www.pgh.mobi Open in urlscan Pro
18.139.152.202 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.pgh.mobi/simlevelup799_supersale
Submission: On November 10 via api (November 10th 2025, 7:11:58 pm UTC) from US — Scanned from SG

Summary HTTP 53 Redirects Behaviour Indicators

Summary

This website contacted 11 IPs in 3 countries across 11 domains to perform 53 HTTP transactions. The main IP is 18.139.152.202, located in Singapore, Singapore and belongs to AMAZON-02, US. The main domain is www.pgh.mobi.
TLS certificate: Issued by R13 on September 26th 2025. Valid for: 3 months.

This is the only time www.pgh.mobi was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Fake Shop (Retail)

Domain & IP information

	IP Address	AS Autonomous System
1	18.139.152.202 18.139.152.202	16509 (AMAZON-02) (AMAZON-02)
1	2404:6800:400... 2404:6800:4003:c04::5f	15169 (GOOGLE) (GOOGLE)
13	2600:9000:208... 2600:9000:2085:e000:11:52e1:b680:93a1	16509 (AMAZON-02) (AMAZON-02)
3	57.144.150.128 57.144.150.128	32934 (FACEBOOK) (FACEBOOK)
1	171.244.25.77 171.244.25.77	7552 (VIETEL-AS...) (VIETEL-AS-AP Viettel Group)
11	142.251.10.94 142.251.10.94	15169 (GOOGLE) (GOOGLE)
6	54.251.88.32 54.251.88.32	16509 (AMAZON-02) (AMAZON-02)
1	2404:6800:400... 2404:6800:4003:c01::65	15169 (GOOGLE) (GOOGLE)
2	120.138.69.212 120.138.69.212	38244 (VINAGAME-...) (VINAGAME-AS-VN VNG Corporation)
13	57.144.152.1 57.144.152.1	32934 (FACEBOOK) (FACEBOOK)
2 2	52.221.119.108 52.221.119.108	16509 (AMAZON-02) (AMAZON-02)
53	11

1 18.139.152.202 (Singapore, Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-139-152-202.ap-southeast-1.compute.amazonaws.com

www.pgh.mobi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4003:c04::5f (Singapore, Singapore)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2600:9000:2085:e000:11:52e1:b680:93a1 (United States)

ASN16509 (AMAZON-02, US)

w.ladicdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 57.144.150.128 (Singapore, Singapore)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-sin11.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 171.244.25.77 (Viet Nam)

ASN7552 (VIETEL-AS-AP Viettel Group, VN)

s.zzcdn.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 142.251.10.94 (United States)

ASN15169 (GOOGLE, US)
PTR: sd-in-f94.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 54.251.88.32 (Singapore, Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-251-88-32.ap-southeast-1.compute.amazonaws.com

a.ladipage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4003:c01::65 (Singapore, Singapore)

ASN15169 (GOOGLE, US)

docs.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 120.138.69.212 (Viet Nam)

ASN38244 (VINAGAME-AS-VN VNG Corporation, VN)
PTR: ptr.vng.vn

log.adtimaserver.vn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 57.144.152.1 (Singapore, Singapore)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-sin2.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.221.119.108 (Singapore, Singapore) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-221-119-108.ap-southeast-1.compute.amazonaws.com

static.ladipage.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	facebook.com www.facebook.com — Cisco Umbrella Rank: 123	1 KB
13	ladicdn.com w.ladicdn.com — Cisco Umbrella Rank: 116699	1 MB
11	gstatic.com fonts.gstatic.com	365 KB
6	ladipage.com a.ladipage.com — Cisco Umbrella Rank: 132431	2 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 235	162 KB
2	ladipage.net 2 redirects static.ladipage.net — Cisco Umbrella Rank: 255731	267 B
2	adtimaserver.vn log.adtimaserver.vn — Cisco Umbrella Rank: 74072	615 B
1	google.com docs.google.com — Cisco Umbrella Rank: 154	6 KB
1	zzcdn.me s.zzcdn.me — Cisco Umbrella Rank: 156142	13 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 48	3 KB
1	pgh.mobi www.pgh.mobi	33 KB
53	11

	Domain	Requested by
13	www.facebook.com	connect.facebook.net www.pgh.mobi
13	w.ladicdn.com	www.pgh.mobi w.ladicdn.com
11	fonts.gstatic.com	fonts.googleapis.com
6	a.ladipage.com	w.ladicdn.com
3	connect.facebook.net	www.pgh.mobi connect.facebook.net
2	static.ladipage.net	2 redirects
2	log.adtimaserver.vn	s.zzcdn.me www.pgh.mobi
1	docs.google.com	w.ladicdn.com
1	s.zzcdn.me	www.pgh.mobi
1	fonts.googleapis.com	www.pgh.mobi
1	www.pgh.mobi
53	11

This site contains no links.

Subject Issuer	Validity	Valid
www.pgh.mobi R13	`2025-09-26` - `2025-12-25`	3 months	crt.sh
upload.video.google.com WR2	`2025-10-13` - `2026-01-05`	3 months	crt.sh
w.ladicdn.com Amazon RSA 2048 M03	`2025-08-14` - `2026-09-12`	a year	crt.sh
*.facebook.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2025-08-20` - `2025-11-18`	3 months	crt.sh
*.zzcdn.me RapidSSL TLS RSA CA G1	`2025-01-06` - `2026-01-13`	a year	crt.sh
*.gstatic.com WR2	`2025-10-13` - `2026-01-05`	3 months	crt.sh
a.ladipage.com Amazon RSA 2048 M03	`2025-03-18` - `2026-04-16`	a year	crt.sh
*.google.com WR2	`2025-10-13` - `2026-01-05`	3 months	crt.sh
*.adtimaserver.vn RapidSSL TLS RSA CA G1	`2025-04-15` - `2026-04-22`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://www.pgh.mobi/simlevelup799_supersale
Frame ID: BF355F0BBA3B6A2F3F97C96BC99A57FF
Requests: 48 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: B65D1E06DE0696FDC712AE50F39BD964
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 84154619E9524D9702F8CE84BC97BDD1
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

DITOSIM FREE 1 YEAR HIGH SPEED DATA

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

TrackJs (Analytics) Expand

Overall confidence: 100%
Detected patterns

tracker\.js

Page Statistics

53
Requests

94 %
HTTPS

27 %
IPv6

11
Domains

11
Subdomains

11
IPs

3
Countries

1950 kB
Transfer

3555 kB
Size

10
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 45

https://static.ladipage.net/60f2397ee86054001414e205/image-15-20230404143255-_hmgg.png HTTP 301
https://w.ladicdn.com/60f2397ee86054001414e205/image-15-20230404143255-_hmgg.png

Request Chain 46

https://static.ladipage.net/60f2397ee86054001414e205/image-15-20230404143255-_hmgg.png HTTP 301
https://w.ladicdn.com/60f2397ee86054001414e205/image-15-20230404143255-_hmgg.png

53 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request simlevelup799_supersale Show response
www.pgh.mobi/ 163 KB
33 KB 680ms
6ms Document
text/html 18.139.152.202
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://www.pgh.mobi/simlevelup799_supersale

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.139.152.202 Singapore, Singapore, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-139-152-202.ap-southeast-1.compute.amazonaws.com

Software

openresty /

Resource Hash

a81055f53465429ad7c1d0d261e72fec80fb676dcc188e415e26f2bdf138ce66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 10 Nov 2025 19:11:59 GMT
server: openresty
statuscode: 200
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 css2
fonts.googleapis.com/ 31 KB
3 KB 20ms
7ms Stylesheet
text/css 2404:6800:4003:c04::5f
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;700&family=Bungee&family=Oswald:wght@400;700&family=Paytone+One&family=Roboto+Slab:wght@400;700&family=Sriracha&family=Chonburi&family=Tinos:wght@400;700&display=swap

Requested by

Host: www.pgh.mobi
URL: https://www.pgh.mobi/simlevelup799_supersale

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c04::5f Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

032b97835f3c9603bb4d9662fd88956749a5006d4d53a91ff9cf3e10db78dc67

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.pgh.mobi/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 10 Nov 2025 19:11:59 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 10 Nov 2025 19:11:59 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Mon, 10 Nov 2025 19:11:59 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 ladipagev3.min.js Show response
w.ladicdn.com/v5/source/ 555 KB
123 KB 173ms
4ms Script
text/javascript 2600:9000:2085:e000:11:52e1:b680:93a1
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://w.ladicdn.com/v5/source/ladipagev3.min.js?v=1761128843123
Requested by: Host: www.pgh.mobi
URL: https://www.pgh.mobi/simlevelup799_supersale
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2085:e000:11:52e1:b680:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.26.3 /
Resource Hash: e915780eecee2c30be6a56376ec7a14c815fdc064fb1b669e543f105111e9cf3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.pgh.mobi/

Response headers

access-control-max-age: 2592000
content-encoding: gzip
age: 6171
access-control-allow-methods: GET
expires: Tue, 10 Nov 2026 17:29:08 GMT
x-cache: Hit from cloudfront
x-amz-cf-id: b9QaFLuDUu058ODRZYllq9FrlJm3SvJNgms0zljBvfm1BHIkSLnSjQ==
date: Mon, 10 Nov 2025 17:29:08 GMT
content-type: text/javascript
vary: Accept-Encoding
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Access-Control-Allow-Credentials
cache-control: public, max-age=31536000
access-control-allow-credentials: true
via: 1.1 a5f13b578ce06ddb74ffe9b76d0f495c.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: SIN2-P8
server: nginx/1.26.3

GET
H2 200 notify.svg
w.ladicdn.com/source/ 2 KB
872 B 176ms
8ms Image
image/svg+xml 2600:9000:2085:e000:11:52e1:b680:93a1
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://w.ladicdn.com/source/notify.svg?v=1.0
Requested by: Host: www.pgh.mobi
URL: https://www.pgh.mobi/simlevelup799_supersale
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2085:e000:11:52e1:b680:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.26.3 /
Resource Hash: c950f9d8711acbcb718c05c7d12d9297acfd418b228382d45c92c36deab49b12

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.pgh.mobi/

Response headers

access-control-max-age: 2592000
content-encoding: gzip
age: 3904922
access-control-allow-methods: GET
expires: Sat, 26 Sep 2026 14:29:57 GMT
x-cache: Hit from cloudfront
x-amz-cf-id: glanzHOKY5lPLvnFjjuu-yATeNRltsFeReCYMMnQxBbgKbkXye_QQA==
date: Fri, 26 Sep 2025 14:29:57 GMT
content-type: image/svg+xml
vary: Accept-Encoding
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Access-Control-Allow-Credentials
cache-control: public, max-age=31536000
access-control-allow-credentials: true
via: 1.1 a5f13b578ce06ddb74ffe9b76d0f495c.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: SIN2-P8
server: nginx/1.26.3

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 319 KB
82 KB 13ms
4ms Script
application/x-javascript 57.144.150.128
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.pgh.mobi
URL: https://www.pgh.mobi/simlevelup799_supersale

Protocol

Security

QUIC, , AES_128_GCM

Server

57.144.150.128 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-sin11.fbcdn.net

Software

Resource Hash

26013cc6a7c67ff6118a630c396d661266e8c0e68812c8676a444b9d26bf1efe

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' blob: ;script-src 'nonce-UenPY0rL' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: 'self' https://.google-analytics.com .google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: .cdninstagram.com https://.google-analytics.com;font-src 'self' data: blob: ;img-src 'self' data: blob: https://.google-analytics.com;media-src 'self' data: blob: ;child-src 'self' data: blob: ;frame-src 'self' data: blob: ;manifest-src 'self' data: blob: ;object-src 'self' data: blob: ;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.pgh.mobi/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 10 Nov 2025 19:11:59 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' blob: *;script-src 'nonce-UenPY0rL' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=2, rtx=0, c=23, mss=1232, tbw=4975, tp=9, tpl=0, uplat=0, ullat=-1
pragma: public
x-fb-debug: 862TMM0+NST1OWxsZGDf0GtbUdrKe7gKqMORORcE3ahMu8CNAgUeq9ZShWBZpciLCYDQwGh8MtEOF6IWeGzaiw==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
content-length: 83484
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 ztracker.js Show response
s.zzcdn.me/ztr/ 47 KB
13 KB 463ms
28ms Script
application/javascript 171.244.25.77
VIETEL-AS-AP Viet...

General

Check archive.org

Download Go to

Full URL: https://s.zzcdn.me/ztr/ztracker.js?id=7056840457216708608
Requested by: Host: www.pgh.mobi
URL: https://www.pgh.mobi/simlevelup799_supersale
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 171.244.25.77 , Viet Nam, ASN7552 (VIETEL-AS-AP Viettel Group, VN),
Reverse DNS
Software: Universe /
Resource Hash: b6e9dde0e875f7e217330c3af2367cd94d3ad1667f411c5a21d4bbc0e384e578

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.pgh.mobi/

Response headers

x-cache-status: HIT
cache-control: no-cache
content-encoding: gzip
age: 7659309
accept-ranges: bytes
access-control-allow-origin: *
content-length: 13316
date: Mon, 10 Nov 2025 19:11:59 GMT
content-type: application/javascript
server: Universe

GET
H2 200 533563680_1070420661932868_200436706324625882_n-20251019153436-x8cyy.jpg
w.ladicdn.com/s800x750/60f2397ee86054001414e205/ 120 KB
120 KB 165ms
101ms Image
image/jpeg 2600:9000:2085:e000:11:52e1:b680:93a1
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://w.ladicdn.com/s800x750/60f2397ee86054001414e205/533563680_1070420661932868_200436706324625882_n-20251019153436-x8cyy.jpg
Requested by: Host: www.pgh.mobi
URL: https://www.pgh.mobi/simlevelup799_supersale
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2085:e000:11:52e1:b680:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.26.3 /
Resource Hash: 5528830e1c113b9b57b3472ec6d03ccdcda46cf88533b71c4d27915e1aafac22

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.pgh.mobi/

Response headers

access-control-max-age: 2592000
content-encoding: gzip
access-control-allow-methods: GET
expires: Tue, 10 Nov 2026 19:11:59 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: 8zfjpflamCFVcg7Rsacvs1NDW4OWk7HIsXvgOXP-yXejHHF9ZIXoWw==
date: Mon, 10 Nov 2025 19:11:59 GMT
content-type: image/jpeg
vary: Accept-Encoding
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Access-Control-Allow-Credentials
cache-control: public, max-age=31536000
access-control-allow-credentials: true
via: 1.1 a5f13b578ce06ddb74ffe9b76d0f495c.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: SIN2-P8
server: nginx/1.26.3

