=69&leftOffset=0&topOffset=0&c=Kv1vfMcHP1&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b64291fc91dc77833930ffcead244193c5cfd9e882af312ecc89b580160c22a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6931878516262699008/index.html?e=69&leftOffset=0&topOffset=0&c=Kv1vfMcHP1&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Tue, 02 May 2023 20:11:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77820
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40237
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 03 May 2023 20:11:36 GMT

GET
H3 200 pa.js Show response
s0.2mdn.net/sadbundle/6931878516262699008/ Frame 5414 4 KB
1 KB 42ms
32ms Script
application/x-javascript 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6931878516262699008/pa.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6931878516262699008/index.html?e=69&leftOffset=0&topOffset=0&c=Kv1vfMcHP1&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b88a304d6162d0e7bc1ea1c3b8c9e9f6b6751002a6d58b6a7bb2c4dd383dea8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6931878516262699008/index.html?e=69&leftOffset=0&topOffset=0&c=Kv1vfMcHP1&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 02:18:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 314996
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1443
x-xss-protection: 0
last-modified: Fri, 10 Feb 2023 12:22:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 29 Apr 2024 02:18:40 GMT

GET
H3 200 logic.js Show response
s0.2mdn.net/sadbundle/6931878516262699008/ Frame 5414 18 KB
3 KB 45ms
35ms Script
application/x-javascript 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6931878516262699008/logic.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6931878516262699008/index.html?e=69&leftOffset=0&topOffset=0&c=Kv1vfMcHP1&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f9e4c7961b4604ff049f8e627a6358b18763899941da49a724db6982a353b9f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6931878516262699008/index.html?e=69&leftOffset=0&topOffset=0&c=Kv1vfMcHP1&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 29 Apr 2023 00:22:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 408362
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3284
x-xss-protection: 0
last-modified: Fri, 10 Feb 2023 12:22:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 28 Apr 2024 00:22:34 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 0843 43 B
216 B 306ms
94ms Image
image/gif 2600:1f18:1aca:4280:4aa4:b14:cc13:9bdb
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1360115&asId=f726cf8a-30d5-097e-d2ad-c8eecc000638&tv=%7Bc:bzH9bC,pingTime:-3,time:222,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:188%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:222,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:188,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B47~0%5D,as:%5B47~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tDdxC7s+11%7C121*.1360115-69584918%7C1211%7C1212%7C1213%7C1214%7C1215,idMap:121*,rmeas:1,rend:0,renddet:DIV,siq:189%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6366951472589375&output=html&h=90&slotname=6721968282&adk=3456145410&adf=3471351516&pi=t.ma~as.6721968282&w=728&lmt=1683136115&url=https%3A%2F%2Fk8ccwwesx.live%2Findexasad.php&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1683136114923&bpp=14&bdt=152&idt=184&shv=r20230501&mjsv=m202304270101&ptt=5&saldr=sa&correlator=2189790904806&frm=23&ife=1&pv=2&ga_vid=1394017374.1683136114&ga_sid=1683136114&ga_hid=1689191000&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=186&ady=160&biw=1600&bih=1200&isw=728&ish=90&ifk=4212140677&scr_x=0&scr_y=0&eid=44759927%2C44759876%2C44759842%2C44773809%2C44788441%2C44789761%2C44789923&oid=2&pvsid=3803969255231734&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.a5iller8jbfn&fsb=1&dtd=205
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:4aa4:b14:cc13:9bdb Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:36 GMT
server: nginx
x-server-name: dt16.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 0843 43 B
216 B 307ms
94ms Image
image/gif 2600:1f18:1aca:4280:4aa4:b14:cc13:9bdb
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1360115&asId=f726cf8a-30d5-097e-d2ad-c8eecc000638&tv=%7Bc:bzH9bE,pingTime:-6,time:224,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:224,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:188,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B49~0%5D,as:%5B49~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tDdxC7s+11%7C121*.1360115-69584918%7C1211%7C1212%7C1213%7C1214%7C1215,idMap:121*,rmeas:1,rend:0,renddet:DIV,siq:189%7D&tpiLookup=ao:k8ccwwesx.live*%2Ck8ccwwesx.live*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6366951472589375&output=html&h=90&slotname=6721968282&adk=3456145410&adf=3471351516&pi=t.ma~as.6721968282&w=728&lmt=1683136115&url=https%3A%2F%2Fk8ccwwesx.live%2Findexasad.php&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1683136114923&bpp=14&bdt=152&idt=184&shv=r20230501&mjsv=m202304270101&ptt=5&saldr=sa&correlator=2189790904806&frm=23&ife=1&pv=2&ga_vid=1394017374.1683136114&ga_sid=1683136114&ga_hid=1689191000&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=186&ady=160&biw=1600&bih=1200&isw=728&ish=90&ifk=4212140677&scr_x=0&scr_y=0&eid=44759927%2C44759876%2C44759842%2C44773809%2C44788441%2C44789761%2C44789923&oid=2&pvsid=3803969255231734&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.a5iller8jbfn&fsb=1&dtd=205
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:4aa4:b14:cc13:9bdb Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:36 GMT
server: nginx
x-server-name: dt17.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 98D2 0
20 B 127ms
124ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BGc4ac55SZPK8NonY3gOaz4PIBgAAAAA4AeAEAg&bg=!d3SldCDNAAYcDqajPA47ADkAdvg8WruxHTgCmWGGqz0cblkS6cymnMtJoZyVxVFo3M8_Ohas_LWwWmUeVTr0rI11XEvGf3gARlACAAAAtlIAAAADaAEHmQMkJ01_fcYSBuaPZ08R65wbEF65kpPfdyFA5eTzlnlnLCVKtopO3vISusRzqDXqZ2JLArvv9sAWMfpugI_aliOVu-Qz_SoEfSRTPAFZ4vp9oybtsjzrTH7US0K45ho1UitSnDLFZ0QbmVhTaZXRwvEz2O7ghCu15PjIlOgCbXN6uFZrudbR1yDb8sfOWvQia7b-lh_zF9PPin29Pe6szBL0zYZ8kqVyhCAO3j0MHvOl-owWMSaODSC2aGLCNvEdB2D3mJleb3t9H9nSnPobqJnYRQrw9muqbCxejpr9M_Ry7tdEeBvPRmrmnrFOppCcovr8D7UJOBv3JugbRiJl8GsgVOL1Z0vq6NyrdY0wnBe25ZgkwEuaRq6CHChcVmqdPCCE1FIQBAhv33_JWRq_W6205QePqGQ9yWHrqjSsYbT_Ah5uerx5h-2BQEz-upB9xNLPqN1VpL_PZH3Ta6_LFDKq4Tx4o1R5yvcAPbcmskShHeeFyfG80a2vQ2URNKUS4JgHIATDHkUg4o0PJcT9As_SJuF1WVJL3-1J076vFQo-gD6P0WE4rLGnYFKixqjZi-e_n_vSvUEPcx3Wv9ALjROP5yB4wV33pEJFZyGRz29cSN_qSkkqTF223-AZmRF2NjrQ0GQcHmvEgLy5dBz1wCq6iJENkrSqrHVywaBv_BNtcpt2NnVk3Clgt5C7y_tdNvX2db_lwVMY7YEoe0RqK1hFvaqejMVFCVqknPw2j9Uyw4RHEMOoLfeGKfd1xcWY0mSxg29sTJcgH8avwLje3RnjKemzAaJPquJMd2dhyznBEiD_L70XH2srVdNx6EGYvX67IpBuryTlyPII4S3TG6xg9-hrvewhGrRvNw_qZlaO3t6TGpSderHnlhso6qj3J16RprjB3ZvhdWeF2ScnY2b3FPPWjDj-a9giKRGFvo3R47wwSkAJD61RB_LLZqXfn_cXEQv9bAR8L-wuHC_bwCsQJgRyTC0wI0k4crlFyJaFRfoY0V3M3AqdbbdKqEKF5BjqBbHpjEEOkNjAg3ORXWV6Fw5x47J3tYXxppQQ2Lh04bMVSKTy

