www.otosaigon.com Open in urlscan Pro
2606:4700:20::681a:a35 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
Submission: On September 04 via api (September 4th 2021, 12:28:02 pm UTC) from SG

Summary HTTP 310 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 58 IPs in 9 countries across 39 domains to perform 310 HTTP transactions. The main IP is 2606:4700:20::681a:a35, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.otosaigon.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 10th 2021. Valid for: a year.

This is the only time www.otosaigon.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
29	2606:4700:20:... 2606:4700:20::681a:a35	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
15	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:400c:c08::9d	15169 (GOOGLE) (GOOGLE)
2 8	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
7	205.185.216.10 205.185.216.10	20446 (HIGHWINDS3) (HIGHWINDS3)
21	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:802::2001	15169 (GOOGLE) (GOOGLE)
51	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
8	52.17.85.197 52.17.85.197	16509 (AMAZON-02) (AMAZON-02)
11	63.33.79.252 63.33.79.252	16509 (AMAZON-02) (AMAZON-02)
16	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:5f41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:e234	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
3	185.29.132.246 185.29.132.246	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1	138.201.63.164 138.201.63.164	24940 (HETZNER-AS) (HETZNER-AS)
1	2.18.233.201 2.18.233.201	16625 (AKAMAI-AS) (AKAMAI-AS)
3	144.76.238.55 144.76.238.55	24940 (HETZNER-AS) (HETZNER-AS)
1	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
4	37.157.6.246 37.157.6.246	198622 (ADFORM) (ADFORM)
1 2	2620:116:800d... 2620:116:800d:21:f916:5049:f87f:108e	16509 (AMAZON-02) (AMAZON-02)
3 5	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
17	37.157.5.73 37.157.5.73	198622 (ADFORM) (ADFORM)
3	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.200.219.243 18.200.219.243	16509 (AMAZON-02) (AMAZON-02)
1	18.203.62.2 18.203.62.2	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
2	142.250.185.102 142.250.185.102	15169 (GOOGLE) (GOOGLE)
1	185.94.180.123 185.94.180.123	35220 (SPOTX-AMS) (SPOTX-AMS)
1	52.28.56.40 52.28.56.40	16509 (AMAZON-02) (AMAZON-02)
1	23.37.38.181 23.37.38.181	16625 (AKAMAI-AS) (AKAMAI-AS)
6	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3	2404:6800:400... 2404:6800:4005:812::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2016	15169 (GOOGLE) (GOOGLE)
2	23.37.42.132 23.37.42.132	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	2a01:28:cb6:3... 2a01:28:cb6:3::12	39392 (SUPERNETW...) (SUPERNETWORK ^_^)
1 1	2a00:1450:400... 2a00:1450:4001:5e::6	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:3d::6	15169 (GOOGLE) (GOOGLE)
2 9	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2.18.233.180 2.18.233.180	16625 (AKAMAI-AS) (AKAMAI-AS)
1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	185.29.134.244 185.29.134.244	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2 2	37.157.4.39 37.157.4.39	198622 (ADFORM) (ADFORM)
2	13.248.242.197 13.248.242.197	16509 (AMAZON-02) (AMAZON-02)
1	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
5	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
2	52.50.243.239 52.50.243.239	16509 (AMAZON-02) (AMAZON-02)
1 2	209.54.177.54 209.54.177.54	16509 (AMAZON-02) (AMAZON-02)
1	192.132.33.46 192.132.33.46	18568 (BIDTELLECT) (BIDTELLECT)
1	37.252.172.37 37.252.172.37	29990 (ASN-APPNEX) (ASN-APPNEX)
1 1	193.0.160.129 193.0.160.129	54312 (ROCKETFUEL) (ROCKETFUEL)
2	2a00:1450:400... 2a00:1450:400c:c04::8a	15169 (GOOGLE) (GOOGLE)
2	52.18.40.16 52.18.40.16	16509 (AMAZON-02) (AMAZON-02)
5	54.156.11.91 54.156.11.91	14618 (AMAZON-AES) (AMAZON-AES)
310	58

29 2606:4700:20::681a:a35 (United States)

ASN13335 (CLOUDFLARENET, US)

www.otosaigon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn1.otosaigon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c08::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 205.185.216.10 (United States)

ASN20446 (HIGHWINDS3, US)
PTR: map2.hwcdn.net

s.vi-serve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
player.inforsea.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
nv.vi-serve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

51 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 52.17.85.197 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-85-197.eu-west-1.compute.amazonaws.com

t.vi-serve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 63.33.79.252 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-33-79-252.eu-west-1.compute.amazonaws.com

pixel.inforsea.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5f41 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:e234 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.29.132.246 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)

tags.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 138.201.63.164 (Hockenheim, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.164.63.201.138.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.233.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 144.76.238.55 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.55.238.76.144.clients.your-server.de

hal900021.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.6.246 (Denmark)

ASN198622 (ADFORM, DK)

track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:f916:5049:f87f:108e (United States) 1 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.185.66 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 37.157.5.73 (Denmark)

ASN198622 (ADFORM, DK)

s1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.200.219.243 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-200-219-243.eu-west-1.compute.amazonaws.com

vis.vi-serve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.203.62.2 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-203-62-2.eu-west-1.compute.amazonaws.com

call.inforsea.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.102 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f6.1e100.net

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.94.180.123 (Amsterdam, Netherlands)

ASN35220 (SPOTX-AMS, US)

search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.28.56.40 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-56-40.eu-central-1.compute.amazonaws.com

prebid-server.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.37.38.181 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-38-181.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

videointelligence-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2404:6800:4005:812::2003 (Central, Hong Kong)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.37.42.132 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-42-132.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a01:28:cb6:3::12 (Czech Republic) 1 redirects

ASN39392 (SUPERNETWORK ^_^, CZ)

rr7---sn-n02xgoxufvg3-2gbs.googlevideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:5e::6 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

rr1---sn-4g5e6nss.googlevideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:3d::6 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

rr1---sn-4g5ednz7.googlevideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2.18.234.21 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.233.180 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.29.134.244 (United Kingdom) 2 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.4.39 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.248.242.197 (United States)

ASN16509 (AMAZON-02, US)
PTR: a97adde81b00f2ca4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.115 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.50.243.239 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-243-239.eu-west-1.compute.amazonaws.com

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 209.54.177.54 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.132.33.46 (United States)

ASN18568 (BIDTELLECT, US)
PTR: 46.bidtellect.com

bttrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.252.172.37 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.129 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c04::8a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

s.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.18.40.16 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-40-16.eu-west-1.compute.amazonaws.com

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 54.156.11.91 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-156-11-91.compute-1.amazonaws.com

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
77	googlesyndication.com abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com ade.googlesyndication.com	735 KB
34	doubleclick.net 3 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net pubads.g.doubleclick.net ad.doubleclick.net	235 KB
29	otosaigon.com www.otosaigon.com cdn1.otosaigon.com	949 KB
23	adform.net 2 redirects track.adform.net s1.adform.net c1.adform.net	168 KB
15	vi-serve.com s.vi-serve.com t.vi-serve.com vis.vi-serve.com nv.vi-serve.com	210 KB
14	google.com 2 redirects www.google.com adservice.google.com	1 KB
13	inforsea.com pixel.inforsea.com player.inforsea.com call.inforsea.com	133 KB
11	gstatic.com fonts.gstatic.com csi.gstatic.com	156 KB
9	adsafeprotected.com pixel.adsafeprotected.com static.adsafeprotected.com dt.adsafeprotected.com	95 KB
8	casalemedia.com 2 redirects htlb.casalemedia.com ssum-sec.casalemedia.com dsum-sec.casalemedia.com	8 KB
7	google.de www.google.de adservice.google.de	1 KB
6	openx.net videointelligence-d.openx.net u.openx.net eu-u.openx.net us-u.openx.net	2 KB
6	mathtag.com 2 redirects tags.mathtag.com pixel.mathtag.com sync.mathtag.com	4 KB
6	ampproject.org cdn.ampproject.org	119 KB
6	googleapis.com fonts.googleapis.com ajax.googleapis.com imasdk.googleapis.com	341 KB
6	googletagservices.com www.googletagservices.com	199 KB
4	rubiconproject.com prebid-server.rubiconproject.com eus.rubiconproject.com token.rubiconproject.com	11 KB
4	redintelligence.net hal9000.redintelligence.net hal900021.redintelligence.net	7 KB
3	googlevideo.com 2 redirects rr7---sn-n02xgoxufvg3-2gbs.googlevideo.com rr1---sn-4g5e6nss.googlevideo.com rr1---sn-4g5ednz7.googlevideo.com	4 MB
3	pubmatic.com hbopenbid.pubmatic.com ads.pubmatic.com image6.pubmatic.com	14 KB
3	cloudflare.com cdnjs.cloudflare.com	26 KB
3	google-analytics.com www.google-analytics.com	19 KB
2	youtube.com s.youtube.com
2	amazon-adsystem.com 1 redirects s.amazon-adsystem.com	1 KB
2	adsrvr.org match.adsrvr.org	529 B
2	indexww.com js-sec.indexww.com	2 KB
2	quantserve.com 1 redirects cms.quantserve.com pixel.quantserve.com	861 B
2	facebook.com www.facebook.com	103 B
2	facebook.net connect.facebook.net	113 KB
2	googletagmanager.com www.googletagmanager.com	82 KB
1	rfihub.com 1 redirects p.rfihub.com	778 B
1	adnxs.com secure.adnxs.com
1	bttrack.com bttrack.com	380 B
1	ytimg.com i.ytimg.com	13 KB
1	spotxchange.com search.spotxchange.com	1 KB
1	2mdn.net s0.2mdn.net	17 KB
1	onesignal.com cdn.onesignal.com	3 KB
1	cloudflareinsights.com static.cloudflareinsights.com	5 KB
0	googleadservices.com Failed www.googleadservices.com Failed
310	39

	Domain	Requested by
51	tpc.googlesyndication.com	www.otosaigon.com abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com tpc.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net imasdk.googleapis.com
25	www.otosaigon.com	www.otosaigon.com static.cloudflareinsights.com
17	s1.adform.net	track.adform.net s1.adform.net www.otosaigon.com
16	pagead2.googlesyndication.com	www.googletagservices.com abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com securepubads.g.doubleclick.net tpc.googlesyndication.com srcdoc
12	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net www.otosaigon.com
11	pixel.inforsea.com	www.otosaigon.com player.inforsea.com
11	googleads.g.doubleclick.net	abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com
8	t.vi-serve.com	www.otosaigon.com
8	fonts.gstatic.com	fonts.googleapis.com
8	www.google.com	2 redirects www.otosaigon.com abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com tpc.googlesyndication.com
6	cdn.ampproject.org	securepubads.g.doubleclick.net
6	adservice.google.com	securepubads.g.doubleclick.net imasdk.googleapis.com
6	www.googletagservices.com	www.otosaigon.com securepubads.g.doubleclick.net abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com
5	dt.adsafeprotected.com
5	ade.googlesyndication.com
5	cm.g.doubleclick.net	3 redirects abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com u.openx.net
5	abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
5	adservice.google.de	securepubads.g.doubleclick.net
5	s.vi-serve.com	www.otosaigon.com s.vi-serve.com
4	dsum-sec.casalemedia.com	1 redirects ssum-sec.casalemedia.com
4	track.adform.net	hal900021.redintelligence.net s1.adform.net
4	cdn1.otosaigon.com	www.otosaigon.com
3	ssum-sec.casalemedia.com	1 redirects js-sec.indexww.com ssum-sec.casalemedia.com
3	csi.gstatic.com	imasdk.googleapis.com
3	pubads.g.doubleclick.net	imasdk.googleapis.com
3	cdnjs.cloudflare.com	s1.adform.net
3	hal900021.redintelligence.net	hal9000.redintelligence.net hal900021.redintelligence.net
3	tags.mathtag.com	abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com tags.mathtag.com
3	fonts.googleapis.com	tpc.googlesyndication.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	static.adsafeprotected.com	pixel.adsafeprotected.com www.otosaigon.com
2	s.youtube.com	blank
2	s.amazon-adsystem.com	1 redirects ssum-sec.casalemedia.com
2	pixel.adsafeprotected.com	s.vi-serve.com
2	match.adsrvr.org	u.openx.net ssum-sec.casalemedia.com
2	c1.adform.net	2 redirects
2	us-u.openx.net	u.openx.net
2	eu-u.openx.net	u.openx.net
2	sync.mathtag.com	2 redirects
2	js-sec.indexww.com	player.inforsea.com ssum-sec.casalemedia.com
2	eus.rubiconproject.com	player.inforsea.com eus.rubiconproject.com
2	imasdk.googleapis.com	player.inforsea.com imasdk.googleapis.com
2	www.facebook.com	www.otosaigon.com connect.facebook.net
2	www.google.de	www.otosaigon.com
2	stats.g.doubleclick.net	www.google-analytics.com
2	connect.facebook.net	www.otosaigon.com connect.facebook.net
2	www.googletagmanager.com	www.otosaigon.com
1	p.rfihub.com	1 redirects
1	secure.adnxs.com	ssum-sec.casalemedia.com
1	bttrack.com	ssum-sec.casalemedia.com
1	ad.doubleclick.net
1	image6.pubmatic.com	ads.pubmatic.com
1	pixel.quantserve.com	1 redirects
1	token.rubiconproject.com	eus.rubiconproject.com
1	ads.pubmatic.com	player.inforsea.com
1	u.openx.net	player.inforsea.com
1	rr1---sn-4g5ednz7.googlevideo.com
1	rr1---sn-4g5e6nss.googlevideo.com	1 redirects
1	rr7---sn-n02xgoxufvg3-2gbs.googlevideo.com	1 redirects
1	i.ytimg.com
1	hbopenbid.pubmatic.com	player.inforsea.com
1	videointelligence-d.openx.net	player.inforsea.com
1	htlb.casalemedia.com	player.inforsea.com
1	prebid-server.rubiconproject.com	player.inforsea.com
1	search.spotxchange.com	player.inforsea.com
1	s0.2mdn.net	imasdk.googleapis.com
1	call.inforsea.com	player.inforsea.com
1	nv.vi-serve.com	www.otosaigon.com
1	vis.vi-serve.com	s.vi-serve.com
1	cms.quantserve.com	abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com
1	ajax.googleapis.com	hal900021.redintelligence.net
1	pixel.mathtag.com	tags.mathtag.com
1	hal9000.redintelligence.net	www.otosaigon.com
1	cdn.onesignal.com	www.otosaigon.com
1	static.cloudflareinsights.com	www.otosaigon.com
1	player.inforsea.com	s.vi-serve.com
0	www.googleadservices.com Failed
310	77

This site contains links to these domains. Also see Links.