GET
H2 200 5e4eebab43db9f85c6ca-20230331053542-khica.png
w.ladicdn.com/s600x400/60f2397ee86054001414e205/rbg/ 160 KB
159 KB 174ms
111ms Image
image/png 2600:9000:2085:e000:11:52e1:b680:93a1
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://w.ladicdn.com/s600x400/60f2397ee86054001414e205/rbg/5e4eebab43db9f85c6ca-20230331053542-khica.png
Requested by: Host: www.pgh.mobi
URL: https://www.pgh.mobi/simlevelup799_supersale
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2085:e000:11:52e1:b680:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.26.3 /
Resource Hash: c977c3ce6f0522c2d524a86f59830eff1704be7e1a2b8f0803118289125b8f28

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.pgh.mobi/

Response headers

access-control-max-age: 2592000
content-encoding: gzip
access-control-allow-methods: GET
expires: Tue, 10 Nov 2026 19:11:59 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: J5j9EJnYyrrw-ZrabtK25OW6QGm_UduU9Yo2aYUH4oh2ThVyhtQB9w==
date: Mon, 10 Nov 2025 19:11:59 GMT
content-type: image/png
vary: Accept-Encoding
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Access-Control-Allow-Credentials
cache-control: public, max-age=31536000
access-control-allow-credentials: true
via: 1.1 a5f13b578ce06ddb74ffe9b76d0f495c.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: SIN2-P8
server: nginx/1.26.3

GET
H2 200 97e9e388e33336a21ca5571667bb07e2_tn-20230331053809-x0d9v.jpg
w.ladicdn.com/s400x400/60f2397ee86054001414e205/ 12 KB
11 KB 129ms
67ms Image
image/jpeg 2600:9000:2085:e000:11:52e1:b680:93a1
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://w.ladicdn.com/s400x400/60f2397ee86054001414e205/97e9e388e33336a21ca5571667bb07e2_tn-20230331053809-x0d9v.jpg
Requested by: Host: www.pgh.mobi
URL: https://www.pgh.mobi/simlevelup799_supersale
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2085:e000:11:52e1:b680:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.26.3 /
Resource Hash: 89fed81a63c57a5d1701d02c7050f80d418e59a2377b7ca87c72df8af7dd7b42

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.pgh.mobi/

Response headers

access-control-max-age: 2592000
content-encoding: gzip
access-control-allow-methods: GET
expires: Tue, 10 Nov 2026 19:11:59 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: SUU_ep8LaK4xk3hN6GYv9h3Vd-Ct9r3zsyKD1qjv05hF-QKPkSkdpg==
date: Mon, 10 Nov 2025 19:11:59 GMT
content-type: image/jpeg
vary: Accept-Encoding
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Access-Control-Allow-Credentials
cache-control: public, max-age=31536000
access-control-allow-credentials: true
via: 1.1 a5f13b578ce06ddb74ffe9b76d0f495c.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: SIN2-P8
server: nginx/1.26.3

GET
H2 200 tai-xuong-47-20230315060353-ewid1.svg
w.ladicdn.com/60f2397ee86054001414e205/ 392 B
814 B 118ms
56ms Image
image/svg+xml 2600:9000:2085:e000:11:52e1:b680:93a1
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://w.ladicdn.com/60f2397ee86054001414e205/tai-xuong-47-20230315060353-ewid1.svg
Requested by: Host: www.pgh.mobi
URL: https://www.pgh.mobi/simlevelup799_supersale
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2085:e000:11:52e1:b680:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.26.3 /
Resource Hash: bc55c1dc961a3e7bbb61e7fca41ca8c9866636a5354a2aa118753ce84aabce2d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.pgh.mobi/

Response headers

access-control-max-age: 2592000
content-encoding: gzip
access-control-allow-methods: GET
expires: Tue, 10 Nov 2026 19:11:59 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: lzxlDllIQOjsDok-bNQRp1apreBfpC3S0l3NvSZV8XNw_NPVYOMJgw==
date: Mon, 10 Nov 2025 19:11:59 GMT
content-type: image/svg+xml
vary: Accept-Encoding
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Access-Control-Allow-Credentials
cache-control: public, max-age=31536000
access-control-allow-credentials: true
via: 1.1 a5f13b578ce06ddb74ffe9b76d0f495c.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: SIN2-P8
server: nginx/1.26.3

GET
H2 200 530486006_1070365505271717_2750494460689805149_n-removebg-preview-20251019153033-3bpdy.png
w.ladicdn.com/s600x650/60f2397ee86054001414e205/ 196 KB
195 KB 86ms
85ms Image
image/png 2600:9000:2085:e000:11:52e1:b680:93a1
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://w.ladicdn.com/s600x650/60f2397ee86054001414e205/530486006_1070365505271717_2750494460689805149_n-removebg-preview-20251019153033-3bpdy.png
Requested by: Host: www.pgh.mobi
URL: https://www.pgh.mobi/simlevelup799_supersale
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2085:e000:11:52e1:b680:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.26.3 /
Resource Hash: 545aaf24e1cd73eba2ab245e1456ef53835d1a33854771927637630806d80fa2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.pgh.mobi/

Response headers

access-control-max-age: 2592000
content-encoding: gzip
access-control-allow-methods: GET
expires: Tue, 10 Nov 2026 19:11:59 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: yBSWmNWnFi9L3XT3tY8ojRbJw3UbglCJw3PXirmh1FakxfGCjDAzYA==
date: Mon, 10 Nov 2025 19:11:59 GMT
content-type: image/png
vary: Accept-Encoding
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Access-Control-Allow-Credentials
cache-control: public, max-age=31536000
access-control-allow-credentials: true
via: 1.1 a5f13b578ce06ddb74ffe9b76d0f495c.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: SIN2-P8
server: nginx/1.26.3

GET
H2 200 source-20200715053103-20220228061546-20221115091145-qf0mt-20230316175354-i9y_j.gif
w.ladicdn.com/60f2397ee86054001414e205/ 299 KB
264 KB 103ms
103ms Image
image/gif 2600:9000:2085:e000:11:52e1:b680:93a1
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://w.ladicdn.com/60f2397ee86054001414e205/source-20200715053103-20220228061546-20221115091145-qf0mt-20230316175354-i9y_j.gif
Requested by: Host: www.pgh.mobi
URL: https://www.pgh.mobi/simlevelup799_supersale
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2085:e000:11:52e1:b680:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.26.3 /
Resource Hash: 245bbcf3d88b613116624bf93bca1379609daec781065c8aee315937836e9a5a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.pgh.mobi/

Response headers

access-control-max-age: 2592000
content-encoding: gzip
access-control-allow-methods: GET
expires: Tue, 10 Nov 2026 19:11:59 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: uvIfeYmzk0bGksh0cU5qvbsTVh-mIla5EyfIHErdIqkflE7nF4uDTg==
date: Mon, 10 Nov 2025 19:11:59 GMT
content-type: image/gif
vary: Accept-Encoding
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Access-Control-Allow-Credentials
cache-control: public, max-age=31536000
access-control-allow-credentials: true
via: 1.1 a5f13b578ce06ddb74ffe9b76d0f495c.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: SIN2-P8
server: nginx/1.26.3

GET
H2 200 sim-dito-20251019152911-es_aj.jpg
w.ladicdn.com/s700x700/60f2397ee86054001414e205/ 225 KB
210 KB 79ms
78ms Image
image/jpeg 2600:9000:2085:e000:11:52e1:b680:93a1
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://w.ladicdn.com/s700x700/60f2397ee86054001414e205/sim-dito-20251019152911-es_aj.jpg
Requested by: Host: www.pgh.mobi
URL: https://www.pgh.mobi/simlevelup799_supersale
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2085:e000:11:52e1:b680:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.26.3 /
Resource Hash: 648ead090843bdcc8027a46d48cbe72aba02ec143dca2be3744d6167ec2f5942

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.pgh.mobi/

Response headers

access-control-max-age: 2592000
content-encoding: gzip
access-control-allow-methods: GET
expires: Tue, 10 Nov 2026 19:11:59 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: ZEdt1QoqEA1wcbEshgvsCRNQo_-AqJ7LyaEBNyc8V8ZiW6ql-WZBtg==
date: Mon, 10 Nov 2025 19:11:59 GMT
content-type: image/jpeg
vary: Accept-Encoding
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Access-Control-Allow-Credentials
cache-control: public, max-age=31536000
access-control-allow-credentials: true
via: 1.1 a5f13b578ce06ddb74ffe9b76d0f495c.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: SIN2-P8
server: nginx/1.26.3

GET
H3 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v44/ 47 KB
47 KB 15ms
6ms Font
font/woff2 142.251.10.94
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;700&family=Bungee&family=Oswald:wght@400;700&family=Paytone+One&family=Roboto+Slab:wght@400;700&family=Sriracha&family=Chonburi&family=Tinos:wght@400;700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f94.1e100.net

Software

sffe /

Resource Hash

d8e4fe0452aa2076429a9bb5d8757d00a994dd95986cf950e9a1a371b9a072a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Origin: https://www.pgh.mobi
Referer: https://fonts.googleapis.com/

Response headers

age: 290358
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sat, 07 Nov 2026 10:32:41 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 07 Nov 2025 10:32:41 GMT
last-modified: Mon, 15 Sep 2025 16:30:41 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 48320
x-xss-protection: 0
server: sffe

GET
H3 200 8AtqGs-wOpGRTBq66LWdHLw.woff2
fonts.gstatic.com/s/chonburi/v14/ 18 KB
18 KB 18ms
10ms Font
font/woff2 142.251.10.94
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fonts.gstatic.com/s/chonburi/v14/8AtqGs-wOpGRTBq66LWdHLw.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f94.1e100.net

Software

sffe /

Resource Hash

dd390718e8371d31b80141f12469ca8640c84933ea330bd3df8c0ffdb81e0421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Origin: https://www.pgh.mobi
Referer: https://fonts.googleapis.com/

Response headers

age: 221561
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sun, 08 Nov 2026 05:39:18 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 08 Nov 2025 05:39:18 GMT
last-modified: Thu, 04 Sep 2025 17:05:46 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18764
x-xss-protection: 0
server: sffe

GET
H3 200 0nksC9P7MfYHj2oFtYm2ChTtgPs.woff2
fonts.gstatic.com/s/paytoneone/v25/ 22 KB
23 KB 18ms
10ms Font
font/woff2 142.251.10.94
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fonts.gstatic.com/s/paytoneone/v25/0nksC9P7MfYHj2oFtYm2ChTtgPs.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f94.1e100.net

Software

sffe /

Resource Hash

07b1f40d200f78b09482bfacca969678125ff4291209044bf0e391027f9981f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Origin: https://www.pgh.mobi
Referer: https://fonts.googleapis.com/

Response headers

age: 178020
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sun, 08 Nov 2026 17:44:59 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 08 Nov 2025 17:44:59 GMT
last-modified: Wed, 10 Sep 2025 16:49:41 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 23016
x-xss-protection: 0
server: sffe

GET
H3 200 buE1poGnedXvwj1AW3Fu0C8.woff2
fonts.gstatic.com/s/tinos/v25/ 26 KB
26 KB 27ms
19ms Font
font/woff2 142.251.10.94
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fonts.gstatic.com/s/tinos/v25/buE1poGnedXvwj1AW3Fu0C8.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f94.1e100.net

Software

sffe /

Resource Hash

e0a23c74d54fcac93ec7b8695ea8bd18ab355350c2a64cfe487ed1e2e6b58440

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Origin: https://www.pgh.mobi
Referer: https://fonts.googleapis.com/

Response headers

age: 219066
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sun, 08 Nov 2026 06:20:53 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 08 Nov 2025 06:20:53 GMT
last-modified: Mon, 08 Sep 2025 18:12:17 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 26432
x-xss-protection: 0
server: sffe

GET
H3 200 buE1poGnedXvwj1AW3Fg0C8H-Q.woff2
fonts.gstatic.com/s/tinos/v25/ 84 KB
84 KB 20ms
12ms Font
font/woff2 142.251.10.94
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fonts.gstatic.com/s/tinos/v25/buE1poGnedXvwj1AW3Fg0C8H-Q.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f94.1e100.net

Software

sffe /

Resource Hash

b5961f4a34aba317783e5e755642db3e0cc1103a8dfecab44d1224ed41aa069f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Origin: https://www.pgh.mobi
Referer: https://fonts.googleapis.com/

Response headers

age: 290176
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sat, 07 Nov 2026 10:35:43 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 07 Nov 2025 10:35:43 GMT
last-modified: Mon, 08 Sep 2025 18:12:19 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 85596
x-xss-protection: 0
server: sffe

GET
H3 200 N0bU2SZBIuF2PU_0DXR1.woff2
fonts.gstatic.com/s/bungee/v17/ 14 KB
14 KB 27ms
20ms Font
font/woff2 142.251.10.94
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fonts.gstatic.com/s/bungee/v17/N0bU2SZBIuF2PU_0DXR1.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f94.1e100.net

Software

sffe /

Resource Hash

126eec706b7931682dbcf6c6efc274132c603f181fbf912678e6cfeb341e721b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Origin: https://www.pgh.mobi
Referer: https://fonts.googleapis.com/

Response headers

age: 288584
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sat, 07 Nov 2026 11:02:15 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 07 Nov 2025 11:02:15 GMT
last-modified: Tue, 16 Sep 2025 03:42:43 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 14344
x-xss-protection: 0
server: sffe

GET
H3 200 TK3IWkUHHAIjg75cFRf3bXL8LICs1_Fv40pKlN4NNSeSASz7FmlWHYg.woff2
fonts.gstatic.com/s/oswald/v57/ 21 KB
21 KB 24ms
17ms Font
font/woff2 142.251.10.94
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fonts.gstatic.com/s/oswald/v57/TK3IWkUHHAIjg75cFRf3bXL8LICs1_Fv40pKlN4NNSeSASz7FmlWHYg.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f94.1e100.net

Software

sffe /

Resource Hash

571f3457dab507b6f2ce5394d593ca015251b69fea81ab7a546bd2368e9fc3ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Origin: https://www.pgh.mobi
Referer: https://fonts.googleapis.com/

Response headers

age: 288589
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sat, 07 Nov 2026 11:02:10 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 07 Nov 2025 11:02:10 GMT
last-modified: Wed, 10 Sep 2025 16:45:39 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 21472
x-xss-protection: 0
server: sffe

GET
H3 200 BngMUXZYTXPIvIBgJJSb6ufN5qU.woff2
fonts.gstatic.com/s/robotoslab/v36/ 33 KB
33 KB 22ms
15ms Font
font/woff2 142.251.10.94
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fonts.gstatic.com/s/robotoslab/v36/BngMUXZYTXPIvIBgJJSb6ufN5qU.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f94.1e100.net