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 0843 43 B
216 B 280ms
95ms Image
image/gif 2600:1f18:1aca:4280:4aa4:b14:cc13:9bdb
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1360115&asId=f726cf8a-30d5-097e-d2ad-c8eecc000638&tv=%7Bc:bzH9c8,pingTime:-2,time:254,type:a,im:%7Bsf:0,pom:1,prf:%7BbdA:449,bdZ:588,beA:981,beZ:982,mfA:1153,cmA:1154,inA:1154,inZ:1158,prA:1158,prZ:1163,si:1169,poA:1170,poZ:1185,cmZ:1185,mfZ:1185,loA:1204,loZ:1207,ltA:1235,ltZ:1235,mdA:982,mdZ:1031%7D%7D,sca:%7Bdfp:%7Bdf:3,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:188%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:255,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:188,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B80~0%5D,as:%5B80~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tDdxC7s+11%7C121*.1360115-69584918%7C1211%7C1212%7C1213%7C1214%7C1215,idMap:121*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:DIV,siq:189,sinceFw:64,readyFired:true%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6366951472589375&output=html&h=90&slotname=6721968282&adk=3456145410&adf=3471351516&pi=t.ma~as.6721968282&w=728&lmt=1683136115&url=https%3A%2F%2Fk8ccwwesx.live%2Findexasad.php&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1683136114923&bpp=14&bdt=152&idt=184&shv=r20230501&mjsv=m202304270101&ptt=5&saldr=sa&correlator=2189790904806&frm=23&ife=1&pv=2&ga_vid=1394017374.1683136114&ga_sid=1683136114&ga_hid=1689191000&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=186&ady=160&biw=1600&bih=1200&isw=728&ish=90&ifk=4212140677&scr_x=0&scr_y=0&eid=44759927%2C44759876%2C44759842%2C44773809%2C44788441%2C44789761%2C44789923&oid=2&pvsid=3803969255231734&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.a5iller8jbfn&fsb=1&dtd=205
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:4aa4:b14:cc13:9bdb Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:36 GMT
server: nginx
x-server-name: dt18.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0843 0
0 47ms
46ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstxTbslBRoULcdM6ZOKqD88qfofkROPMAzot2nwWwY5EvkmHGJioFSeTbWLRA-LY_pcfbKj3eWOl_vL0UjRaQI94GhnGygwisAkAPQJ7LR4mhesMOvX3TegKhPHWSI2-1zM9gd4mJZCPv0sGE3vToOLPZD4CsvOc3GICdAS1Nw8NUEKWz8n7kuwdAEi90riHA-k-kixofYJ6A&sai=AMfl-YT8mG5n5rTkX2DVwzCQ_FWAdAImUkAa7ySqg2UEex3k5RVDjoflQscG9Wqu6LRRzCNqp5hqluUrJK_-R53JqCcgKP5SukS9JWE4rg&sig=Cg0ArKJSzOjfm-GwPCmlEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=323&vt=11&dtpt=187&dett=3&cstd=126&cisv=r20230501.61583&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:36 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 03 May 2023 17:48:36 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 5414 7 KB
6 KB 52ms
52ms XHR
application/json 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_246&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_246.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