Domain
www.vnexpress.net
adsplus.vn

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-10` - `2022-07-09`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-07-20` - `2021-10-18`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.vi-serve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-08-16` - `2022-08-26`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.inforsea.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-25` - `2022-03-27`	a year	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.mathtag.com DigiCert SHA2 Secure Server CA	`2020-04-15` - `2022-04-22`	2 years	crt.sh
redintelligence.net R3	`2021-08-20` - `2021-11-18`	3 months	crt.sh
pixel.mathtag.com DigiCert SHA2 Secure Server CA	`2021-06-29` - `2022-07-07`	a year	crt.sh
track.adform.net DigiCert SHA2 Secure Server CA	`2019-09-16` - `2021-09-20`	2 years	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.spotxchange.com GeoTrust RSA CA 2018	`2021-03-10` - `2022-03-29`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-30` - `2022-04-04`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2020-12-07` - `2021-12-14`	a year	crt.sh
edgestatic.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.c.docs.google.com GTS CA 1C3	`2021-08-17` - `2021-10-26`	2 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
fw.adsafeprotected.com Amazon	`2021-08-11` - `2022-09-09`	a year	crt.sh
s.amazon-adsystem.com Amazon	`2021-07-14` - `2022-06-27`	a year	crt.sh
*.bttrack.com Sectigo RSA Domain Validation Secure Server CA	`2021-03-29` - `2022-03-29`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
static.adsafeprotected.com Amazon	`2021-01-06` - `2022-02-04`	a year	crt.sh
dt.adsafeprotected.com Amazon	`2021-04-22` - `2022-05-21`	a year	crt.sh

This page contains 29 frames:

Primary Page: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
Frame ID: 857589652E57DC263500C610DB34732B
Requests: 115 HTTP requests in this frame

Frame: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 537E0BC91F0618828163B53EDEEDB97E
Requests: 1 HTTP requests in this frame

Frame: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: A242FA72583EB2FB8F38161BD6E4CE69
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6093951902922309632/index.html
Frame ID: 8D1E04F46410BD82AAC718636D169A4C
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: D85F1F3BB211BFB47C4F569344442FA5
Requests: 2 HTTP requests in this frame

Frame: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: AA1B62418DE8D956D83683EEC50961AE
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html
Frame ID: E271C6A640F471DBED8535C6FBCB617D
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 3073A59E36369194A5CB06123906A122
Requests: 2 HTTP requests in this frame

Frame: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 24F98354FC5C3FD6FF266D12348C1E23
Requests: 14 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/022108170213000/amp4ads-v0.mjs
Frame ID: 6FCE2044AD84C9A09BAF2C5DFFCE310B
Requests: 26 HTTP requests in this frame

Frame: https://hal900021.redintelligence.net/request_content.php?s=58252100066538603150070011707021&a=f80e07d4
Frame ID: 964E3B745CE66BE2DACD8102D694F9E8
Requests: 10 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 22599A6A6CC9698F8FE5076917287F7D
Requests: 3 HTTP requests in this frame

Frame: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: D8928117A80F3DD58C93F3324E259F6F
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html
Frame ID: E58605B423BC3666C77A374EE7D2A476
Requests: 12 HTTP requests in this frame

Frame: https://s1.adform.net/Banners/Elements/Files/160090/10123580/10123580.js?ADFassetID=10123580&bv=258
Frame ID: 148864B769EAF7927D476B700F5F979C
Requests: 18 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: AC26DF66D2FE3B68E820FDC7F4314A10
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 99CFC74932C40044643EB34274961EDD
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Frame ID: C4B696CF5E5F95A5F0CF9FCE7D943FF6
Requests: 4 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html
Frame ID: 5B2432332B638E9E488375FA0BE4E516
Requests: 29 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: B40164CF59443A1E218F8F7361FC4A0C
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=
Frame ID: 05560A306EA4818BA5FDC48DB53D5D72
Requests: 3 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 0808D6383768767C71DCFF048F6BCB63
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=
Frame ID: 76EEBB87F97B7C663824E08186724DD2
Requests: 7 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 0479FFE928DDB4F66420A4D2D043E99C
Requests: 2 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?d=https://www.otosaigon.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Frame ID: B50941B22048FC79795F08BE0D733A08
Requests: 10 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/hhrtBw21.html
Frame ID: B7F22D5FBDB457A54CCC05B0F5237887
Requests: 3 HTTP requests in this frame

Frame: https://s.youtube.com/api/stats/playback?ns=yt&fexp=44730612%2C44737475&el=adunit&cpn=YlHw0VpHqJYtUyu_&docid=OA_dKpXFf5w&ver=2&cmt=0.199&fmt=18&rt=0.000&adformat=2_2_1&euri=https%3A%2F%2Fwww.otosaigon.com%2F&len=30.000&vtype=gvp&c=web_gvp_ads&cver=h.0.0.0&cbr=Chrome&cbrver=92.0.4515.159&cos=Linux%20x86_64&cosver=537.36&cplatform=desktop&mos=1&volume=0&delay=28&rtn=10
Frame ID: C29A8D1751D9243A9CA238141482AF91
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: 3C17506C9BF72F75D3062FC97B2395C3
Requests: 1 HTTP requests in this frame

Frame: https://s.youtube.com/api/stats/watchtime?rti=10&st=0.000&et=10.059&rtn=20.000&ns=yt&fexp=44730612%2C44737475&el=adunit&cpn=YlHw0VpHqJYtUyu_&docid=OA_dKpXFf5w&ver=2&cmt=10.059&fmt=18&rt=10.000&adformat=2_2_1&euri=https%3A%2F%2Fwww.otosaigon.com%2F&len=30.000&vtype=gvp&c=web_gvp_ads&cver=h.0.0.0&cbr=Chrome&cbrver=92.0.4515.159&cos=Linux%20x86_64&cosver=537.36&cplatform=desktop
Frame ID: 4CA4D7B8DE890B78D3BDB0CCA0B6E788
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cho em hỏi tiêu hao nhiên liệu KIA CARNIVAL | Otosaigon - diễn đàn, cộng đồng ô tô số 1 Việt Nam

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

310
Requests

96 %
HTTPS

44 %
IPv6

39
Domains

77
Subdomains

58
IPs

9
Countries

7790 kB
Transfer

12899 kB
Size

9
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: http://www.vnexpress.net/Comment/2009/05/3B9B1FFC/?p=1
Title: http://www.vnexpress.net/Comment/2009/05/3B9B1FFC/?p=1

Search URL Search Domain Scan URL

URL: https://adsplus.vn/
Title: Quảng cáo google ads

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 60

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 85

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 240

https://rr7---sn-n02xgoxufvg3-2gbs.googlevideo.com/videoplayback?expire=1630787265&ei=QWYzYabMM4Ox1wLCl6zQAg&ip=195.181.174.89&id=380fdd2a95c57f9c&itag=22&source=youtube&requiressl=yes&mh=5Q&mm=31&mn=sn-n02xgoxufvg3-2gbs&ms=au&mv=m&mvi=7&pl=23&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=30.069&lmt=1630682938102041&mt=1630758292&txp=5432434&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRQIhANFFRIxFc-qBMgf4bgZJLAbjw4jUpI5UcGN_o3K_HicsAiBNKjy0wV1hKGXdGmhR2Eg13UBk-9lpdcDNxTByhfLDlw==&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIgRN07Bfs1JhqbvieKc0GCpAGbHpFuzhsa0ZOaOj1E76UCIQDJgX2bYMsWRmLszl2UH7ekcEoCfy1t0jyKSzjrYTj0Ww==&cpn=YlHw0VpHqJYtUyu_ HTTP 302
https://rr1---sn-4g5e6nss.googlevideo.com/videoplayback?expire=1630787265&ei=QWYzYabMM4Ox1wLCl6zQAg&ip=195.181.174.89&id=380fdd2a95c57f9c&itag=22&source=youtube&requiressl=yes&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=30.069&lmt=1630682938102041&txp=5432434&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRQIhANFFRIxFc-qBMgf4bgZJLAbjw4jUpI5UcGN_o3K_HicsAiBNKjy0wV1hKGXdGmhR2Eg13UBk-9lpdcDNxTByhfLDlw==&cpn=YlHw0VpHqJYtUyu_&redirect_counter=1&rm=sn-n02xgoxufvg3-2gbs7k&req_id=d339c95f9ba936e2&cms_redirect=yes&mh=5Q&mm=29&mn=sn-4g5e6nss&ms=rdu&mt=1630758292&mv=m&mvi=1&pl=23&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIgVpRDF61xWi55nJkXPX_tqes-ijI0HxdiAhuEQSYse9kCIQDIqCZh8-Glbqnw1ai74VYMJHde5JXFvRjeydPmp7A-Bw%3D%3D HTTP 302
https://rr1---sn-4g5ednz7.googlevideo.com/videoplayback?expire=1630787265&ei=QWYzYabMM4Ox1wLCl6zQAg&ip=195.181.174.89&id=380fdd2a95c57f9c&itag=22&source=youtube&requiressl=yes&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=30.069&lmt=1630682938102041&txp=5432434&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRQIhANFFRIxFc-qBMgf4bgZJLAbjw4jUpI5UcGN_o3K_HicsAiBNKjy0wV1hKGXdGmhR2Eg13UBk-9lpdcDNxTByhfLDlw==&cpn=YlHw0VpHqJYtUyu_&rm=sn-n02xgoxufvg3-2gbs7k,sn-4g5ezl7e&req_id=d339c95f9ba936e2&redirect_counter=2&fexp=24052760&cms_redirect=yes&ipbypass=yes&mh=5Q&mip=2a01:4f8:121:131a::2&mm=29&mn=sn-4g5ednz7&ms=rdu&mt=1630758287&mv=u&mvi=1&pl=48&lsparams=ipbypass,mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIhAN2gi5j3HtW65KtTjBLPIz4fl9uMNQr5GCkRSGaSJunxAiAi29QBWuSpx5n-8tCZSFb67Ra2TqHS0PO1W60Gpa5OkA%3D%3D

Request Chain 246

https://ssum-sec.casalemedia.com/usermatch?d=https://www.otosaigon.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F HTTP 302
https://ssum-sec.casalemedia.com/usermatch?d=https://www.otosaigon.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Request Chain 247

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=67346133-663f-4601-8567-86623cee0ce6

Request Chain 248

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=1 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=A5iGnwOfhsoYntHJBJqYyFHMg8gYyofPUJkKsoAv

Request Chain 249

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5857657559995791910

Request Chain 252

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOQc9l2mtZsYNGwqMiV7Xo8&google_cver=1

Request Chain 275

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YTNmQvz9OrMWSoWqT-gMswAABLwAAAIB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YTNmQvz9OrMWSoWqT-gMswAABLwAAAIB&dcc=t

Request Chain 276

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YTNmQvz9OrMWSoWqT.gMswAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEFkCDknGgwKh6MIl655WcOg&google_cver=1&gdpr=1&google_hm=2

Request Chain 278

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YTNmQvz9OrMWSoWqT-gMswAABLwAAAIB&gdpr_consent=&us_privacy=&gdpr=1 HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEOprzy69gRNtccFt91xL4GU&google_cver=1

Request Chain 279

https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=67346133-663f-4601-8567-86623cee0ce6&gdpr=1&gdpr_consent=

Request Chain 282

https://p.rfihub.com/cm?in=1&pub=2079&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=1875819622467421821

Request Chain 309

https://googleads.g.doubleclick.net/aclk?sa=l&ai=Ca74rQWYzYe3lJ5ba3wOEjKWQB4bm3fZkjdnJ3p4OsJAfEAEg-KHCZ2CVgoCAsAegAdHQ0MkCyAEFqQK3zvaIH-6zPuACAKgDAZgEAKoEsQJP0PdI9gAG4JILLfNG2uxqUC2xvBxuLg4IqG7VAAdHoXxS4a_BqnzBtmez1ScLRtx9esNO90dFUjmkP_2X2C23CwINNOYqqJNztdK5XhWOLo6XdhfYlPAEI1tMLlH91V9CzcSuO5L6yE82Pu4m_l7N3nC_2gBm6ixM0ubiBwZXItHfjAVKUwWbwQp8P7uzMpzbMsEU824OkwcLkBv-WYRjMG_IN0Z8WPoOCdp_EJKEBtD9GMJ6BXWsYrR-bbffgh2QWhBbjBdK9xfoK_FvobnsVwrRiluOio75Z2iEFgWLsZPkEnVCnzd2I4eG68FesqFyCfEYFkuzbCh4q7X1pc3opMnl50wUP9ddJhNRIoCycGVIPooy6936-Nbf9iH-NJfk0pq-4MVnhQbSMaNQdXiYecAEm8_t0dgD4AQBiAXesP79NZIFBggDEAEYAaAGVIAHl6-vtgGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgHnNwbqAfulrECqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcBqAgB0ggJCIDhgBAQARgdmgkqaHR0cHM6Ly93d3cuaHl1bmRhaS5kZS9rYW1wYWduZS9lZGl0aW9uMzAvsQnI_a0t-pkR2YAKA8gLAdALDuALAbgMAbATrbK4DNgTDdgUAdAVAagWAeIWAggBgBcB&num=1&sig=AOD64_2bj5mb5URbg_Me7YdX57xnlhwWQw&client=ca-pub-4364561325077639&adurl=https://ad.doubleclick.net/ddm/trackclk/N822516.3772727IWEVIDEO/B26458506.312845884%3Bdc_trk_aid%3D505492845%3Bdc_trk_cid%3D157141650%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Btfua%3D%3Bltd%3D&ctype=110&label=video_10s_engaged_view&ad_mt=10059&acvw=sv%3D903%26cb%3Dima%26nas%3D1%26sdk%3Dh%26p%3D988,394,1269,894%26p0%3D988,394,1269,894%26p1%3D988,394,1269,894%26tos%3D0,10246,0,0,0%26mtos%3D0,10246,10246,10246,10246%26amtos%3D0,0,0,0,0%26mtos1%3D0,7751,0%26mcvt%3D10246%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26a0%3D0%26a1%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D10246%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D2264%26pst%3D428%26dur%3D30000%26vmtime%3D10058%26is%3D275%26i0%3D275%26i1%3D275%26cs%3D4371%26c%3D0.75%26c0%3D0.75%26c1%3D0.75%26mc%3D0.75%26nc%3D0.75%26mv%3D0%26nv%3D0%26qmt%3D0,2495,2495,2495,2495%26qnc%3D0.75%26qmv%3D0%26qnv%3D0%26lte%3D0.75%26ces%26femt%3D412%26femvt%3D0%26emc%3D52%26emuc%3D0%26emb%3D0,52,0,0,0%26avms%3Dexc%26qi%3D511313762%26psm%3D-2147481601%26psv%3D-2147481601%26psfv%3D0%26psa%3D0%26ptlt%3D1630758476389%26pngs%3D9s,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,10246%26ss0%3D0.05%26ss1%3D0.05&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0.05%26t%3D1630758465984 HTTP 302
https://www.googleadservices.com/pagead/aclk?sa=L&ai=CI8sLQWYzYe3lJ5ba3wOEjKWQB4bm3fZkjdnJ3p4OsJAfEAEg-KHCZ2CVgoCAsAegAdHQ0MkCyAEFqQK3zvaIH-6zPuACAKgDAZgEAKoEsQJP0PdI9gAG4JILLfNG2uxqUC2xvBxuLg4IqG7VAAdHoXxS4a_BqnzBtmez1ScLRtx9esNO90dFUjmkP_2X2C23CwINNOYqqJNztdK5XhWOLo6XdhfYlPAEI1tMLlH91V9CzcSuO5L6yE82Pu4m_l7N3nC_2gBm6ixM0ubiBwZXItHfjAVKUwWbwQp8P7uzMpzbMsEU824OkwcLkBv-WYRjMG_IN0Z8WPoOCdp_EJKEBtD9GMJ6BXWsYrR-bbffgh2QWhBbjBdK9xfoK_FvobnsVwrRiluOio75Z2iEFgWLsZPkEnVCnzd2I4eG68FesqFyCfEYFkuzbCh4q7X1pc3opMnl50wUP9ddJhNRIoCycGVIPooy6936-Nbf9iH-NJfk0pq-4MVnhQbSMaNQdXiYecAEm8_t0dgD4AQBiAXesP79NZIFBggDEAEYAcAFbqAGVIAHl6-vtgGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgHnNwbqAfulrECqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcBqAgB0ggJCIDhgBAQARgdmgkqaHR0cHM6Ly93d3cuaHl1bmRhaS5kZS9rYW1wYWduZS9lZGl0aW9uMzAvsQnI_a0t-pkR2YAKA8gLAdALDuALAbgMAbATrbK4DNgTDdgUAdAVAagWAeIWAggBgBcB&num=1&client=ca-pub-4364561325077639&ctype=110&label=video_10s_engaged_view&ad_mt=10059&acvw=sv%3D903%26cb%3Dima%26nas%3D1%26sdk%3Dh%26p%3D988,394,1269,894%26p0%3D988,394,1269,894%26p1%3D988,394,1269,894%26tos%3D0,10246,0,0,0%26mtos%3D0,10246,10246,10246,10246%26amtos%3D0,0,0,0,0%26mtos1%3D0,7751,0%26mcvt%3D10246%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26a0%3D0%26a1%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D10246%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D2264%26pst%3D428%26dur%3D30000%26vmtime%3D10058%26is%3D275%26i0%3D275%26i1%3D275%26cs%3D4371%26c%3D0.75%26c0%3D0.75%26c1%3D0.75%26mc%3D0.75%26nc%3D0.75%26mv%3D0%26nv%3D0%26qmt%3D0,2495,2495,2495,2495%26qnc%3D0.75%26qmv%3D0%26qnv%3D0%26lte%3D0.75%26ces%26femt%3D412%26femvt%3D0%26emc%3D52%26emuc%3D0%26emb%3D0,52,0,0,0%26avms%3Dexc%26qi%3D511313762%26psm%3D-2147481601%26psv%3D-2147481601%26psfv%3D0%26psa%3D0%26ptlt%3D1630758476389%26pngs%3D9s,14,15s%26veid%3Dxdi:0,amp:0%26ssb%3D0,0,0,0,0,0,0,0,0,0,10246%26ss0%3D0.05%26ss1%3D0.05&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0.05%26t%3D1630758465984&cid=CAQSKQCNIrLMrguxaw723Ir0Vvovlvu_Leg80d5EhmM27lEFdk0qBZa3Y1p9&dblrd=1&val=ChAyMmViNDk5NmU2YzgwMDA0EMzMzYkGGgiJMMDVS4dJciABKAE&sig=AOD64_0SzOxlMtYsDCGVPIkrH5_EQUTuog&adurl=https://ad.doubleclick.net/ddm/trackclk/N822516.3772727IWEVIDEO/B26458506.312845884%3Bdc_trk_aid%3D505492845%3Bdc_trk_cid%3D157141650%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Btfua%3D%3Bltd%3D

310 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/ 254 KB
56 KB 2340ms
2310ms Document
text/html 2606:4700:20::681a:a35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9e780c848dc68c52d42fa48306ece0e217223b0709721d746455dda75bbf08fe