Software

sffe /

Resource Hash

50cf7d32c18e1001749b51f1565ef745bc0687b0297b2b13465ed577cc20a8ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Origin: https://www.pgh.mobi
Referer: https://fonts.googleapis.com/

Response headers

age: 290465
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sat, 07 Nov 2026 10:30:54 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 07 Nov 2025 10:30:54 GMT
last-modified: Mon, 08 Sep 2025 18:04:11 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 34236
x-xss-protection: 0
server: sffe

GET
H3 200 0nkrC9D4IuYBgWcI9NbfTwE.woff2
fonts.gstatic.com/s/sriracha/v16/ 39 KB
39 KB 21ms
14ms Font
font/woff2 142.251.10.94
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fonts.gstatic.com/s/sriracha/v16/0nkrC9D4IuYBgWcI9NbfTwE.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f94.1e100.net

Software

sffe /

Resource Hash

dd66cc98657b4048be3950edac49aea725b2a9db5db6cea36b639160a88d7691

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Origin: https://www.pgh.mobi
Referer: https://fonts.googleapis.com/

Response headers

age: 189283
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sun, 08 Nov 2026 14:37:16 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 08 Nov 2025 14:37:16 GMT
last-modified: Wed, 10 Sep 2025 16:45:54 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 39512
x-xss-protection: 0
server: sffe

GET
H3 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2
fonts.gstatic.com/s/opensans/v44/ 26 KB
26 KB 28ms
21ms Font
font/woff2 142.251.10.94
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f94.1e100.net

Software

sffe /

Resource Hash

8f80f993e523f2e6c2d097552740fd26331658da23ffad31d26edcdd3aeec370

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Origin: https://www.pgh.mobi
Referer: https://fonts.googleapis.com/

Response headers

age: 182638
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sun, 08 Nov 2026 16:28:01 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 08 Nov 2025 16:28:01 GMT
last-modified: Mon, 15 Sep 2025 16:30:32 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 26596
x-xss-protection: 0
server: sffe

GET
H3 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2
fonts.gstatic.com/s/opensans/v44/ 34 KB
34 KB 27ms
20ms Font
font/woff2 142.251.10.94
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f94.1e100.net

Software

sffe /

Resource Hash

d5bab8e28732fe3d10dcef4f77b9c248605bbb2a87d289a2539251ceafab536a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Origin: https://www.pgh.mobi
Referer: https://fonts.googleapis.com/

Response headers

age: 290000
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sat, 07 Nov 2026 10:38:39 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 07 Nov 2025 10:38:39 GMT
last-modified: Mon, 15 Sep 2025 16:30:01 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 35156
x-xss-protection: 0
server: sffe

OPTIONS
H2 200 event
a.ladipage.com/ Frame 0
0 132ms
4ms Preflight
application/json 54.251.88.32
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://a.ladipage.com/event

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.251.88.32 Singapore, Singapore, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-251-88-32.ap-southeast-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,ladi_camp_form_submit,ladi_camp_id,ladi_camp_name,ladi_camp_origin_url,ladi_camp_page_view,ladi_camp_target_url,ladi_camp_type,ladi_client_id,ladi_form_submit,ladi_page_view
Access-Control-Request-Method: POST
Origin: https://www.pgh.mobi
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Accept-Encoding, ladi_camp_form_submit, ladi_camp_form_submit_daily, ladi_camp_id, ladi_camp_name, ladi_camp_origin_url, ladi_camp_page_view, ladi_camp_page_view_daily, ladi_camp_target_url, ladi_camp_type, ladi_client_id, ladi_form_submit, ladi_form_submit_daily, ladi_page_view, ladi_page_view_daily
access-control-allow-methods: POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 2592000
content-encoding: br
content-type: application/json; charset=utf-8
date: Mon, 10 Nov 2025 19:11:59 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-xss-protection: 0

GET
H2 200 ladipage.formdata.min.js Show response
w.ladicdn.com/v5/source/ 148 KB
34 KB 5ms
4ms Script
text/javascript 2600:9000:2085:e000:11:52e1:b680:93a1
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://w.ladicdn.com/v5/source/ladipage.formdata.min.js?v=1761128843123
Requested by: Host: w.ladicdn.com
URL: https://w.ladicdn.com/v5/source/ladipagev3.min.js?v=1761128843123
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2085:e000:11:52e1:b680:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.26.3 /
Resource Hash: fdbe7ef858c70956ce76dce8a4620fbe84c8263b007740f11189666f2a7940d4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.pgh.mobi/

Response headers

access-control-max-age: 2592000
content-encoding: gzip
age: 6171
access-control-allow-methods: GET
expires: Tue, 10 Nov 2026 17:29:08 GMT
x-cache: Hit from cloudfront
x-amz-cf-id: F1fL7VLIFDu4N9EzFA76aoxyM3djkb37uNh1wiis2u5BVk2iFu_Asw==
date: Mon, 10 Nov 2025 17:29:08 GMT
content-type: text/javascript
vary: Accept-Encoding
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Access-Control-Allow-Credentials
cache-control: public, max-age=31536000
access-control-allow-credentials: true
via: 1.1 a5f13b578ce06ddb74ffe9b76d0f495c.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: SIN2-P8
server: nginx/1.26.3

GET
H2 200 tq Show response
docs.google.com/spreadsheets/d/1GZ7IcFlTYiYpfmK5u7my0CI3DyZI34p47h9a6tBCTUk/gviz/ 3 KB
6 KB 645ms
632ms XHR
application/javascript 2404:6800:4003:c01::65
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://docs.google.com/spreadsheets/d/1GZ7IcFlTYiYpfmK5u7my0CI3DyZI34p47h9a6tBCTUk/gviz/tq?tqx=out:json

Requested by

Host: w.ladicdn.com
URL: https://w.ladicdn.com/v5/source/ladipagev3.min.js?v=1761128843123

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c01::65 Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e9ae91a0b05bb72815ccdc5ebb1ffb9668a79f4adae83093612973332dd0bf75

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/docs-tt, base-uri 'self';object-src 'self';report-uri https://docs.google.com/spreadsheets/cspreport;script-src 'report-sample' 'nonce-_sJt-T_nMLdb5cB58iPLug' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';worker-src 'self' blob:
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.pgh.mobi/

Response headers

x-robots-tag: noindex, nofollow, nosnippet
access-control-expose-headers: Cache-Control,Content-Disposition,Content-Encoding,Content-Length,Content-Type,Date,Expires,Pragma,Server,Transfer-Encoding
content-encoding: gzip
origin-trial: AsBCEoVg8pIwAkst2T88NNY429HzlH4fGwN+ALnF27Zl16u/ZR0Vylgws0om63IHSaH6pHPqY+k1GQ1sheqdhwgAAACGeyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkRvY3VtZW50UG9saWN5SW5jbHVkZUpTQ2FsbFN0YWNrc0luQ3Jhc2hSZXBvcnRzIiwiZXhwaXJ5IjoxNzQ5NTEzNjAwLCJpc1N1YmRvbWFpbiI6dHJ1ZX0=,AhxcztKp010aBKHVrp22t1Ieo9DBnbz20T+nya5mIJWvQ4DhZYxd51x5CRwWbKMfGXnFipp5sSVJV3TmGYdv4QMAAAByeyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IldlYkFzc2VtYmx5SlNTdHJpbmdCdWlsdGlucyIsImV4cGlyeSI6MTczNjgxMjgwMCwiaXNTdWJkb21haW4iOnRydWV9
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-l2-request-path: l2-managed-6
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
date: Mon, 10 Nov 2025 19:12:00 GMT
content-type: application/javascript; charset=utf-8
content-disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
reporting-endpoints: default="/spreadsheets/d/1GZ7IcFlTYiYpfmK5u7my0CI3DyZI34p47h9a6tBCTUk/web-reports?bl=editors.spreadsheets-frontend_20251103.02_p1&context=eJwV0nlc1FX3B_DrzPd-XAAZZ2SHYRkYcEEFc0lAGIY1TTOt7zxp9ahguWCF4q6hopLkklaIhvCwKAq45k_K5TGsNDWFTNPQUJ8BWcUlDLXs9-mP9-uee-55nde593V7XQu89Ox1UdBDFZqeqqh0UMVhR1WE6VRRTK_1UYVRr4pgF1V8S5tcVbHHXRWnPFWh91LF696qCDWqooRSTKo4aVbFs_6qcBqoij40IFQVWwapYm2YKnKHqmIHHRmpiuYXVVERrYoTdDdeFV3Jqvh-nCquUrBNFSNI-y9VGKjmDVXcol-mspb8pqmiZ4oqPOiF2aqII8MiVVzLVEUTxa1WxSQauUEVSTRhoyqm0i90l9Z_rortFJSrimFUvk0Vx-g59c5TxZRizlnCPC3fp4ps6ntAFYF0-pgqLlPEcVWMIct59ie3Gs5N9VdV0UHlv7An_d913ouqf1PFT2S8rYpBlGtXxW4yNahiKB2iavqerlJTI9-Epj9RxTyyaG1iAmUoNrGGBveyiWj6W2cTzn1sIt3DJlbRZLNNzCanF23Ch06NsokamhzJPBlibcJE1xNtopkMY7inDeNsIp-GLrQJK5kX2cRwmr3EJpZS_0ybGEX1LrUivH-rZhRdOf1Ac5MWmx9q6m4_1PyPbg56pGkgpzGPNC7UGdap-YsSkjo14ygus1Mzliau6tRMptTZf2jS6Ehkl-YEZUZ1abIpYUaXZhz55nRpgunykieaOlp_7olmC4XVPNG8SOP1TzUq3Vz1VNNAFwufaq6SUfytMVOm99-abKpa9LfmFB12FtpjpLkttL3-kdpN21DUTdtV3E0rSrppDxdqtMdI851G-2mIVvsFJU7UasfT5UlabR1tWqnV5tLL67RaGy1p0GpXkaWXou3nr2jD6OOOUcqnlH8vQiml2Z0Ryjx6PD5S-T43UrlInRWRyl_UNSJKESOjlMbcKOUBZasxyma64G1RfiaXZIviRzdfsigN1PmpRfmLhrZblAiaFRurpJN2WaziQCXlsUp7RSz7xyoH3KxKFZknWJVBlLPAqmylK2VWpYHu7bcqjyntkFXJoCtHrMpP_nHKr7TUHKfkUEhZnDKEfL6JU0Jp4P045QUaQxMpk7LpDF0ipwdxigsNoKG0hjaQ78B4JZjGzopXJlHGB_HKcjqcHq-cpp1b4pVd5HgyXulLC87EK6ca45WzFDcsQRlLNXMTlFt0qClRqaa3uxKVd-hrlyTl1dlJyhuUa0hWCugv92Slh0eyUtj9JaWMJo8vkKdfLZDn6fS7XKlsZoGsouyjBXIzOZ4skN50KbFQ1tOW-kL55FGh7PZ7oTxKZ2jQW_-Rr3sVybfohfFFMpIu9y2WdbTcrVhuoL_qiqW8USw_6SiWedTdt0S60VE6Q09Gl8j3ZpbIhdQ4p0TeI8PCEmkiC02g2qoSeZveOF8iZ1FebYmMtZfIlyhAWyrDyWdNqQyi1WWlcitVHSyVp2jMjVI5mUb475LRtN-yS_6XQsftksMo68QuuYkeLdktn9GerN3yIIVX7JaxNO_2brmabooy2U7St0w6kWtkmTTTjX-VSTsN-qhMDqeYmj3yFdrZvFfuopm6crmYskLL5SbqOaZc9qGwceXyRfoxpVxeIeuKcjmO1nxWLjdQbVm5vE6G6nJpIqGvkDp6mFkhNSsr5M_rK2Q9hTVXSAs9618ptQMqpf_QShlGQSMq5TCqyqiUZ8npm0rpQmun75Mb6XnaPom5-2ThihZ5gBI3tsiwPS3SQs8rWyT2tciIH1plAg051ypHUvivrbK6rlWeox7RbVJHX3_VJqvJt7pNBtPa023yC0p53CbnU6WtXR6hx3nt8jmt3t4ucyggv12GU5_UDulPsx4_lEtIlv4tu9OJYQ74kQyHHHDxnAN-o9cuOCCVTv_sgMs08akDbBQ2xxE1cx1xjWSWI47ucMRxyv_CEUXUYXfEH3TN2Qm3yPGIE_qSvsoJnjSv1QmLaOzI3phCH2_tjS9o4Xe98SHtDHfGLro-wxlBBc4IJdHqDB2N8dBhMpk8dRhABTE67CfjKzp8XqrDTqrZo8MVWr1Xh2z64boOF0nbvw8cKDmG6-E-MFBZbR9U0fFQPS6Q1xA9TDQ-Xg-VPpyqxzqauUSPxbS0Ro9iimzQYyxd9zfgNj3ub8Bz-ibUgOkjDJhN7iMN8KNZEQYsoQHTDBhKM2YYEFBrQH9KvWyA25d9EUxf3-iLasp70hd7SOvkAgM97-MC6F3gvdgFgXRxiQuuUu5aFxRQ-AYXxJK-3AWedKDJBXvbXNC9yBXOZDrhimDKq3PFf-jMDVdcovBOV8TSxGlu0E13gzsZ57jBTGkL3LCc_r3VDe_SO9vcsJAGCXcMp6l-7phJ-TPcUUpes91xo9Iddoo5646kf5xzxyt0LdADTXQi3gM_Ui3dpvuFHuiipiLGpH_VE26U8aEnltO-1Z44SdPXe2I2ze3wxAKK6vJEPC2L9UIWVcz1wkFK-8ALy2lvjhe-psUbvbCSXt_khbeoZrMXrpGrxRte1OMlbzjRkcPe-I6ivvVGPDnf8EZfMt_0xgCaFOaDFLo5xQcNNHeZD1bQlyt8ILf6wIV-OuiDXyjmqg-S6NsGH_xAj576QPvMB5e1RoQ4GjGSrg8wopn8BhsRRB3jjPidFr9ixAraMMeIfCpeYEQ5RX9uxHjqsccIJ0raa8TLFFRhxKe_GpFHO24YUUiLOozIJI8HRhhJb_JFANVP8EUHfTbZF7ezfPGA9Ed84Ul34YcOqhvhh_9R1Bt-iKfOmX7IyfPDpN1-mEWjv_JDAu0_64ejZH7sh-G0PMwfG2jBSn-soN2f-KOCoov9kUg9OvyhoyGDAzCS3kwMwDRKzQhAGu1fG4Cj9GFhANbRsh8DsJJevhiAV2kVraO0SwFIpx1USMfbAnCBaugWIdyE3hQUZUIoZUebsJkuvmbCZbo204RbNCDdhAjyXWDCYOq1xARnWr_UhE00dZcJM8h0hbXk-swEL9rYIxA7af2-QGwh0_5ADKAhRwIxkt59HohF9LR3EHo5B-H8tCDU0QfOZqykzYFmbKPeqhmuNNhmxgj6c6oZjtPMuL7FjGaqLTLjNtmzgtFM3SuC4UizlBCk00cyBJ9QYPcQDKQmXQjaqXBECA7QpRUh-Jlm7gzBXHrnaggW0gGqou2NISiiwbIfommzcz9sIz99P-Qb-qGUVvfthxz6t20U3qdDnaNQTWdFBBrSItBJp9dG4DKlb4_AKtqxJwLltLWCMTmfiIAvlesicYDujovkX49E0GuRGEZnPojEJbq-IhL1dPxMJC7QnYZItNBpEYXzlOMRBftnUWijFDEa8ylm62gkUf-fRmMUzf9jNLLoM200tpOzMRq-dDEwGlcpZ1c0dpDH19F4-0403qMvB8bgOL2ZH4NptJ--pO_oHH24JwZZtO7bGGyiU3diUEPrgyz4jJpfsOAJ7bFacJC6Z1ngRi-u4Xm2Bfn0xgYLZlFAvgX9ybrTgp4tFvShXA8rCkgTZIWeLsVbUU-WBCtcU61wJ480K_wpn4qofaEVnTR2pRWTaPsmK_bSn59b0S3XitavrLhP_62z4ltafcuKrXSyyYqLVDY5Dgfo2Jo4nKeen8TBgx7ei8NTejc0Hmn04KN43CyNRzsNORiPkfRcnwAYEvDO9ATMoVXLErCFQlckYGlmAlbTRwUJyKNRuxMQSxlnE7Ccej9IgIGy_0yAvyURYRT5fiIs1C0jET1p6SeJ-LkgEXZqLE_EPfqtkjHZzyeijZ48Ze2zRNj-TMSlQUn4hc4MT8IFejY5CQ5TkhCwKwlhFUk4RZvrk1BIwbeSMJjq7yVhnTkZH9PG4GRkTUxG2axkVFHK_GTMJ7-wOxhCuXF3sJuQcwe9aW3THeTQyQA7vqcmsx1d9PwVOzDBjri37RhLU6baMYfe_8CODNq2144yaqyyI_MrO8522nGJjE_sMJOvuQGDqe6FBrTSmegGXKA3dzYgjVLKmc9sxCOqLW_EdbJ_04i2f9Q2YpT7XcTSUe-7OEPe8-7iFt2nbW13YXinCSaKm9uEsXR_fhNERhOmrmiCLq8JfvTriSbUE6qb0JtmdzRhHh3Lb8Z5SihqxutUfKsZ5TTnf81YRjmNzdhBoX80YxgdymvBUfL_ogVh1O23FvQk48MWROpaYaFho1pxfF8rLtBW0YZimja8Den08eg2bKFTQ9tRQ7-Oa0c9HapsRzU9bm3Hc_q9_z0oA-4h5Og9OGZ3wFDUAXv6ffxOeocemQ_PnoXuVO3hKZ69Jk2dNid1QkZq-uKAgakpM-e_lz5v0Lz301Onpsx7NzV1_rzQGenvzZ2fOjfl7fAh4cPCwoYMHTQk_O33w_4fOrxsNw&build-label=editors.spreadsheets-frontend_20251103.02_p1&imp-sid=COLyjPKk6JADFc2XIwAdt2c2gw&is-cached-offline=false&cellSizeBucket=RITZ_SHEET_CELLS_25K_TO_50K&wcrumsspbp=false"
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/docs-tt, base-uri 'self';object-src 'self';report-uri https://docs.google.com/spreadsheets/cspreport;script-src 'report-sample' 'nonce-_sJt-T_nMLdb5cB58iPLug' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';worker-src 'self' blob:
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
document-policy: include-js-call-stacks-in-crash-reports
access-control-allow-origin: https://www.pgh.mobi
x-xss-protection: 1; mode=block
server: GSE