5c539dc866459742bc38009d83b58292f029b1464579096f57147e0dd8a6a29d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:36 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5682
x-xss-protection: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 0843 43 B
217 B 180ms
93ms Image
image/gif 2600:1f18:1aca:4280:4aa4:b14:cc13:9bdb
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1360115&asId=f726cf8a-30d5-097e-d2ad-c8eecc000638&tv=%7Bc:bzH9dI,time:352,type:e,im:%7Bimprf:%7Bttecl:838,ecd:76,tsecr:41%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:352,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:188,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B177~0%5D,as:%5B177~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tDdxC7s+11%7C121*.1360115-69584918%7C1211%7C1212%7C1213%7C1214%7C1215,idMap:121*,rmeas:1,rend:0,renddet:DIV,siq:189,sis:307%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6366951472589375&output=html&h=90&slotname=6721968282&adk=3456145410&adf=3471351516&pi=t.ma~as.6721968282&w=728&lmt=1683136115&url=https%3A%2F%2Fk8ccwwesx.live%2Findexasad.php&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1683136114923&bpp=14&bdt=152&idt=184&shv=r20230501&mjsv=m202304270101&ptt=5&saldr=sa&correlator=2189790904806&frm=23&ife=1&pv=2&ga_vid=1394017374.1683136114&ga_sid=1683136114&ga_hid=1689191000&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=186&ady=160&biw=1600&bih=1200&isw=728&ish=90&ifk=4212140677&scr_x=0&scr_y=0&eid=44759927%2C44759876%2C44759842%2C44773809%2C44788441%2C44789761%2C44789923&oid=2&pvsid=3803969255231734&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.a5iller8jbfn&fsb=1&dtd=205
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:4aa4:b14:cc13:9bdb Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:36 GMT
server: nginx
x-server-name: dt19.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 5414 17 KB
6 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_246.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 03 May 2023 17:48:36 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 35FA 0
20 B 108ms
108ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BP7HfdJ5SZOCNAu3d7_UPpoKSwA8AAAAAOAHgBAI&bg=!cHOlcyfNAAYcDqajPA47ADkAdvg8Wgbt5aO8SfqK4akcBcCJaWlz8kydYJzcZXJ2N0LJI2IGzDAkLT9_9OtfLeOWI-kDiiYhyV8CAAAAklIAAAAEaAEHCgA6dGwNgkowrGMvDMtWVBJ12PLFaHBIXLYCx7o6RmisUd2KYYe-07LyYr2WK8qXRpGrw2W-CBCac_WXz5kDHq3iXbSUvlczZLcIMm4Z7UHaN8d0qRQAjv7DVMEkjF3Yuow-xqwvfGJvVuW8J5iPkLCvUVllXrT1bZc_5rzAUaGVBKpYh8Ih6Vh_fp-ReYiV1-E0v24SO7VB_6tUklip-IgjUHl4CxTl1yQfTY_FVHvptJOVmY3XZmpSYwj53jSCWnMgsQX-OQNnfFvasgMSQmhIBsLNPjuIW-lp1rrrI2-UQF5RrnrB9xPqQcngrZypYxtX_JFmJOpQZFuggoSu9CLV1XnhGCmt5_LWUcSjpRvSGCdyRcjS3dDku7q6BLEYqYVM4Hek3jlSxsvaMwOU5N-wZgqRGQzPw4_v4xzeKtfiBi9QOloBuvs4SlT9qgWDJr7fDPbVPbflXB9hCpGuRpoG6esJsHeWvQJ90Y3EYmjlufgiykdtmYo9Nb7lDA13_v6Ac_4GfEB8EmIjTFQ9gGlz91H0ZSreY0tB2F5Ny6Ibht2VjtQcpuUXGbXjcOArsAcD6PefQTmcndrrGN0KdP6p0up4oK5B4FRCFskfRFXnMWX8aM3H9kf07A-gZJJ7ArNcLffWBSLANvpYxi9pLDdce2gJcW6JVPIhKzfCdfRUT_Xve9JNSmQl4UjIupgPGr0M0AkPQMLonn8W6Q9-o4ymXNC5gpzElypt_teoA1DxYBx67iIkloAtv_sriG6DGVRp7t5qXatHwFFMstv-Qw1OrjRU1eUDzygEZYdAEDEYOUD_vjKreM5Jd_-R7pn2VnZj2FS3cgwLSML-_RKDwSK74wCmDXUogB2_wuHHUMHaWpEPEi4ov65QL70sdGHlT4Xrz2ervEthav2ufwqrxb65H5DZPJR5OQ2XIHqL8KglrmbfRl4gsScdBhQ2P8YfIbnXiqminc7zFePKDXOJPQ-IlPjKJYoMhEMcCFEvLLgQvJIuzNW6a1C5kbqPj3GyEWjFk3ivE9VWvRjA0lqPzMtwXk5jdLKhUUv6K1hw5WYYFYMhBw3JkIZ-9rTfH1Cx-baS5c1eWLr-SfS-aXaohEdkjjVPBtpXD3vXBRoEexAt4b2oOqkz8nH9D-BxQg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 vL7o0N_rWuXUXr4zaznQwGRTzb1r1IdsCvpeVnelq_s.js Show response
pagead2.googlesyndication.com/bg/ Frame E087 37 KB
14 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/vL7o0N_rWuXUXr4zaznQwGRTzb1r1IdsCvpeVnelq_s.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bcbee8d0dfeb5ae5d45ebe336b39d0c06453cdbd6bd4876c0afa5e5677a5abfb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 12:12:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20143
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14722
x-xss-protection: 0
last-modified: Tue, 25 Apr 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 02 May 2024 12:12:53 GMT

GET
H2 200 bundle.js Show response
static.philacct.com/ngvmfg/static/js/ 45 KB
14 KB 1550ms
593ms Script
application/x-javascript 2405:f980::1:10
VNPT-AS-VN VIETNA...

General

Check archive.org

Show headers Download Go to

Full URL: https://static.philacct.com/ngvmfg/static/js/bundle.js
Requested by: Host: media1.admicro.vn
URL: https://media1.admicro.vn/core/admcore.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2405:f980::1:10 , Viet Nam, ASN135905 (VNPT-AS-VN VIETNAM POSTS AND TELECOMMUNICATIONS GROUP, VN),
Reverse DNS
Software: ss1/17205 /
Resource Hash: e61fd45407ec94fcaf4f11a2a4cb98fc514a45a56d73be14ed0cbe8d896a4f4f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k8ccwwesx.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:37 GMT
content-encoding: gzip
last-modified: Wed, 07 Jul 2021 08:39:52 GMT
server: ss1/17205
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=600, must-revalidate, proxy-revalidate
expires: Wed, 03 May 2023 17:58:37 GMT

GET
H3 200 Montserrat-SemiBold.woff
s0.2mdn.net/sadbundle/6931878516262699008/ Frame 5414 32 KB
32 KB 13ms
12ms Font
font/woff 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6931878516262699008/Montserrat-SemiBold.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6931878516262699008/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d841940fc5a291c2b21753932d57b24e9c4f26e6ae9788ad449392a55892c39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/6931878516262699008/style.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 29 Apr 2023 06:26:32 GMT
x-content-type-options: nosniff
age: 386524
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32860
x-xss-protection: 0
last-modified: Fri, 10 Feb 2023 12:22:02 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 28 Apr 2024 06:26:32 GMT

GET
H3 200 Montserrat-Bold.woff
s0.2mdn.net/sadbundle/6931878516262699008/ Frame 5414 33 KB
33 KB 23ms
23ms Font
font/woff 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6931878516262699008/Montserrat-Bold.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6931878516262699008/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b27ee5c9041ce0a0f08ba30726a57407f676dbfe4a2eb27d186f23ede581d19

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/6931878516262699008/style.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 29 Apr 2023 06:23:00 GMT
x-content-type-options: nosniff
age: 386736
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33604
x-xss-protection: 0
last-modified: Fri, 10 Feb 2023 12:22:02 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 28 Apr 2024 06:23:00 GMT

GET
H3 200 Montserrat-Black.woff
s0.2mdn.net/sadbundle/6931878516262699008/ Frame 5414 30 KB
30 KB 14ms
14ms Font
font/woff 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6931878516262699008/Montserrat-Black.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6931878516262699008/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6448c95ad8e9b1f63465c57952afbf8df9df45103e966407d7b0f1588e9e009e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/6931878516262699008/style.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 29 Apr 2023 20:43:47 GMT
x-content-type-options: nosniff
age: 335089
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30436
x-xss-protection: 0
last-modified: Fri, 10 Feb 2023 12:22:02 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 28 Apr 2024 20:43:47 GMT

GET
H3 200 Montserrat-Light.woff
s0.2mdn.net/sadbundle/6931878516262699008/ Frame 5414 32 KB
32 KB 20ms
20ms Font
font/woff 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6931878516262699008/Montserrat-Light.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6931878516262699008/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e58cb72c1056d2a9345f7cbd4282f32f519cbd2d038145671674d769b7d1d359