Request headers

:method: GET
:authority: www.otosaigon.com
:scheme: https
:path: /threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:36 GMT
content-type: text/html; charset=UTF-8
set-cookie: WID=vt151|YTNlj|YTNlj; path=/
x-cache: BYPASS
x-page-speed: Website Auto Optimization
cache-control: max-age=0, no-cache
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eAvNNZKTfwOZPgfm5v2pwQl3Yq%2FItA9nyLANamBiFRzl6pQjRThghiJl18LfotxTbdArLhlfr%2Bh%2BwJnyAl%2By9WxfEDYDMs5PVm6RfQVOrzBbtr0VSUMZdKBrr5P%2F4sq51utYx0nyQcU3lm2TAGyA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 689736730877c2b3-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 css.php
www.otosaigon.com/ 410 KB
48 KB 109ms
86ms Stylesheet
text/css 2606:4700:20::681a:a35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.otosaigon.com/css.php?css=public%3Anormalize.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less%2Cpublic%3Aio.less&s=4&l=1&d=1630577203&k=fb3c72bf51cb81c4dd177b7deae9155ff6a73777
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:a35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1cdc6b6c847d47d017169aebaf9f652eda7b1ced7634a56102e1258d76f155a

Request headers

:path: /css.php?css=public%3Anormalize.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less%2Cpublic%3Aio.less&s=4&l=1&d=1630577203&k=fb3c72bf51cb81c4dd177b7deae9155ff6a73777
pragma: no-cache
cookie: WID=vt151|YTNlj|YTNlj
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.otosaigon.com
referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:36 GMT
content-encoding: br
x-cdn-client: 162.158.90.188 - -
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 181073
cf-polished: origSize=421639
x-cache: HIT
cf-cache-status: HIT
cf-bgj: minify
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
pragma: public
last-modified: Thu, 02 Sep 2021 10:06:43 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XkheSuDjFv8YBE8GlSazb%2FYLFEdTcer398A296gb2y8xXYUwrXn%2FIlChl7THxqnDVyQUyhTfbiVscoD1RmSzZuT5LbebmX9KbQEUHTjC2B1A7nKbhlKjV5PNboWdIK7%2F2bQ4eU7oTYmOkmXxjlNW"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: max-age=31354748
cf-ray: 689736823c87d6b1-FRA
expires: Fri, 02 Sep 2022 10:06:44 GMT

GET
H3-29 200 css.php
www.otosaigon.com/ 298 KB
56 KB 112ms
89ms Stylesheet
text/css 2606:4700:20::681a:a35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.otosaigon.com/css.php?css=public%3Abb_code.less%2Cpublic%3Acustom_page_container.css%2Cpublic%3Acustom_thread_view.css%2Cpublic%3Acustom_widget_new_threads.css%2Cpublic%3Afontawesome.css%2Cpublic%3Alightbox.less%2Cpublic%3Amaterialdesignicons.css%2Cpublic%3Amessage.less%2Cpublic%3Ashare_controls.less%2Cpublic%3Aextra.less&s=4&l=1&d=1630577203&k=9a8b9d5ed3f551ae4e16ea2196b5718ea7b6ebcf
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:a35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82b3a9ac8b099ace96214d4ef3e68f4aa4aceeb570f37c8a4ce22f1e82be7af5

Request headers

:path: /css.php?css=public%3Abb_code.less%2Cpublic%3Acustom_page_container.css%2Cpublic%3Acustom_thread_view.css%2Cpublic%3Acustom_widget_new_threads.css%2Cpublic%3Afontawesome.css%2Cpublic%3Alightbox.less%2Cpublic%3Amaterialdesignicons.css%2Cpublic%3Amessage.less%2Cpublic%3Ashare_controls.less%2Cpublic%3Aextra.less&s=4&l=1&d=1630577203&k=9a8b9d5ed3f551ae4e16ea2196b5718ea7b6ebcf
pragma: no-cache
cookie: WID=vt151|YTNlj|YTNlj
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.otosaigon.com
referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:36 GMT
content-encoding: br
x-cdn-client: 162.158.92.158 - -
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 176076
cf-polished: origSize=308856
x-cache: HIT
cf-cache-status: HIT
cf-bgj: minify
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
pragma: public
last-modified: Thu, 02 Sep 2021 10:06:43 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DDwx6%2Fwch1eX8rxIGL1Zu5VQ8sXuI2V8YUrvnBQsWaS5EDmK9RCyTKEDr8oI8dfEYgw4WLa1PBxKUUHGRiHAQ0%2BmHq5UxUuuQePZ6Q6mSBfMTNr12g%2BJRBUD%2F0DL0lBRjrjO%2BI4O66oDkK60PTZN"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: max-age=31354750
cf-ray: 689736823c86d6b1-FRA
expires: Fri, 02 Sep 2022 10:06:46 GMT

GET
H3-29 200 rocket-loader.min.js Show response
www.otosaigon.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 15ms
13ms Script
application/javascript 2606:4700:20::681a:a35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.otosaigon.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:a35 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
pragma: no-cache
cookie: WID=vt151|YTNlj|YTNlj
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.otosaigon.com
referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 01 Sep 2021 15:49:24 GMT
server: cloudflare
etag: W/"612fa104-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o6NqDO8AyXB2GS6YF15SdEsgu%2FHIxzcK4%2FWLCYUPW%2F5fASd5uSUh4986MIJDX8WXsNbaw0sIf%2B6vQA3xlO0iRcEsqDTe7qLRSKf%2Bn8t0a8nIw8mTolRe6EIZu6DH56sKn%2B76jpW28Sq56fsGPV4%2F"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6897368d3be6d6b1-FRA
vary: Accept-Encoding
expires: Mon, 06 Sep 2021 12:27:38 GMT

GET
H2 200 large_logo_os.png
cdn1.otosaigon.com/data/osstatic/images/ 13 KB
14 KB 27ms
15ms Image
image/webp 2606:4700:20::681a:a35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.otosaigon.com/data/osstatic/images/large_logo_os.png
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c919a89e874cd07d75e545e1abf1487cacf80bc12cdc5493e2856a44ffd3712e

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:38 GMT
vary: User-Agent, Accept-Encoding
x-cdn-client: 42.117.80.122 - Vietnam - Hanoi
x-original-content-length: 24246
age: 2098993
x-cache: REVALIDATED
cf-cache-status: HIT
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 13488
pragma: public
server: cloudflare
etag: W/"PSA-aj-X8oiaadIZS"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yb4U1QRMi8fOnHx6hCBWsj98%2BHLJKHxMgUVrfqXt4Q5QBSgmXrx3mgEyzifHp5Lt8oqJVvseI%2FN8468KvFtkufdvF8cy00ZlOld1ORSRgxhp80zU5VjAfdtEK%2Bh9FfR4TJMkpO884NsQOeKrmZ%2FVNA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=5356800
accept-ranges: bytes
cf-ray: 6897368d4817c2b3-FRA
expires: Fri, 10 Sep 2021 04:22:20 GMT

GET
H3-29 200 uix-brandmark.png
www.otosaigon.com/styles/io/images/ 1 KB
2 KB 24ms
22ms Image
image/webp 2606:4700:20::681a:a35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.otosaigon.com/styles/io/images/uix-brandmark.png
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:a35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 859bbfed1cc557ff3b7bd83fa0676acece6e9b4a28be8ca20edd1e5f56994609

Request headers

:path: /styles/io/images/uix-brandmark.png
pragma: no-cache
cookie: WID=vt151|YTNlj|YTNlj
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.otosaigon.com
referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:38 GMT
x-cdn-client: 123.20.32.162 - -
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2006725
cf-polished: origFmt=png, origSize=1943
x-cache: HIT
cf-cache-status: HIT
content-disposition: inline; filename="uix-brandmark.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1078
pragma: public
last-modified: Fri, 12 Jul 2019 08:07:42 GMT
server: cloudflare
etag: W/"PSA-JkE6Rddq6l"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uZF6PYrOP7fbAqOfY%2BaoAaZOvDHd6sUVd6K5R7eyxouc2DOnU31Zng5xKan7cUMYiLI%2FrQ4E9%2Fwa8m8jZ%2FJA0eCbvNkRCa2AAlhYhwhbIk3t%2Fhp9VjR1pSGuiR%2BffNWbZd3CJ6xoHrXAuO4v7UhE"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6897368d3be9d6b1-FRA
cf-bgj: imgq:100,h2pri

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 70 KB
25 KB 36ms
15ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33f741884d49aa4540005845acbcfc179b071230ead16ff1f950b0c88e7e184c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "977 / 597 of 1000 / last-modified: 1630707028"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24940
x-xss-protection: 0
expires: Sat, 04 Sep 2021 12:27:38 GMT

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ 110 KB
42 KB 31ms
30ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TZNDKWR

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

65e0979334fe5c03eaccb80871f8ea6433aff2312657f40005a25b3faa5c9c54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:38 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42831
x-xss-protection: 0
last-modified: Sat, 04 Sep 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 04 Sep 2021 12:27:38 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 101 KB
40 KB 21ms
20ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-40673294-1

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6c62cd1dff8577abea354f379662b20f5df40234f03ac527083dab6ec3ecbe45

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:38 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41181
x-xss-protection: 0
last-modified: Sat, 04 Sep 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 04 Sep 2021 12:27:38 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-40673294-1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 11 Aug 2021 00:32:57 GMT
server: Golfe2
age: 5738
date: Sat, 04 Sep 2021 10:52:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Sat, 04 Sep 2021 12:52:00 GMT

GET
H2 200 pubads_impl_2021090101.js Show response
securepubads.g.doubleclick.net/gpt/ 333 KB
117 KB 58ms
22ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090101.js?31062462

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

8d9f1e7a5653eade39c663ba7e740f5f8b51fde9a7fcc7e2d59b0338598e5075

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 01 Sep 2021 08:42:46 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119248
x-xss-protection: 0
expires: Sat, 04 Sep 2021 12:27:38 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 118 B
757 B 65ms
25ms XHR
application/json 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.otosaigon.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

4ed3678001746d71ccf369c290138a4dd62c8969fb3193c668b41c063899f626

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 12:27:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0
expires: Sat, 04 Sep 2021 12:27:38 GMT

GET
H3-29 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
25 KB 7ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

335b59e615135313a66319e641cdad6ac3489a600e04d4181c859699bed4babe

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 25999
x-xss-protection: 0
pragma: public
x-fb-debug: h1SEnWhhpKFuI9t3s01YeIYAM8DMsK2yNV4sG75xBWbX26wHiW6BzZAlE8b3y3QFAtG4Iviux3rmCZ79ydhmNg==
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Sat, 04 Sep 2021 12:27:38 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 13ms
13ms XHR
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=1483440182&t=pageview&_s=1&dl=https%3A%2F%2Fwww.otosaigon.com%2Fthreads%2Fcho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318%2F&ul=en-us&de=UTF-8&dt=Cho%20em%20h%E1%BB%8Fi%20ti%C3%AAu%20hao%20nhi%C3%AAn%20li%E1%BB%87u%20KIA%20CARNIVAL%20%7C%20Otosaigon%20-%20di%E1%BB%85n%20%C4%91%C3%A0n%2C%20c%E1%BB%99ng%20%C4%91%E1%BB%93ng%20%C3%B4%20t%C3%B4%20s%E1%BB%91%201%20Vi%E1%BB%87t%20Nam&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1390619255&gjid=1973522173&cid=2013777321.1630758459&tid=UA-40673294-1&_gid=1004780414.1630758459&_r=1&gtm=2ou910&z=410082729

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.otosaigon.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 14ms
13ms XHR
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=1483440182&t=pageview&_s=1&dl=https%3A%2F%2Fwww.otosaigon.com%2Fthreads%2Fcho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318%2F&ul=en-us&de=UTF-8&dt=Cho%20em%20h%E1%BB%8Fi%20ti%C3%AAu%20hao%20nhi%C3%AAn%20li%E1%BB%87u%20KIA%20CARNIVAL%20%7C%20Otosaigon%20-%20di%E1%BB%85n%20%C4%91%C3%A0n%2C%20c%E1%BB%99ng%20%C4%91%E1%BB%93ng%20%C3%B4%20t%C3%B4%20s%E1%BB%91%201%20Vi%E1%BB%87t%20Nam&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAAC~&jid=1286367759&gjid=640878036&cid=2013777321.1630758459&tid=UA-40673294-1&_gid=1004780414.1630758459&_r=1&gtm=2wg910TZNDKWR&z=178541795

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.otosaigon.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 203452283500459 Show response
connect.facebook.net/signals/config/ 306 KB
87 KB 54ms
54ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/203452283500459?v=2.9.45&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0d5a97294223d62bc6719aa84f478e7aeb1618df0631b30dee48e6c843818d7a

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: F9/w2GFBeXU9XU9UUg0oY/KganoUDYe7J/DTkgE6vPnzDincyYjryh7VYL6/n6ltzt20E1l81+WtIaLyzNJ5bw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Sat, 04 Sep 2021 12:27:38 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H3-29 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 29ms
15ms XHR
text/plain 2a00:1450:400c:c08::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-40673294-1&cid=2013777321.1630758459&jid=1390619255&gjid=1973522173&_gid=1004780414.1630758459&_u=YEBAAUAAAAAAAC~&z=1209351646

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c08::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sat, 04 Sep 2021 12:27:38 GMT
content-type: text/plain
access-control-allow-origin: https://www.otosaigon.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 26ms
15ms XHR
text/plain 2a00:1450:400c:c08::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-40673294-1&cid=2013777321.1630758459&jid=1286367759&gjid=640878036&_gid=1004780414.1630758459&_u=YEDAAUABAAAAAC~&z=372238073

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c08::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sat, 04 Sep 2021 12:27:38 GMT
content-type: text/plain
access-control-allow-origin: https://www.otosaigon.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ga-audiences
www.google.com/ads/ 42 B
63 B 39ms
37ms Image
image/gif 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-40673294-1&cid=2013777321.1630758459&jid=1286367759&_u=YEDAAUABAAAAAC~&z=2046566547

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ga-audiences
www.google.de/ads/ 42 B
63 B 19ms
17ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-40673294-1&cid=2013777321.1630758459&jid=1286367759&_u=YEDAAUABAAAAAC~&z=2046566547

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ga-audiences
www.google.com/ads/ 42 B
63 B 31ms
30ms Image
image/gif 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-40673294-1&cid=2013777321.1630758459&jid=1390619255&_u=YEBAAUAAAAAAAC~&z=56793982

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ga-audiences
www.google.de/ads/ 42 B
63 B 27ms
26ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-40673294-1&cid=2013777321.1630758459&jid=1390619255&_u=YEBAAUAAAAAAAC~&z=56793982

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.facebook.com/tr/ 44 B
88 B 7ms
6ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=203452283500459&ev=PageView&dl=https%3A%2F%2Fwww.otosaigon.com%2Fthreads%2Fcho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318%2F&rl=&if=false&ts=1630758458632&sw=1600&sh=1200&v=2.9.45&r=stable&ec=0&o=30&fbp=fb.1.1630758458631.2122503782&it=1630758458545&coo=false&rqm=GET

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:38 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Sat, 04 Sep 2021 12:27:38 GMT

GET
H3-29 200 materialdesignicons-webfont.woff2
www.otosaigon.com/styles/io/fonts/icons/material-icons/fonts/ 178 KB
179 KB 16ms
16ms Font
application/octet-stream 2606:4700:20::681a:a35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.otosaigon.com/styles/io/fonts/icons/material-icons/fonts/materialdesignicons-webfont.woff2?v=3.4.93
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/css.php?css=public%3Abb_code.less%2Cpublic%3Acustom_page_container.css%2Cpublic%3Acustom_thread_view.css%2Cpublic%3Acustom_widget_new_threads.css%2Cpublic%3Afontawesome.css%2Cpublic%3Alightbox.less%2Cpublic%3Amaterialdesignicons.css%2Cpublic%3Amessage.less%2Cpublic%3Ashare_controls.less%2Cpublic%3Aextra.less&s=4&l=1&d=1630577203&k=9a8b9d5ed3f551ae4e16ea2196b5718ea7b6ebcf
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:a35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1953422f75aefd63e875ed7ddcd4346d9dbf74f064e26c49e95612a23df4a35b