POST
H2 200 event Show response
a.ladipage.com/ 125 B
651 B 9ms
8ms XHR
text/plain 54.251.88.32
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://a.ladipage.com/event

Requested by

Host: w.ladicdn.com
URL: https://w.ladicdn.com/v5/source/ladipagev3.min.js?v=1761128843123

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.251.88.32 Singapore, Singapore, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-251-88-32.ap-southeast-1.compute.amazonaws.com

Software

Resource Hash

0e8766356e7b8f563df27d4e7928077709065f892850c9089cb42d922530fc7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

LADI_CAMP_ID
LADI_CAMP_TYPE
LADI_CAMP_TARGET_URL
Referer: https://www.pgh.mobi/
LADI_CLIENT_ID: dbee806c-6fa1-4914-5853-dac5fc2bfd2b
LADI_CAMP_ORIGIN_URL
LADI_FORM_SUBMIT: 0
LADI_CAMP_NAME
LADI_CAMP_PAGE_VIEW: 0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Content-Type: application/json
LADI_CAMP_FORM_SUBMIT: 0
LADI_PAGE_VIEW: 1

Response headers

access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Accept-Encoding, ladi_camp_form_submit, ladi_camp_form_submit_daily, ladi_camp_id, ladi_camp_name, ladi_camp_origin_url, ladi_camp_page_view, ladi_camp_page_view_daily, ladi_camp_target_url, ladi_camp_type, ladi_client_id, ladi_form_submit, ladi_form_submit_daily, ladi_page_view, ladi_page_view_daily
access-control-max-age: 2592000
x-content-type-options: nosniff
x-download-options: noopen
access-control-allow-methods: POST, OPTIONS
access-control-allow-origin: *
date: Mon, 10 Nov 2025 19:11:59 GMT
x-xss-protection: 0
content-type: text/plain; charset=utf-8
x-frame-options: SAMEORIGIN

GET
H3 200 1036101524034745 Show response
connect.facebook.net/signals/config/ 125 KB
29 KB 272ms
272ms Script
application/x-javascript 57.144.150.128
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://connect.facebook.net/signals/config/1036101524034745?v=2.9.241&r=stable&domain=www.pgh.mobi&hme=5bd299cb4a477effb7bd992f8c033bfd3316c17b5e8e681c5c577860e1b0bfc7&ex_m=90%2C151%2C131%2C19%2C66%2C67%2C124%2C62%2C42%2C125%2C71%2C61%2C138%2C79%2C13%2C89%2C27%2C119%2C111%2C69%2C72%2C118%2C135%2C98%2C140%2C7%2C3%2C4%2C6%2C5%2C2%2C80%2C88%2C141%2C218%2C162%2C56%2C220%2C221%2C49%2C177%2C26%2C68%2C226%2C225%2C165%2C29%2C55%2C8%2C58%2C84%2C85%2C86%2C91%2C115%2C28%2C25%2C117%2C114%2C113%2C132%2C70%2C134%2C133%2C44%2C54%2C108%2C12%2C137%2C39%2C207%2C209%2C172%2C22%2C23%2C24%2C16%2C17%2C38%2C34%2C36%2C35%2C75%2C81%2C83%2C96%2C123%2C126%2C40%2C97%2C20%2C18%2C102%2C63%2C32%2C128%2C127%2C129%2C120%2C21%2C31%2C53%2C95%2C136%2C64%2C15%2C130%2C30%2C187%2C158%2C268%2C205%2C149%2C190%2C183%2C159%2C93%2C116%2C74%2C106%2C48%2C41%2C104%2C105%2C110%2C52%2C14%2C112%2C103%2C59%2C43%2C99%2C47%2C50%2C46%2C87%2C139%2C0%2C109%2C11%2C107%2C9%2C1%2C51%2C82%2C57%2C60%2C101%2C78%2C77%2C45%2C121%2C76%2C73%2C65%2C100%2C92%2C37%2C122%2C33%2C94%2C10%2C142

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

57.144.150.128 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-sin11.fbcdn.net

Software

Resource Hash

bb186cc25744aef11b8a020d31b5047c4992426efa3e621ace33a95c7aae146d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' blob: ;script-src 'nonce-Bwu834Kw' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: 'self' https://.google-analytics.com .google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: .cdninstagram.com https://.google-analytics.com;font-src 'self' data: blob: ;img-src 'self' data: blob: https://.google-analytics.com;media-src 'self' data: blob: ;child-src 'self' data: blob: ;frame-src 'self' data: blob: ;manifest-src 'self' data: blob: ;object-src 'self' data: blob: ;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.pgh.mobi/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 10 Nov 2025 19:12:00 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' blob: *;script-src 'nonce-Bwu834Kw' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=1, rtx=0, c=73, mss=1232, tbw=93127, tp=86, tpl=0, uplat=268, ullat=0
pragma: public
x-fb-debug: 012EwMm4e6SzDr7I6b1v4ZZt3bR3YFF/Lsg5/tCDlG0CEqq7Z1H4GtjwXx3E7HWGgmpzYAbm6/fN44z9eJh38Q==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 events Show response
log.adtimaserver.vn/ptrck/ 327 B
474 B 206ms
79ms Fetch
application/json 120.138.69.212
VINAGAME-AS-VN VN...

General

Check archive.org

Download Go to

Full URL: https://log.adtimaserver.vn/ptrck/events?pixelId=7056840457216708608&url=https%3A%2F%2Fwww.pgh.mobi%2Fsimlevelup799_supersale
Requested by: Host: s.zzcdn.me
URL: https://s.zzcdn.me/ztr/ztracker.js?id=7056840457216708608
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 120.138.69.212 , Viet Nam, ASN38244 (VINAGAME-AS-VN VNG Corporation, VN),
Reverse DNS: ptr.vng.vn
Software: za-ngx-srv /
Resource Hash: 4d6c4acdd850c167482bebb92ab30317cbe60b70be8fa3203abc5785bb6e29e3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.pgh.mobi/

Response headers

access-control-allow-origin: *
access-control-expose-headers: X-sessionId,token
content-length: 327
date: Mon, 10 Nov 2025 19:12:00 GMT
content-type: application/json;charset=utf-8
server: za-ngx-srv

GET
H2 200 tracklp
log.adtimaserver.vn/ 8 B
141 B 161ms
35ms Image
text/html 120.138.69.212
VINAGAME-AS-VN VN...

General

Check archive.org

Download Go to Show image

Full URL: https://log.adtimaserver.vn/tracklp?type=pageview&pId=7056840457216708608&curl=https%3A%2F%2Fwww.pgh.mobi%2Fsimlevelup799_supersale&uid=&ver=1.1.41&ref=&dur=1&atmrk=0.6023714588099716
Requested by: Host: www.pgh.mobi
URL: https://www.pgh.mobi/simlevelup799_supersale
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 120.138.69.212 , Viet Nam, ASN38244 (VINAGAME-AS-VN VNG Corporation, VN),
Reverse DNS: ptr.vng.vn
Software: za-ngx-srv /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.pgh.mobi/

Response headers

access-control-allow-origin: *
content-length: 8
date: Mon, 10 Nov 2025 19:11:59 GMT
content-type: text/html;charset=utf-8
server: za-ngx-srv
access-control-allow-credentials: true

GET
H3 200 981874659032826 Show response
connect.facebook.net/signals/config/ 299 KB
51 KB 642ms
642ms Script
application/x-javascript 57.144.150.128
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://connect.facebook.net/signals/config/981874659032826?v=2.9.241&r=stable&domain=www.pgh.mobi&hme=5bd299cb4a477effb7bd992f8c033bfd3316c17b5e8e681c5c577860e1b0bfc7&ex_m=90%2C151%2C131%2C19%2C66%2C67%2C124%2C62%2C42%2C125%2C71%2C61%2C138%2C79%2C13%2C89%2C27%2C119%2C111%2C69%2C72%2C118%2C135%2C98%2C140%2C7%2C3%2C4%2C6%2C5%2C2%2C80%2C88%2C141%2C218%2C162%2C56%2C220%2C221%2C49%2C177%2C26%2C68%2C226%2C225%2C165%2C29%2C55%2C8%2C58%2C84%2C85%2C86%2C91%2C115%2C28%2C25%2C117%2C114%2C113%2C132%2C70%2C134%2C133%2C44%2C54%2C108%2C12%2C137%2C39%2C207%2C209%2C172%2C22%2C23%2C24%2C16%2C17%2C38%2C34%2C36%2C35%2C75%2C81%2C83%2C96%2C123%2C126%2C40%2C97%2C20%2C18%2C102%2C63%2C32%2C128%2C127%2C129%2C120%2C21%2C31%2C53%2C95%2C136%2C64%2C15%2C130%2C30%2C187%2C158%2C268%2C205%2C149%2C190%2C183%2C159%2C93%2C116%2C74%2C106%2C48%2C41%2C104%2C105%2C110%2C52%2C14%2C112%2C103%2C59%2C43%2C99%2C47%2C50%2C46%2C87%2C139%2C0%2C109%2C11%2C107%2C9%2C1%2C51%2C82%2C57%2C60%2C101%2C78%2C77%2C45%2C121%2C76%2C73%2C65%2C100%2C92%2C37%2C122%2C33%2C94%2C10%2C142%2C232%2C231%2C233%2C238%2C239%2C240%2C236%2C228%2C164%2C166%2C213%2C203%2C227%2C229%2C270%2C206%2C223%2C152%2C197%2C179%2C160%2C267%2C146%2C157%2C168%2C153%2C185%2C219%2C143%2C199%2C246%2C145%2C173%2C195

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

57.144.150.128 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-sin11.fbcdn.net

Software

Resource Hash

fdb60030decdbb69b13594e2c1f6ff9299ac29b4464f67c6809bc7de75cf9d2f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' blob: ;script-src 'nonce-3t4P9qei' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: 'self' https://.google-analytics.com .google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: .cdninstagram.com https://.google-analytics.com;font-src 'self' data: blob: ;img-src 'self' data: blob: https://.google-analytics.com;media-src 'self' data: blob: ;child-src 'self' data: blob: ;frame-src 'self' data: blob: ;manifest-src 'self' data: blob: ;object-src 'self' data: blob: ;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.pgh.mobi/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 10 Nov 2025 19:12:00 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' blob: *;script-src 'nonce-3t4P9qei' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=1, rtx=0, c=90, mss=1232, tbw=124679, tp=116, tpl=0, uplat=637, ullat=0
pragma: public
x-fb-debug: a6Q/JzIioqfeKs/ibq8Jf7Ot6IE8ACntcJIepyK/fIUCHAHSGwxYAhcwlW7Uw5JygTLPecdd/iuV8HopGllE2A==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H3 200 /
www.facebook.com/privacy_sandbox/topics/registration/ 67 B
0 299ms
287ms Fetch
image/png 57.144.152.1
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://www.facebook.com/privacy_sandbox/topics/registration/?id=1036101524034745

