urlscan.io logo urlscan.io
SecurityTrails logo

xiaotiandisg.com Open in urlscan Pro
192.185.56.100  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://cutt.ly/kwVe7Uz4
Effective URL: https://xiaotiandisg.com/ex/quan12/it/index.php
Submission: On February 20 via manual from IT — Scanned from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 17 IPs in 4 countries across 12 domains to perform 47 HTTP transactions. The main IP is 192.185.56.100, located in United States and belongs to NETWORK-SOLUTIONS-HOSTING, US. The main domain is xiaotiandisg.com.
TLS certificate: Issued by R3 on February 2nd 2024. Valid for: 3 months.
This is the only time xiaotiandisg.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Libero (Online)

Domain & IP information

1    2606:4700:10::ac43:8ee (United States)

ASN13335 (CLOUDFLARENET, US)
cutt.ly
9    192.185.56.100 (United States)

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: panoz.websitewelcome.com
xiaotiandisg.com
1    213.209.30.161 (Assago, Italy)

ASN8660 (MATRIX-AS, IT)
www.iolam.it
1    2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2a00:1450:4001:81c::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    3.67.62.186 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-67-62-186.eu-central-1.compute.amazonaws.com
italiaonline.profiles.tagger.opecloud.com
6    2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
securepubads.g.doubleclick.net
5    2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
1    2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
36c5ab2d79b89b777c2aefd8a2034db4.safeframe.googlesyndication.com
5    2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
1    108.138.36.8 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-36-8.muc50.r.cloudfront.net
i3.plug.it
2    52.211.3.71 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-211-3-71.eu-west-1.compute.amazonaws.com
pixel.adsafeprotected.com
1    2a00:1450:4001:830::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    2600:9000:223f:7c00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
static.adsafeprotected.com
7    2600:1f13:800:7781:f664:1bd2:41ff:5a10 (Boardman, United States)

ASN16509 (AMAZON-02, US)
dt.adsafeprotected.com
Apex Domain
Subdomains		 Transfer
11 adsafeprotected.com
pixel.adsafeprotected.com — Cisco Umbrella Rank: 945
static.adsafeprotected.com — Cisco Umbrella Rank: 664
dt.adsafeprotected.com — Cisco Umbrella Rank: 638
106 KB
11 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 120
36c5ab2d79b89b777c2aefd8a2034db4.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 158
406 KB
9 xiaotiandisg.com
xiaotiandisg.com
114 KB
6 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 213
185 KB
2 gstatic.com
fonts.gstatic.com
32 KB
2 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 434
fonts.googleapis.com — Cisco Umbrella Rank: 48
32 KB
1 google.com
www.google.com — Cisco Umbrella Rank: 2
1 KB
1 plug.it
i3.plug.it — Cisco Umbrella Rank: 660642
905 B
1 opecloud.com
italiaonline.profiles.tagger.opecloud.com — Cisco Umbrella Rank: 242069
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 257
8 KB
1 iolam.it
www.iolam.it — Cisco Umbrella Rank: 275479
149 KB
1 cutt.ly
cutt.ly — Cisco Umbrella Rank: 51179
407 B
47 12
Domain Requested by
9 xiaotiandisg.com 1 redirects xiaotiandisg.com
7 dt.adsafeprotected.com
6 securepubads.g.doubleclick.net xiaotiandisg.com
securepubads.g.doubleclick.net
pagead2.googlesyndication.com
5 tpc.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
5 pagead2.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
2 static.adsafeprotected.com pixel.adsafeprotected.com
xiaotiandisg.com
2 pixel.adsafeprotected.com xiaotiandisg.com
2 fonts.gstatic.com fonts.googleapis.com
1 www.google.com tpc.googlesyndication.com
1 i3.plug.it
1 36c5ab2d79b89b777c2aefd8a2034db4.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 italiaonline.profiles.tagger.opecloud.com xiaotiandisg.com
1 fonts.googleapis.com xiaotiandisg.com
1 cdnjs.cloudflare.com xiaotiandisg.com
1 ajax.googleapis.com xiaotiandisg.com
1 www.iolam.it xiaotiandisg.com
1 cutt.ly 1 redirects
47 17

This site contains links to these domains. Also see Links.

Domain
adclick.g.doubleclick.net
Subject Issuer Validity Valid
*.xiaotiandisg.com
R3		 2024-02-02 -
2024-05-02		 3 months crt.sh
iolam.it
Sectigo RSA Organization Validation Secure Server CA		 2024-01-23 -
2025-01-22		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2024-01-29 -
2024-04-22		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-07-03 -
2024-07-02		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2024-01-29 -
2024-04-22		 3 months crt.sh
*.profiles.tagger.opecloud.com
Amazon RSA 2048 M02		 2023-11-27 -
2024-12-25		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2024-01-29 -
2024-04-22		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2024-01-29 -
2024-04-22		 3 months crt.sh
*.plug.it
Sectigo RSA Organization Validation Secure Server CA		 2023-12-15 -
2024-12-14		 a year crt.sh
fw.adsafeprotected.com
Amazon RSA 2048 M02		 2023-03-29 -
2024-04-27		 a year crt.sh
www.google.com
GTS CA 1C3		 2024-01-29 -
2024-04-22		 3 months crt.sh
static.adsafeprotected.com
Amazon RSA 2048 M02		 2023-07-07 -
2024-08-04		 a year crt.sh
dt.adsafeprotected.com
Amazon RSA 2048 M01		 2023-05-09 -
2024-06-06		 a year crt.sh

This page contains 7 frames:

Primary Page: https://xiaotiandisg.com/ex/quan12/it/index.php
Frame ID: 08AF8296D1F8E63D82981CD6C53C497D
Requests: 33 HTTP requests in this frame