Request headers

sec-fetch-mode: cors
origin: https://www.otosaigon.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: WID=vt151|YTNlj|YTNlj; _ga=GA1.2.2013777321.1630758459; _gid=GA1.2.1004780414.1630758459; _gat_gtag_UA_40673294_1=1; _gat_UA-40673294-1=1; _fbp=fb.1.1630758458631.2122503782
:path: /styles/io/fonts/icons/material-icons/fonts/materialdesignicons-webfont.woff2?v=3.4.93
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.otosaigon.com
referer: https://www.otosaigon.com/css.php?css=public%3Abb_code.less%2Cpublic%3Acustom_page_container.css%2Cpublic%3Acustom_thread_view.css%2Cpublic%3Acustom_widget_new_threads.css%2Cpublic%3Afontawesome.css%2Cpublic%3Alightbox.less%2Cpublic%3Amaterialdesignicons.css%2Cpublic%3Amessage.less%2Cpublic%3Ashare_controls.less%2Cpublic%3Aextra.less&s=4&l=1&d=1630577203&k=9a8b9d5ed3f551ae4e16ea2196b5718ea7b6ebcf
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.otosaigon.com
Referer: https://www.otosaigon.com/css.php?css=public%3Abb_code.less%2Cpublic%3Acustom_page_container.css%2Cpublic%3Acustom_thread_view.css%2Cpublic%3Acustom_widget_new_threads.css%2Cpublic%3Afontawesome.css%2Cpublic%3Alightbox.less%2Cpublic%3Amaterialdesignicons.css%2Cpublic%3Amessage.less%2Cpublic%3Ashare_controls.less%2Cpublic%3Aextra.less&s=4&l=1&d=1630577203&k=9a8b9d5ed3f551ae4e16ea2196b5718ea7b6ebcf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:38 GMT
x-cdn-client: 162.158.93.237 - -
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 828092
x-cache: HIT
cf-cache-status: HIT
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
pragma: public
last-modified: Fri, 12 Jul 2019 08:07:42 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qAj17SJ21%2FgWTNQM7ONfkAF4Q4qN1Is8vEL5CDO4V2HcVWc6Yl%2BB0DPsp1%2Bm2tIt%2Bl95yPsHkrsNekgPhzQZsZVFZSCGVF%2BfNqBrqDjJyWfN0dZHr29oZ5EUGGHnkv2pSFGdPn7fiYK%2BvPpcniRf"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=315360000, s-maxage=10
cf-ray: 6897368e9e3ad6b1-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

POST
H3-29 200 /
www.facebook.com/tr/ 0
15 B 6ms
6ms Ping
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarydD5SPVdbXbB8553X

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Sat, 04 Sep 2021 12:27:39 GMT
content-type: text/plain
access-control-allow-origin: https://www.otosaigon.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-length: 0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i

GET
DATA 200
OK truncated
/ 8 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fe8445e07939c1a541e88c5e7888cf7aa9a54c3e708d2e8a1a14b943c5bdb376

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 fa-regular-400.woff2
www.otosaigon.com/styles/fonts/fa/ 169 KB
170 KB 17ms
16ms Font
application/octet-stream 2606:4700:20::681a:a35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.otosaigon.com/styles/fonts/fa/fa-regular-400.woff2?v=1
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:a35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 58f76b0b684536fbea8ae9ae7177607e81a261407916e9a86e063b02948e9adc

Request headers

sec-fetch-mode: cors
origin: https://www.otosaigon.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: WID=vt151|YTNlj|YTNlj; _ga=GA1.2.2013777321.1630758459; _gid=GA1.2.1004780414.1630758459; _gat_gtag_UA_40673294_1=1; _gat_UA-40673294-1=1; _fbp=fb.1.1630758458631.2122503782
:path: /styles/fonts/fa/fa-regular-400.woff2?v=1
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.otosaigon.com
referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.otosaigon.com
Referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:39 GMT
x-cdn-client: 162.158.92.196 - -
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1743976
x-cache: HIT
cf-cache-status: HIT
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
pragma: public
last-modified: Tue, 02 Feb 2021 07:22:51 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=36g4fifVzdE%2Fv8HMqO9jj8k%2BuUWm3H7hECl2SepQvf1Bgg3xu4QfrGxJwZ5KB211H8%2BJwWDISI2r%2FcrCicwE14vveb%2B6j0jqsjKh%2FOLo2thKp2h693LG5zysYfyVBfH2O7zsaK%2B5VR0fXO2se1w7"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=315360000, s-maxage=10
cf-ray: 689736930d12d6b1-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 icon-check.png
www.otosaigon.com/styles/default/xenforo/ 468 B
1 KB 19ms
19ms Image
image/webp 2606:4700:20::681a:a35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.otosaigon.com/styles/default/xenforo/icon-check.png
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:a35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b4efe3fee8ad1e7cfa740ad7cf75431c2642afac3d68aafeb76591aa3df1692c

Request headers

:path: /styles/default/xenforo/icon-check.png
pragma: no-cache
cookie: WID=vt151|YTNlj|YTNlj; _ga=GA1.2.2013777321.1630758459; _gid=GA1.2.1004780414.1630758459; _gat_gtag_UA_40673294_1=1; _gat_UA-40673294-1=1; _fbp=fb.1.1630758458631.2122503782
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.otosaigon.com
referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:39 GMT
x-cdn-client: 14.187.179.60 - -
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2006721
cf-polished: origFmt=png, origSize=660
x-cache: HIT
cf-cache-status: HIT
content-disposition: inline; filename="icon-check.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 468
pragma: public
last-modified: Fri, 12 Jul 2019 08:07:42 GMT
server: cloudflare
etag: W/"PSA-71x1QB16KM"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U7UaVibcUYv45NVF4EuK7K5nHX0k4u9C%2BTqEP%2BqUUq8k6MjQUNINke5YjgEsk8iACcnSkFMgk%2FVunJ2VdvlFs3pn%2BStyGz6k3v%2BItykdT5Zrlf6nheLtWmTavAoCyfteXpBXfNk6z3QAdWwNS1Zh"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6897369598e6d6b1-FRA
cf-bgj: imgq:100,h2pri

GET
H2 200 tagLoader.js Show response
s.vi-serve.com/ 2 KB
1 KB 64ms
18ms Script
application/javascript 205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://s.vi-serve.com/tagLoader.js
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: UploadServer /
Resource Hash: e2050ed4a8ab3f74cc1a26ef380fdacc9004ec320d33bb088fccdbeef36cb657

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-goog-hash: crc32c=KGZ3hA==, md5=uEJOrggih+yKiX3V7wMl1w==
date: Sat, 04 Sep 2021 12:27:39 GMT
content-encoding: gzip
x-goog-meta-goog-reserved-file-mtime: 1551880864
x-guploader-uploadid: ADPycdt_FSjfCnRag-nd6HO5IDi6O4T4WCVabbYIfFFHUcTAesHn_alxTA1DPg13m3PrXJnBGUHZ6240B2IOHJbriO4
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 664
x-hw: 1630758459.dop251.am5.t,1630758459.cds282.am5.hn,1630758459.cds230.am5.c
last-modified: Fri, 30 Jul 2021 08:49:46 GMT
server: UploadServer
etag: "b8424eae082287ec8a897dd5ef0325d7"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
x-goog-generation: 1627634986604208
access-control-allow-origin: *
cache-control: private, max-age=0, max-age=300, must-revalidate
access-control-allow-credentials: false
x-goog-stored-content-length: 1969
accept-ranges: bytes
content-type: application/javascript
access-control-allow-headers: *

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
853 B 43ms
15ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.otosaigon.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090101.js?31062462

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 12:27:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 30ms
15ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.otosaigon.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090101.js?31062462

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 12:27:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 74 KB
25 KB 530ms
507ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3776039019293028&correlator=633644404265602&output=ldjh&impl=fifs&eid=31060838%2C31062367%2C31062462%2C31062297&vrg=2021090101&ptt=17&sc=1&sfv=1-0-38&ecs=20210904&iu_parts=57746206%2CMBV&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1%7C728x90%7C980x250&cookie_enabled=1&bc=31&abxe=1&lmt=1630758459&dt=1630758459804&dlt=1630758456593&idt=2008&frm=20&biw=1600&bih=1200&oid=3&adxs=436&adys=57&adks=2229086868&ucis=1&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&u_java=false&flash=0&url=https%3A%2F%2Fwww.otosaigon.com%2Fthreads%2Fcho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=980x-1&msz=980x-1&ga_vid=2013777321.1630758459&ga_sid=1630758460&ga_hid=1483440182&ga_fc=false&fws=4&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090101.js?31062462

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

a1f8b57e372eb599e67cbc53e9f86699cea9caf3931d9cb5709b8a8db61f4555

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6093951902922309632/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6093951902922309632/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CKDX3NWo5fICFYuP3godRq4OeA&gqi=&layout=/sadbundle/%24csp%253Der3%24/6093951902922309632/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6093951902922309632/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6093951902922309632/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CKDX3NWo5fICFYuP3godRq4OeA&gqi=&layout=/sadbundle/%24csp%253Der3%24/6093951902922309632/index.html
content-encoding: br
x-content-type-options: nosniff
google-creative-id: -1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25978
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
date: Sat, 04 Sep 2021 12:27:40 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.otosaigon.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 537E 6 KB
3 KB 60ms
15ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090101.js?31062462

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.otosaigon.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.otosaigon.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sat, 04 Sep 2021 12:27:39 GMT
expires: Sun, 04 Sep 2022 12:27:39 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 source.m.js Show response
s.vi-serve.com/ 225 KB
50 KB 317ms
16ms Script
application/javascript 205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://s.vi-serve.com/source.m.js
Requested by: Host: s.vi-serve.com
URL: https://s.vi-serve.com/tagLoader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: UploadServer /
Resource Hash: 888917d3e3c7fda9e1f3c65bde162ff23a7bf8505c18059c3e6e6e0aaa307f7c

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-goog-hash: crc32c=TlIl8Q==, md5=Rd01jHKoT4MBwJpOgnU2pQ==
date: Sat, 04 Sep 2021 12:27:40 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdtVxS8jVDTYJnsWuW-UfqF94SjAlC5N_GNmkCd3LTFJQ3YO9HcmK9lj4FVtAumPMkMHIELOveA1jFZ4AVffl1Q
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50529
x-hw: 1630758460.dop251.am5.t,1630758460.cds282.am5.hn,1630758460.cds128.am5.c
last-modified: Fri, 03 Sep 2021 06:00:09 GMT
server: UploadServer
etag: "45dd358c72a84f8301c09a4e827536a5"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
x-goog-generation: 1630648809415396
access-control-allow-origin: *
cache-control: private, max-age=0, max-age=300, must-revalidate
access-control-allow-credentials: false
x-goog-stored-content-length: 229924
accept-ranges: bytes
content-type: application/javascript
access-control-allow-headers: *

GET
H2 200 107455935234537.js Show response
s.vi-serve.com/publishers/ 596 B
601 B 317ms
16ms Script
application/javascript 205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://s.vi-serve.com/publishers/107455935234537.js
Requested by: Host: s.vi-serve.com
URL: https://s.vi-serve.com/source.m.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: UploadServer /
Resource Hash: a39a8cea3aeca06b6e77ff10ad01496592dd445d73747fbb791ad62e5e996f26

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-goog-hash: crc32c=BRzsWg==, md5=YOefJBhayWDD2qbb1wgE9w==
date: Sat, 04 Sep 2021 12:27:40 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdv5sWo-u2RscHs3TehsOQ7QDx7IeTbwpif0TfQcYqTMN47bLVtahw2na5Q4FIZRCpmNcd4hF2OKo5Db2JkOCNc
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 319
x-hw: 1630758460.dop251.am5.t,1630758460.cds282.am5.hn,1630758460.cds009.am5.c
last-modified: Mon, 30 Aug 2021 14:50:05 GMT
server: UploadServer
etag: "60e79f24185ac960c3daa6dbd70804f7"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
x-goog-generation: 1630335005275391
access-control-allow-origin: *
cache-control: private, max-age=0, max-age=300, must-revalidate
access-control-allow-credentials: false
x-goog-stored-content-length: 596
accept-ranges: bytes
content-type: application/javascript
access-control-allow-headers: *

GET
H3-29 200 container.html Show response
abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame A242 6 KB
3 KB 20ms
6ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090101.js?31062462

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.otosaigon.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.otosaigon.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sat, 04 Sep 2021 12:27:39 GMT
expires: Sun, 04 Sep 2022 12:27:39 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 72 KB
27 KB 30ms
17ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090101.js?31062462

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bd3a2482b7b952b621e16a05c3bb1847829d057fb1384f4c32d1362b8153e967

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:40 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496339498273"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27562
x-xss-protection: 0
expires: Sat, 04 Sep 2021 12:27:40 GMT

GET
H3-29 200 fa-solid-900.woff2
www.otosaigon.com/styles/fonts/fa/ 137 KB
138 KB 19ms
18ms Font
application/octet-stream 2606:4700:20::681a:a35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.otosaigon.com/styles/fonts/fa/fa-solid-900.woff2?v=1
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:a35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2a2399d510fe0bb91bf136a84c8f186c5bd3a57a2aac94a39bf167850588717f

Request headers

sec-fetch-mode: cors
origin: https://www.otosaigon.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: WID=vt151|YTNlj|YTNlj; _ga=GA1.2.2013777321.1630758459; _gid=GA1.2.1004780414.1630758459; _gat_gtag_UA_40673294_1=1; _gat_UA-40673294-1=1; _fbp=fb.1.1630758458631.2122503782; __gads=ID=bdc5fba26f04f273:T=1630758459:S=ALNI_Maj6CgS3DnIZqh2aCXPffmTUzK7gw
:path: /styles/fonts/fa/fa-solid-900.woff2?v=1
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.otosaigon.com
referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.otosaigon.com
Referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:40 GMT
x-cdn-client: 162.158.94.110 - -
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 726461
x-cache: HIT
cf-cache-status: HIT
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
pragma: public
last-modified: Tue, 02 Feb 2021 07:22:51 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FjRh4qaKKMazDxI5dRDp44odGUTcdPtrjUaD2NDKcIKDpbqhgpsgEw9zxNyoi6jMEoaNv%2BYsBJwbDekr9Axhq4qXD9qhQ43sNtHqTkBiIDl11HhC4C7NXun6dsICVETlnW4wbXFufOMus6wsru4d"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=315360000, s-maxage=10
cf-ray: 689736996ec3d6b1-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3-29 200 xenforo-smilies-sprite.png
www.otosaigon.com/styles/default/xenforo/ 7 KB
8 KB 23ms
23ms Image
image/webp 2606:4700:20::681a:a35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.otosaigon.com/styles/default/xenforo/xenforo-smilies-sprite.png
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/css.php?css=public%3Anormalize.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less%2Cpublic%3Aio.less&s=4&l=1&d=1630577203&k=fb3c72bf51cb81c4dd177b7deae9155ff6a73777
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:a35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 36edff18f192ec15ad37a30311270db2d5e67ba52b998a6dced3c834117bd907

Request headers

:path: /styles/default/xenforo/xenforo-smilies-sprite.png
pragma: no-cache
cookie: WID=vt151|YTNlj|YTNlj; _ga=GA1.2.2013777321.1630758459; _gid=GA1.2.1004780414.1630758459; _gat_gtag_UA_40673294_1=1; _gat_UA-40673294-1=1; _fbp=fb.1.1630758458631.2122503782; __gads=ID=bdc5fba26f04f273:T=1630758459:S=ALNI_Maj6CgS3DnIZqh2aCXPffmTUzK7gw
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.otosaigon.com
referer: https://www.otosaigon.com/css.php?css=public%3Anormalize.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less%2Cpublic%3Aio.less&s=4&l=1&d=1630577203&k=fb3c72bf51cb81c4dd177b7deae9155ff6a73777
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.otosaigon.com/css.php?css=public%3Anormalize.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less%2Cpublic%3Aio.less&s=4&l=1&d=1630577203&k=fb3c72bf51cb81c4dd177b7deae9155ff6a73777
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:40 GMT
x-cdn-client: 14.187.179.60 - -
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2006716
cf-polished: origFmt=png, origSize=8205
x-cache: HIT
cf-cache-status: HIT
content-disposition: inline; filename="xenforo-smilies-sprite.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 7488
pragma: public
last-modified: Fri, 12 Jul 2019 08:07:42 GMT
server: cloudflare
etag: W/"PSA-0z3gxU-6I_"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GLxKhqIT9fkG1Q4it6SUP4ibq%2BYXisRGtAML%2BIgllnqc8WPnvJzpTXqJQoiuUDWVRyeOxT%2BpoPIblfYPqan8gC782GCmazhHYSgLyUqjZU2FXx5vD%2FNEAmAyW%2F7g25pceRzR9C2j9e69GqwmeYcc"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 689736998f0ad6b1-FRA
cf-bgj: imgq:100,h2pri

GET
H3-29 200 fa-brands-400.woff2
www.otosaigon.com/styles/fonts/fa/ 76 KB
76 KB 19ms
19ms Font
application/octet-stream 2606:4700:20::681a:a35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.otosaigon.com/styles/fonts/fa/fa-brands-400.woff2
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:a35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 485ef94c52a4c62277533950ca70e9c4b13f97eed65cc868b22bd8c37e3ada11