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/signals/config/1036101524034745?v=2.9.241&r=stable&domain=www.pgh.mobi&hme=5bd299cb4a477effb7bd992f8c033bfd3316c17b5e8e681c5c577860e1b0bfc7&ex_m=90%2C151%2C131%2C19%2C66%2C67%2C124%2C62%2C42%2C125%2C71%2C61%2C138%2C79%2C13%2C89%2C27%2C119%2C111%2C69%2C72%2C118%2C135%2C98%2C140%2C7%2C3%2C4%2C6%2C5%2C2%2C80%2C88%2C141%2C218%2C162%2C56%2C220%2C221%2C49%2C177%2C26%2C68%2C226%2C225%2C165%2C29%2C55%2C8%2C58%2C84%2C85%2C86%2C91%2C115%2C28%2C25%2C117%2C114%2C113%2C132%2C70%2C134%2C133%2C44%2C54%2C108%2C12%2C137%2C39%2C207%2C209%2C172%2C22%2C23%2C24%2C16%2C17%2C38%2C34%2C36%2C35%2C75%2C81%2C83%2C96%2C123%2C126%2C40%2C97%2C20%2C18%2C102%2C63%2C32%2C128%2C127%2C129%2C120%2C21%2C31%2C53%2C95%2C136%2C64%2C15%2C130%2C30%2C187%2C158%2C268%2C205%2C149%2C190%2C183%2C159%2C93%2C116%2C74%2C106%2C48%2C41%2C104%2C105%2C110%2C52%2C14%2C112%2C103%2C59%2C43%2C99%2C47%2C50%2C46%2C87%2C139%2C0%2C109%2C11%2C107%2C9%2C1%2C51%2C82%2C57%2C60%2C101%2C78%2C77%2C45%2C121%2C76%2C73%2C65%2C100%2C92%2C37%2C122%2C33%2C94%2C10%2C142

Protocol

Security

QUIC, , AES_128_GCM

Server

57.144.152.1 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-sin2.facebook.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'nonce-Ve95RON6' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;child-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net accounts.meta.com .accounts.meta.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;manifest-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;object-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.pgh.mobi/

Response headers

access-control-expose-headers: X-FB-Debug, X-Loader-Length, X-Stack, Error-MID
content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7571176597606605235&cpp=C3&cv=1029650310&st=1762801920906"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
observe-browsing-topics: ?1
expires: Sat, 01 Jan 2000 00:00:00 GMT
access-control-allow-methods: OPTIONS
alt-svc: h3=":443"; ma=86400
date: Mon, 10 Nov 2025 19:12:01 GMT
content-type: image/png
vary: Origin, Accept-Encoding
x-fb-debug: Srjd+2MWxlCvcKJvvbrsCoATSEY6M8SmQNYbRigSDPQhlu2hFVB2i8BQIuhe3CY47jTEoo6ehv70ZcEljwiPUg==
priority: u=1,i
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7571176597606605235&cpp=C3&cv=1029650310&st=1762801920906", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-Ve95RON6' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=5, rtx=0, c=24, mss=1232, tbw=5000, tp=10, tpl=0, uplat=283, ullat=0
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
pragma: no-cache
cross-origin-resource-policy: same-origin
access-control-allow-credentials: true
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: *
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H3 200 /
www.facebook.com/tr/ 0
19 B 6ms
3ms Image
text/plain 57.144.152.1
FACEBOOK

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1036101524034745&ev=PageView&dl=https%3A%2F%2Fwww.pgh.mobi%2Fsimlevelup799_supersale&rl=&if=false&ts=1762801920800&sw=1600&sh=1200&v=2.9.241&r=stable&ec=0&o=4126&fbp=fb.1.1762801920794.619559117207148952&cs_est=true&ler=empty&cdl=API_unavailable&pmd[title]=DITOSIM%20FREE%201%20YEAR%20HIGH%20SPEED%20DATA&pmd[keywords]=DITOSIM%20FREE%201%20YEAR%20HIGH%20SPEED%20DATA&pmd[description]=DITOSIM%20FREE%201%20YEAR%20HIGH%20SPEED%20DATA&plt=1110.2000007629395&it=1762801919769&coo=false&eid=ladi.1762801919523.62375271284&exp=s0&expv2[0]=pl1&expv2[1]=el3&expv2[2]=bc1&rqm=GET

Requested by

Host: www.pgh.mobi
URL: https://www.pgh.mobi/simlevelup799_supersale

Protocol

Security

QUIC, , AES_128_GCM

Server

57.144.152.1 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-sin2.facebook.com

Software

proxygen-bolt /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.pgh.mobi/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: UNKNOWN; q=-1, rtt=-1, rtx=0, c=20, mss=1232, tbw=2380, tp=6, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Mon, 10 Nov 2025 19:12:00 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=3,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
197 B 336ms
334ms Image
image/png 57.144.152.1
FACEBOOK

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1036101524034745&ev=PageView&dl=https%3A%2F%2Fwww.pgh.mobi%2Fsimlevelup799_supersale&rl=&if=false&ts=1762801920800&sw=1600&sh=1200&v=2.9.241&r=stable&ec=0&o=4126&fbp=fb.1.1762801920794.619559117207148952&cs_est=true&ler=empty&cdl=API_unavailable&pmd[title]=DITOSIM%20FREE%201%20YEAR%20HIGH%20SPEED%20DATA&pmd[keywords]=DITOSIM%20FREE%201%20YEAR%20HIGH%20SPEED%20DATA&pmd[description]=DITOSIM%20FREE%201%20YEAR%20HIGH%20SPEED%20DATA&plt=1110.2000007629395&it=1762801919769&coo=false&eid=ladi.1762801919523.62375271284&exp=s0&expv2[0]=pl1&expv2[1]=el3&expv2[2]=bc1&rqm=FGET

Requested by

Host: www.pgh.mobi
URL: https://www.pgh.mobi/simlevelup799_supersale

Protocol

Security

QUIC, , AES_128_GCM

Server

57.144.152.1 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-sin2.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'nonce-uH1xaLr5' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;child-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net accounts.meta.com .accounts.meta.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;manifest-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;object-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.pgh.mobi/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7571176596019526162&cpp=C3&cv=1029650310&st=1762801920925"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 10 Nov 2025 19:12:01 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: OzrrFvYxfUHe5bnfZuVxQj57gjDaDvlUOAJrX7xTFlXMI188BO4jR+jnzESgrZ+u5Zd+KIb7ZrZC9a+3rfnaJw==
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7571176596019526162&cpp=C3&cv=1029650310&st=1762801920925", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-uH1xaLr5' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=1, rtx=0, c=26, mss=1232, tbw=7754, tp=32, tpl=0, uplat=330, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
199 B 323ms
321ms Image
image/png 57.144.152.1
FACEBOOK

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=981874659032826&ev=PageView&dl=https%3A%2F%2Fwww.pgh.mobi&rl=&if=false&ts=1762801920805&sw=1600&sh=1200&v=2.9.241&r=stable&ec=0&o=4124&fbp=fb.1.1762801920794.619559117207148952&ler=empty&cdl=API_unavailable&plt=1110.2000007629395&pm=1&hrl=59d9c4&it=1762801919769&coo=false&eid=ladi.1762801919523.62375271284&cs_cc=1&cas=25012758728346197%2C25783653441237058%2C25189187280700649%2C24970132489343228%2C25615505978039153%2C31518034867844156%2C24543965061965164%2C24898427746442693%2C24587011574297023%2C31630686589912499%2C24536540299363845%2C24657057103943893%2C25286922750912371%2C24548257414866553%2C25084073917867445%2C24549269878092577%2C24866347049657414%2C32136953505889814%2C24674950892163693%2C24831364966483395%2C24618967221129222%2C24521193104239905%2C25083693431228552%2C24645252591800629%2C24150474444629784%2C24587965287533975%2C24726033097055156%2C25222713707419120%2C24860947276850310%2C31816301697983864%2C24603066269302770%2C24242274135451525%2C24327185090286743%2C24684077934581365%2C24164710489874591%2C24992132903751392%2C24557152737269910%2C24851470071157151%2C25596216913311974%2C24573784902230642%2C31574227018859214%2C24321506600854819%2C24579282841723791%2C24523854027265249%2C31467537816223932%2C24494074340254352%2C24575586815429438%2C24635612752761746%2C32409209408669845%2C24554624840869704%2C24789073477447570%2C24390122620650897%2C24417920491203662%2C24270605395963460%2C9646937528743125%2C31311726861751530%2C24457823257185336%2C24138676192450884%2C23945408111826923%2C24568575429414228%2C24021426074225464%2C9921143921347854%2C24059478830367782%2C24221198674177668%2C10020566838053846%2C23965450126449971%2C9916581371786778%2C30089755914002655%2C23877188968597622%2C24153395934265121%2C24199873699616719%2C10089526594465974%2C29703498552627364%2C29797766099838314%2C29699396986371313%2C24003301529307557%2C24066227163012587%2C8997165863719760%2C9838633479504526%2C9401012606642275%2C9432761653468312%2C28679211855056685%2C27862066056774332%2C8882739971844812%2C7586984008093133%2C28202381569375297%2C8834815853278413%2C9032644480090535%2C9200492313308851%2C9149108891789698%2C8623672107711284%2C8801981069859576%2C9285862298113461%2C9156720447685915%2C8625652794154814%2C28933509276264468%2C8599850246792550%2C8758702397525689%2C9160235044008803%2C8933144293402652%2C9128194103865782%2C8983463971671889%2C9108339562511104%2C8427450134020127%2C9232338153451035%2C8262630573858811%2C27076582271985683%2C27930389679893400%2C27211712021777793%2C8470952212947871%2C7120597031398722%2C8393073384106261%2C8571230889599760%2C8092826030826950%2C8119851374804109%2C8331807216934361%2C8079366822180881%2C7988906424491712%2C27477541491845040%2C26769210609359723%2C8302803463146675%2C8344359195615710%2C8348474898538261%2C7926489584129919%2C26654211484193107%2C8226542407422463%2C7922552301185082%2C7994086740672298%2C27091584310440376%2C8652126098149357%2C26528253776790632%2C26992604980338332%2C8840988299260931%2C26154426760867532%2C7978845582230045%2C8366122343411710%2C8704164069598964%2C7968605719873845%2C7614546095340117%2C7549163238545771%2C26887639417489932%2C8030120070436138%2C7892511397503561%2C7906597212792997%2C7844517975635508%2C7827302254025593%2C8034173556625417%2C26098003839843127%2C25969634926018434%2C8402031926498141%2C7731320000318999%2C8164396663604495%2C7795230363892375%2C27939237819055920%2C7821483127888219%2C8177792235618407%2C7760247634060632%2C25882051761440152%2C7592491360860348%2C26073073428974290%2C7847055612043523%2C7802692293124332%2C7574540819326034%2C7852934518120158%2C8242284112457440%2C7847362365302390%2C8088232011229315%2C8139394686072070%2C7540983596030126%2C25981780071435976%2C7895438157184683%2C7387753251354444%2C7772740756175426%2C25714831228161298%2C7148187741952137%2C8114846771883021%2C7714204742005959%2C7456411557803563%2C25751936794452159%2C7702670556422776%2C25575258378784488%2C7596578013756441%2C7496477677073721%2C7586372084731476%2C7621679164578232%2C7541488729274629%2C7580393572077549%2C7962614233749156%2C26413504071581872%2C7621739094615761%2C7710348439025440%2C7925147870879793%2C7643008832435283%2C7407448459374840%2C8169972943013225%2C7946470875387082%2C7086148474823313%2C25392731097036838%2C7179785062149089%2C7396389727103787%2C7403924546322837%2C7791284734223979%2C7205039706273588%2C7651628508227535%2C25432634509714876%2C7532467430123855%2C7524993520948393%2C7288260141222459%2C7390817037696191%2C7174219209342211%2C8227830507231690%2C7683967028336471%2C25669693622644233%2C7419166374869048%2C7141182935991449%2C7448209095214169%2C7655944124464089%2C25436031382678056%2C7152431231552159%2C7639434386145173%2C7452098174882379%2C7453259698100450%2C7404173239664143%2C25199997416313777%2C7136669529777042%2C7447043322053456%2C8945180428826661%2C8460773287337487&dlc=1&exp=s0&expv2[0]=pl1&expv2[1]=el3&expv2[2]=bc1&rqm=FGET

Requested by

Host: www.pgh.mobi
URL: https://www.pgh.mobi/simlevelup799_supersale

Protocol

Security

QUIC, , AES_128_GCM

Server

57.144.152.1 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-sin2.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'nonce-PKCEMiPn' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;child-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net accounts.meta.com .accounts.meta.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;manifest-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;object-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.pgh.mobi/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7571176596621057062&cpp=C3&cv=1029650310&st=1762801920944"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 10 Nov 2025 19:12:01 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: vQ50vpG6S7avx+//vSUHCeFgU4UdBn78kuELEWDfGY9XQN7A1WLM0d1kB8knJZEe/cWmPTtMJgrdQOY/MIrOcA==
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7571176596621057062&cpp=C3&cv=1029650310&st=1762801920944", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-PKCEMiPn' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=1, rtx=0, c=23, mss=1232, tbw=4138, tp=28, tpl=0, uplat=316, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H3 200 /
www.facebook.com/tr/ 0
16 B 7ms
4ms Image
text/plain 57.144.152.1
FACEBOOK

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1036101524034745&ev=ViewContent&dl=https%3A%2F%2Fwww.pgh.mobi%2Fsimlevelup799_supersale&rl=&if=false&ts=1762801920820&sw=1600&sh=1200&v=2.9.241&r=stable&ec=1&o=4126&fbp=fb.1.1762801920794.619559117207148952&ler=empty&cdl=API_unavailable&pmd[keywords]=DITOSIM%20FREE%201%20YEAR%20HIGH%20SPEED%20DATA&pmd[description]=DITOSIM%20FREE%201%20YEAR%20HIGH%20SPEED%20DATA&plt=1110.2000007629395&it=1762801919769&coo=false&eid=ladi.1762801919540.38894455001&exp=s0&expv2[0]=pl1&expv2[1]=el2&expv2[2]=bc1&rqm=GET

Requested by

Host: www.pgh.mobi
URL: https://www.pgh.mobi/simlevelup799_supersale

Protocol

Security

QUIC, , AES_128_GCM

Server

57.144.152.1 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-sin2.facebook.com