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/6931878516262699008/style.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 06:01:35 GMT
x-content-type-options: nosniff
age: 474421
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32812
x-xss-protection: 0
last-modified: Fri, 10 Feb 2023 12:22:02 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 27 Apr 2024 06:01:35 GMT

GET
H3 200 Montserrat-Regular.woff
s0.2mdn.net/sadbundle/6931878516262699008/ Frame 5414 32 KB
32 KB 24ms
23ms Font
font/woff 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6931878516262699008/Montserrat-Regular.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6931878516262699008/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

642f5fd742a9d4ad971464adee5f82c0292f812d14e337e5448cdb29ce5f2a26

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/6931878516262699008/style.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Mon, 01 May 2023 02:29:25 GMT
x-content-type-options: nosniff
age: 227951
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33080
x-xss-protection: 0
last-modified: Fri, 10 Feb 2023 12:22:02 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 30 Apr 2024 02:29:25 GMT

GET
H3 200 60015185_20200820245904965_ALL_Logo_WHITE.png
s0.2mdn.net/ads/richmedia/studio/60015185/ Frame 5414 55 KB
55 KB 56ms
56ms Image
image/png 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60015185/60015185_20200820245904965_ALL_Logo_WHITE.png

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6471be6b02897e0fcc27acc17e01ca5b3243b6a3f917b01987fed922b9751e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6931878516262699008/index.html?e=69&leftOffset=0&topOffset=0&c=Kv1vfMcHP1&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 16:43:30 GMT
x-content-type-options: nosniff
age: 3906
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56405
x-xss-protection: 0
last-modified: Thu, 20 Aug 2020 07:59:05 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 04 May 2023 16:43:30 GMT

GET
H3 200 60015185_20230118072956460_AS_NEW_KV_JAN23.jpg
s0.2mdn.net/ads/richmedia/studio/60015185/ Frame 5414 425 KB
425 KB 30ms
29ms Image
image/jpeg 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60015185/60015185_20230118072956460_AS_NEW_KV_JAN23.jpg

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a00f0d35b861c1ea819398b5f2ead813fb48380bd5528ca56d779f305c8de6e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6931878516262699008/index.html?e=69&leftOffset=0&topOffset=0&c=Kv1vfMcHP1&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Tue, 02 May 2023 18:27:03 GMT
x-content-type-options: nosniff
age: 84093
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 434836
x-xss-protection: 0
last-modified: Wed, 18 Jan 2023 15:29:56 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 03 May 2023 18:27:03 GMT

GET
H3 200 60015185_20220330074254081_KV_DESTINATION.jpg
s0.2mdn.net/ads/richmedia/studio/60015185/ Frame 5414 513 KB
513 KB 29ms
28ms Image
image/jpeg 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60015185/60015185_20220330074254081_KV_DESTINATION.jpg

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

41fbbac12d7d653541f0a0dfe0842d3e917546f06c700c7572e0ee45bc1ed4db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6931878516262699008/index.html?e=69&leftOffset=0&topOffset=0&c=Kv1vfMcHP1&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Tue, 02 May 2023 18:44:17 GMT
x-content-type-options: nosniff
age: 83059
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 525235
x-xss-protection: 0
last-modified: Wed, 30 Mar 2022 14:42:54 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 03 May 2023 18:44:17 GMT

GET
H3 200 60015185_20220330074258745_KV_HOTEL.jpg
s0.2mdn.net/ads/richmedia/studio/60015185/ Frame 5414 483 KB
483 KB 55ms
55ms Image
image/jpeg 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60015185/60015185_20220330074258745_KV_HOTEL.jpg

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f4b2474113dddc55ebc90156e84591220ba900000b3d332da0c0db15fdd20b3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6931878516262699008/index.html?e=69&leftOffset=0&topOffset=0&c=Kv1vfMcHP1&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Tue, 02 May 2023 18:07:31 GMT
x-content-type-options: nosniff
age: 85265
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 494627
x-xss-protection: 0
last-modified: Wed, 30 Mar 2022 14:42:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 03 May 2023 18:07:31 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 0843 43 B
216 B 98ms
98ms Image
image/gif 2600:1f18:1aca:4280:4aa4:b14:cc13:9bdb
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1360115&asId=f726cf8a-30d5-097e-d2ad-c8eecc000638&tv=%7Bc:bzH9hK,pingTime:-10,time:602,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTEzLjAuNTY3Mi42MyBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1683136116711%7C%7Cadbb5f9f3fb6c84d97b406448f3e8866%7C%7C1a341f7ffaad5ea94f399b4eae605ec3%7C%7Cd291f97b28aea570886d51ec45c7e74b%7C%7C0c034bd8404ac1f0d0383dbf6a9ef9d1%7C%7Cd975e9b200996a3ffc1ea94dc477e507%7C%7C9b7b2f460bda794b641f28fab7d9902d%7C%7C0c6c1442153521a98e0314c8d65186a8%7C%7C1663701684%7D
Requested by: Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:4aa4:b14:cc13:9bdb Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:36 GMT
server: nginx
x-server-name: dt13.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 0843 43 B
216 B 93ms
93ms Image
image/gif 2600:1f18:1aca:4280:4aa4:b14:cc13:9bdb
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1360115&asId=f726cf8a-30d5-097e-d2ad-c8eecc000638&tv=%7Bc:bzH9jN,time:729,type:e,im:%7Bpci:%7Btdr:506%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:729,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:188,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B555~0%5D,as:%5B555~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:100,fm:tDdxC7s+11%7C121*.1360115-69584918%7C1211%7C1212%7C1213%7C1214%7C1215,idMap:121*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:189,sis:307%7D&br=c
Requested by: Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:4aa4:b14:cc13:9bdb Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:36 GMT
server: nginx
x-server-name: dt01.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0843 42 B
64 B 134ms
134ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssEa27jA4yJ4md1UeBqnIk9DGgc1BOlaXh5vQT0iHY9SG1SYe9J1TcKBDfaUg6VZ7bAsRq4r-vU_j06sWy2eW6-RSUfOJDBLXZLmpuG_EwP3Oj0fS2I4CkJf58jCOAX51jJMomcxg&sai=AMfl-YQyxkYk-sKOWZwqBA5OnC6RwP6iCfQ-nx_de2umfEty9rZGVp9czAMaVnea5x2d0z7l_JdrXtuyaAM8e8lN7RJ2i4yaP_Y1V0o&sig=Cg0ArKJSzAjrbb1Zi918EAE&cid=CAQSKQBygQiD7NDq5Tz4cAU4G_CfaPxDKbgcz_FMm5GMTUg0p09k8u-flLaXGAE&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=927,1000,1000,1000,1000&tos=927,73,0,0,0&v=20230501&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3456145410&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1683136115130&rpt=1016&met=ie&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:37 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0843 42 B
64 B 121ms
120ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstEd6-NS6dz8NH3m-78PulBNlm1cEzeEY5e4VP9U5faj_-Gg2HbNUqWlgSHhYKhArt9P2ESpwVJZNFVZKLgCLei0DzN4pejKns&sig=Cg0ArKJSzFmcthYQgPtTEAE&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230501&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=34&adk=2307692971&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1683136115130&rpt=1133&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:37 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ Frame 0843 6 KB
3 KB 165ms
122ms Script
text/javascript 65.9.95.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://choices.trustarc.com/ca?aid=sojern02_d&pid=sojern01&cid=sojern&w=728&h=90&c=1683136115214205&js=pmw1&base=te-clr1-0784c63a-37e6-416b-bfa4-5c0bcab02716&admarker=dynamic