Request headers

sec-fetch-mode: cors
origin: https://www.otosaigon.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: WID=vt151|YTNlj|YTNlj; _ga=GA1.2.2013777321.1630758459; _gid=GA1.2.1004780414.1630758459; _gat_gtag_UA_40673294_1=1; _gat_UA-40673294-1=1; _fbp=fb.1.1630758458631.2122503782; __gads=ID=bdc5fba26f04f273:T=1630758459:S=ALNI_Maj6CgS3DnIZqh2aCXPffmTUzK7gw
:path: /styles/fonts/fa/fa-brands-400.woff2
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.otosaigon.com
referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.otosaigon.com
Referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:40 GMT
x-cdn-client: 162.158.94.210 - -
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1743973
x-cache: HIT
cf-cache-status: HIT
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
pragma: public
last-modified: Tue, 02 Feb 2021 07:22:51 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9ojt9MzbPh3wzmDPtN7caqf7GZdezYyX36o51fV13SImTgImu4E5%2F4iKdmKpKBRxiJ%2Fm8PXDXvsxTJweVst2Kcu2YgIKvdVpN9T66AcGdX6D4ynGL%2FtlWjPf5CJls86vD%2BThp4J4w%2BIlATR8VWGx"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=315360000, s-maxage=10
cf-ray: 689736999f0dd6b1-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6093951902922309632/ Frame 8D1E 82 KB
22 KB 32ms
10ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6093951902922309632/index.html

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16afd5948106c3aaf382436d2bcf111486dd2e35e3082e1b02b29e43eb2e99eb

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/6093951902922309632/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Sat, 28 Aug 2021 22:00:34 GMT
expires: Sun, 28 Aug 2022 22:00:34 GMT
last-modified: Wed, 11 Aug 2021 14:35:40 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
content-length: 21673
age: 570426
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame A242 0
0 52ms
51ms Fetch
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CRi99O2YzYeDNNYuf-gbG3LrAB4jMobJkuOX60M0OjNCFpY0UEAEgrv2XImCVgoCAsAegAcjstOUDyAEJqQK3zvaIH-6zPuACAKgDAcgDAqoEhAJP0E5sga9oNwDPbG0YMLsl8AdUu2d3PPARtwVmUVbAJxxblv7_1d_hp0NnnLyO6zBy1qHqL0WzxDKEiQBhTlU11MlNvdMpRQq-OQpaW1QaC6tMpS9tvYtPm8gjCd8bed-VvNDM2mTjm3PoDFuAJOrSaaK6K-oQKuKMhuu3L7VMwizL4j2UbKGpmJb7htFzmgwjmZ_FT1WhC2wpVHk1IvDEFm0o72CYl4nkBGoQSllbXNW_t8NCNsDteQJoX_WWxiijNVQ3oTtJa60vXWUz7EUcF0Y_Elzxoao6pKu1LOfFpLMbJe8T5r-_t9sB5i81j0r7K6lgUKmM-FQXIBKiELOU4yWNb8AE1dD8_8AD4AQBkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBl2AB6CTyxqoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4b2AcB8gcEEJqiAtIICQiA4YAQEAEYHYAKAcgLAdgTDdAVAYAXAbIXHgocCAASFHB1Yi0zNTgyODA5NDM2MDIzNzg2GLaHEw&sigh=EQGR2hledVg
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s56-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D85F 143 B
163 B 7ms
6ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com
URL: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkhA8f9RHxlC9aO0J_i4-9faNmcvOZX3Zme_qCShU04NEyZoHbcK0duvgMg
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 04 Sep 2021 11:52:36 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2104
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/ Frame A242 2 KB
1 KB 28ms
8ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/window_focus_fy2019.js

Requested by

Host: abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com
URL: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:17:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 581
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 12:17:59 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A242 122 KB
37 KB 26ms
24ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com
URL: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:40 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496346997469"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Sat, 04 Sep 2021 12:27:40 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/ Frame A242 14 KB
7 KB 26ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com
URL: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:26:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 100
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6183
x-xss-protection: 0
server: cafe
etag: 901432759052127119
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 12:26:00 GMT

GET
H3-29 200 3247.jpg
cdn1.otosaigon.com/data/avatars/s/3/ 946 B
2 KB 24ms
20ms Image
image/webp 2606:4700:20::681a:a35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.otosaigon.com/data/avatars/s/3/3247.jpg?1399683694
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:a35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a787057935ac5467741ab7814ba3d2575408f0b0cbe5222c1ea6ccd7bca90940

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:40 GMT
x-cdn-client: 162.158.94.236 - Germany - Frankfurt
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 54614
cf-polished: qual=85, origFmt=jpeg, origSize=1601
x-cache: REVALIDATED
cf-cache-status: HIT
content-disposition: inline; filename="3247.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 946
pragma: public
last-modified: Sun, 28 Dec 2014 03:37:18 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wMaW0RyYmthbKEXcgCsY4I6BCRfwtntiZh34pZmH7G%2BtRw6uDAPrxXDAj6%2Fitmm%2BbDYap7S1D1DXFmTY2W2Ge8eX6mGG6vpnhIKrq0OfNRytMqlWKUTgoUMRn%2FVaInDZMFtu05ld9p%2B8NA4exEgsxw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Sun, 03 Oct 2021 21:12:42 GMT
cache-control: public, max-age=5356800, s-maxage=10
accept-ranges: bytes
cf-ray: 68973699bf36d6b1-FRA
cf-bgj: imgq:85,h2pri

GET
H3-29 200 20613.jpg
cdn1.otosaigon.com/data/avatars/s/20/ 2 KB
2 KB 996ms
992ms Image
image/jpeg 2606:4700:20::681a:a35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.otosaigon.com/data/avatars/s/20/20613.jpg?1451583378
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:a35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e9fcceaa68cbf84cbcf9bfc5ce9d984f0994e468e708354244f14568d14a0a6

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:41 GMT
x-cdn-client: 162.158.93.27 - Germany - Frankfurt
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-cache: MISS
cf-cache-status: MISS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1778
pragma: public
last-modified: Thu, 31 Dec 2015 17:36:20 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Omy%2F%2FxDTkZoURa1FkBEbIT4i3Uy09KvaGFJNnz%2Bc6Xf6Dia42ecfwRYO1%2F%2BLjPYun0YmdTGVb2fY%2B5drfToMixP%2FeMqL9pffYg5i7a87oyhAYPKBYSVNZadLBxn2PA9ytQXOJTlKhFFWiIbVIpwjGw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=5356800, s-maxage=10
accept-ranges: bytes
cf-ray: 68973699bf37d6b1-FRA
expires: Mon, 04 Oct 2021 12:22:56 GMT

GET
H3-29 200 43113.jpg
cdn1.otosaigon.com/data/avatars/s/43/ 1 KB
2 KB 980ms
976ms Image
image/jpeg 2606:4700:20::681a:a35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.otosaigon.com/data/avatars/s/43/43113.jpg?1399683865
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:a35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 243266827c84227076ef5997d831eb751e2817d23397c9942f2d5be707c08fee

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:41 GMT
x-cdn-client: 162.158.94.82 - Germany - Frankfurt
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-cache: MISS
cf-cache-status: MISS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1497
pragma: public
last-modified: Sun, 28 Dec 2014 03:38:39 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mCnhY5x7dBr1%2BRpSCvkEuUj1Ux0aFicrMAi%2BBQtRbN%2FERyqUEVOgaGD15bz0J%2B42tu2z5u7I%2BztSlRdm3k4qX9EVtGc1SG6eVG0z%2BAokcWnUfUInjln8jFbn6KI9pc7zqTa9z06WcT1NwyZeI7BTuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=5356800, s-maxage=10
accept-ranges: bytes
cf-ray: 68973699bf3ad6b1-FRA
expires: Mon, 04 Oct 2021 12:22:56 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 16ms
14ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.otosaigon.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090101.js?31062462

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 12:27:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 18ms
17ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.otosaigon.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090101.js?31062462

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 12:27:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 74 KB
25 KB 574ms
573ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3776039019293028&correlator=633644404265602&output=ldjh&impl=fifs&eid=31060838%2C31062367%2C31062462%2C31062297&vrg=2021090101&ptt=17&sc=1&sfv=1-0-38&ecs=20210904&iu_parts=57746206%2COS_RightBanner_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C300x600&cookie=ID%3Dbdc5fba26f04f273%3AT%3D1630758459%3AS%3DALNI_Maj6CgS3DnIZqh2aCXPffmTUzK7gw&bc=31&abxe=1&lmt=1630758460&dt=1630758460437&dlt=1630758456593&idt=2008&frm=20&biw=1600&bih=1200&oid=3&adxs=1100&adys=433&adks=2120091774&ucis=2&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&u_java=false&flash=0&url=https%3A%2F%2Fwww.otosaigon.com%2Fthreads%2Fcho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x0&msz=300x0&ga_vid=2013777321.1630758459&ga_sid=1630758460&ga_hid=1483440182&ga_fc=false&fws=4&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090101.js?31062462

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

b6bf8847aab8d1abb999cae6d7e4911a8e95c8fefb282c448b90d340edc194d4

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CMG_gdao5fICFR3hEQgdkcMPFA&gqi=&layout=/sadbundle/%24csp%253Der3%24/17626451119355985920/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CMG_gdao5fICFR3hEQgdkcMPFA&gqi=&layout=/sadbundle/%24csp%253Der3%24/17626451119355985920/index.html
content-encoding: br
x-content-type-options: nosniff
google-creative-id: -1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26008
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
date: Sat, 04 Sep 2021 12:27:40 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.otosaigon.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 16ms
16ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.otosaigon.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090101.js?31062462

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 12:27:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 15ms
14ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.otosaigon.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090101.js?31062462

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 12:27:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 20 KB
9 KB 2492ms
2492ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3776039019293028&correlator=633644404265602&output=ldjh&impl=fifs&eid=31060838%2C31062367%2C31062462%2C31062297&vrg=2021090101&ptt=17&sc=1&sfv=1-0-38&ecs=20210904&iu_parts=57746206%2COS_RightBanner_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C300x600&cookie=ID%3Dbdc5fba26f04f273%3AT%3D1630758459%3AS%3DALNI_Maj6CgS3DnIZqh2aCXPffmTUzK7gw&bc=31&abxe=1&lmt=1630758460&dt=1630758460587&dlt=1630758456593&idt=2008&frm=20&biw=1600&bih=1200&oid=3&adxs=1100&adys=955&adks=2857523621&ucis=3&ifi=3&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&u_java=false&flash=0&url=https%3A%2F%2Fwww.otosaigon.com%2Fthreads%2Fcho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x0&msz=300x0&ga_vid=2013777321.1630758459&ga_sid=1630758460&ga_hid=1483440182&ga_fc=false&fws=4&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090101.js?31062462

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

3b1a12213c131e6be67d89644201d6b08c120d07aa0b6913d31f73d7d09b9572

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:41 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9571
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.otosaigon.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame 8D1E 4 KB
617 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:regular,500

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6093951902922309632/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

abc1bbfb097cfaf4715fe823adb40881f8ed35a943692d5c037945c2fcc56340

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 04 Sep 2021 12:10:49 GMT
server: ESF
date: Sat, 04 Sep 2021 12:27:40 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 04 Sep 2021 12:27:40 GMT

GET
H3-29 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 8D1E 16 KB
6 KB 21ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6093951902922309632/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 14:07:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80431
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sat, 04 Sep 2021 14:07:09 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 8D1E 26 KB
10 KB 22ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6093951902922309632/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 20:35:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57131
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sat, 04 Sep 2021 20:35:29 GMT

GET
DATA 200
OK truncated
/ Frame A242 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0d955e9c6adc86c2323a4ea95174886fbd41f51073b3301274fc2009243eb698

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 107455935234537_otosaigon.com.js Show response
s.vi-serve.com/publishers/ 280 B
472 B 317ms
15ms Script
application/javascript 205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://s.vi-serve.com/publishers/107455935234537_otosaigon.com.js
Requested by: Host: s.vi-serve.com
URL: https://s.vi-serve.com/source.m.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: UploadServer /
Resource Hash: 0ab06cf65bdf8b799e08cdbbab0c150a304366226fde00db258f6bfea2ef0407

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-goog-hash: crc32c=eAGUxg==, md5=lP/ieXOaYM7TMj0/P/rR4A==
date: Sat, 04 Sep 2021 12:27:40 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdtRu5HyCEMHxVBciE0voY4bstsFGw-04eqPH3Cz3TUiNjeVGyNclcNMBaSB56XVl8UIXb0qkX-XcBxlwr3Endk
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 190
x-hw: 1630758460.dop251.am5.t,1630758460.cds282.am5.hn,1630758460.cds292.am5.c
last-modified: Tue, 20 Jul 2021 10:24:07 GMT
server: UploadServer
etag: "94ffe279739a60ced3323d3f3ffad1e0"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
x-goog-generation: 1626776647747245
access-control-allow-origin: *
cache-control: private, max-age=0, max-age=300, must-revalidate
access-control-allow-credentials: false
x-goog-stored-content-length: 280
accept-ranges: bytes
content-type: application/javascript
access-control-allow-headers: *

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D85F
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

16ms
15ms

Document
text/html

2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com
URL: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkhA8f9RHxlC9aO0J_i4-9faNmcvOZX3Zme_qCShU04NEyZoHbcK0duvgMg
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 04 Sep 2021 12:27:40 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sat, 04-Sep-2021 13:27:40 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 04 Sep 2021 12:27:40 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 04 Sep 2021 12:27:40 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 8D1E 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:regular,500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 10:59:45 GMT
x-content-type-options: nosniff
age: 91675
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 10:59:45 GMT

GET
H3-29 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 8D1E 16 KB
16 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:regular,500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 07:54:01 GMT
x-content-type-options: nosniff
age: 102819
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 07:54:01 GMT

GET
H3-29 200 logo-image_1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6093951902922309632/ Frame 8D1E 13 KB
13 KB 7ms
7ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6093951902922309632/logo-image_1.png

Requested by

Host: abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com
URL: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

859c73b1c255a0df742a1feaee291b6966b1e71076049d06c9dee9b844493c85

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 8788
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13386
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 14:35:40 GMT
server: sffe
date: Sat, 04 Sep 2021 10:01:12 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 04 Sep 2022 10:01:12 GMT

GET
H3-29 200 product-image_2.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6093951902922309632/ Frame 8D1E 74 KB
74 KB 10ms
9ms Image
image/jpeg 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6093951902922309632/product-image_2.jpg

Requested by

Host: abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com
URL: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

933247953977a794be40964c0f4659e28f3006fd2f663a22cadd309fe3964906

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 600428
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 75333
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 14:35:40 GMT
server: sffe
date: Sat, 28 Aug 2021 13:40:32 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Aug 2022 13:40:32 GMT

GET
DATA 200
OK truncated
/ Frame 8D1E 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3-29 200 product-image_2.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6093951902922309632/ Frame 8D1E 74 KB
74 KB 6ms
6ms Image
image/jpeg 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6093951902922309632/product-image_2.jpg

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

933247953977a794be40964c0f4659e28f3006fd2f663a22cadd309fe3964906

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 600428
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 75333
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 14:35:40 GMT
server: sffe
date: Sat, 28 Aug 2021 13:40:32 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Aug 2022 13:40:32 GMT

GET
H3-29 200 logo-image_1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6093951902922309632/ Frame 8D1E 13 KB
13 KB 7ms
7ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6093951902922309632/logo-image_1.png

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

859c73b1c255a0df742a1feaee291b6966b1e71076049d06c9dee9b844493c85

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 8788
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13386
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 14:35:40 GMT
server: sffe
date: Sat, 04 Sep 2021 10:01:12 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 04 Sep 2022 10:01:12 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 16ms
16ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.otosaigon.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090101.js?31062462

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 12:27:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.otosaigon.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090101.js?31062462

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 12:27:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 96 KB
16 KB 2376ms
2376ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3776039019293028&correlator=633644404265602&output=ldjh&impl=fifs&eid=31060838%2C31062367%2C31062462%2C31062297&vrg=2021090101&ptt=17&sc=1&sfv=1-0-38&ecs=20210904&iu_parts=57746206%2COS_RightBanner_3&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C300x600&cookie=ID%3Dbdc5fba26f04f273%3AT%3D1630758459%3AS%3DALNI_Maj6CgS3DnIZqh2aCXPffmTUzK7gw&bc=31&abxe=1&lmt=1630758460&dt=1630758460722&dlt=1630758456593&idt=2008&frm=20&biw=1600&bih=1200&oid=3&adxs=1100&adys=1539&adks=1615184071&ucis=4&ifi=4&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&u_java=false&flash=0&url=https%3A%2F%2Fwww.otosaigon.com%2Fthreads%2Fcho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x0&msz=300x0&ga_vid=2013777321.1630758459&ga_sid=1630758460&ga_hid=1483440182&ga_fc=false&fws=4&ohw=1600&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090101.js?31062462