Software

proxygen-bolt /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.pgh.mobi/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=2, rtx=0, c=21, mss=1232, tbw=3027, tp=13, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Mon, 10 Nov 2025 19:12:00 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=3,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
196 B 338ms
336ms Image
image/png 57.144.152.1
FACEBOOK

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1036101524034745&ev=ViewContent&dl=https%3A%2F%2Fwww.pgh.mobi%2Fsimlevelup799_supersale&rl=&if=false&ts=1762801920820&sw=1600&sh=1200&v=2.9.241&r=stable&ec=1&o=4126&fbp=fb.1.1762801920794.619559117207148952&ler=empty&cdl=API_unavailable&pmd[keywords]=DITOSIM%20FREE%201%20YEAR%20HIGH%20SPEED%20DATA&pmd[description]=DITOSIM%20FREE%201%20YEAR%20HIGH%20SPEED%20DATA&plt=1110.2000007629395&it=1762801919769&coo=false&eid=ladi.1762801919540.38894455001&exp=s0&expv2[0]=pl1&expv2[1]=el2&expv2[2]=bc1&rqm=FGET

Requested by

Host: www.pgh.mobi
URL: https://www.pgh.mobi/simlevelup799_supersale

Protocol

Security

QUIC, , AES_128_GCM

Server

57.144.152.1 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-sin2.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'nonce-fLbyq0bO' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;child-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net accounts.meta.com .accounts.meta.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;manifest-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;object-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.pgh.mobi/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7571176597849509322&cpp=C3&cv=1029650310&st=1762801920948"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 10 Nov 2025 19:12:01 GMT
content-type: image/png
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7571176597849509322&cpp=C3&cv=1029650310&st=1762801920948", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-fLbyq0bO' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-debug: cVw2P9PwBVKycAYfJxEv7fDG5kWxGn4UrPeD4y3asTR0rKCG/73Q+LlZRZnJF4CW6PMVIbYTPEkODhPT7C74sQ==
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=1, rtx=0, c=28, mss=1232, tbw=10298, tp=35, tpl=0, uplat=331, ullat=0
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
195 B 387ms
386ms Image
image/png 57.144.152.1
FACEBOOK

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=981874659032826&ev=ViewContent&dl=https%3A%2F%2Fwww.pgh.mobi&rl=&if=false&ts=1762801920822&sw=1600&sh=1200&v=2.9.241&r=stable&ec=1&o=4124&fbp=fb.1.1762801920794.619559117207148952&ler=empty&cdl=API_unavailable&plt=1110.2000007629395&pm=1&hrl=bc2448&it=1762801919769&coo=false&eid=ladi.1762801919540.38894455001&cs_cc=1&cas=25006511908988564%2C25287084974220531%2C32671606759097275%2C25395596550045561%2C24876061195417043%2C24484760351166619%2C31911154001864084%2C24569973295986913%2C31808880105392023%2C24525989167094857%2C10067377450031734%2C25721484990775334%2C24887119120899794%2C9033499686774126%2C24478179251867613%2C32541435222121973%2C25171377492459768%2C24949808797987746%2C24654841260832784%2C31556239410657950%2C24315933814775170%2C24769898906033446%2C23911733411834138%2C25834746629458669%2C24921459984132636%2C24685995181094126%2C31525432333769953%2C24039843062357539%2C24892233700402141%2C32238860455701032%2C31729005110047298%2C24763231039964961%2C25105266312390681%2C24553923834259165%2C31546136058366196%2C24397571169945722%2C27458799230469387%2C24807386492227428%2C24825792973726672%2C31507421948905548%2C31413961858249610%2C24382881101413172%2C24548669864760031%2C24613645588305647%2C24905913052366651%2C24199126406432025%2C24745128098453995%2C24473164148978011%2C24671008249232287%2C31696290879984601%2C24417863801216079%2C31638672309051387%2C9983072548488205%2C24214083838272722%2C23908199945542722%2C31311726861751530%2C31041496332131174%2C9501853949917987%2C24671359782450148%2C24230375236571571%2C9819496571489167%2C24254407784188278%2C24148535124813477%2C24007955022228352%2C31004292849169314%2C24246930508295457%2C24071977089123542%2C24534972999443198%2C25032804176320571%2C23962797836693112%2C9422922014477552%2C24048280574794407%2C24924714257117937%2C23942067545478110%2C24261741006763983%2C23934405459545723%2C24219910294272360%2C24433120952952134%2C24546322111638132%2C10034290753354299%2C24494621513472400%2C30925782387020862%2C9929508790460029%2C23868955682760589%2C23969163759347156%2C9363036713797479%2C9901239366660758%2C24508951332025680%2C30099653932982144%2C23867743049503910%2C9767498910016498%2C9814545708658297%2C24010360345225416%2C9456930594410835%2C24137509179179010%2C29803833152593371%2C9746782825369113%2C9658460827565054%2C23992777270328902%2C9409125575880906%2C23914434688154483%2C9885202324859736%2C28936591449322653%2C9483204838437595%2C29037066475908517%2C28925956803685444%2C8915978758511946%2C9294711613974913%2C9614476561922374%2C9128353593957339%2C9400168266703998%2C8940900882696977%2C9203460693032700%2C8586651878127834%2C28219204281027558%2C8583938045067476%2C9337678669584818%2C8171253272977282%2C8987772094613385%2C8869963603079999%2C9154186351282869%2C8686333354747507%2C8937348252990711%2C8348557881920244%2C9488418531172648%2C8737160489704745%2C27609159198699702%2C8773529579407930%2C9277318282343890%2C7862094087226469%2C8809426325763045%2C28017886914491984%2C8638869072865269%2C27571847145793867%2C8690920944324143%2C8916686005019872%2C27817603664520703%2C7967140496721220%2C28576605328596997%2C8538708666248770%2C8947075758679265%2C8658709257546361%2C8376647625774949%2C9415987371749194%2C7894545670648191%2C8700214253388311%2C9586136124746067%2C8839713359404963%2C8540815026038124%2C9081347001899766%2C9474739822553464%2C8633474416779459%2C9316398088392651%2C8562154693910546%2C8881367578622242%2C27838320329147209%2C8817466871623976%2C8464418863675853%2C8706183339502135%2C8965475196797464%2C8837270426329919%2C8438174969629390%2C8905852829447873%2C8239179979537675%2C8217012561729358%2C8567564706599496%2C27119404517674405%2C8579078662151394%2C27287068704210780%2C26953492084265275%2C8291718814249802%2C26827171190260758%2C8369277606521717%2C8363778803701711%2C9115827101778990%2C7945514835553181%2C27989307507335039%2C8387989374627546%2C8983879621644847%2C8310507895695007%2C7970449596416059%2C8212777568807895%2C8563854483682342%2C8262965243821912%2C8103157173135789%2C8447206992009757%2C26648677008080358%2C8486546261367515%2C7896949363707016%2C8827772143902730%2C7962155083895879%2C8041042002615625%2C8838944456121665%2C26508479582130975%2C8418669634846365%2C7885089021620673%2C9242125379136076%2C27237613805829516%2C8089559881090253%2C26703815909263933%2C26254808704166992%2C8066870353402939%2C26554240594191819%2C8014464948649980%2C7931675563547250%2C8096350907145291%2C7583500781761933%2C8377530142292221%2C8110513682368916%2C7964068263707184%2C7939992099424493%2C8028090653937848%2C8327395370652146%2C7927368090710266%2C8336110633074236%2C7711207808934177%2C8791375254210564%2C8020923591297208%2C26523747990605168%2C8180323775331980%2C7821369997952864%2C7909573222497225%2C8870978009584070%2C7890179774383993%2C7909370199146198%2C8670687749625863%2C7894748737237680%2C7897001723719886%2C7442349839204606%2C7562147977230135%2C7908485965898641%2C8108494769207918%2C7732143850239185%2C8049509225093003%2C7680687001985777%2C7935773903203518%2C25995481160100072%2C8267561773267835%2C8111124252276924%2C7848630718555139%2C7566763320039816%2C8020058274709157%2C26026882566957725%2C7959953040708508%2C7632343386864624%2C7827555760692210%2C7883929978400474%2C26253123164303600%2C25904240212553880%2C7799683640068510%2C7860694843999857%2C8227132543972022%2C7539782136150560%2C7913359188707916%2C7600324713350040%2C7796403097144213%2C26428715553386136%2C7721868664600921%2C7948683131893137%2C7452135701575790%2C7783052531776174%2C8095158093881982%2C7769297009825818%2C7691625367623694%2C7924102014354098%2C8336994046312938%2C8149783258419143%2C7986917971366778%2C8527612787255275%2C7926987267378195%2C7656296821164330%2C7811156998950970%2C8178865312124053%2C8368640609834397%2C7806621702754444%2C7775231662552759%2C7422449787864761%2C7851519831608891%2C7924092157657781%2C7618982541504704%2C7407967442645250%2C7727714610675599%2C25850183204628170%2C25664961923118482%2C25783213567992574%2C7387128821396757%2C7672830046131441%2C7902307783125850%2C25899544239660366%2C7136595043108776%2C8212226538797768%2C7845438595516975%2C8030334126979444%2C7714005192016548%2C7427398374035784%2C8177864858899706%2C8111369602240839%2C8033612790029665%2C7673796186034252%2C7571993149585237%2C8139452252754241%2C25677269128554902%2C7554132201349047%2C7834997649909997%2C7568790673237499%2C25592230847091891%2C8032965803401659%2C8532556100104903%2C7641965702562055%2C8582316081795547%2C7641858349235058%2C7786991924720956%2C8679472722068780%2C7739448512778866%2C7604628189604344%2C25719335624347647%2C7754782967970755%2C8158381340873725%2C25587590010885758%2C8511602438855582%2C8274581789235781%2C7531544903631007%2C26265618959690038%2C25640672718882099%2C7695231737263411%2C25720158944297516%2C7546599845428429%2C7873374742685536%2C7587475328009719%2C5972517589538568%2C7280377765421565%2C7494287240640189%2C7484183065012020%2C7542508119178959%2C7929341420437594%2C7599896536762479%2C7345048475616919%2C7550502318398665%2C25778849091762854%2C7348162578614212%2C8121563371196723%2C7735000246558355%2C7554835117885332%2C7399683800144496%2C25867306712883320%2C7590794340997291%2C7614217721967840%2C7859527307500514%2C8005472209492411%2C7733026356761364%2C25453579350954792%2C7900750366635634%2C7458393700915045%2C7351345864973530%2C7479903162116766%2C25448559821456578%2C7265479916913000%2C7347467748635773%2C8063141213725467%2C7222251711235206%2C6666311503472333%2C25387089304271309%2C7445373638910076%2C7395108187277177%2C7464291390306191%2C7730897060306554%2C7359099850882079%2C7475823685865295%2C7151053561670138%2C25307973675516884%2C7218032698318473%2C7906065282748118%2C26041297178794566%2C7858907540827967%2C26262762903323349%2C25480788591536790%2C7372221162875051%2C7669054863187920%2C7369105236512203%2C7396684083755083%2C7595761753795432%2C7604691209567391%2C7607368062634029%2C25472310732383322%2C7330901273687957%2C7561392830570125%2C8091351164226234%2C7349516938417571%2C7810271542319405%2C7381299981961653%2C8072202536141956%2C7666648866746015%2C25179060581742573%2C7350829448335965%2C7533343313393290%2C8085904934770320%2C7412184545502883%2C8123233137704912%2C7740841099316901%2C7386280531421432%2C7517236031705765%2C8403512076342092%2C25240513038925719%2C7870090753021434%2C7302967203113251%2C7656195137737332%2C7216697951718162%2C7755247547865540%2C25558025847122024%2C7477575762322911%2C8229262367102547%2C25428650093449980%2C8058755034138732%2C7541461529255728%2C7508624832536255%2C25195911520024286%2C7303406066410119%2C25344597888521478%2C7378817355517791%2C7367259163354400%2C25126806310267677%2C7863039137061648%2C7673255376071606%2C8308295435852557%2C7106078206184709%2C7225880424190941%2C7238118842890644%2C25206449592336377%2C25018194661160460%2C7565114446942778%2C26067777676154753%2C7063040803818798%2C7706973262654703%2C7512769695455222%2C6965305046909255%2C6600414466728412%2C7566395713399017%2C7812570355454962%2C6901010686670512%2C24912030688444557%2C25230955923184727%2C8411460192215410%2C25073541865593746%2C8083961208287957%2C6845308232235486%2C7696154907109309%2C7395434900493931%2C7260656974052630%2C5944490712342074%2C24898192026495216%2C7561750767203781%2C7119836768144263%2C25444940195119466%2C7415178705244911%2C25430877419858932%2C7499063100177389%2C7093803814050981%2C7278647162227834%2C7315559208503200%2C6719910584780635%2C25858612650404486%2C7731596686859653%2C7089312207846580%2C25022069617407972%2C25156421810671819%2C7913300032017808%2C8386969374662925%2C7998515436829292%2C7256567144431885%2C7415179398549890%2C7398313726951606%2C24848950488081743%2C7509038512486057%2C7693875867297915%2C7259425827478080%2C24922207640756349%2C7113221952059621%2C7344650438948167%2C8019475011399995%2C7412311535471638%2C7080836758702590%2C7238376246245822%2C6820899491348383%2C7572809012750480%2C7933528480009818%2C8531801740248006%2C7190338514407591%2C8115270145155911%2C7022542754511040%2C6619596248142488%2C7318702028214145%2C25330977459834249%2C7292979437417121%2C7339146446175487%2C6787782667989320%2C7291054170981015%2C7335960369815217%2C5894351080689535%2C7146204608842282%2C7194921803894142%2C7189162027846290%2C7321202861328509%2C7734041936614404%2C7053737894717029%2C7475311889156959%2C8085101481505131%2C7220979694654619%2C7096942027079935%2C7096505640418946%2C7054980824549550%2C6960893757340641%2C7313742628683493%2C6144822055621276%2C24596366309976930%2C24338844175763453%2C6959093334174331%2C25273216005602651%2C7329812810386534%2C6931990663583901%2C24562880316660370%2C7495751500470120%2C25334283302837413%2C6936913796387293%2C6828694163915565%2C6982649411816537%2C6973564386057732%2C7028808500541553%2C6358102817625994%2C6625680137544344%2C24294253630222166%2C5871028809688877%2C25091831183737390%2C24355726067405791%2C6819285534860816%2C7112783842120328%2C7278900832133725%2C6961559017272295%2C25041684352085512%2C6922551307838391%2C6733762230010198%2C6956360497776048%2C6957442361006308%2C8969394663112663%2C6879604852117519%2C6759490670836078%2C6942588629193088%2C6927754697270052%2C7072639936092539%2C7047990051960148%2C7240934012597396%2C7417956078228406%2C6463815137063610%2C24142902822024648%2C6248586868577792%2C6405272732909924%2C25085062234417923%2C6923138121108086%2C24572603619004696%2C7057186907682251%2C6859406184145616%2C7415129871840007%2C7294635770556346%2C6507382486038759%2C24311225321826462%2C7199187126779584%2C5247254888731509%2C6863249107115529%2C6662390593872256%2C6814213185359198%2C6846443222058259%2C6496556613789726%2C6787233371395841%2C7246466848717439%2C7088956891126460%2C7970959732933020%2C6512243762207712%2C6775028195923095%2C6634262460002669%2C6881661421890524%2C5531165667008402%2C6400264956762680%2C7762314213795204%2C7050987441631424%2C7075966965770965%2C6490888867673076%2C6539357106160783%2C7016661111700684%2C9983152868393181%2C6840100169422118%2C7070527722967149%2C24638668362398767%2C6792687560791130%2C6502642963176602%2C9912726895435618%2C6942029325821139%2C7320829281276932%2C24616232137975607%2C7269159089780136%2C6544493822334560%2C6580712272021597%2C10061278340609910%2C6540223899358211%2C9990227694352884%2C6586734508074263%2C6403099273149432%2C6455724697887639%2C6893854264061151%2C6278120828964055%2C9843409942400865%2C9839373509437423%2C6718400628236656%2C6497133477041898%2C6730170250378607%2C6550114431698573%2C6447136882020071%2C5975897069179181%2C6319024654872692%2C6429168437130247%2C6436596009709175%2C6544305288989696%2C6976638985702859%2C6304731702956647%2C5799344070167390%2C9620433188030025%2C6316315995116527%2C6126797030764354%2C6052948548148078%2C6539999769396477%2C6167924429972354%2C9714688941904748%2C9474952109246389%2C6978326122197204%2C6061503687282054%2C6458927690864521%2C6401688533278408%2C6213784998738533%2C6930103383669860%2C6304661029589039%2C9324396604300401%2C6568023303220878%2C6066468960118051%2C9306032339467670%2C9613506848689608%2C6245479585533215%2C5688184711282581%2C6073176676142133%2C6551349261571428%2C6607766432603986%2C6621554411212640%2C9251313338275646%2C6646446895367933%2C6292734440803677%2C6418663178191553%2C6352232284843022%2C5662636713836448%2C6180940881997384%2C6534320829944598%2C9176549265753129%2C6909315672418445%2C6146145462173178%2C6899566016739391%2C6087488131369340%2C6844873175528568%2C6186673388085595%2C9290327184376044%2C6388635671219941%2C9701280213223190%2C6385102798224057%2C6367424716657000%2C6515829078435963%2C6848575718490648%2C6297668676995214%2C5886122641511015%2C5595648517203024%2C6222888641125721%2C6023428811074051%2C6135230383251862%2C6114560411988317%2C7082476581780640%2C6510719548992457%2C6304448959609716%2C9486262514780037%2C6426722260681719%2C5686708974767993%2C5519371671497109%2C5916005091840255%2C5944238699031625%2C6001543993256279%2C6225235940829149%2C5728512707230397%2C5527587534029171&dlc=1&exp=s0&expv2[0]=pl1&expv2[1]=el3&expv2[2]=bc1&rqm=FGET