Frame: https://36c5ab2d79b89b777c2aefd8a2034db4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 7353245ED93AB0FED10BC52AFE839C36
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv_Io6SpGrdsUl6h329iL8w_d6yorUXGnoU0w8OS1wLWJR_XbehgiKG_xVdY-IRt4DGVkDWs3IgHqEWjtOZmXXr1S3AKOl206r2OqbVb5TVrXOM_DvLV8DBzdbmi8FxuWmoPdZfYfXu0_8kL29CFLQvAYTr3QR2aX2V2RDhKBUgx_PgifkPhmHRi5waWe36DwZC2VGJR7CdIQsF7suehjqDUriduJpiOYDYgD6yYmj1k12ehLvBv9eOJ2pBe4rtXwSNu-6QDA0DfntHMu11wGI2c-3y6CYnKgw2ypuvQC4Z21uYloVgQEG5OXDdI_DwQFVq0oRk_aLICCFXshm4Zysy1ILUp9VzECUKduCEOGflwLzcwU2lIl8&sai=AMfl-YReO_xFYbXarwSWmO3V7jH7MzSiuphn-w72zSHESvw4fnQjEKdQiFqYsx_4spVMxX7fEkXdOtICgxFRT5yehElfn_aYdYktT3AoCNbxr4jdUwvLnWtcw9Ej_DfGrFVMXkzHNooRIOkqFBiFItKZ3dg&sig=Cg0ArKJSzIHVAAVF65WUEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: 730CE4D081933F5C097EB8CD91830BEC
Requests: 5 HTTP requests in this frame

Frame: https://pixel.adsafeprotected.com/jload?anId=926174&campId=1540x1024&pubId=38840327&chanId=131213447&placementId=6429387014&pubCreative=138458893573&pubOrder=3279327070&cb=234271390&impId=&ias_adpath=%23adv_click
Frame ID: ECDA0C8F497325E2686B3B27F9AFCC8B
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 0FCA0531FE52EE05E999C8859F5775B5
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 798BD487DD0E133AFC016E101AD5FCD7
Requests: 2 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 28CAFA6B4CE78DDC91B2624DB32109A2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Libero Mail - login

Page URL History Show full URLs

  1. https://cutt.ly/kwVe7Uz4 HTTP 301
    https://xiaotiandisg.com/ex/quan12/it/index.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • /prebid\.js
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

47
Requests

94 %
HTTPS

71 %
IPv6

12
Domains

17
Subdomains

17
IPs

4
Countries

1033 kB
Transfer

2453 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://cutt.ly/kwVe7Uz4 HTTP 301
    https://xiaotiandisg.com/ex/quan12/it/index.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9
  • https://xiaotiandisg.com/ex/quan12/it/;);%20background-repeat:%20no-repeat;%20background-color:%20rgb(104,%20231,%20255);%20background-position:%20center%20top; HTTP 301
  • https://xiaotiandisg.com/ex/quan12/it/;);%20background-repeat:%20no-repeat;%20background-color:%20rgb(104,%20231,%20255);%20background-position:%20center%20top

47 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request index.php
xiaotiandisg.com/ex/quan12/it/
Redirect Chain
  • https://cutt.ly/kwVe7Uz4
  • https://xiaotiandisg.com/ex/quan12/it/index.php
6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://xiaotiandisg.com/ex/quan12/it/index.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.56.100 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
panoz.websitewelcome.com
Software
nginx/1.23.4 /
Resource Hash
1e7271f832628acc449ce087d6d75f51739b98094a637c4169940287705ba497

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-length
2302
content-type
text/html; charset=UTF-8
date
Tue, 20 Feb 2024 13:07:11 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
nginx/1.23.4
vary
Accept-Encoding
x-endurance-cache-level
2
x-server-cache
false

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8586f8941f844c52-MXP
content-type
text/html; charset=UTF-8
date
Tue, 20 Feb 2024 13:07:10 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
https://xiaotiandisg.com/ex/quan12/it/index.php
pragma
no-cache
referrer-policy
same-origin
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
style.css
xiaotiandisg.com/ex/quan12/it/files/ 		26 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://xiaotiandisg.com/ex/quan12/it/files/style.css
Requested by
Host: xiaotiandisg.com
URL: https://xiaotiandisg.com/ex/quan12/it/index.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.56.100 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
panoz.websitewelcome.com
Software
Apache /
Resource Hash
148c0dcd3eff6305eaffe3600d31334604cc02591259020e54d8835be0e20dfe

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://xiaotiandisg.com/ex/quan12/it/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Tue, 20 Feb 2024 13:07:11 GMT
content-encoding
gzip
last-modified
Thu, 25 Aug 2022 12:13:24 GMT
server
Apache
vary
Accept-Encoding
x-endurance-cache-level
2
content-type
text/css
cache-control
max-age=2592000
accept-ranges
bytes
content-length
7339
expires
Thu, 21 Mar 2024 13:07:11 GMT
jquery.min.js
xiaotiandisg.com/ex/quan12/it/files/ 		87 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://xiaotiandisg.com/ex/quan12/it/files/jquery.min.js
Requested by
Host: xiaotiandisg.com
URL: https://xiaotiandisg.com/ex/quan12/it/index.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.56.100 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
panoz.websitewelcome.com
Software
Apache /
Resource Hash
c4dccdd9ae25b64078e0c73f273de94f8894d5c99e4741645ece29aeefc9c5a4

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://xiaotiandisg.com/ex/quan12/it/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Tue, 20 Feb 2024 13:07:11 GMT
content-encoding
gzip
last-modified
Thu, 25 Aug 2022 10:41:28 GMT
server
Apache
vary
Accept-Encoding
x-endurance-cache-level
2
content-type
application/javascript
cache-control
max-age=21600
accept-ranges
bytes
expires
Tue, 20 Feb 2024 19:07:11 GMT
placeholders.min.js
xiaotiandisg.com/ex/quan12/it/files/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://xiaotiandisg.com/ex/quan12/it/files/placeholders.min.js
Requested by
Host: xiaotiandisg.com
URL: https://xiaotiandisg.com/ex/quan12/it/index.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.56.100 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
panoz.websitewelcome.com
Software
Apache /
Resource Hash
bb631cb41d70ab6f8a07ab80b053676bca8589e7e1d835827f30e1bffbed91c5

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://xiaotiandisg.com/ex/quan12/it/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Tue, 20 Feb 2024 13:07:11 GMT
content-encoding
gzip
last-modified
Thu, 25 Aug 2022 10:41:28 GMT
server
Apache
vary
Accept-Encoding
x-endurance-cache-level
2
content-type
application/javascript
cache-control
max-age=21600
accept-ranges
bytes
content-length
1638
expires
Tue, 20 Feb 2024 19:07:11 GMT
iam2.0.js
xiaotiandisg.com/ex/quan12/it/files/ 		139 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://xiaotiandisg.com/ex/quan12/it/files/iam2.0.js
Requested by
Host: xiaotiandisg.com
URL: https://xiaotiandisg.com/ex/quan12/it/index.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.56.100 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
panoz.websitewelcome.com
Software
Apache /
Resource Hash
6371356d9cb87a361f550a77f374e58eb68a25ab048440a04e11fba1cc575876