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

27b62528cb42562658c316e11c563147078b6182dab93e37c9fae1b29ce44527

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:41 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16669
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.otosaigon.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 /
t.vi-serve.com/ 0
49 B 3156ms
30ms Image
text/plain 52.17.85.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.vi-serve.com/?event=PLACEMENT&page_url=https%3A%2F%2Fwww.otosaigon.com%2Fthreads%2Fcho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318%2F&pub_id=107455935234537&channel_id=ft1qwjd9a&placement_id=pltLK33C0krMTw0wref&ad_unit_type=2&session_id=hgkkfsly3fb2&focus=true&player=playerVI&build=m&pageLanguage=vi-vn&placement_w=500&placement_h=0&time_delta=6713&position_on_page=28&playlist_pos=1&mobile=false&floating=false&in_view=false&cb=4f49
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.85.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-85-197.eu-west-1.compute.amazonaws.com
Software: fasthttp /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:44 GMT
server: fasthttp

GET
H2 204 log
pixel.inforsea.com/server/ 0
49 B 102ms
30ms Image
text/plain 63.33.79.252
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.inforsea.com/server/log?event=p&dim1=6714&session_id=hgkkfsly3fb2&affiliate_id=ft1qwjd9a&domainapp=www.otosaigon.com&width=500&height=281&visible=0&publisher_id=107455935234537&cb=7b69
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.33.79.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-33-79-252.eu-west-1.compute.amazonaws.com
Software: fasthttp /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:41 GMT
server: fasthttp

GET
H/1.1 200
OK player.m.js Show response
player.inforsea.com/ 396 KB
124 KB 3234ms
16ms Script
application/javascript 205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://player.inforsea.com/player.m.js
Requested by: Host: s.vi-serve.com
URL: https://s.vi-serve.com/source.m.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: UploadServer /
Resource Hash: 710541fe2b114e146b9e7c8d80d76bbee7a51e1eabb14e0e3b3f9f7a9e7e0f4c

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-goog-hash: crc32c=1H/O4Q==, md5=LUXr/x2CtApg7MGJYpjwHQ==
Date: Sat, 04 Sep 2021 12:27:44 GMT
Content-Encoding: gzip
X-GUploader-UploadID: ADPycdvsHHeqtiwSpR4EIEerk44o-4Bz_Q6fQE9OvB-Z3bGYi-j8yP2XGoGTjlGYVAnL1GfR23yp9P2xgpNmi7A8gD0
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
Connection: Keep-Alive
Content-Length: 126241
Last-Modified: Thu, 02 Sep 2021 13:13:37 GMT
Server: UploadServer
ETag: "2d45ebff1d82b40a60ecc1896298f01d"
X-HW: 1630758464.dop151.am5.t,1630758464.cds140.am5.shn,1630758464.dop151.am5.t,1630758464.cds134.am5.c
x-goog-generation: 1630588417659321
Cache-Control: private, max-age=0
x-goog-stored-content-length: 405524
Accept-Ranges: bytes
Content-Type: application/javascript

GET
H3-29 200 container.html Show response
abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame AA1B 6 KB
3 KB 8ms
6ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090101.js?31062462

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.otosaigon.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.otosaigon.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sat, 04 Sep 2021 12:27:39 GMT
expires: Sun, 04 Sep 2022 12:27:39 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/ Frame E271 223 KB
37 KB 8ms
7ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7bf67883867f93d08cbf4eeac0485e641cb9e5b123e18bef046b7c706cffd28

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/17626451119355985920/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Fri, 03 Sep 2021 20:07:12 GMT
expires: Sat, 03 Sep 2022 20:07:12 GMT
last-modified: Mon, 03 May 2021 14:21:52 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
content-length: 38330
age: 58829
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame AA1B 0
0 2022ms
2022ms Fetch
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CithVPGYzYcGxHZ3Cx_APkYe_oAHzxPT8Y-TK-tnwDdvZHhABIK79lyJglYKAgLAHoAGVz-jxA8gBCakCt872iB_usz7gAgCoAwHIAwKqBJUCT9BD4WGe-md99Xwob6rKAMoYOMWNu9W_hhSFZS_a6h7IHsKe5bQCGXXC2DJvRalVyaCZfURdP5qv1YMYkMWdKUFbjJ7d94H6rwzx6Kb8ruNCNKwMdKaVFqXKnxEz1b6xAFW7PT8W5KOqOICe4V_JfCKmV8rSjyaPGv02AvOoGanPItbMcV0M1s565DK8bCiLA135CdeC4KB7urz9OXdjdJwOUczWRdTrtu4fMgl3ScO-9OBZGK2ch7_uBTGpxA8KLaUm7UIgnwehJxPeI330MoITzgtVc0v5SoC5mWS7KtmMyDh7xvMqpJse0wPBx0fPwVtADQHb_Amq3t-PMdF4J6nsdCRUFMDk--P4jdpExoqI7odBk8AE9brUxMMD4AQBkgUECAQYAZIFBAgFGASgBl2AB9Owlw6oB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4b2AcB8gcEEJnXAdIICQiA4YAQEAEYHYAKAcgLAdgTDdAVAZgWAYAXAbIXHgocCAASFHB1Yi0zNTgyODA5NDM2MDIzNzg2GLaHEw&sigh=_gZcg4noIrY
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s56-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 3073 143 B
163 B 8ms
7ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com
URL: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkhA8f9RHxlC9aO0J_i4-9faNmcvOZX3Zme_qCShU04NEyZoHbcK0duvgMg; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 04 Sep 2021 11:52:36 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2105
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/ Frame AA1B 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/window_focus_fy2019.js

Requested by

Host: abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com
URL: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:17:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 582
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 12:17:59 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame AA1B 122 KB
37 KB 20ms
18ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com
URL: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:41 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496346997469"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Sat, 04 Sep 2021 12:27:41 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/ Frame AA1B 14 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com
URL: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:24:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 221
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6183
x-xss-protection: 0
server: cafe
etag: 901432759052127119
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 12:24:00 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame AA1B 0
0 15ms
13ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR0SjbOwSOQIp9UkuGa0UYQCq5xGFrBF-dA3e00FxQCf-Wncke4J5MzmwqAsGI39guF7_18zO_xgvlpnRwaD6VnXDfNXQ
Requested by: Host: abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com
URL: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H3-29 200 css
fonts.googleapis.com/ Frame E271 2 KB
498 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:regular,700|Bungee:regular

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

379587f0cc0fe0137ff92ac3ee3671dd1f90119e17e269e26a807a9a668642a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 04 Sep 2021 10:32:15 GMT
server: ESF
date: Sat, 04 Sep 2021 12:27:41 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 04 Sep 2021 12:27:41 GMT

GET
H3-29 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame E271 16 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 14:07:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80432
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sat, 04 Sep 2021 14:07:09 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame E271 26 KB
10 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 20:35:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57132
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sat, 04 Sep 2021 20:35:29 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 3073
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

14ms
14ms

Document
text/html

2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com
URL: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkhA8f9RHxlC9aO0J_i4-9faNmcvOZX3Zme_qCShU04NEyZoHbcK0duvgMg; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 04 Sep 2021 12:27:41 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sat, 04-Sep-2021 13:27:41 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 04 Sep 2021 12:27:41 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 04 Sep 2021 12:27:41 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v20/ Frame E271 23 KB
23 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:regular,700|Bungee:regular

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 17:38:06 GMT
x-content-type-options: nosniff
age: 586175
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23484
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:19:01 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Aug 2022 17:38:06 GMT

GET
H3-29 200 N0bU2SZBIuF2PU_0DXR1.woff2
fonts.gstatic.com/s/bungee/v6/ Frame E271 17 KB
17 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/bungee/v6/N0bU2SZBIuF2PU_0DXR1.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:regular,700|Bungee:regular

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b00176dbbd9e4c77629b36fae58d076c8c3b55754e7c2dd3a6e4986e7ec9c37b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 07:45:54 GMT
x-content-type-options: nosniff
age: 103307
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17268
x-xss-protection: 0
last-modified: Tue, 01 Sep 2020 03:47:49 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 07:45:54 GMT

GET
H3-29 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v20/ Frame E271 22 KB
22 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:regular,700|Bungee:regular

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 11:08:54 GMT
x-content-type-options: nosniff
age: 91127
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22992
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:18:57 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 11:08:54 GMT

GET
DATA 200
OK truncated
/ Frame AA1B 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 84d65b42eb50cdb66f5dfd20d4ab84b24983f56382575ea493ee8ae71f9d3242

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 null-leasing-logo-final_white_1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/ Frame E271 2 KB
2 KB 8ms
6ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/null-leasing-logo-final_white_1.png

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62cdccf1ab4b4215586295612a4a2ef96fa490250fa96dbccc565f659cab86ab

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 311078
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1738
x-xss-protection: 0
last-modified: Mon, 03 May 2021 14:21:52 GMT
server: sffe
date: Tue, 31 Aug 2021 22:03:03 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 31 Aug 2022 22:03:03 GMT

GET
H3-29 200 autos_licht_1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/ Frame E271 6 KB
6 KB 8ms
8ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/autos_licht_1.png

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a87352099e9b3946d71f4f73c69f9217ef99278088a177d5eef09df78c11e4ae

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 71962
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5867
x-xss-protection: 0
last-modified: Mon, 03 May 2021 14:21:52 GMT
server: sffe
date: Fri, 03 Sep 2021 16:28:19 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 16:28:19 GMT

GET
H3-29 200 autos.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/ Frame E271 48 KB
48 KB 10ms
9ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/autos.png

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1c45bfa2dc80f54eb8564aa778a0929a00811168617ee6340cc59f0af48e5cca

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 91299
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49113
x-xss-protection: 0
last-modified: Mon, 03 May 2021 14:21:52 GMT
server: sffe
date: Fri, 03 Sep 2021 11:06:02 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 11:06:02 GMT

GET
H3-29 200 hintergrund_plain.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/ Frame E271 30 KB
30 KB 9ms
8ms Image
image/jpeg 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/hintergrund_plain.jpg

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

969231fe165a93933d6908d45bfa09c364b66de37160efea47d87d18d7d37bd8

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 90792
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30604
x-xss-protection: 0
last-modified: Mon, 03 May 2021 14:21:52 GMT
server: sffe
date: Fri, 03 Sep 2021 11:14:29 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 11:14:29 GMT

GET
H3-29 200 logo-bct.png
www.otosaigon.com/styles/other/ 29 KB
30 KB 27ms
27ms Image
image/png 2606:4700:20::681a:a35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.otosaigon.com/styles/other/logo-bct.png
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:a35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 04b97f56fa4b4a095f76084fab448f1365ef7a59096fc49abb0411ff2bec7f06

Request headers

:path: /styles/other/logo-bct.png
pragma: no-cache
cookie: WID=vt151|YTNlj|YTNlj; _ga=GA1.2.2013777321.1630758459; _gid=GA1.2.1004780414.1630758459; _gat_gtag_UA_40673294_1=1; _gat_UA-40673294-1=1; _fbp=fb.1.1630758458631.2122503782; __gads=ID=bdc5fba26f04f273:T=1630758459:S=ALNI_Maj6CgS3DnIZqh2aCXPffmTUzK7gw
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.otosaigon.com
referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:41 GMT
vary: User-Agent, Accept-Encoding
x-cdn-client: 14.187.179.60 - -
x-original-content-length: 30434
age: 2006717
cf-polished: origSize=29732, status=vary_header_present
x-cache: HIT
cf-cache-status: HIT
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 29696
pragma: public
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"PSA-aj-9eGnQ18QVT"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S3yA6VDuIiGs894iD4qRDk1YMQzb52wsjk1nxgbQnnQNbZ9sc9o4XTtFUgb%2Bv9GP9oiD3Dt1WHiEiAAu8V9zt6R6ogHA%2Bu1w2%2B1etRoBsvaUeMBFrYgIHwRGnoin2E45sIdmL%2FzDlHbuI1Nxo2AR"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315359580
accept-ranges: bytes
cf-ray: 6897369eeea1d6b1-FRA
expires: Sun, 10 Aug 2031 06:53:10 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.otosaigon.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090101.js?31062462

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 12:27:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 15ms
14ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.otosaigon.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090101.js?31062462

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 12:27:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 72 KB
24 KB 2389ms
2388ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3776039019293028&correlator=633644404265602&output=ldjh&impl=fifs&eid=31060838%2C31062367%2C31062462%2C31062297&vrg=2021090101&ptt=17&sc=1&sfv=1-0-38&ecs=20210904&iu_parts=57746206%2COS_TopBanner_3&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1%7C728x90%7C980x250&cookie=ID%3Dbdc5fba26f04f273%3AT%3D1630758459%3AS%3DALNI_Maj6CgS3DnIZqh2aCXPffmTUzK7gw&bc=31&abxe=1&lmt=1630758461&dt=1630758461264&dlt=1630758456593&idt=2008&frm=20&biw=1600&bih=1200&oid=3&adxs=436&adys=3587&adks=3668539981&ucis=5&ifi=5&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&u_java=false&flash=0&url=https%3A%2F%2Fwww.otosaigon.com%2Fthreads%2Fcho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x90&msz=728x-1&ga_vid=2013777321.1630758459&ga_sid=1630758460&ga_hid=1483440182&ga_fc=false&fws=4&ohw=1600&btvi=2&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090101.js?31062462

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

4c81ff4efb04c5797d57737fd85aee45fffaac2b59b4c65add4a291f4b378a38

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CIDGoteo5fICFZQ34AodlBYK5g&gqi=&layout=/sadbundle/%24csp%253Der3%24/17626451119355985920/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CIDGoteo5fICFZQ34AodlBYK5g&gqi=&layout=/sadbundle/%24csp%253Der3%24/17626451119355985920/index.html
content-encoding: br
x-content-type-options: nosniff
google-creative-id: -1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24690
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
date: Sat, 04 Sep 2021 12:27:43 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.otosaigon.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame A242 42 B
518 B 44ms
23ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvxEyhcp-AXBpdoGQUFyl18JKWDhU83I8SXsQBkzB4sWY2dq3wCHSmMfpzsO4isfxIaovKRQzaBMuwTbxO4SQifzCl-tMSxffbKs2zh4PyeBWxZKPhDjbGAHjj6TA&sai=AMfl-YQD3vJoiG9R0RU6GgsOgUKSM3irHXtObWMDVZjdnvmTjB9WzpLoN1y9glSqTLBEIEetsBjag0G21deWfhi2cmXYmrL5lrnDQx79ScGVrFenKBRc3tEQmu_-Klb3&sig=Cg0ArKJSzPVO_wHpJVHmEAE&cid=CAASF-RoghKsAeX9tSU05Bo20_WQh2fTFvTP&id=lidar2&mcvt=1000&p=57,436,147,1164&asp=57,436,147,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210901&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=2229086868&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1630758460358&rpt=205&isd=0&lsd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 beacon.min.js Show response
static.cloudflareinsights.com/ 13 KB
5 KB 58ms
42ms Script
text/javascript 2606:4700::6810:5f41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5f41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c4efeeb957e361500bf19ba26282beae1a8e4083c5ccff10dccab2eaa09acd45

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:41 GMT
content-encoding: gzip
last-modified: Thu, 26 Aug 2021 22:03:28 GMT
server: cloudflare
etag: W/2021.8.2
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 689736a28f1f0ebb-FRA

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 9 KB
3 KB 32ms
13ms Script
application/javascript 2606:4700::6812:e234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b70aa192cf670ffbccd24885ff71e159e03c809b890abe15e74cce9f497dd8e5

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:41 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 3294
etag: W/"3e792b2dc76a5a063e1c4f30d40ae527"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 689736a29d175b3e-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
expires: Tue, 07 Sep 2021 12:27:41 GMT

GET
H3-29 200 jquery.hoverIntent.min.js Show response
www.otosaigon.com/js/themehouse/io/vendor/hover-intent/ 2 KB
1 KB 24ms
22ms Script
application/javascript 2606:4700:20::681a:a35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.otosaigon.com/js/themehouse/io/vendor/hover-intent/jquery.hoverIntent.min.js?_v=d586bcaf
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:a35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7c49cd8d9e713543e90f560daef101b2806874ca29eb7e6db382cd46138a9ef7

Request headers

:path: /js/themehouse/io/vendor/hover-intent/jquery.hoverIntent.min.js?_v=d586bcaf
pragma: no-cache
cookie: WID=vt151|YTNlj|YTNlj; _ga=GA1.2.2013777321.1630758459; _gid=GA1.2.1004780414.1630758459; _gat_gtag_UA_40673294_1=1; _gat_UA-40673294-1=1; _fbp=fb.1.1630758458631.2122503782; __gads=ID=bdc5fba26f04f273:T=1630758459:S=ALNI_Maj6CgS3DnIZqh2aCXPffmTUzK7gw
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.otosaigon.com
referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:41 GMT
content-encoding: br
x-cdn-client: 162.158.92.28 - -
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 188232
x-cache: HIT
cf-cache-status: HIT
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
pragma: public
last-modified: Fri, 12 Jul 2019 08:07:41 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zwm0fYG74hOG39E79JtS3nUmH9UCgmiGYMmQ1sRn8t7Q4Y2ozoIh7Cr%2Bqu6eWl8zZ6bfAn5%2B4w%2BrAkjbjNFEvPfCOmzRshCS8Or%2FNQNeBzWd3Fz2%2BvkeRCYR0QZIhd6Z2BIDTB9zutm2L8nNb8%2Bt"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=2678400
cf-ray: 689736a27bcfd6b1-FRA
expires: Thu, 09 Sep 2021 08:07:40 GMT