Requested by

Host: www.pgh.mobi
URL: https://www.pgh.mobi/simlevelup799_supersale

Protocol

Security

QUIC, , AES_128_GCM

Server

57.144.152.1 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-sin2.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'nonce-Pqr5aVBW' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;child-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net accounts.meta.com .accounts.meta.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;manifest-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;object-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.pgh.mobi/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7571176600929217422&cpp=C3&cv=1029650310&st=1762801921115"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 10 Nov 2025 19:12:01 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: Od/Ui1r12b1nePdjGzuK1zFfuxuOYjkksAOfaWZxTfBAw4xNYxNNJ+nxhmP9VBPmAtx5Tv5lMGbjPxj1xRFwVA==
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7571176600929217422&cpp=C3&cv=1029650310&st=1762801921115", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-Pqr5aVBW' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=1, rtx=0, c=32, mss=1232, tbw=15818, tp=42, tpl=0, uplat=382, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
cross-origin-opener-policy-report-only: restrict-properties;report-to="coop_report"
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H3 200 /
www.facebook.com/tr/ 0
16 B 5ms
5ms Image
text/plain 57.144.152.1
FACEBOOK

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1036101524034745&ev=ScrollDepth_25_percent&dl=https%3A%2F%2Fwww.pgh.mobi%2Fsimlevelup799_supersale&rl=&if=false&ts=1762801920833&sw=1600&sh=1200&v=2.9.241&r=stable&ec=2&o=4126&fbp=fb.1.1762801920794.619559117207148952&ler=empty&cdl=API_unavailable&pmd[keywords]=DITOSIM%20FREE%201%20YEAR%20HIGH%20SPEED%20DATA&pmd[description]=DITOSIM%20FREE%201%20YEAR%20HIGH%20SPEED%20DATA&plt=1110.2000007629395&it=1762801919769&coo=false&exp=s0&expv2[0]=pl1&expv2[1]=el3&expv2[2]=bc1&rqm=GET

Requested by

Host: www.pgh.mobi
URL: https://www.pgh.mobi/simlevelup799_supersale

Protocol

Security

QUIC, , AES_128_GCM

Server

57.144.152.1 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-sin2.facebook.com

Software

proxygen-bolt /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.pgh.mobi/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=1, rtx=0, c=22, mss=1232, tbw=3747, tp=22, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Mon, 10 Nov 2025 19:12:00 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=3,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
195 B 380ms
379ms Image
image/png 57.144.152.1
FACEBOOK

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1036101524034745&ev=ScrollDepth_25_percent&dl=https%3A%2F%2Fwww.pgh.mobi%2Fsimlevelup799_supersale&rl=&if=false&ts=1762801920833&sw=1600&sh=1200&v=2.9.241&r=stable&ec=2&o=4126&fbp=fb.1.1762801920794.619559117207148952&ler=empty&cdl=API_unavailable&pmd[keywords]=DITOSIM%20FREE%201%20YEAR%20HIGH%20SPEED%20DATA&pmd[description]=DITOSIM%20FREE%201%20YEAR%20HIGH%20SPEED%20DATA&plt=1110.2000007629395&it=1762801919769&coo=false&exp=s0&expv2[0]=pl1&expv2[1]=el3&expv2[2]=bc1&rqm=FGET

Requested by

Host: www.pgh.mobi
URL: https://www.pgh.mobi/simlevelup799_supersale

Protocol

Security

QUIC, , AES_128_GCM

Server

57.144.152.1 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-sin2.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'nonce-touylGxC' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;child-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net accounts.meta.com .accounts.meta.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;manifest-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;object-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.pgh.mobi/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7571176600284720806&cpp=C3&cv=1029650310&st=1762801921124"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 10 Nov 2025 19:12:01 GMT
content-type: image/png
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7571176600284720806&cpp=C3&cv=1029650310&st=1762801921124", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-touylGxC' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-debug: ElPDDxxgr8Ia4/YCuFY1w9Z38ExpcX1FUpgXlhmhZpG9uCIRTk87Npm8di0YU7ZEBidyJgpEOKxjr6hbyZqk7w==
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=1, rtx=0, c=30, mss=1232, tbw=13114, tp=39, tpl=0, uplat=375, ullat=0
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H3 200 /
www.facebook.com/tr/ 0
16 B 5ms
4ms Image
text/plain 57.144.152.1
FACEBOOK

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=981874659032826&ev=ScrollDepth_25_percent&dl=https%3A%2F%2Fwww.pgh.mobi&rl=&if=false&ts=1762801920834&sw=1600&sh=1200&v=2.9.241&r=stable&ec=2&o=4124&fbp=fb.1.1762801920794.619559117207148952&ler=empty&cdl=API_unavailable&plt=1110.2000007629395&pm=1&hrl=aceba3&it=1762801919769&coo=false&cs_cc=1&cas=31311726861751530&dlc=1&exp=s0&expv2[0]=pl1&expv2[1]=el3&expv2[2]=bc1&rqm=GET

Requested by

Host: www.pgh.mobi
URL: https://www.pgh.mobi/simlevelup799_supersale

Protocol

Security

QUIC, , AES_128_GCM

Server

57.144.152.1 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-sin2.facebook.com

Software

proxygen-bolt /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.pgh.mobi/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=1, rtx=0, c=22, mss=1232, tbw=3907, tp=24, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Mon, 10 Nov 2025 19:12:00 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=3,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
192 B 406ms
405ms Image
image/png 57.144.152.1
FACEBOOK

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=981874659032826&ev=ScrollDepth_25_percent&dl=https%3A%2F%2Fwww.pgh.mobi&rl=&if=false&ts=1762801920834&sw=1600&sh=1200&v=2.9.241&r=stable&ec=2&o=4124&fbp=fb.1.1762801920794.619559117207148952&ler=empty&cdl=API_unavailable&plt=1110.2000007629395&pm=1&hrl=aceba3&it=1762801919769&coo=false&cs_cc=1&cas=31311726861751530&dlc=1&exp=s0&expv2[0]=pl1&expv2[1]=el3&expv2[2]=bc1&rqm=FGET

Requested by

Host: www.pgh.mobi
URL: https://www.pgh.mobi/simlevelup799_supersale

Protocol

Security

QUIC, , AES_128_GCM

Server

57.144.152.1 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-sin2.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'nonce-2bP0xSus' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;child-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net accounts.meta.com .accounts.meta.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;manifest-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;object-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.pgh.mobi/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7571176601244818263&cpp=C3&cv=1029650310&st=1762801921124"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 10 Nov 2025 19:12:01 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: LYaV8isbB6CZbCLhC9WDutZA9bQ36dfCBbaaR3jaqeUc64eVcWa/JISzAJ8mzsDbuT8t8bj2BVbwBKRpU7KoJw==
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7571176601244818263&cpp=C3&cv=1029650310&st=1762801921124", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-2bP0xSus' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=1, rtx=0, c=34, mss=1232, tbw=18394, tp=45, tpl=0, uplat=400, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
x-xss-protection: 0
origin-agent-cluster: ?1

POST
H3 200 / Show response
www.facebook.com/tr/ Frame B65D 0
19 B 8ms
5ms Document
text/plain 57.144.152.1
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.pgh.mobi
URL: https://www.pgh.mobi/simlevelup799_supersale

Protocol

Security

QUIC, , AES_128_GCM

Server

57.144.152.1 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-sin2.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.pgh.mobi
Referer: https://www.pgh.mobi/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.pgh.mobi
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Mon, 10 Nov 2025 19:12:00 GMT
priority: u=0,i
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=3, rtx=0, c=23, mss=1232, tbw=4747, tp=9, tpl=0, uplat=0, ullat=0

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 8415 0
16 B 5ms
5ms Document
text/plain 57.144.152.1
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.pgh.mobi
URL: https://www.pgh.mobi/simlevelup799_supersale

Protocol

Security

QUIC, , AES_128_GCM

Server

57.144.152.1 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-sin2.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.pgh.mobi
Referer: https://www.pgh.mobi/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.pgh.mobi
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Mon, 10 Nov 2025 19:12:00 GMT
priority: u=0,i
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=3, rtx=0, c=23, mss=1232, tbw=5371, tp=12, tpl=0, uplat=0, ullat=0

GET log
log.adtimaserver.vn/ptrck/ 0
0

GET
H2

200

image-15-20230404143255-_hmgg.png
w.ladicdn.com/60f2397ee86054001414e205/
Redirect Chain

https://static.ladipage.net/60f2397ee86054001414e205/image-15-20230404143255-_hmgg.png
https://w.ladicdn.com/60f2397ee86054001414e205/image-15-20230404143255-_hmgg.png

239 KB
237 KB

5ms
4ms

Other
image/png

2600:9000:2085:e000:11:52e1:b680:93a1
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://w.ladicdn.com/60f2397ee86054001414e205/image-15-20230404143255-_hmgg.png
Protocol: H2
Server: 2600:9000:2085:e000:11:52e1:b680:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.26.3 /
Resource Hash: 1c8e564218d4ac34d5569b1497fd6814b216254cb82bf040d3883e52f643c5f3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.pgh.mobi/

Response headers

access-control-max-age: 2592000
content-encoding: gzip
age: 1913450
access-control-allow-methods: GET
expires: Mon, 19 Oct 2026 15:41:11 GMT
x-cache: Hit from cloudfront
x-amz-cf-id: hKfS8rKV3d4q5z_fKofLdu6mXzRzyYkJCp4SxTkQqsNZ41gcSC0NIQ==
date: Sun, 19 Oct 2025 15:41:11 GMT
content-type: image/png
vary: Accept-Encoding
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Access-Control-Allow-Credentials
cache-control: public, max-age=31536000
access-control-allow-credentials: true
via: 1.1 a5f13b578ce06ddb74ffe9b76d0f495c.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: SIN2-P8
server: nginx/1.26.3

Redirect headers

location: https://w.ladicdn.com:443/60f2397ee86054001414e205/image-15-20230404143255-_hmgg.png
content-length: 134
date: Mon, 10 Nov 2025 19:12:01 GMT
content-type: text/html
server: awselb/2.0

GET
H2

200

image-15-20230404143255-_hmgg.png
w.ladicdn.com/60f2397ee86054001414e205/
Redirect Chain

https://static.ladipage.net/60f2397ee86054001414e205/image-15-20230404143255-_hmgg.png
https://w.ladicdn.com/60f2397ee86054001414e205/image-15-20230404143255-_hmgg.png

239 KB
0

0ms
0ms

Other
image/png

2600:9000:2085:e000:11:52e1:b680:93a1
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://w.ladicdn.com/60f2397ee86054001414e205/image-15-20230404143255-_hmgg.png
Protocol: H2
Server: 2600:9000:2085:e000:11:52e1:b680:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.26.3 /
Resource Hash: 1c8e564218d4ac34d5569b1497fd6814b216254cb82bf040d3883e52f643c5f3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.pgh.mobi/