Requested by

Host: choices.truste.com
URL: https://choices.truste.com/ca?pid=sojern01&aid=sojern02_d&c=1683136115214205&js=pmw0&w=728&h=90&admarker=dynamic&cid=sojern

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.105 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-105.prg50.r.cloudfront.net

Software

nginx /

Resource Hash

6f4ae992834211875d5d5bde2dd2a288db3c2351fed1dbb66af8063e2e4b2870

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' ; prefetch-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 a198ea04052d45eb515f27260bc6c05c.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *; prefetch-src 'self' *;
x-amz-cf-pop: PRG50-C1
cross-origin-embedder-policy: unsafe-none
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 2370
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Accept-Encoding, Origin
content-type: text/javascript;charset=UTF-8
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: uhPC7KZaACuEE4fpThg2Z-qX4vt_ZMHTLYNaHQ5lACxybAyi37hVkQ==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ Frame 0843 38 KB
12 KB 164ms
122ms Script
text/javascript 65.9.95.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://choices.trustarc.com/ca?aid=sojern02_d&pid=sojern01&cid=sojern&w=728&h=90&c=1683136115214205&js=pmw2

Requested by

Host: choices.truste.com
URL: https://choices.truste.com/ca?pid=sojern01&aid=sojern02_d&c=1683136115214205&js=pmw0&w=728&h=90&admarker=dynamic&cid=sojern

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.105 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-105.prg50.r.cloudfront.net

Software

nginx /

Resource Hash

e15a095adc9899b592ceccdd4885a3be3674a6bf6ec4be762566360424deb1f3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' ; prefetch-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 a198ea04052d45eb515f27260bc6c05c.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *; prefetch-src 'self' *;
x-amz-cf-pop: PRG50-C1
cross-origin-embedder-policy: unsafe-none
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Accept-Encoding, Origin
content-type: text/javascript;charset=UTF-8
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: MefpV0H4K4tyakToYwHEI4qRDoltACa9a0V82Dy43wk0WVxii7QTfw==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 cap
choices.trustarc.com/ Frame 0843 43 B
1 KB 162ms
121ms Image
image/gif 65.9.95.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://choices.trustarc.com/cap?aid=sojern02_d&pid=sojern01&cid=sojern&w=728&h=90&c=8e8b

Requested by

Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.105 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-105.prg50.r.cloudfront.net

Software

nginx /

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' ; prefetch-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:48:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *; prefetch-src 'self' *;
via: 1.1 a198ea04052d45eb515f27260bc6c05c.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
cross-origin-embedder-policy: unsafe-none
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Origin
content-type: image/gif
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: IwON_38sulzICOnXQxCnWuGOFR3eEWr7vCXK0Y8Uo2V7tKC96l4zBg==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 get
choices.trustarc.com/ Frame 0843 287 B
627 B 8ms
8ms Image
image/png 65.9.95.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/get?name=admarker-icon-tr.png
Requested by: Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.95.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-95-105.prg50.r.cloudfront.net
Software: nginx /
Resource Hash: 821262a8c32b52639f97ddf4f34c494e82156651752608fa6a23ffa3df2f84b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: public
date: Wed, 05 Apr 2023 00:25:03 GMT
via: 1.1 a198ea04052d45eb515f27260bc6c05c.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: PRG50-C1
age: 2481814
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
timing-allow-origin: *
content-length: 287
x-amz-cf-id: iH5C7Br2li76zz7JfMaNPn-OJM0MHDt8khSnRzLUkuVmh72GfmN7uA==
expires: Fri, 05 May 2023 00:25:03 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0843 0
20 B 102ms
102ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=4931111145344&version=m202301230201&ct=77&x=1&cor=9126536034760637000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:37 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 get
choices.trustarc.com/ Frame 5AB0 287 B
627 B 8ms
8ms Image
image/png 65.9.95.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/get?name=admarker-icon-tr.png
Requested by: Host: choices.trustarc.com
URL: https://choices.trustarc.com/ca?aid=sojern02_d&pid=sojern01&cid=sojern&w=728&h=90&c=1683136115214205&js=pmw2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.95.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-95-105.prg50.r.cloudfront.net
Software: nginx /
Resource Hash: 821262a8c32b52639f97ddf4f34c494e82156651752608fa6a23ffa3df2f84b1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: public
date: Wed, 05 Apr 2023 00:25:03 GMT
via: 1.1 a198ea04052d45eb515f27260bc6c05c.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: PRG50-C1
age: 2481814
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
timing-allow-origin: *
content-length: 287
x-amz-cf-id: vZ4gryUoQf1GTiiJWihU45kXL6w55VvW-l3MJ8chIGUrzax1YHFyug==
expires: Fri, 05 May 2023 00:25:03 GMT

GET
H2 200 get
choices.trustarc.com/ Frame 5AB0 739 B
1 KB 25ms
25ms Image
image/png 65.9.95.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/get?name=en-admarker-full-tr.png
Requested by: Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.95.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-95-105.prg50.r.cloudfront.net
Software: nginx /
Resource Hash: 093d94d4b660253c55e87d4503dffcb6cedc8f222f9d85d1faa68ff619ac9d3e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: public
date: Fri, 21 Apr 2023 08:24:02 GMT
via: 1.1 a198ea04052d45eb515f27260bc6c05c.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: PRG50-C1
age: 1070675
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
timing-allow-origin: *
content-length: 739
x-amz-cf-id: z4IrmiBV5n6Rg2NN-WbxNCnYN-T3YyG_bJRoY1vH9DHl5NxYh_x8dA==
expires: Sun, 21 May 2023 08:24:02 GMT

POST
H2 204 genuuidpc Show response
fgp.philacct.com/ Frame 76C8 0
147 B 951ms
451ms XHR
text/plain 123.30.151.81

General

Check archive.org

Show headers Download Go to

Full URL: https://fgp.philacct.com/genuuidpc
Requested by: Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 123.30.151.81 -, , ASN (),
Reverse DNS
Software: Rapidoid /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://k8ccwwesx.live/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: *
date: Wed, 03 May 2023 17:48:38 GMT
server: Rapidoid
content-length: 0
access-control-allow-methods: GET, POST, DELETE, PUT, OPTIONS
content-type: text/plain; charset=utf-8