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://xiaotiandisg.com/ex/quan12/it/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Tue, 20 Feb 2024 13:07:11 GMT
content-encoding
gzip
last-modified
Thu, 25 Aug 2022 10:41:28 GMT
server
Apache
vary
Accept-Encoding
x-endurance-cache-level
2
content-type
application/javascript
cache-control
max-age=21600
accept-ranges
bytes
expires
Tue, 20 Feb 2024 19:07:11 GMT
prebid.js
www.iolam.it/js/ 		461 KB
149 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.iolam.it/js/prebid.js
Requested by
Host: xiaotiandisg.com
URL: https://xiaotiandisg.com/ex/quan12/it/index.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.209.30.161 Assago, Italy, ASN8660 (MATRIX-AS, IT),
Reverse DNS
Software
Apache /
Resource Hash
29b8ba22f7639c660e047493a99cef7715007e1f80bd71c75ec730c7c451fb4c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000;

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://xiaotiandisg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Tue, 20 Feb 2024 13:07:11 GMT
strict-transport-security
max-age=63072000;
content-encoding
gzip
server
Apache
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=86400
accept-ranges
bytes
x-robots-tag
noindex
expires
Wed, 21 Feb 2024 13:07:11 GMT
AdvContent20x20.png
xiaotiandisg.com/ex/quan12/it/files/ 		537 B
637 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://xiaotiandisg.com/ex/quan12/it/files/AdvContent20x20.png
Requested by
Host: xiaotiandisg.com
URL: https://xiaotiandisg.com/ex/quan12/it/index.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.56.100 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
panoz.websitewelcome.com
Software
Apache /
Resource Hash
68cfa5d1e626ad1796c8c8db8276c8196f7235100b9ae6f7380a4f8920bd994c

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://xiaotiandisg.com/ex/quan12/it/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Tue, 20 Feb 2024 13:07:11 GMT
last-modified
Mon, 14 Mar 2022 13:18:42 GMT
server
Apache
x-endurance-cache-level
2
content-type
image/png
cache-control
max-age=31536000
accept-ranges
bytes
content-length
537
expires
Wed, 19 Feb 2025 13:07:11 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.6.0/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
Requested by
Host: xiaotiandisg.com
URL: https://xiaotiandisg.com/ex/quan12/it/index.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://xiaotiandisg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Tue, 20 Feb 2024 09:06:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
14431
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31017
x-xss-protection
0
last-modified
Wed, 10 Mar 2021 14:28:09 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 19 Feb 2025 09:06:40 GMT
jquery.validate.min.js
cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.19.5/ 		24 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.19.5/jquery.validate.min.js
Requested by
Host: xiaotiandisg.com
URL: https://xiaotiandisg.com/ex/quan12/it/index.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
270524b0d27afd1d3b6622d1a176c678daed94564c143297e217a63e21ce9820
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://xiaotiandisg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Tue, 20 Feb 2024 13:07:11 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
18287
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
7032
last-modified
Fri, 01 Jul 2022 15:30:23 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"62bf130f-1b78"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aAnZ2%2F%2FZ0AXZP5IhF8hHJt66%2F6YusoJ4%2Fpy1cpyHQIPgZKYCLAnZKFkcOp6BC0dkp8am%2FOkUkORvl0mXM%2F5vteGDRq6klLVCi5Ql2lYvT%2FWQPQwKpg8Jj83xRXSw6KOjAmKmKQEIBVIz%2Fi%2F7Ff%2BQJYLE"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8586f89e7ae94bf5-MXP
expires
Sun, 09 Feb 2025 13:07:11 GMT
css2
fonts.googleapis.com/ 		7 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500&display=swap
Requested by
Host: xiaotiandisg.com
URL: https://xiaotiandisg.com/ex/quan12/it/files/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
694adc42b1e12c4edc69f43c2aaafea20e28d55d4ee73c3505cd1bf8b90e3452
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://xiaotiandisg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 20 Feb 2024 13:07:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 20 Feb 2024 12:11:35 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 20 Feb 2024 13:07:11 GMT
;);%20background-repeat:%20no-repeat;%20background-color:%20rgb(104,%20231,%20255);%20background-position:%20center%20top
xiaotiandisg.com/ex/quan12/it/
Redirect Chain
  • https://xiaotiandisg.com/ex/quan12/it/;);%20background-repeat:%20no-repeat;%20background-color:%20rgb(104,%20231,%20255);%20background-position:%20center%20top;
  • https://xiaotiandisg.com/ex/quan12/it/;);%20background-repeat:%20no-repeat;%20background-color:%20rgb(104,%20231,%20255);%20background-position:%20center%20top
17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://xiaotiandisg.com/ex/quan12/it/;);%20background-repeat:%20no-repeat;%20background-color:%20rgb(104,%20231,%20255);%20background-position:%20center%20top
Requested by
Host: xiaotiandisg.com
URL: https://xiaotiandisg.com/ex/quan12/it/index.php
Protocol
H2
Server
192.185.56.100 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
panoz.websitewelcome.com
Software
nginx/1.23.4 /
Resource Hash
6b357faf1af06c35adad14d49a96e43a9c8b09f2016c4690dd3d058b9b9cfcf9

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://xiaotiandisg.com/ex/quan12/it/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

expires
Wed, 11 Jan 1984 05:00:00 GMT
date
Tue, 20 Feb 2024 13:07:13 GMT
content-encoding
gzip
server
nginx/1.23.4
vary
Accept-Encoding
x-endurance-cache-level
2
content-type
text/html; charset=UTF-8
cache-control
no-cache, must-revalidate, max-age=0
link
<https://xiaotiandisg.com/index.php/wp-json/>; rel="https://api.w.org/"
content-length
5780
x-ua-compatible
IE=edge

Redirect headers

expires
Wed, 11 Jan 1984 05:00:00 GMT
date
Tue, 20 Feb 2024 13:07:13 GMT
server
nginx/1.23.4
x-redirect-by
WordPress
x-server-cache
false
x-endurance-cache-level
2
content-type
text/html; charset=UTF-8
location
https://xiaotiandisg.com/ex/quan12/it/;);%20background-repeat:%20no-repeat;%20background-color:%20rgb(104,%20231,%20255);%20background-position:%20center%20top
cache-control
no-cache, must-revalidate, max-age=0
content-length
0
x-ua-compatible
IE=edge
logo.svg
xiaotiandisg.com/ex/quan12/it/files/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://xiaotiandisg.com/ex/quan12/it/files/logo.svg
Requested by
Host: xiaotiandisg.com
URL: https://xiaotiandisg.com/ex/quan12/it/files/style.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.56.100 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
panoz.websitewelcome.com
Software
Apache /
Resource Hash
54ea3b729d9ff4a499d3bf59b0497606ceb27b7100c60d74d28467224f3983f9