GET
H3-29 200 defer.min.js Show response
www.otosaigon.com/js/themehouse/io/ 27 KB
6 KB 23ms
21ms Script
application/javascript 2606:4700:20::681a:a35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.otosaigon.com/js/themehouse/io/defer.min.js?_v=d586bcaf
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:a35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c4126cad9f3e209d0e4b86ead7ab90046e250f9c39561b7573ea3c96bf6d363e

Request headers

:path: /js/themehouse/io/defer.min.js?_v=d586bcaf
pragma: no-cache
cookie: WID=vt151|YTNlj|YTNlj; _ga=GA1.2.2013777321.1630758459; _gid=GA1.2.1004780414.1630758459; _gat_gtag_UA_40673294_1=1; _gat_UA-40673294-1=1; _fbp=fb.1.1630758458631.2122503782; __gads=ID=bdc5fba26f04f273:T=1630758459:S=ALNI_Maj6CgS3DnIZqh2aCXPffmTUzK7gw
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.otosaigon.com
referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:41 GMT
content-encoding: br
x-cdn-client: 162.158.94.114 - -
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 188232
x-cache: HIT
cf-cache-status: HIT
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
pragma: public
last-modified: Fri, 12 Jul 2019 08:07:41 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eoTGvNKgmMJf6SPI9pu1RAXT9vVRakTPXvnDZtPwX9%2B%2B%2BPqddmSfG2H4AwImWD5U0hx8qFY3v7IbhJIiam8OlH%2F%2F3vPDdOQ%2FOMWD5od7CdSE%2FXE6bbFbXwT3ybVeManlGHM0q82lOAcQAxw7u%2B9T"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=2678400
cf-ray: 689736a27bd3d6b1-FRA
expires: Thu, 09 Sep 2021 08:07:40 GMT

GET
H3-29 200 index.min.js Show response
www.otosaigon.com/js/themehouse/io/ 10 KB
4 KB 16ms
14ms Script
application/javascript 2606:4700:20::681a:a35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.otosaigon.com/js/themehouse/io/index.min.js?_v=d586bcaf
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:a35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8d67d0c9faccb04c46191d2e821f776b7362eaa8f470409269f6a665c8b43774

Request headers

:path: /js/themehouse/io/index.min.js?_v=d586bcaf
pragma: no-cache
cookie: WID=vt151|YTNlj|YTNlj; _ga=GA1.2.2013777321.1630758459; _gid=GA1.2.1004780414.1630758459; _gat_gtag_UA_40673294_1=1; _gat_UA-40673294-1=1; _fbp=fb.1.1630758458631.2122503782; __gads=ID=bdc5fba26f04f273:T=1630758459:S=ALNI_Maj6CgS3DnIZqh2aCXPffmTUzK7gw
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.otosaigon.com
referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:41 GMT
content-encoding: br
x-cdn-client: 162.158.94.134 - -
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 188232
x-cache: HIT
cf-cache-status: HIT
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
pragma: public
last-modified: Fri, 12 Jul 2019 08:07:41 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mjad%2BXrNqTf6lyp7bRtHw0UxLUeJOUp6pZ1f%2BiFNPKYMouSWHABilyDgPJ3ZTZiqc4WrREcdBq5BfOuENy5f3xd1yFqsr%2FoLooHEv12whHqpPbtLyfEUrJvAkanwIFpOS%2Fsy5%2BwkGV5i2XiPWDKd"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=2678400
cf-ray: 689736a27bd4d6b1-FRA
expires: Thu, 09 Sep 2021 08:07:40 GMT

GET
H3-29 200 20180112.min.js Show response
www.otosaigon.com/js/themehouse/global/ 11 KB
5 KB 16ms
15ms Script
application/javascript 2606:4700:20::681a:a35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.otosaigon.com/js/themehouse/global/20180112.min.js?_v=d586bcaf
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:a35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 786fa88a3865f20b9630631fbe22c69260475045ae648f26d7543c4eb3488364

Request headers

:path: /js/themehouse/global/20180112.min.js?_v=d586bcaf
pragma: no-cache
cookie: WID=vt151|YTNlj|YTNlj; _ga=GA1.2.2013777321.1630758459; _gid=GA1.2.1004780414.1630758459; _gat_gtag_UA_40673294_1=1; _gat_UA-40673294-1=1; _fbp=fb.1.1630758458631.2122503782; __gads=ID=bdc5fba26f04f273:T=1630758459:S=ALNI_Maj6CgS3DnIZqh2aCXPffmTUzK7gw
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.otosaigon.com
referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:41 GMT
content-encoding: br
x-cdn-client: 162.158.90.118 - -
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 369299
x-cache: BYPASS
cf-cache-status: HIT
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
pragma: public
last-modified: Fri, 12 Jul 2019 08:07:41 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GpqHwjFva4XhuV8ZjADCdE5Gvf3CGwp6ZWurXWvCVSaxxQ23IqW8EzBCypZXWHyL21esAfVeTJ01vMQrdnT3uO%2B6AAMnZldmjqTrS4Rqe6xCRA9QeY1Z4XNnrocwwbi8SlrgbslNgmBURC7uton4"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=2678400
cf-ray: 689736a27bd5d6b1-FRA
expires: Tue, 07 Sep 2021 05:49:57 GMT

GET
H3-29 200 ripple.min.js Show response
www.otosaigon.com/js/themehouse/io/ 1 KB
1 KB 16ms
15ms Script
application/javascript 2606:4700:20::681a:a35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.otosaigon.com/js/themehouse/io/ripple.min.js?_v=d586bcaf
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:a35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a318c59fc4322369a187c36d2219bdd851b76af38182b366e1934620ac3f107d

Request headers

:path: /js/themehouse/io/ripple.min.js?_v=d586bcaf
pragma: no-cache
cookie: WID=vt151|YTNlj|YTNlj; _ga=GA1.2.2013777321.1630758459; _gid=GA1.2.1004780414.1630758459; _gat_gtag_UA_40673294_1=1; _gat_UA-40673294-1=1; _fbp=fb.1.1630758458631.2122503782; __gads=ID=bdc5fba26f04f273:T=1630758459:S=ALNI_Maj6CgS3DnIZqh2aCXPffmTUzK7gw
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.otosaigon.com
referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:41 GMT
content-encoding: br
x-cdn-client: 162.158.91.213 - -
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 188232
x-cache: HIT
cf-cache-status: HIT
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
pragma: public
last-modified: Fri, 12 Jul 2019 08:07:41 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j3LmM8SvzcOZvjktYKmo4JDK3DMYPkO9J8n05g%2Fb3Inq%2Bpm1kmYPyDGVwYpU5TDsvbwbsh3XYxsGrHpF9jR0fvzqjU8Yewm9xWZ8D779ZObBv7DaYLhqVyPDo6K%2FARl3wiP3qaMF%2FPcEdeLvz7DF"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=2678400
cf-ray: 689736a27bd6d6b1-FRA
expires: Thu, 09 Sep 2021 08:07:40 GMT

GET
H3-29 200 lightbox-compiled.js Show response
www.otosaigon.com/js/xf/ 85 KB
27 KB 25ms
24ms Script
application/javascript 2606:4700:20::681a:a35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.otosaigon.com/js/xf/lightbox-compiled.js?_v=d586bcaf
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:a35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f31bb4e1df33a58caf861acf297d4bc37a95fb253ebd156811fffc2bcf006edc

Request headers

:path: /js/xf/lightbox-compiled.js?_v=d586bcaf
pragma: no-cache
cookie: WID=vt151|YTNlj|YTNlj; _ga=GA1.2.2013777321.1630758459; _gid=GA1.2.1004780414.1630758459; _gat_gtag_UA_40673294_1=1; _gat_UA-40673294-1=1; _fbp=fb.1.1630758458631.2122503782; __gads=ID=bdc5fba26f04f273:T=1630758459:S=ALNI_Maj6CgS3DnIZqh2aCXPffmTUzK7gw
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.otosaigon.com
referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:41 GMT
content-encoding: br
x-cdn-client: 162.158.89.41 - -
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 188232
cf-polished: origSize=87424
x-cache: HIT
cf-cache-status: HIT
cf-bgj: minify
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
pragma: public
last-modified: Mon, 01 Feb 2021 18:34:11 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n%2F0z5%2B6yfivBo8s7WQMDLsZxsdFyqtqATM6JioOgK5rskJD5weYikknpsS79%2FuUI5QZnvZSgU%2FlTalY%2FQdPj8bVE8qcIqqd4GzpFVesflBKUlXkLwTy8n2XAdRFcfnwZTRZJ%2B9PLo1UwENI4RDVC"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=2678400
cf-ray: 689736a27bd7d6b1-FRA
expires: Thu, 09 Sep 2021 08:07:40 GMT

GET
H3-29 200 core-compiled.js Show response
www.otosaigon.com/js/xf/ 217 KB
62 KB 25ms
24ms Script
application/javascript 2606:4700:20::681a:a35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.otosaigon.com/js/xf/core-compiled.js?_v=d586bcaf
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:a35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c5b18fdeddbe23e0b0680b4f78739700a95243102298a72877918a3cdbe8b3f7

Request headers

:path: /js/xf/core-compiled.js?_v=d586bcaf
pragma: no-cache
cookie: WID=vt151|YTNlj|YTNlj; _ga=GA1.2.2013777321.1630758459; _gid=GA1.2.1004780414.1630758459; _gat_gtag_UA_40673294_1=1; _gat_UA-40673294-1=1; _fbp=fb.1.1630758458631.2122503782; __gads=ID=bdc5fba26f04f273:T=1630758459:S=ALNI_Maj6CgS3DnIZqh2aCXPffmTUzK7gw
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.otosaigon.com
referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:41 GMT
content-encoding: br
x-cdn-client: 162.158.92.190 - -
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 188232
cf-polished: origSize=223011
x-cache: HIT
cf-cache-status: HIT
cf-bgj: minify
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
pragma: public
last-modified: Mon, 01 Feb 2021 18:34:10 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n%2BdrpJcJaY2CWYmBlQzPdFYbY0lgZgOgFBfIb%2F3xd8jBg%2F5KNmi3%2Fk1FuuySPYWg9xNVU3XxdnKB1gHDkzkkjAHSUtakxx1fH3ez3LtyQaxdmKmEGZM%2BdvoNmfMi4NUnnDgJUYGH0bE%2F%2BJ8tl0pC"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=2678400
cf-ray: 689736a27bdbd6b1-FRA
expires: Thu, 09 Sep 2021 08:07:40 GMT

GET
H3-29 200 vendor-compiled.js Show response
www.otosaigon.com/js/vendor/ 68 KB
22 KB 18ms
17ms Script
application/javascript 2606:4700:20::681a:a35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.otosaigon.com/js/vendor/vendor-compiled.js?_v=d586bcaf
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:a35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c5b978d3be0ad69327462d0dd38bfef5bea5cc67553b773d6067151ad134863f

Request headers

:path: /js/vendor/vendor-compiled.js?_v=d586bcaf
pragma: no-cache
cookie: WID=vt151|YTNlj|YTNlj; _ga=GA1.2.2013777321.1630758459; _gid=GA1.2.1004780414.1630758459; _gat_gtag_UA_40673294_1=1; _gat_UA-40673294-1=1; _fbp=fb.1.1630758458631.2122503782; __gads=ID=bdc5fba26f04f273:T=1630758459:S=ALNI_Maj6CgS3DnIZqh2aCXPffmTUzK7gw
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.otosaigon.com
referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:41 GMT
content-encoding: br
x-cdn-client: 162.158.88.78 - -
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 188232
cf-polished: origSize=70571
x-cache: HIT
cf-cache-status: HIT
cf-bgj: minify
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
pragma: public
last-modified: Mon, 01 Feb 2021 18:34:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rZDWYQJLWeurKOLBo5USgEkWn%2BS0SGaPlMREmsbCEIoGxj1Z9pt0%2F9mu9TsEVU4iyNiC9qbGN4yjdeUSIqzKJlPIsINxjWzLDGcJLjqLOp0NKdkPj3yrTi%2FiwDRlkvNC3O4xvL74QOnzWnRSXlJq"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=2678400
cf-ray: 689736a27bddd6b1-FRA
expires: Thu, 09 Sep 2021 08:07:40 GMT

GET
H3-29 200 jquery-3.5.1.min.js Show response
www.otosaigon.com/js/vendor/jquery/ 87 KB
32 KB 22ms
21ms Script
application/javascript 2606:4700:20::681a:a35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.otosaigon.com/js/vendor/jquery/jquery-3.5.1.min.js?_v=d586bcaf
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:a35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

:path: /js/vendor/jquery/jquery-3.5.1.min.js?_v=d586bcaf
pragma: no-cache
cookie: WID=vt151|YTNlj|YTNlj; _ga=GA1.2.2013777321.1630758459; _gid=GA1.2.1004780414.1630758459; _gat_gtag_UA_40673294_1=1; _gat_UA-40673294-1=1; _fbp=fb.1.1630758458631.2122503782; __gads=ID=bdc5fba26f04f273:T=1630758459:S=ALNI_Maj6CgS3DnIZqh2aCXPffmTUzK7gw
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.otosaigon.com
referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:41 GMT
content-encoding: br
x-cdn-client: 162.158.92.154 - -
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 188232
x-cache: HIT
cf-cache-status: HIT
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
pragma: public
last-modified: Mon, 01 Feb 2021 18:34:02 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bbYMZ73QPGoEbya88KKLHmkK6jreP9KJbPSDhOvpYqtbqkWPPnZ%2BxuLo4sPqfd7mGeg2lEAQpbR6LUv8MnM%2Bvf%2BGa1qZn5v9wtgzEh2LDhGDdQLP5opr%2BK3LudTGs2w%2FVm3il5MidnvVQR7lFt7C"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=2678400
cf-ray: 689736a27be0d6b1-FRA
expires: Thu, 09 Sep 2021 08:07:40 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame AA1B 42 B
64 B 35ms
21ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssTENoUkZMIaW9mvOfvodVrWgYhXPMpR002FUAqi6Zwy91G_GX-V3dcmNIEbv7mQb7jdWKx4xaSHFppplXRxo9__iBHqnxkVr7H7UczWaWjfhAovlvg1zJMnDcquUj2dChGFYtAQ9mUNG3oz-_Cmcqk&sai=AMfl-YSoUYErZMH3zBlsxVK8-aTxskY0YbGdlu5TdAs4E19e3MCYSQun0iuhHPCki8aFOlpBtNeR6V7POAp0W1PZL78t_LIlldpiDSrCYzXbGlgc0gTJgmWX0ujjoxTY&sig=Cg0ArKJSzLzWLrXPHeJuEAE&cid=CAASF-Ro_uPNt3sPJITfGyd0n92WhGJTSlM6&id=lidar2&mcvt=1000&p=433,1100,683,1400&asp=433,1100,683,1400&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210901&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=2120091774&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1630758461024&rpt=96&isd=0&lsd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:42 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 container.html Show response
abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 24F9 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090101.js?31062462

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.otosaigon.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.otosaigon.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sat, 04 Sep 2021 12:27:39 GMT
expires: Sun, 04 Sep 2022 12:27:39 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/022108170213000/ Frame 6FCE 188 KB
55 KB 33ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022108170213000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090101.js?31062462

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4f72af3d7b96dc44bca6dca1ef2372a5b2ba73854fbba6da41d6752eb207be8d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 318604
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55275
x-xss-protection: 0
server: sffe
date: Tue, 31 Aug 2021 19:57:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "26bf0dce08a7e998"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 31 Aug 2022 19:57:39 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/022108170213000/v0/ Frame 6FCE 13 KB
5 KB 42ms
16ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022108170213000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090101.js?31062462

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fae2773cd95cb857866b4b3a54777c88f6c03e0167bf323c2a1f431985887b61

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 222435
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4999
x-xss-protection: 0
server: sffe
date: Wed, 01 Sep 2021 22:40:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "6b551ff8c0a78d7e"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Sep 2022 22:40:28 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/022108170213000/v0/ Frame 6FCE 89 KB
28 KB 43ms
17ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022108170213000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090101.js?31062462

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48bb89434a42b4fb519f27e9272e018e8151383b4b7f46f26260f5fd29e5f05e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 318604
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28538
x-xss-protection: 0
server: sffe
date: Tue, 31 Aug 2021 19:57:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "523ca413d5eb4bb0"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 31 Aug 2022 19:57:39 GMT

GET
H2 200 amp-animation-0.1.mjs Show response
cdn.ampproject.org/rtv/022108170213000/v0/ Frame 6FCE 70 KB
16 KB 44ms
18ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022108170213000/v0/amp-animation-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090101.js?31062462