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 0843 43 B
216 B 94ms
93ms Image
image/gif 2600:1f18:1aca:4280:4aa4:b14:cc13:9bdb
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1360115&asId=f726cf8a-30d5-097e-d2ad-c8eecc000638&tv=%7Bc:bzH9LQ,pingTime:1,time:2468,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:188%7D,%7Bpiv:100,vs:i,r:,t:1256%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,slTimes:%7Bi:1212,o:1256,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:188,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1081~0,1~100%5D,as:%5B1082~728.90%5D%7D%7D,%7Bsl:i,t:1256,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1211~100%5D,as:%5B1211~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:95,fm:tDdxC7s+11%7C121*.1360115-69584918%7C1211%7C1212%7C1213%7C1214%7C1215,idMap:121*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:189,sis:307%7D&br=c
Requested by: Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:4aa4:b14:cc13:9bdb Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:38 GMT
server: nginx
x-server-name: dt11.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 0843 43 B
216 B 94ms
94ms Image
image/gif 2600:1f18:1aca:4280:4aa4:b14:cc13:9bdb
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1360115&asId=f726cf8a-30d5-097e-d2ad-c8eecc000638&tv=%7Bc:bzH9LQ,pingTime:1,time:2468,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:188%7D,%7Bpiv:100,vs:i,r:,t:1256%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,slTimes:%7Bi:1212,o:1256,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:188,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1081~0,1~100%5D,as:%5B1082~728.90%5D%7D%7D,%7Bsl:i,t:1256,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1211~100%5D,as:%5B1211~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:95,fm:tDdxC7s+11%7C121*.1360115-69584918%7C1211%7C1212%7C1213%7C1214%7C1215,idMap:121*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:189,sis:307%7D&br=c
Requested by: Host: k8ccwwesx.live
URL: https://k8ccwwesx.live/indexasad.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:4aa4:b14:cc13:9bdb Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 17:48:38 GMT
server: nginx
x-server-name: dt04.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

Verdicts & Comments Add Verdict or Comment

386 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

37 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.k8ccwwesx.live/	1970-01-20 21:08:16	Name: __uidac Value: b326c5d8ac2a27d73399bab31858fbb2
.logging.admicro.vn/	1970-01-20 21:08:16	Name: __create Value: 1683136112
.logging.admicro.vn/	1970-01-20 11:32:16	Name: __OS Value: 10_Windows+10_+_+_14_113.0.5672.63__0
.logging.admicro.vn/	1970-01-20 11:33:42	Name: uinfo Value: -1
.logging.admicro.vn/	1970-01-20 11:33:42	Name: __tb Value: 0
.logging.admicro.vn/	1970-01-20 21:08:16	Name: __uid Value: 5731361121358891718
.logging.admicro.vn/	1970-01-20 11:32:17	Name: linfo Value: 115_1683136113
.logging.admicro.vn/	1970-01-20 11:32:17	Name: __C Value: 115_1683136113
.amcdn.vn/	1970-01-20 21:08:16	Name: __create Value: 1683136113
.amcdn.vn/	1970-01-20 21:08:16	Name: __uid Value: 1783136113208617574
.k8ccwwesx.live/	1970-01-20 11:33:42	Name: _gid Value: GA1.2.2126664350.1683136114
.k8ccwwesx.live/	1970-01-20 11:32:16	Name: _gat_GA1 Value: 1
.k8ccwwesx.live/	1970-01-20 11:32:16	Name: _gat_testChannel Value: 1
.k8ccwwesx.live/	1970-01-20 13:41:52	Name: _fbp Value: fb.1.1683136113589.1206427401
.k8ccwwesx.live/	1970-01-20 21:08:16	Name: _ga_SPFXF87NXW Value: GS1.1.1683136113.1.0.1683136113.0.0.0
.k8ccwwesx.live/	1970-01-20 21:08:16	Name: _ga Value: GA1.1.1394017374.1683136114
.k8ccwwesx.live/	1970-01-20 13:41:52	Name: _gcl_au Value: 1.1.2140392436.1683136114
.k8ccwwesx.live/	1970-01-20 21:08:16	Name: __utma Value: 64151541.1394017374.1683136114.1683136114.1683136114.1
.k8ccwwesx.live/	1969-12-31 23:59:59	Name: __utmc Value: 64151541
.k8ccwwesx.live/	1970-01-20 15:55:04	Name: __utmz Value: 64151541.1683136114.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.k8ccwwesx.live/	1970-01-20 11:32:16	Name: __utmt Value: 1
.k8ccwwesx.live/	1970-01-20 11:32:17	Name: __utmb Value: 64151541.1.10.1683136114
k8ccwwesx.live/	1970-01-20 21:08:16	Name: __RC Value: 115
k8ccwwesx.live/	1970-01-20 21:08:16	Name: __R Value: 0
.lg.nanda.vn/	1970-01-20 21:08:16	Name: __uid Value: 7583136113598445969
.lg.nanda.vn/	1970-01-20 21:08:16	Name: __create Value: 1683136113
k8ccwwesx.live/	1970-01-20 11:46:40	Name: __uif Value: __uid%3A5731361121358891718%7C__ui%3A-1%7C__create%3A1683136112
.k8ccwwesx.live/	1970-01-20 21:08:16	Name: _uidcms Value: 5731361121358891718
.k8ccwwesx.live/	1970-01-20 20:53:52	Name: __gads Value: ID=d1f08cc321bf5547-22b439b2badd0034:T=1683136115:RT=1683136115:S=ALNI_MYiAAWcELCndUUXS3HYwMovQggiSw
.k8ccwwesx.live/	1970-01-20 20:53:52	Name: __gpi Value: UID=00000bf51c61a84f:T=1683136115:RT=1683136115:S=ALNI_MZ8BpdZL2ceEK9UwaBxO5g6OMQEPg
.doubleclick.net/	1970-01-20 20:53:52	Name: IDE Value: AHWqTUm0PbXMXD7wLAzrfXIDNHvGJj7MJ7JuF4ZPnu825d9m-egz9Aqpx8-lPBYNdFM
.casalemedia.com/	1970-01-20 20:17:52	Name: CMID Value: ZFKecxuLUi3uurPL6kVfQQAA
.casalemedia.com/	1970-01-20 13:41:52	Name: CMPS Value: 1157
.casalemedia.com/	1970-01-20 13:41:52	Name: CMPRO Value: 1157
.adnxs.com/	1970-01-20 13:41:52	Name: anj Value: dTM7k!M41.D>6NRF']wIg2In>pIQe*!]tbPl1M>e)ZlrFUfJ+tGXxoeKy+yhHkFqtN[Jb+<%^u_Cg4%/YZU'YZa_S23If)y3KL9D3I?+jeB=bz
.adnxs.com/	1970-01-20 13:41:52	Name: uuid2 Value: 3913747011737525706
.simpli.fi/	1970-01-20 20:19:18	Name: suid Value: 2E467888155643A4915D6FF9292F17BF