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://xiaotiandisg.com/ex/quan12/it/files/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Tue, 20 Feb 2024 13:07:12 GMT
last-modified
Mon, 14 Mar 2022 13:18:42 GMT
server
Apache
x-endurance-cache-level
2
content-type
image/svg+xml
cache-control
max-age=21600
accept-ranges
bytes
content-length
4827
expires
Tue, 20 Feb 2024 19:07:12 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://xiaotiandisg.com
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Tue, 20 Feb 2024 08:51:30 GMT
x-content-type-options
nosniff
age
15342
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 19 Feb 2025 08:51:30 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://xiaotiandisg.com
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 17:34:54 GMT
x-content-type-options
nosniff
age
415938
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15920
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 14 Feb 2025 17:34:54 GMT
targeting
italiaonline.profiles.tagger.opecloud.com/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://italiaonline.profiles.tagger.opecloud.com/v1/targeting?url=https%3A%2F%2Fxiaotiandisg.com%2Fex%2Fquan12%2Fit%2Findex.php&gdpr_applies=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.67.62.186 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-67-62-186.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
referrer-policy
Access-Control-Request-Method
GET
Origin
https://xiaotiandisg.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-encoding
gzip
content-type
text/plain; charset=UTF-8
date
Tue, 20 Feb 2024 13:07:12 GMT
targeting
italiaonline.profiles.tagger.opecloud.com/v1/ 		0
0
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		97 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: xiaotiandisg.com
URL: https://xiaotiandisg.com/ex/quan12/it/files/iam2.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
63aad2f9437f8847d3c35c62046edbbe10e80acd29958d996f53cd990c8264d8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://xiaotiandisg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Tue, 20 Feb 2024 13:07:12 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29168
x-xss-protection
0
server
cafe
etag
560 / 19773 / m202402140101 / config-hash: 2181104314474324357
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Tue, 20 Feb 2024 13:07:12 GMT
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202402140101/ 		428 KB
135 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202402140101/pubads_impl.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bb5e8eef5efe4f00b4a4bb3df651d1418ecf8072ec98393dd773454f814f477c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://xiaotiandisg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Tue, 20 Feb 2024 09:45:26 GMT
content-encoding
br
x-content-type-options
nosniff
age
12106
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
137909
x-xss-protection
0
server
cafe
etag
11310070000413636408
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Wed, 19 Feb 2025 09:45:26 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		61 B
593 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=xiaotiandisg.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
62a1381a91103691d778d56420250c6013cb658549e347629cd7153914125eb5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://xiaotiandisg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Tue, 20 Feb 2024 13:07:12 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
51
x-xss-protection
0
expires
Tue, 20 Feb 2024 13:07:12 GMT
trk
www.iolam.it/service/ 		0
0
ads
securepubads.g.doubleclick.net/gampad/ 		54 KB
21 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=777907758705713&correlator=3600171687286832&eid=31081139&output=ldjh&gdfp_req=1&vrg=202402140101&ptt=17&impl=fifs&npa=1&iu_parts=5180%2Clibero%2Cwebmail%2Clogin%2Cundefined&enc_prev_ius=%2F0%2F1%2F2%2F3%2F4&prev_iu_szs=1540x1024&ifi=1&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1708434434378&lmt=1708434434&adxs=576&adys=50&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fxiaotiandisg.com%2Fex%2Fquan12%2Fit%2Findex.php&vis=1&psz=980x0&msz=1540x0&fws=0&ohw=0&ga_vid=1603573215.1708434434&ga_sid=1708434434&ga_hid=826183891&ga_fc=false&dlt=1708434431582&idt=907&cust_params=oe%3DUTF-8%26optout%3D1%26adv_infocus%3Dyes%26adv_referrer%3Dother%26adv_sgt%3D1%26is_native%3Dno%26xdid_user_ui%3Dfalse%26adv_sso1%3D0%26adv_sso2%3D0%26adv_sso3%3D0%26gdpr%3D0&adks=68688629&frm=20
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202402140101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
dc5ba47dbbb49a3416f2a01046acabe937bf1dc4315b962ce678d790bd92d76b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://xiaotiandisg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Tue, 20 Feb 2024 13:07:14 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20966
x-xss-protection
0
google-lineitem-id
6429387014
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138458893573
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://xiaotiandisg.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/ 		16 KB
13 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202402140101&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202402140101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
011abc03ec4e0c2bc8478dd1e48223f3c4353d0c9a991c94b31223b8225de2d8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://xiaotiandisg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Tue, 20 Feb 2024 13:07:14 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12510
x-xss-protection
0
container.html
36c5ab2d79b89b777c2aefd8a2034db4.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 7353 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://36c5ab2d79b89b777c2aefd8a2034db4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202402140101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xiaotiandisg.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 20 Feb 2024 13:07:14 GMT
expires
Wed, 19 Feb 2025 13:07:14 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
view
securepubads.g.doubleclick.net/pcs/ Frame 730C 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv_Io6SpGrdsUl6h329iL8w_d6yorUXGnoU0w8OS1wLWJR_XbehgiKG_xVdY-IRt4DGVkDWs3IgHqEWjtOZmXXr1S3AKOl206r2OqbVb5TVrXOM_DvLV8DBzdbmi8FxuWmoPdZfYfXu0_8kL29CFLQvAYTr3QR2aX2V2RDhKBUgx_PgifkPhmHRi5waWe36DwZC2VGJR7CdIQsF7suehjqDUriduJpiOYDYgD6yYmj1k12ehLvBv9eOJ2pBe4rtXwSNu-6QDA0DfntHMu11wGI2c-3y6CYnKgw2ypuvQC4Z21uYloVgQEG5OXDdI_DwQFVq0oRk_aLICCFXshm4Zysy1ILUp9VzECUKduCEOGflwLzcwU2lIl8&sai=AMfl-YReO_xFYbXarwSWmO3V7jH7MzSiuphn-w72zSHESvw4fnQjEKdQiFqYsx_4spVMxX7fEkXdOtICgxFRT5yehElfn_aYdYktT3AoCNbxr4jdUwvLnWtcw9Ej_DfGrFVMXkzHNooRIOkqFBiFItKZ3dg&sig=Cg0ArKJSzIHVAAVF65WUEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Requested by
Host: xiaotiandisg.com
URL: https://xiaotiandisg.com/ex/quan12/it/index.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://xiaotiandisg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Tue, 20 Feb 2024 13:07:14 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Tue, 20 Feb 2024 13:07:14 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/ Frame 730C 		23 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/abg_lite_fy2021.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202402140101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4d196aab20ec653c7f7dfc1e03cc9e2e3dd7f36ab63d756f7c436c93b26c1007
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://xiaotiandisg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Tue, 20 Feb 2024 09:40:52 GMT
content-encoding
br
x-content-type-options
nosniff
age
12382
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8991
x-xss-protection
0
server
cafe
etag
11525033739721728465
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 05 Mar 2024 09:40:52 GMT
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 730C 		204 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202402140101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
841f365e0540df77f892242a962098480625d80f10e380bfb93329a027978632
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://xiaotiandisg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Tue, 20 Feb 2024 12:46:33 GMT
content-encoding
br
x-content-type-options
nosniff
age
1241
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
62824
x-xss-protection
0
server
cafe
etag
vary
Accept-Encoding
content-type
text/javascript; charset=ISO-8859-1
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Tue, 20 Feb 2024 13:46:33 GMT
AdvContent20x20.png
i3.plug.it/banners/img/ 		537 B
905 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i3.plug.it/banners/img/AdvContent20x20.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.8 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-8.muc50.r.cloudfront.net
Software
nginx /
Resource Hash
68cfa5d1e626ad1796c8c8db8276c8196f7235100b9ae6f7380a4f8920bd994c