Response headers

access-control-max-age: 2592000
content-encoding: gzip
age: 1913450
access-control-allow-methods: GET
expires: Mon, 19 Oct 2026 15:41:11 GMT
x-cache: Hit from cloudfront
x-amz-cf-id: hKfS8rKV3d4q5z_fKofLdu6mXzRzyYkJCp4SxTkQqsNZ41gcSC0NIQ==
date: Sun, 19 Oct 2025 15:41:11 GMT
content-type: image/png
vary: Accept-Encoding
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Access-Control-Allow-Credentials
cache-control: public, max-age=31536000
access-control-allow-credentials: true
via: 1.1 a5f13b578ce06ddb74ffe9b76d0f495c.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: SIN2-P8
server: nginx/1.26.3

Redirect headers

location: https://w.ladicdn.com:443/60f2397ee86054001414e205/image-15-20230404143255-_hmgg.png
content-length: 134
date: Mon, 10 Nov 2025 19:12:01 GMT
content-type: text/html
server: awselb/2.0

POST
H2 200 config Show response
a.ladipage.com/ 35 B
561 B 6ms
4ms XHR
text/plain 54.251.88.32
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://a.ladipage.com/config

Requested by

Host: w.ladicdn.com
URL: https://w.ladicdn.com/v5/source/ladipagev3.min.js?v=1761128843123

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.251.88.32 Singapore, Singapore, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-251-88-32.ap-southeast-1.compute.amazonaws.com

Software

Resource Hash

54d86716fecee1adf2d23273fe078cab4b7b0db3da3459fa9a42f5312427adf2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

LADI_CAMP_ID
LADI_CAMP_TYPE
LADI_CAMP_TARGET_URL
Referer: https://www.pgh.mobi/
LADI_CLIENT_ID: dbee806c-6fa1-4914-5853-dac5fc2bfd2b
LADI_CAMP_ORIGIN_URL
LADI_FORM_SUBMIT: 0
LADI_CAMP_NAME
LADI_CAMP_PAGE_VIEW: 0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Content-Type: application/json
LADI_CAMP_FORM_SUBMIT: 0
LADI_PAGE_VIEW: 1

Response headers

access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Accept-Encoding, ladi_camp_form_submit, ladi_camp_form_submit_daily, ladi_camp_id, ladi_camp_name, ladi_camp_origin_url, ladi_camp_page_view, ladi_camp_page_view_daily, ladi_camp_target_url, ladi_camp_type, ladi_client_id, ladi_form_submit, ladi_form_submit_daily, ladi_page_view, ladi_page_view_daily
access-control-max-age: 2592000
x-content-type-options: nosniff
x-download-options: noopen
access-control-allow-methods: POST, OPTIONS
access-control-allow-origin: *
date: Mon, 10 Nov 2025 19:12:02 GMT
x-xss-protection: 0
content-type: text/plain; charset=utf-8
x-frame-options: SAMEORIGIN

OPTIONS
H2 200 config
a.ladipage.com/ Frame 0
0 4ms
3ms Preflight
application/json 54.251.88.32
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://a.ladipage.com/config

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.251.88.32 Singapore, Singapore, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-251-88-32.ap-southeast-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,ladi_camp_form_submit,ladi_camp_id,ladi_camp_name,ladi_camp_origin_url,ladi_camp_page_view,ladi_camp_target_url,ladi_camp_type,ladi_client_id,ladi_form_submit,ladi_page_view
Access-Control-Request-Method: POST
Origin: https://www.pgh.mobi
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Accept-Encoding, ladi_camp_form_submit, ladi_camp_form_submit_daily, ladi_camp_id, ladi_camp_name, ladi_camp_origin_url, ladi_camp_page_view, ladi_camp_page_view_daily, ladi_camp_target_url, ladi_camp_type, ladi_client_id, ladi_form_submit, ladi_form_submit_daily, ladi_page_view, ladi_page_view_daily
access-control-allow-methods: POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 2592000
content-encoding: br
content-type: application/json; charset=utf-8
date: Mon, 10 Nov 2025 19:12:02 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-xss-protection: 0

OPTIONS
H2 200 config
a.ladipage.com/ Frame 0
0 2ms
2ms Preflight
application/json 54.251.88.32
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://a.ladipage.com/config

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.251.88.32 Singapore, Singapore, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-251-88-32.ap-southeast-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,ladi_camp_form_submit,ladi_camp_id,ladi_camp_name,ladi_camp_origin_url,ladi_camp_page_view,ladi_camp_target_url,ladi_camp_type,ladi_client_id,ladi_form_submit,ladi_page_view
Access-Control-Request-Method: POST
Origin: https://www.pgh.mobi
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Accept-Encoding, ladi_camp_form_submit, ladi_camp_form_submit_daily, ladi_camp_id, ladi_camp_name, ladi_camp_origin_url, ladi_camp_page_view, ladi_camp_page_view_daily, ladi_camp_target_url, ladi_camp_type, ladi_client_id, ladi_form_submit, ladi_form_submit_daily, ladi_page_view, ladi_page_view_daily
access-control-allow-methods: POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 2592000
content-encoding: br
content-type: application/json; charset=utf-8
date: Mon, 10 Nov 2025 19:12:02 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H2 200 config Show response
a.ladipage.com/ 35 B
561 B 6ms
4ms XHR
text/plain 54.251.88.32
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://a.ladipage.com/config

Requested by

Host: w.ladicdn.com
URL: https://w.ladicdn.com/v5/source/ladipagev3.min.js?v=1761128843123

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.251.88.32 Singapore, Singapore, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-251-88-32.ap-southeast-1.compute.amazonaws.com

Software

Resource Hash

54d86716fecee1adf2d23273fe078cab4b7b0db3da3459fa9a42f5312427adf2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

LADI_CAMP_ID
LADI_CAMP_TYPE
LADI_CAMP_TARGET_URL
Referer: https://www.pgh.mobi/
LADI_CLIENT_ID: dbee806c-6fa1-4914-5853-dac5fc2bfd2b
LADI_CAMP_ORIGIN_URL
LADI_FORM_SUBMIT: 0
LADI_CAMP_NAME
LADI_CAMP_PAGE_VIEW: 0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Content-Type: application/json
LADI_CAMP_FORM_SUBMIT: 0
LADI_PAGE_VIEW: 1

Response headers

access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Accept-Encoding, ladi_camp_form_submit, ladi_camp_form_submit_daily, ladi_camp_id, ladi_camp_name, ladi_camp_origin_url, ladi_camp_page_view, ladi_camp_page_view_daily, ladi_camp_target_url, ladi_camp_type, ladi_client_id, ladi_form_submit, ladi_form_submit_daily, ladi_page_view, ladi_page_view_daily
access-control-max-age: 2592000
x-content-type-options: nosniff
x-download-options: noopen
access-control-allow-methods: POST, OPTIONS
access-control-allow-origin: *
date: Mon, 10 Nov 2025 19:12:02 GMT
x-xss-protection: 0
content-type: text/plain; charset=utf-8
x-frame-options: SAMEORIGIN

GET
H2 200 277564385_1448609172235132_6379495124728734462_n-20230102130855-r6j_8-20230317034031-xyymj.jpg
w.ladicdn.com/s250x250/60f2397ee86054001414e205/ 8 KB
8 KB 47ms
47ms Image
image/jpeg 2600:9000:2085:e000:11:52e1:b680:93a1
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://w.ladicdn.com/s250x250/60f2397ee86054001414e205/277564385_1448609172235132_6379495124728734462_n-20230102130855-r6j_8-20230317034031-xyymj.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2085:e000:11:52e1:b680:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.26.3 /
Resource Hash: d265964eef6727e7a395f44bc83159929ed2ada364ddae771c1c8389bc5904e6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.pgh.mobi/

Response headers

access-control-max-age: 2592000
content-encoding: gzip
access-control-allow-methods: GET
expires: Tue, 10 Nov 2026 19:12:04 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: HnC7z-c0A08G4Vff6vK81jAt4pJ2uiGe8mduTVSjQXYLKL9w6wuhyQ==
date: Mon, 10 Nov 2025 19:12:04 GMT
content-type: image/jpeg
vary: Accept-Encoding
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Access-Control-Allow-Credentials
cache-control: public, max-age=31536000
access-control-allow-credentials: true
via: 1.1 a5f13b578ce06ddb74ffe9b76d0f495c.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: SIN2-P8
server: nginx/1.26.3

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: log.adtimaserver.vn
URL: https://log.adtimaserver.vn/ptrck/log?pId=7056840457216708608&eId=1393893465614933723&et=3&url=https%3A%2F%2Fwww.pgh.mobi%2Fsimlevelup799_supersale&value=&curl=https%3A%2F%2Fwww.pgh.mobi%2Fsimlevelup799_supersale&uid=&ver=1.1.41&ref=&estd=ViewContent&atmrk=0.5539012652370243

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Fake Shop (Retail)

65 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.pgh.mobi/simlevelup799_supersale	1970-01-21 19:16:01	Name: LADI_FORM_SUBMIT Value: 0
www.pgh.mobi/simlevelup799_supersale	1970-01-21 19:16:01	Name: LADI_FORM_SUBMIT_PATH Value: 0
www.pgh.mobi/simlevelup799_supersale	1970-01-21 19:16:01	Name: LADI_PAGE_VIEW Value: 1
www.pgh.mobi/simlevelup799_supersale	1970-01-21 19:16:01	Name: LADI_PAGE_VIEW_PATH Value: 1
www.pgh.mobi/simlevelup799_supersale	1970-01-21 09:41:28	Name: _timenow Value: 1762801919618
www.pgh.mobi/simlevelup799_supersale	1970-01-21 18:25:37	Name: LADI_UNIQUE_ID Value: 9a5fe2a1-ff50-4b14-9762-31c784c60c83
www.pgh.mobi/simlevelup799_supersale	1970-01-21 18:25:37	Name: LADI_FFD Value: eyJwdiI6eyJlIjoxNzk0MzM3OTE5LCJ2IjoxfX0=
www.pgh.mobi/	1970-01-21 19:16:01	Name: LADI_DNS_CHECK Value: "2025-11-10 19:11:59.291793865 +0000 UTC m=+107480.738379426"
www.pgh.mobi/	1970-01-21 19:16:01	Name: LADI_CLIENT_ID Value: dbee806c-6fa1-4914-5853-dac5fc2bfd2b
.pgh.mobi/	1970-01-21 11:49:37	Name: _fbp Value: fb.1.1762801920794.619559117207148952

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.ladipage.com
connect.facebook.net
docs.google.com
fonts.googleapis.com
fonts.gstatic.com
log.adtimaserver.vn
s.zzcdn.me
static.ladipage.net
w.ladicdn.com
www.facebook.com
www.pgh.mobi
log.adtimaserver.vn
120.138.69.212
142.251.10.94
171.244.25.77
18.139.152.202
2404:6800:4003:c01::65
2404:6800:4003:c04::5f
2600:9000:2085:e000:11:52e1:b680:93a1
52.221.119.108
54.251.88.32
57.144.150.128
57.144.152.1
032b97835f3c9603bb4d9662fd88956749a5006d4d53a91ff9cf3e10db78dc67
07b1f40d200f78b09482bfacca969678125ff4291209044bf0e391027f9981f3
0e8766356e7b8f563df27d4e7928077709065f892850c9089cb42d922530fc7f
126eec706b7931682dbcf6c6efc274132c603f181fbf912678e6cfeb341e721b
1c8e564218d4ac34d5569b1497fd6814b216254cb82bf040d3883e52f643c5f3
245bbcf3d88b613116624bf93bca1379609daec781065c8aee315937836e9a5a
26013cc6a7c67ff6118a630c396d661266e8c0e68812c8676a444b9d26bf1efe
4d6c4acdd850c167482bebb92ab30317cbe60b70be8fa3203abc5785bb6e29e3
50cf7d32c18e1001749b51f1565ef745bc0687b0297b2b13465ed577cc20a8ff
545aaf24e1cd73eba2ab245e1456ef53835d1a33854771927637630806d80fa2
54d86716fecee1adf2d23273fe078cab4b7b0db3da3459fa9a42f5312427adf2
5528830e1c113b9b57b3472ec6d03ccdcda46cf88533b71c4d27915e1aafac22
571f3457dab507b6f2ce5394d593ca015251b69fea81ab7a546bd2368e9fc3ed
648ead090843bdcc8027a46d48cbe72aba02ec143dca2be3744d6167ec2f5942
89fed81a63c57a5d1701d02c7050f80d418e59a2377b7ca87c72df8af7dd7b42
8f80f993e523f2e6c2d097552740fd26331658da23ffad31d26edcdd3aeec370
a81055f53465429ad7c1d0d261e72fec80fb676dcc188e415e26f2bdf138ce66
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
b5961f4a34aba317783e5e755642db3e0cc1103a8dfecab44d1224ed41aa069f
b6e9dde0e875f7e217330c3af2367cd94d3ad1667f411c5a21d4bbc0e384e578
bb186cc25744aef11b8a020d31b5047c4992426efa3e621ace33a95c7aae146d
bc55c1dc961a3e7bbb61e7fca41ca8c9866636a5354a2aa118753ce84aabce2d
c950f9d8711acbcb718c05c7d12d9297acfd418b228382d45c92c36deab49b12
c977c3ce6f0522c2d524a86f59830eff1704be7e1a2b8f0803118289125b8f28
d265964eef6727e7a395f44bc83159929ed2ada364ddae771c1c8389bc5904e6
d5bab8e28732fe3d10dcef4f77b9c248605bbb2a87d289a2539251ceafab536a
d8e4fe0452aa2076429a9bb5d8757d00a994dd95986cf950e9a1a371b9a072a0
dd390718e8371d31b80141f12469ca8640c84933ea330bd3df8c0ffdb81e0421
dd66cc98657b4048be3950edac49aea725b2a9db5db6cea36b639160a88d7691
e0a23c74d54fcac93ec7b8695ea8bd18ab355350c2a64cfe487ed1e2e6b58440
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e915780eecee2c30be6a56376ec7a14c815fdc064fb1b669e543f105111e9cf3
e9ae91a0b05bb72815ccdc5ebb1ffb9668a79f4adae83093612973332dd0bf75
fdb60030decdbb69b13594e2c1f6ff9299ac29b4464f67c6809bc7de75cf9d2f
fdbe7ef858c70956ce76dce8a4620fbe84c8263b007740f11189666f2a7940d4

www.pgh.mobi Open in urlscan Pro 18.139.152.202 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

53 Requests

94 %HTTPS

27 %IPv6

11 Domains

11 Subdomains

11 IPs

3 Countries

1950 kBTransfer

3555 kBSize

10 Cookies

0 Outgoing links

Redirected requests

53 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.pgh.mobi Open in urlscan Pro
18.139.152.202 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

53
Requests

94 %
HTTPS

27 %
IPv6

11
Domains

11
Subdomains

11
IPs

3
Countries

1950 kB
Transfer

3555 kB
Size

10
Cookies

53 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!