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://www.googletagservices.com/dcm/impl_v95.js(Line 97) Message: Unrecognized feature: 'attribution-reporting'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
adi.admicro.vn
adminplayer.sohatv.vn
adservice.google.com
adservice.google.de
amcdn.vn
beacon.sojern.com
choices.trustarc.com
choices.truste.com
cm.g.doubleclick.net
connect.facebook.net
dclk-match.dotomi.com
deqik.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
fgp.philacct.com
gamek.mediacdn.vn
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
k8ccwwesx.live
lg.nanda.vn
lg1.logging.admicro.vn
media1.admicro.vn
onetag-sys.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.adsafeprotected.com
pixel.rubiconproject.com
region1.google-analytics.com
s.ad.smaato.net
s0.2mdn.net
ssum-sec.casalemedia.com
static.adsafeprotected.com
static.amcdn.vn
static.contineljs.com
static.philacct.com
stats.g.doubleclick.net
tpc.googlesyndication.com
um.simpli.fi
vccorp.mediacdn.vn
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
107.178.244.119
123.30.151.81
123.30.151.88
14.225.10.21
142.250.186.162
172.217.18.6
172.217.18.98
185.80.39.216
185.89.210.141
2001:4860:4802:34::36
2405:f980::1:10
2405:f980::1:13
2600:1f18:1aca:4280:4aa4:b14:cc13:9bdb
2600:9000:2127:2600:8:48e:53c0:93a1
2600:9000:2127:7000:1b:5138:8a40:93a1
2606:4700:3030::ac43:bd0a
2606:4700:3035::6815:2914
2a00:1450:4001:809::2002
2a00:1450:4001:809::2008
2a00:1450:4001:80b::2006
2a00:1450:4001:80f::2002
2a00:1450:4001:810::2003
2a00:1450:4001:812::2002
2a00:1450:4001:827::2002
2a00:1450:4001:827::200e
2a00:1450:4001:828::2004
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2001
2a00:1450:4001:830::2002
2a00:1450:400c:c00::9d
2a02:fa8:8806:13::1370
2a03:2880:f083:9:face:b00c:0:3
2a03:2880:f176:84:face:b00c:0:25de
35.204.158.49
42.112.37.34
42.112.37.35
51.89.9.252
52.31.187.235
65.9.95.105
65.9.95.124
69.173.144.165
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
028c81a32aad1469b222e89a8a8cfbfad2eaf00bd35507ba5c1424cb7e582cb1
03be794e44ad160f12bf6b73957424002f5f78a2af4dc291295f0420f68b2a54
093d94d4b660253c55e87d4503dffcb6cedc8f222f9d85d1faa68ff619ac9d3e
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0fb48768d4afbe2ae2b680b90443bf4e458c755622e2550bf3989e93ca3c3c1d
106c896480d87ae62ce2ecd2a671ec849f7c2d43a49e008a2f812a8978cd8b4d
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1562d52e7ec908dc77567979eefa514e785555a51fa6ecddd56f7edf67e909a9
16b023e36e0629c09639934fa6f0872b35128d821011b19a269cd7677b3007b7
17a2a4f5cc936210d3e119f1e655302971200675f4e1dafb0c6fb5c7fcbea36a
185b0400b76da94d07d26fd06b2f31d3908650595fe5196f6f7e1acddbac53e7
1a5a1b67580849df550ca4c454ca3933b811dccabe20156a844731d5ffea85ae
1ad374aca46cf36577a3379c638423d3121b11376701c99611405161ed925981
1b27ee5c9041ce0a0f08ba30726a57407f676dbfe4a2eb27d186f23ede581d19
1c5684c1ddf04d63fab4630ca65f3a7b294bf64e9071d21a75f163845e69f6e8
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
22b63ca0947dd61b3f366b844fce876fe872442d18a8f5c2d899b73ec55c381f
242e5db71e533b96f66b03819432c6d8544dbb5318d584a85fc551d868b208d3
2473b3c91596758d0d127c3571019e5550503b2196ce737b53b0c3ffe8e9ec27
24ea4c2c61ca2c85134e67a282327c7c13da9c70c8a8e9466b93fdd71385d4db
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2815303d3b0b23269b57e4a5ff8494cbfc8ff0cc65e67180f250f1a6dfdabcac
2cffcfaacd57b1261f9528bf5cf177907f5dbfc64d5f39796a8bb329e8d1a430
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
38568f34c511bb7d4238fce637b55f783a64608a9cea86f1b3087e946706c9cb
41fbbac12d7d653541f0a0dfe0842d3e917546f06c700c7572e0ee45bc1ed4db
46b3e081067e631f9a1049fbfa37844da854f741b7f9a45900dc02a19a4ef143
4772f2f7031a64c872f6b8623216a713839a24f7633338970ac1d6bfe15755eb
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b88a304d6162d0e7bc1ea1c3b8c9e9f6b6751002a6d58b6a7bb2c4dd383dea8
4d841940fc5a291c2b21753932d57b24e9c4f26e6ae9788ad449392a55892c39
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
54b3ba3509da21554f72cac5a68716631997f3f0ebcbc62c55f17e8294c4b346
550da296bfff54193e141d0934e2dcb71a210b975c547eb56bdd96f3adab2281
55bc4c5878061f1b1d0a068ecb1602b91c1e80f0611c8c7ad3b18bb802299070
5796dad7ea6e51f9ebcb34f34a0494c63afe5ebb32edf14e25987404e89640c8
5c539dc866459742bc38009d83b58292f029b1464579096f57147e0dd8a6a29d
6181cd98fe270c2826d416574446841f86778bc45a0ab0bdd0c667b4e70fd6e8
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62eb35c7dfb8f9d5bf358c805f3c8063fda32dbf0a81608f2179e8af2ca4ad0e
642f5fd742a9d4ad971464adee5f82c0292f812d14e337e5448cdb29ce5f2a26
6448c95ad8e9b1f63465c57952afbf8df9df45103e966407d7b0f1588e9e009e
679c248cd0e2f23ec4458100f283c750de53a1679ccd46e2e379c8d939c9016c
692dce411dc2c30076ffdfc6f3bd17cef0b34c50efc1906715a506f194906828
6a2959b48940ae172de360c0635dac0f6f8e57201b148c4828c5e84385a9a04f
6bf785ff447ff31eca6a173b9ea1efc27d81821fc7276f59f9eda0b63cffc8ea
6e34e8696d51c15b5f0e261c0633ac2fb615ed51ac4795844e72b2a58fa12dee