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://xiaotiandisg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Tue, 20 Feb 2024 05:45:18 GMT
via
1.1 e33c4b19512a86c5972c18d1c60d21f8.cloudfront.net (CloudFront)
last-modified
Tue, 09 Jun 2020 08:23:45 GMT
server
nginx
x-amz-cf-pop
MUC50-P2
age
26666
etag
"5edf4711-219"
x-cache
Hit from cloudfront
content-type
image/png
cache-control
max-age=1200, public
accept-ranges
bytes
content-length
537
x-amz-cf-id
rdVkd4EUiq2y3dg9hCitmhoz78xl6j6tShk5NKcrUGHx98GvbmGxLQ==
expires
Tue, 20 Feb 2024 06:02:48 GMT
8673418302248010440
tpc.googlesyndication.com/simgad/ 		292 KB
292 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/8673418302248010440?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
033ee652119712cffee83d9291ef40bae7940ff3540461c865b4a8ee57c698f2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://xiaotiandisg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

expires
Mon, 17 Feb 2025 18:14:19 GMT
date
Sun, 18 Feb 2024 18:14:19 GMT
x-content-type-options
nosniff
age
154375
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
298795
x-xss-protection
0
last-modified
Tue, 19 Dec 2023 09:31:50 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons
true
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202402140101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://xiaotiandisg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Tue, 20 Feb 2024 13:07:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 20 Feb 2024 13:07:14 GMT
truncated
/ Frame 730C 		209 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fa938cbfaa53188ab86d5266c1e5ef34102e3ecd763f15e2e3f867de71153476

Request headers

accept-language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/png
jload
pixel.adsafeprotected.com/ Frame ECDA 		61 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pixel.adsafeprotected.com/jload?anId=926174&campId=1540x1024&pubId=38840327&chanId=131213447&placementId=6429387014&pubCreative=138458893573&pubOrder=3279327070&cb=234271390&impId=&ias_adpath=%23adv_click
Requested by
Host: xiaotiandisg.com
URL: https://xiaotiandisg.com/ex/quan12/it/index.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.211.3.71 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-211-3-71.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
cace107181ad38445247693573d72092c36cbb9510c187dc56d5b77b42b9c12a

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://xiaotiandisg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Feb 2024 13:07:15 GMT
content-encoding
gzip
vary
accept-encoding
content-type
application/javascript;charset=utf-8
access-control-allow-origin
pixel.adsafeprotected.com
cache-control
no-cache
access-control-allow-credentials
true
expires
Wed, 31 Dec 1969 23:59:59 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 730C 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvg6An1Q2fBRI3bsNw-fSiN__n57GOboachDc2eBfg9_uLmc_SPzc-pWFOoxJSezLjXSwpvOxx0jeZGBdOUbkfI9p2eaZ-ZIfZdxrDNlCJejk-EpE_vwlMYa2iks7G5h1IwD70Gtnrr8_JygRI9ewqJ708mzNzE1lC0TXGwaQjYAvxew3AD1GhaRah0DcdoyV8RUH8T8UggQr8Xg-7sm3DBeRrjtSzJBYc5Zq2yGMhKLB_I3opqmERkK4To-mue86QQR4NvrIR70UMexOiWlPqdGTwWlzPuBT1Pn23OJ_hp6lthRT6iUVBMrl63I3gLFYZez5lviGLWA0ISH0b6cHIVm1ej7XjCnHML85AFxQ_ZhjAIUSEcBPKqQg&sai=AMfl-YRdDLPdzLxJHALijq4UumcZlV5dS1y0yh0En1xkgzcu3yIY84AgCKsS2KsJeAcTnpSlHgvnsJ4gVCEt2RysCw-WbMLgyQhDBEOatXCf7Kz_vR8u52ecwF0FinZdROBpE1mqEP1b2SJjV11Eknz2GKQ&sig=Cg0ArKJSzGcE3SaJ61f4EAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://xiaotiandisg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Tue, 20 Feb 2024 13:07:14 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Tue, 20 Feb 2024 13:07:14 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 0FCA 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xiaotiandisg.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

accept-ranges
bytes
age
6693
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 20 Feb 2024 11:15:41 GMT
expires
Wed, 19 Feb 2025 11:15:41 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 798B 		829 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
ef424c5c8a1cc0ca9507a4b3c2b8f6702540733843bbcbef7e80800da6475465
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-F2TBLY1-AIThhqUnW72-LQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://xiaotiandisg.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-F2TBLY1-AIThhqUnW72-LQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Tue, 20 Feb 2024 13:07:14 GMT
expires
Tue, 20 Feb 2024 13:07:14 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
Ke811GU8D9oP10uMu54EDqWuI5DGCOjC6vNIGcZJ2dY.js
pagead2.googlesyndication.com/bg/ Frame 0FCA 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/Ke811GU8D9oP10uMu54EDqWuI5DGCOjC6vNIGcZJ2dY.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
29ef35d4653c0fda0fd74b8cbb9e040ea5ae2390c608e8c2eaf34819c649d9d6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Tue, 20 Feb 2024 10:46:34 GMT
content-encoding
br
x-content-type-options
nosniff
age
8440
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15261
x-xss-protection
0
last-modified
Mon, 12 Feb 2024 13:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 19 Feb 2025 10:46:34 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 798B 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202402140101&jk=777907758705713&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers
generate_204
tpc.googlesyndication.com/ Frame 0FCA 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?HxlOVg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Tue, 20 Feb 2024 13:07:14 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
main.19.8.483.js
static.adsafeprotected.com/ Frame ECDA 		216 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/main.19.8.483.js
Requested by
Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=926174&campId=1540x1024&pubId=38840327&chanId=131213447&placementId=6429387014&pubCreative=138458893573&pubOrder=3279327070&cb=234271390&impId=&ias_adpath=%23adv_click
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:7c00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
da48bc52d5e10176bcc636931d9560d04f283b20771411ce0ca0b26320b29a84