6f4ae992834211875d5d5bde2dd2a288db3c2351fed1dbb66af8063e2e4b2870
7141471cf38c1e5f68499d03fc12899c1d4f91358d533881a7c5e8ddf10a5ad5
7571605de47e3db8fb44c70fce8006953f4a0dc9da5e977a4854a3e818aec509
76274d373cda7a0dce2e4d082123d719aab0454eb1e720c30b1fa32e002bbbc9
764fc3d36570abe9c466b074a2ba2dc57319b25c4b0173711f276ccd76b726c1
785478bc6f76861eb290bee5248963190d0ed9026aafe8a30518180415e78de0
7966d4a424bc69f137da58cc6a426ad36c67d0579c554ba044cf3a67e4286755
7bc0c4519150a490750c0f9f77857d5af952bca0bad56e3db6d24bd79f18b4e7
80dda122ffbd6798f6854c78267fa4d2279a0c54846f1af93bb842c7320f2bfa
821262a8c32b52639f97ddf4f34c494e82156651752608fa6a23ffa3df2f84b1
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
835ddc3354ced95a191e577a804523613b09b03c4925ff442642b7e3ea442d67
83a818561b7f93e0f7664504ef5993250ab3f2e6420b5d73cf708fba0f5665e4
8455c1c2d1cfbcc4d91725ec2d6ff649c6479110951dac890fdf6bb9da74ba5f
8466b44e34def91d96fa22d7491d586e306797c6e02677f7274c9befd4260743
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8c6dc32d121be2319e6605e1f583ef12a9d76a9d0d68ab1a6dd76049e35d87a4
8de73b8c9c9d8b3359c9e50a046f1cc12277e3fbbe4f19c8d47434b2fdccebe8
91941a78259a38fe741f8d4b70149a2febc1d9f84f060281d043b5a180ede54b
95acae2f09aade3741b93610c62777fc196201e055a5ade1cd3b2690fcdd2be1
96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
99cbb0c3e9d1156138570d71f0bf03ecbf5b5b0e120806579f23cedefc3951ee
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b69708c866676e9c188a7727e93b0c10d9e4c37945f1a8490ed6a24d692f8bc
9dfe40dabe3ad00b97db3025b3b13f88512570eb36c568229a45e387935e5143
9e9efcb83c65b19c1e5beda26cfd017576e8ed57bd67876ca87f7634ffc8bf8e
9f7b103418c76d3c630fa9ac6128249bebab1e97454948c2fcfc22fc88f4ea3a
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a00f0d35b861c1ea819398b5f2ead813fb48380bd5528ca56d779f305c8de6e1
a263eac2ad4afa7f7c974e9676e0fb60bc735b450b57ce30f08bd37a575d5e5f
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6471be6b02897e0fcc27acc17e01ca5b3243b6a3f917b01987fed922b9751e9
a9b847c681a24b03ba8acc0b4dcd8aab9acf8c4d3131be784d488e2402d57427
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af9c5ae71ceedae1f5ab6362b2866b8e5fbe29612fd4c364da538b8b566ef190
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b16dc95bb0dee2be9a35dd088b2624c26b574a51611cf64aa9f04e9464e054a9
b64291fc91dc77833930ffcead244193c5cfd9e882af312ecc89b580160c22a1
b9d5f3f6f18ec7d8d11e99e4d5296910252a92317fcc7526d6838dbee524792d
bcbee8d0dfeb5ae5d45ebe336b39d0c06453cdbd6bd4876c0afa5e5677a5abfb
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05
bdf68ba60fc222d7592d13020c4e4560bcb6d37c318c3acd001053da01458018
c26f755e5bd8861cdae2d1ddca5a5391adb102f78122499f6bdc3a6696438d73
c3e611acfcb54e3524ca2b8cf57e81e20268ee3fee39facdfe528930445659e5
c8e1eebc02599c9896e78d721eb085cf848d4de35b795b0c704928230ac43d95
ca97bb417c0dad1ade2b73d1dabe8dde5b60dad317a4144333e8fd62c97bcf35
cf0cf3a4991aa017eea8141c9918da7f32a776fcf779f37cdd9505a3c50539d3
dcef0a2eb37a3d8e32ddf11f664b3375a06980cf33792aa7bfb798b15cb646d1
df924a34cd555ec19927d0fb74d89443d02b7c1307d1909e85cebe3aeebe7c76
e15a095adc9899b592ceccdd4885a3be3674a6bf6ec4be762566360424deb1f3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4dba4712c4d961e8b4c110147806fb7e7d1123c06a2da2cf8b76f6840524d69
e58cb72c1056d2a9345f7cbd4282f32f519cbd2d038145671674d769b7d1d359
e61fd45407ec94fcaf4f11a2a4cb98fc514a45a56d73be14ed0cbe8d896a4f4f
e780b6647e90598ccb9d6082dc377ab2c4afe9c217406ef07cc3ae1ef5c951b1
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
e8fab4708422172956dd7b3e03593b6158704e6c1a1cc8a5313e461c166afa5e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1cad5f65623850f402375ed8ebad7a0cc1f255f5a286a23ceb74ed4626d53a1
f2a3140679d704bd07329d0768adc05ac21751dd5c558d3b9971ac504b48e79c
f3f80e61346d7e6b9b88a36f1626eca327d5e2001280cd43149fcc33fa69fba6
f4b2474113dddc55ebc90156e84591220ba900000b3d332da0c0db15fdd20b3a
f9e4c7961b4604ff049f8e627a6358b18763899941da49a724db6982a353b9f6
fa696f5f1aa34c6b3b3bd4dd87edcd587ac891fc2c03a68fe9b82f975241ebb2
fa852ae558d81f45f70172edda0888aa0bc9d2a9b8dd0af065c5fdafd2b66404
fbab43e6b9327e009eb054b919f240612be637534a4120d5e50b9301f428ac35
fe795b8347258d530366dab56cba84a7839b176eb2e6b555c689d69368a988a4
fef6cbea444546594c6a0ed587d637d739d0c7edefe52ada9c5afbf868ebc207
ffb4b4818815b4a60d06ba867cfb18069d85f5743509f17c13d5cb8d437e7be4

k8ccwwesx.live Open in urlscan Pro 2606:4700:3035::6815:2914 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

171 Requests

94 %HTTPS

59 %IPv6

31 Domains

47 Subdomains

38 IPs

9 Countries

4236 kBTransfer

7406 kBSize

37 Cookies

21 Outgoing links

Page URL History

Redirected requests

171 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

k8ccwwesx.live Open in urlscan Pro
2606:4700:3035::6815:2914 Public Scan

Screenshot
Live screenshot

Full Image

171
Requests

94 %
HTTPS

59 %
IPv6

31
Domains

47
Subdomains

38
IPs

9
Countries

4236 kB
Transfer

7406 kB
Size

37
Cookies

171 HTTP transactions
1 data transactions