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://xiaotiandisg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Mon, 12 Feb 2024 20:39:13 GMT
x-amz-version-id
ixRMmv01I.PQMZuMFiLKLt94Cut2dK48
content-encoding
gzip
via
1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
age
664083
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Mon, 12 Feb 2024 18:45:23 GMT
server
AmazonS3
etag
W/"b5ee14757eb2b926012930e9b7f14184"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
x-amz-cf-id
FFA36wJfMaSZ_GgwsOdAgEiCxl0b3QuHF6V-U72yKLioUAXJFp_RUg==
sca.17.6.2.js
static.adsafeprotected.com/ Frame 28CA 		91 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/sca.17.6.2.js
Requested by
Host: xiaotiandisg.com
URL: https://xiaotiandisg.com/ex/quan12/it/index.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:7c00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://xiaotiandisg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 21 Sep 2023 00:09:11 GMT
x-amz-version-id
go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding
gzip
via
1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
age
13179485
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 20 Sep 2022 19:21:34 GMT
server
AmazonS3
etag
W/"1f3488247c90bb5de253d3d0cb3b7458"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
x-amz-cf-id
4nRPtBRq5GuMbN1j_SynedG7q7BaQ6wW8DVqjaszakJKCjsGjcUEuw==
mon
pixel.adsafeprotected.com/ 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.adsafeprotected.com/mon?anId=926174&campId=1540x1024&pubId=38840327&chanId=131213447&placementId=6429387014&pubCreative=138458893573&pubOrder=3279327070&cb=234271390&impId=&ias_adpath=%23adv_click&adsafe_url=https%3A%2F%2Fxiaotiandisg.com%2Fex%2Fquan12%2Fit%2Findex.php&adsafe_type=abcedq&adsafe_url=https%3A%2F%2Fxiaotiandisg.com%2F&adsafe_type=f&adsafe_jsinfo=,id:18d022f7-42df-a5d2-a0f1-04e273daa1ed,c:4LNzXn,sl:inView,em:true,fr:true,thd:1,mn:jsserver-primary-574dd564c-79hkg,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:0.0.1600.1200,am:sp,cc:0.0.1600.1200,piv:100,obst:0,th:0,reas:,mu:10000,br:c,bru:c,an:n,oam:0,scm:publ1.grpm1.uJaQN1,mtim:157,mot:0,app:0,maw:0,tdt:s,fm:u4PCMAQ+11%7C12%7C13*.926174%7C131%7C14%7C15,idMap:13*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:1,renddet:DIV.qs.sn,es:0,sc:1,ha:1,fgad:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,et:169,oid:f7cd6e14-cff0-11ee-a127-da802f8033b1,v:19.8.483,sp:1,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.211.3.71 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-211-3-71.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://xiaotiandisg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Feb 2024 13:07:15 GMT
server
nginx
x-server-name
app11.ie.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ 		43 B
216 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=926174&asId=18d022f7-42df-a5d2-a0f1-04e273daa1ed&tv=%7Bc:4LNzXo,pingTime:-8,time:170,type:l,es:0,sc:1,ha:1,fgad:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:170,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:168,wc:0.0.1600.1200,ac:0.0.1600.1200,am:sp,cc:0.0.1600.1200,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B10~100%5D,as:%5B10~1600.1200%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:u4PCMAQ+11%7C12%7C13*.926174%7C131%7C14%7C15,idMap:13*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:169%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7781:f664:1bd2:41ff:5a10 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://xiaotiandisg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Feb 2024 13:07:15 GMT
server
nginx
x-server-name
dt09.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=926174&asId=18d022f7-42df-a5d2-a0f1-04e273daa1ed&tv=%7Bc:4LNzXC,pingTime:0,time:184,type:pf,clog:%5B%7Bpiv:100,vs:i,r:,w:1600,h:1200,t:168%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:184,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:168,wc:0.0.1600.1200,ac:0.0.1600.1200,am:sp,cc:0.0.1600.1200,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B24~100%5D,as:%5B24~1600.1200%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:u4PCMAQ+11%7C12%7C13*.926174%7C131%7C14%7C15,idMap:13*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:169%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7781:f664:1bd2:41ff:5a10 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://xiaotiandisg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Feb 2024 13:07:15 GMT
server
nginx
x-server-name
dt25.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=926174&asId=18d022f7-42df-a5d2-a0f1-04e273daa1ed&tv=%7Bc:4LNzXF,pingTime:-2,time:187,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:554,beZ:555,mfA:711,cmA:712,inA:712,inZ:715,prA:715,prZ:718,si:723,poA:724,poZ:734,cmZ:734,mfZ:734,loA:738,loZ:740,ltA:740,ltZ:740,mdA:555,mdZ:692%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:100.100,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:100,vs:i,r:,w:1600,h:1200,t:168%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:187,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:168,wc:0.0.1600.1200,ac:0.0.1600.1200,am:sp,cc:0.0.1600.1200,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B27~100%5D,as:%5B27~1600.1200%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:u4PCMAQ+11%7C12%7C13*.926174%7C131%7C14%7C15,idMap:13*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:169,slid:%5Bgoogle_ads_iframe_/5180/libero/webmail/login/undefined_0,google_ads_iframe_/5180/libero/webmail/login/undefined_0__container__,adsplash,wrapper-iol%5D,sinceFw:17,readyFired:true%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7781:f664:1bd2:41ff:5a10 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://xiaotiandisg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Feb 2024 13:07:15 GMT
server
nginx
x-server-name
dt10.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202402140101&jk=777907758705713&bg=!bG-lbyDNAAZN4L4YbeA7ADQBe5WfOCEbng-9bNPbEdRF_F-SRnsMs_gBBxoJanBzePlDHE3qPWej6A5yCVSjCxk6hzLbAgAAADtSAAAAAmgBB5kC0ifUAhluA2fGpory14-hq7CNrSvFD_BYSW8qbCrwWA-U292y5qadhKf6ihGHtLd7qGD_JjZyQwOUZ4gXUjb0KEQplA42skhcNmFScnlgSXX4iFfLKOIkwEH-PxpU8eU1jKFGYc19Qs1cZoK475jrgPePRsvv077FGNWV6Ohc9dg9fGpGc304C1uTH1zWy0ZIV6qRYl4qF3U1i1y5LwM87R_9U6zGVfmDL1Rch5X9ar11JroCzojqB7IvQtU4mrk9v_WgwEz0SWrZcAYb-m_7DWp2g-8D4aWI24Dzl7DiJYNQ2BV5kKnqHapXSKC4r6fpD3vT1P-7QPo6VXuh8DzZrjdTC-zLP69LkLeDAC9waUnBSYj4CcopzHg9g-yfO8QgCH6uFSLyify9I3H29vLZULMObmx4HnCr_gED0eipOF_3LPDLnzvNmX3Fo2V7UlgCfWIeT8p4ebnQ0u_h0rDarjcGm5ovIyd1ryz3k3ulr7FB0Eg4BBzMg7B9CSIlaqbID_diY7I7EXNXXezICRgKXRn3gDBiShcO-t2UkZehU1w7MmM3ooWNefOF04lsvCRC0ikEX43Oe9-MtlLTwkPEnNyxgwPSjaDayPhdimfkxITk3EPUfE8cNtHFn54fMy4jI3AjzVhgHi06NPXRdRxjetfxtHeMQbWKMJPs6MXAX83EwEYkNA0inBP2jA9fFuU7auAYnC0Ma2dYi3c5upAdBAUb4Dbn1_JJ3rdtXji66t6mp671vqAg2OpjYOwPFEZAlk25LcF44RAv1O2BxEqLj-105U2CLGc7PKdOElIYXK3Ci0-hJqEy1kIR1IUPg2fVD3HdEEpv8M7Cjkn1Ikq1oxMZmkCvboygYQRqhzX1KiPnTpJEwlxZI9VkQrQl__llRQq75Kt1GPi3UCp8ZxE9driNna9AVUaPzprDlKOFaNfBbrKpdEeKA9wC5RcWEPXGs8p_
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://xiaotiandisg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers
dt
dt.adsafeprotected.com/ 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=926174&asId=18d022f7-42df-a5d2-a0f1-04e273daa1ed&tv=%7Bc:4LNA2x,pingTime:-10,time:489,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtNjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjEuMC42MTY3LjE4NCBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1708434435733%7C%7C8ba47f1e332d14c5a7a3231ceb4a3240%7C%7C1605e69839cb81a076535f1842285622%7C%7Ca9ce7999976f4f75babab4bfae8c917d%7C%7C54c161069caff1c8914965ee083ad57d%7C%7C7cfa11c1546c72484a04370063b745e6%7C%7C489af34db289b2f6d9810e5e9cac03c9%7C%7C0d91acb8b63e70788a787502f5e6b842%7C%7C1663701684%7D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7781:f664:1bd2:41ff:5a10 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://xiaotiandisg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Feb 2024 13:07:15 GMT
server
nginx
x-server-name
dt11.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=926174&asId=18d022f7-42df-a5d2-a0f1-04e273daa1ed&tv=%7Bc:4LNAdL,pingTime:1,time:1185,type:p,clog:%5B%7Bpiv:100,vs:i,r:,w:1600,h:1200,t:168%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:1185,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:168,wc:0.0.1600.1200,ac:0.0.1600.1200,am:sp,cc:0.0.1600.1200,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1025~100%5D,as:%5B1025~1600.1200%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:284,fm:u4PCMAQ+11%7C12%7C13*.926174%7C131%7C14%7C15,idMap:13*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:169,sis:267%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7781:f664:1bd2:41ff:5a10 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://xiaotiandisg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Feb 2024 13:07:16 GMT
server
nginx
x-server-name
dt08.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=926174&asId=18d022f7-42df-a5d2-a0f1-04e273daa1ed&tv=%7Bc:4LNAdL,pingTime:1,time:1185,type:c,clog:%5B%7Bpiv:100,vs:i,r:,w:1600,h:1200,t:168%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:1185,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:168,wc:0.0.1600.1200,ac:0.0.1600.1200,am:sp,cc:0.0.1600.1200,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1025~100%5D,as:%5B1025~1600.1200%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:284,fm:u4PCMAQ+11%7C12%7C13*.926174%7C131%7C14%7C15,idMap:13*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:169,sis:267,metricId:publ1,cmr:t%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7781:f664:1bd2:41ff:5a10 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://xiaotiandisg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Feb 2024 13:07:16 GMT
server
nginx
x-server-name
dt17.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=926174&asId=18d022f7-42df-a5d2-a0f1-04e273daa1ed&tv=%7Bc:4LNAdL,pingTime:1,time:1185,type:c,clog:%5B%7Bpiv:100,vs:i,r:,w:1600,h:1200,t:168%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:1185,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:168,wc:0.0.1600.1200,ac:0.0.1600.1200,am:sp,cc:0.0.1600.1200,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1025~100%5D,as:%5B1025~1600.1200%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:284,fm:u4PCMAQ+11%7C12%7C13*.926174%7C131%7C14%7C15,idMap:13*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:169,sis:267,metricId:grpm1,cmr:t%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7781:f664:1bd2:41ff:5a10 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://xiaotiandisg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Feb 2024 13:07:16 GMT
server
nginx
x-server-name
dt22.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
italiaonline.profiles.tagger.opecloud.com
URL
https://italiaonline.profiles.tagger.opecloud.com/v1/targeting?url=https%3A%2F%2Fxiaotiandisg.com%2Fex%2Fquan12%2Fit%2Findex.php&gdpr_applies=0
Domain
www.iolam.it
URL
https://www.iolam.it/service/trk

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Libero (Online)

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 function| $ function| jQuery object| Placeholders object| IOL boolean| iamInitialized object| pubAdsCfg object| grumi object| googletag object| ggeac object| google_tag_data object| google_js_reporting_queue undefined| google_measure_js_timing number| google_unique_id object| gaGlobal object| GoogleGcLKhOms object| google_image_requests

6 Cookies

Domain/Path Name / Value
cutt.ly/ Name: PHPSESSID
Value: j2ceelumiem5ob43jiuqdj2rbk
xiaotiandisg.com/ Name: PHPSESSID
Value: db97464b910fe1ce2ec12dfe8a1bbb11
.xiaotiandisg.com/ Name: __gads
Value: ID=6428122890b53601:T=1708434434:RT=1708434434:S=ALNI_MY68X5LrR1fjsebkGfcoqypNJ1t-A
.xiaotiandisg.com/ Name: __gpi
Value: UID=00000d5de8c108b9:T=1708434434:RT=1708434434:S=ALNI_MYw2FPGzvFV5tyJZWrbCXCeEbmRzQ
.xiaotiandisg.com/ Name: __eoi
Value: ID=9d1cd41304e45f46:T=1708434434:RT=1708434434:S=AA-AfjYKBlsvuCDvbx419uMfU4GR
.doubleclick.net/ Name: IDE
Value: AHWqTUmywwcYTBMNR1UFCDppNhy4fVkFAnK5VFccQc68FllGn49jKCzZbBCqpNDlzbE

9 Console Messages

Source Level URL
Text
javascript error URL: https://xiaotiandisg.com/ex/quan12/it/index.php
Message:
Access to XMLHttpRequest at 'https://italiaonline.profiles.tagger.opecloud.com/v1/targeting?url=https%3A%2F%2Fxiaotiandisg.com%2Fex%2Fquan12%2Fit%2Findex.php&gdpr_applies=0' from origin 'https://xiaotiandisg.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://italiaonline.profiles.tagger.opecloud.com/v1/targeting?url=https%3A%2F%2Fxiaotiandisg.com%2Fex%2Fquan12%2Fit%2Findex.php&gdpr_applies=0
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://xiaotiandisg.com/ex/quan12/it/;);%20background-repeat:%20no-repeat;%20background-color:%20rgb(104,%20231,%20255);%20background-position:%20center%20top
Message:
Failed to load resource: the server responded with a status of 404 ()
javascript error URL: https://xiaotiandisg.com/ex/quan12/it/index.php
Message:
Access to XMLHttpRequest at 'https://www.iolam.it/service/trk' from origin 'https://xiaotiandisg.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://www.iolam.it/service/trk
Message:
Failed to load resource: net::ERR_FAILED
other warning URL: https://xiaotiandisg.com/ex/quan12/it/index.php
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://xiaotiandisg.com/ex/quan12/it/index.php
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://xiaotiandisg.com/ex/quan12/it/index.php
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://xiaotiandisg.com/ex/quan12/it/index.php
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

36c5ab2d79b89b777c2aefd8a2034db4.safeframe.googlesyndication.com
ajax.googleapis.com
cdnjs.cloudflare.com
cutt.ly
dt.adsafeprotected.com
fonts.googleapis.com
fonts.gstatic.com
i3.plug.it
italiaonline.profiles.tagger.opecloud.com
pagead2.googlesyndication.com
pixel.adsafeprotected.com
securepubads.g.doubleclick.net
static.adsafeprotected.com
tpc.googlesyndication.com
www.google.com
www.iolam.it
xiaotiandisg.com
italiaonline.profiles.tagger.opecloud.com
www.iolam.it
108.138.36.8
192.185.56.100
213.209.30.161
2600:1f13:800:7781:f664:1bd2:41ff:5a10
2600:9000:223f:7c00:8:48e:53c0:93a1
2606:4700:10::ac43:8ee
2606:4700::6811:190e
2a00:1450:4001:80e::2002
2a00:1450:4001:813::2001
2a00:1450:4001:81c::200a
2a00:1450:4001:827::2001
2a00:1450:4001:829::200a
2a00:1450:4001:830::2004
2a00:1450:4001:831::2002
2a00:1450:4001:831::2003
3.67.62.186
52.211.3.71
011abc03ec4e0c2bc8478dd1e48223f3c4353d0c9a991c94b31223b8225de2d8
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
033ee652119712cffee83d9291ef40bae7940ff3540461c865b4a8ee57c698f2
148c0dcd3eff6305eaffe3600d31334604cc02591259020e54d8835be0e20dfe
1e7271f832628acc449ce087d6d75f51739b98094a637c4169940287705ba497
270524b0d27afd1d3b6622d1a176c678daed94564c143297e217a63e21ce9820
29b8ba22f7639c660e047493a99cef7715007e1f80bd71c75ec730c7c451fb4c
29ef35d4653c0fda0fd74b8cbb9e040ea5ae2390c608e8c2eaf34819c649d9d6
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
4d196aab20ec653c7f7dfc1e03cc9e2e3dd7f36ab63d756f7c436c93b26c1007
54ea3b729d9ff4a499d3bf59b0497606ceb27b7100c60d74d28467224f3983f9
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62a1381a91103691d778d56420250c6013cb658549e347629cd7153914125eb5
6371356d9cb87a361f550a77f374e58eb68a25ab048440a04e11fba1cc575876
63aad2f9437f8847d3c35c62046edbbe10e80acd29958d996f53cd990c8264d8
68cfa5d1e626ad1796c8c8db8276c8196f7235100b9ae6f7380a4f8920bd994c
694adc42b1e12c4edc69f43c2aaafea20e28d55d4ee73c3505cd1bf8b90e3452
6b357faf1af06c35adad14d49a96e43a9c8b09f2016c4690dd3d058b9b9cfcf9
841f365e0540df77f892242a962098480625d80f10e380bfb93329a027978632
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
bb5e8eef5efe4f00b4a4bb3df651d1418ecf8072ec98393dd773454f814f477c
bb631cb41d70ab6f8a07ab80b053676bca8589e7e1d835827f30e1bffbed91c5
c4dccdd9ae25b64078e0c73f273de94f8894d5c99e4741645ece29aeefc9c5a4
cace107181ad38445247693573d72092c36cbb9510c187dc56d5b77b42b9c12a
da48bc52d5e10176bcc636931d9560d04f283b20771411ce0ca0b26320b29a84
dc5ba47dbbb49a3416f2a01046acabe937bf1dc4315b962ce678d790bd92d76b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef424c5c8a1cc0ca9507a4b3c2b8f6702540733843bbcbef7e80800da6475465
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
fa938cbfaa53188ab86d5266c1e5ef34102e3ecd763f15e2e3f867de71153476
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e