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a213b67eebe575881cc62cd8800129e15d9ca92049b2e37832bf83d9fa2ed79e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 316701
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16652
x-xss-protection: 0
server: sffe
date: Tue, 31 Aug 2021 20:29:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b7d23c40180897d5"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 31 Aug 2022 20:29:22 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/022108170213000/v0/ Frame 6FCE 4 KB
2 KB 42ms
17ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022108170213000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090101.js?31062462

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f4a74fe2cef1d4e3ca293944e20763b350954439d0966a662691d304d9e1aac3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 113806
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1653
x-xss-protection: 0
server: sffe
date: Fri, 03 Sep 2021 04:50:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "a4d9605fb26cf0ce"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 04:50:57 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/022108170213000/v0/ Frame 6FCE 40 KB
13 KB 45ms
20ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022108170213000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090101.js?31062462

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9158e53d7052a6df65c12e3a59a8c77a8be353425523e4eff057fa5578e654ad

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 222437
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12821
x-xss-protection: 0
server: sffe
date: Wed, 01 Sep 2021 22:40:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "bd81b3ba02634f28"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Sep 2022 22:40:26 GMT

GET
DATA 200
OK truncated
/ Frame 6FCE 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 12c4cf29fbd81217e5b71a45af47a0e35ce7ea084179fa901755c8e3432fefd1

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 bg4.jpg
tpc.googlesyndication.com/sadbundle/13372183774347719607/Front_300x250_v2/images/ Frame 6FCE 12 KB
12 KB 9ms
6ms Image
image/jpeg 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/13372183774347719607/Front_300x250_v2/images/bg4.jpg

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d164e457f95499c4ce6d394a38c84789da175ef9ed3eb3f263b84d33260a7d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 11:04:15 GMT
x-content-type-options: nosniff
age: 5008
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12693
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 14:43:38 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 04 Sep 2022 11:04:15 GMT

GET
H3-29 200 bg3.jpg
tpc.googlesyndication.com/sadbundle/13372183774347719607/Front_300x250_v2/images/ Frame 6FCE 14 KB
14 KB 9ms
7ms Image
image/jpeg 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/13372183774347719607/Front_300x250_v2/images/bg3.jpg

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d693f43e82a0ad9cf42285eefd6bbd3953d9f3fe6cd18124765c1ca17008a1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 03:39:06 GMT
x-content-type-options: nosniff
age: 118117
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14558
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 14:43:38 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 03:39:06 GMT

GET
H3-29 200 bg2.jpg
tpc.googlesyndication.com/sadbundle/13372183774347719607/Front_300x250_v2/images/ Frame 6FCE 15 KB
15 KB 10ms
7ms Image
image/jpeg 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/13372183774347719607/Front_300x250_v2/images/bg2.jpg

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e87268fae4ae747d9a06d8962d5b7b0fb472ab432eb2bd29415b188825ee758

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 23:36:39 GMT
x-content-type-options: nosniff
age: 305464
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15666
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 14:43:38 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 31 Aug 2022 23:36:39 GMT

GET
H3-29 200 bg1.jpg
tpc.googlesyndication.com/sadbundle/13372183774347719607/Front_300x250_v2/images/ Frame 6FCE 12 KB
12 KB 10ms
7ms Image
image/jpeg 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/13372183774347719607/Front_300x250_v2/images/bg1.jpg

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d164e457f95499c4ce6d394a38c84789da175ef9ed3eb3f263b84d33260a7d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:08:27 GMT
x-content-type-options: nosniff
age: 1156
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12693
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 14:43:38 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 04 Sep 2022 12:08:27 GMT

GET
H3-29 200 logo.png
tpc.googlesyndication.com/sadbundle/13372183774347719607/Front_300x250_v2/images/ Frame 6FCE 2 KB
2 KB 11ms
8ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/13372183774347719607/Front_300x250_v2/images/logo.png

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aca78b4715adbf0d27ea5e6ac7a5ac7d3eb55f051f2b767dd05f2f558c2ee3ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 18:48:00 GMT
x-content-type-options: nosniff
age: 322783
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2084
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 14:43:38 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 31 Aug 2022 18:48:00 GMT

GET
H3-29 200 copy1.png
tpc.googlesyndication.com/sadbundle/13372183774347719607/Front_300x250_v2/images/ Frame 6FCE 8 KB
8 KB 12ms
9ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/13372183774347719607/Front_300x250_v2/images/copy1.png

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

084b9814e69633dca216a358f04e4839899db35389604b40294adc1b72bb37ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 06:38:18 GMT
x-content-type-options: nosniff
age: 107365
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8271
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 14:43:38 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 06:38:18 GMT

GET
H3-29 200 copy2.png
tpc.googlesyndication.com/sadbundle/13372183774347719607/Front_300x250_v2/images/ Frame 6FCE 7 KB
7 KB 12ms
8ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/13372183774347719607/Front_300x250_v2/images/copy2.png

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a3c1b2810caf750d69a32b747d99360d8e8dacf85b59c51f45178f0fbbf33609

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 06:15:39 GMT
x-content-type-options: nosniff
age: 108724
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 14:43:38 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 06:15:39 GMT

GET
H3-29 200 copy3.png
tpc.googlesyndication.com/sadbundle/13372183774347719607/Front_300x250_v2/images/ Frame 6FCE 9 KB
9 KB 14ms
10ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/13372183774347719607/Front_300x250_v2/images/copy3.png

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a74d8afd5efb83f662a89e6efe1502fd550616c31d729a91d7084ba0e351c0e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 22:35:58 GMT
x-content-type-options: nosniff
age: 309105
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9170
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 14:43:38 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 31 Aug 2022 22:35:58 GMT

GET
H3-29 200 endFrame1.png
tpc.googlesyndication.com/sadbundle/13372183774347719607/Front_300x250_v2/images/ Frame 6FCE 1 KB
1 KB 15ms
12ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/13372183774347719607/Front_300x250_v2/images/endFrame1.png

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5dc7e19fb451f1d64df8ab4a670f777c88101d8519e1dc670940dd03625457b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 20:24:56 GMT
x-content-type-options: nosniff
age: 576167
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1330
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 14:43:38 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Aug 2022 20:24:56 GMT

GET
H3-29 200 endFrame2.png
tpc.googlesyndication.com/sadbundle/13372183774347719607/Front_300x250_v2/images/ Frame 6FCE 1 KB
1 KB 16ms
13ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/13372183774347719607/Front_300x250_v2/images/endFrame2.png

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

182227da36476403253412438e62f6d3269e419b45f914bee4ce04b5881d3e8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 08:04:52 GMT
x-content-type-options: nosniff
age: 102171
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1098
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 14:43:38 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 08:04:52 GMT

GET
H3-29 200 endFrame3.png
tpc.googlesyndication.com/sadbundle/13372183774347719607/Front_300x250_v2/images/ Frame 6FCE 10 KB
10 KB 13ms
9ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/13372183774347719607/Front_300x250_v2/images/endFrame3.png

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

75970d2edf903237a88bf7dee75f7f78dcece4b01bfd0451b33c0aad0cb6a21b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 17:00:34 GMT
x-content-type-options: nosniff
age: 588429
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10079
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 14:43:38 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Aug 2022 17:00:34 GMT

GET
H3-29 200 endFrame4.png
tpc.googlesyndication.com/sadbundle/13372183774347719607/Front_300x250_v2/images/ Frame 6FCE 8 KB
8 KB 17ms
13ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/13372183774347719607/Front_300x250_v2/images/endFrame4.png

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bf921c508b5b894f98bbe7a73fade7b515a06a10b0ea85454acf09a15c4c74b8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 09:57:17 GMT
x-content-type-options: nosniff
age: 95426
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7805
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 14:43:38 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 09:57:17 GMT

GET
H3-29 200 cta.png
tpc.googlesyndication.com/sadbundle/13372183774347719607/Front_300x250_v2/images/ Frame 6FCE 783 B
813 B 13ms
10ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/13372183774347719607/Front_300x250_v2/images/cta.png

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9248542b55f10b006b86fd81d43c2f1ebf570293d74a331ec7daed7f63149dec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 19:15:50 GMT
x-content-type-options: nosniff
age: 580313
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 783
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 14:43:38 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Aug 2022 19:15:50 GMT

GET
H3-29 200 vi.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 6FCE 3 KB
3 KB 15ms
12ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/vi.png

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b123d3cd853f7cd9c7d7c92b0ca99a37b4fa7e654fca65be5f1a15fd9253635e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 06:38:23 GMT
x-content-type-options: nosniff
server: cafe
age: 20960
etag: 10932518847931040692
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3099
x-xss-protection: 0
expires: Sun, 05 Sep 2021 06:38:23 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 6FCE 344 B
375 B 12ms
9ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 02:55:33 GMT
x-content-type-options: nosniff
server: cafe
age: 34330
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Sun, 05 Sep 2021 02:55:33 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 6FCE 0
0 18ms
16ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTDUUMtipc_cESLB5XU_kQZNJsUTwAvUyCDWqRtDKDHeQ0M2Gel6o6QCZodBFLtpUaRv9u6MT0XCnLZ0K5Jjjej5t8ZAA
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 6FCE 0
0 55ms
53ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CzZuXPWYzYfWqEoK7x_APs7uk6A2lwMbkZMTY64TyDeXWp6ayARABIK79lyJglYKAgLAHoAGf0rW3AcgBCakCt872iB_usz7gAgCoAwHIAwiqBJYCT9BO3zwOGIj6NuGZGDxpZo1h2n6WBDkj3t9u7spnTYoFO451x75sEIJcqEVrmOGXTWU-DZ4EpN9Ot1Ihs-_PkXgk4AyIpHt8GpJkbWh0vJgTS7apWLEuW3Wb48umZY97Lf9XhoePkqmKFp_t-PmI_2qvIeiIkB888IbX3YIT0Xg2xYknZqzSqUPkZU-2vr5QkWGoau76I1xlENvkzhT-Dw3dUuTk0PYiyCkSq5bW6yUUWOP7WSy6MVPTqZ1q10PsWRGFjAKrc4fexmOSGH-rKYbvLxLlJr9-wEFkjdD_KQzrXEP4lO9gecxxs3JaLk6dSLmZ548LKpQVeWYbAZX6i2_RSDfGHsA6blQvPSKUxYSr3xaKQ2nABOWXv-PTA-AEAZIFBAgEGAGSBQQIBRgEoAYugAfJrcrIAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhvYBwDyBwQQsegD0ggJCIDhgBAQARgdgAoByAsB2BMN0BUBmBYBgBcBshceChwIABIUcHViLTM1ODI4MDk0MzYwMjM3ODYYtocT&sigh=WzBnA0e2h5c&template_id=419
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s56-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 24F9 0
0 28ms
27ms Fetch
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CqLs1PGYzYdXQPMWP-gaKsI_QA8-HjptcwIbZgsYCwI23ARABIABglYKAgLAHggEXY2EtcHViLTM1ODI4MDk0MzYwMjM3ODbIAQngAgCoAwGqBIQCT9Dvg9Eab1khbGzXuenHyW-TTs0bSY1o_HjgPeXFJNM4h2lUgtVW0_jRjxVwflNMuUwFVibxqnpPvJIx1qBx4hrViR157bqE-GYIsGQIyy3CS21vXatOMJufm_MU747vIj2vdHQKiCAgcpjNHmAgo4snJMyTNmwllCdJEGxhlFzFXkbciM7jIsgPpnOW8AH3q8vinRVsVJ21gqCG_wW2VQ64gU7mxXgt3nzLbQNZaYnNQ19ZLgBdfniMPbbtXFxE2Yg6dderXSmoUDMWn6Fcx67QqtRMEOYZEaOT7PnCeuWg9WPIHhlorLc1hoSICfT1jcJOfh0uxX8L6BB4D1ZPHFIyGkfgBAGABqSTrNbUtfy1GKAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBABgAoB-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTM1ODI4MDk0MzYwMjM3ODYYtocT&sigh=zhy2wSJbtoY&tpd=AGWhJmvazkmky5RcbhEZbASVaEdHQsK3kijbYmzXH6YicQN7qs0l6TlBL7_5MtF3galhfOM0-7wXrcsY8umJc_ucuLWR-XzoPOP6bf0SQwv-FgmEmENU2azlkXpqFg3wS9kmYAZpxrgt-wHmgQu83rsGwQT36blrVZuu6CXxW3Ayh9Z6LC0pitPVKOIuH-KRe9XlF_OIEx58A5eMyS-xwxhp9OBZOXRhI3kOWIBLZ9ZZ1-5TQMBCQaIpAVjm4KjEk-4r_v0OLOSwaUKqdbpBklCrcsufZse4Yri9UnQIR7NbySaTHKCUsu4wIV-FhSfpt0BKUHBWzOhDe1KpmzjbZ2MZ9CEN4k8UFbIKeetFiR4HxLWiaRS3fkbQePXbnYSF56w3A7G0WFOP-uqhIWqe5eJRzcd38oiM4iolKkQjtGXyCZPsahwhUhcqM9IQ9Y0i5CaDyCDLzAdQuhaNxDz0EORLbzpUVuBYvsECRBWhWFjfIpKj1sLqbw1gvW0tJAgXbx9hU-tKBL_wrkAe7V7xHJYsahJxlkfaMcXDBE6LvZW0G5PcxT72NuRF7jQHQ8J7jhU-n1jBS0XWW-uWfHNOFgyJq4OrM1JR4jJSFUsARPr5f_r_DTibRqmc8snPrri_p4ZWpuXdokxofXWslj8CwQ46sZF2RS2m9JPN0cHJAqs8XZYlxz39Ji7d-WZqoEmVx9AnLRIlPwX5hj9yUMcK5KkdYqk9CeHQoUFb65lDjHVr-7yQhJw-IBhROQGs2qQY4oFN1SSUCyuW6JJ2A98zBqyQxjUemO-15c7OfE2MDiLyOKtfCrl58BkufCMTT99pywDZxF6hehsHGmtLNoJUkjje4WrGSbhRZ0t5vWzRV4PDWv2HEWAi_wZ-_-8VZY_kk7VFlIPZl_4epBV9QA_CcMnHldTXEOd0R6vDhGViDQUc3ThRx-DRCe9DbQP-TLqElIzvqz9slLWAYkW4Sc9IuI1B4e33UrhGPaIkffeSwdt5A8VM1xEDtgdR8F5of-1l9NOaeNmqe1-bj3plZJ-FgqahJU2H2CBTv1oyUuj5ZbARHgrwQiVHYf9kiW6MwwRilfQ_5wZjsLk5ZrdG
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s56-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ Frame 24F9 3 KB
2 KB 71ms
22ms Script
application/x-javascript 185.29.132.246
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTkdKaE5HWmpNamd0TURsaFl5MWhNVEUzTFRBd01EQXRNREF3TURBd01EQXdNREF3LzQyOTU3ODM1Mjc3NTAxMTM5Mi85MzgzMTUzLzg5NTE0NTMvNC80REVpTFFGbHRSVTZ3anlsdDFMOUE0dXc4a0RndUlOVHVxYmwyZlRrNWI0LzEvNC8wLzAvMTY0MjA4Ny8zMjgzNDYzNjgwLzIxNTU0My85ODMyNjgvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC80Mjk1NzgzNTI3NzUwMTEzOTIvenJoLzAvMzkzNS82MC85OTkvMi8xOTUuMTgxLjE3NC4wLzAuMDAwLzE2MzA3NTg0NjAvMTYzMDc3MTA2MC80L3B1Yi0zNTgyODA5NDM2MDIzNzg2Lw/-8cKg1Odah8uCEl7H3nUHmTMTPM&nodeid=720&group=eu&auctionid=429578352775011392&shardkey=429578352775011392&sid=8951453&cid=9383153&bp=a_dcbbfj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.144&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC4i5MPGYzYdXQPMWP-gaKsI_QA8-HjptcwIbZgsYCwI23ARABIABglYKAgLAHggEXY2EtcHViLTM1ODI4MDk0MzYwMjM3ODbIAQngAgCoAwGqBIcCT9Dvg9Eab1khbGzXuenHyW-TTs0bSY1o_HjgPeXFJNM4h2lUgtVW0_jRjxVwflNMuUwFVibxqnpPvJIx1qBx4hrViR157bqE-GYIsGQIyy3CS21vXatOMJufm_MU747vIj2vdHQKiCAgcpjNHmAgo4snJMyTNmwllCdJEGxhlFzFXkbciM7jIsgPpnOW8AH3q8vinRVsVJ21gqCG_wW2VQ64gU7mxXgt3nzLbQNZaYnNQ19ZLgBdfniMPbbtXFxE2Yg6dderXSmoUDMWn6Fcx67QqtRMEOYZEaOT7PnCeuWg9WPIHhlorLc1hoSICfT1jcIMfBC8ae-v753cR_2XXP3CB1P8Dx_gBAGABqSTrNbUtfy1GKAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3kwH6iOcDxxry1Dcdhe7yavj2lXg%26client%3Dca-pub-3582809436023786%26adurl%3D
Requested by: Host: abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com
URL: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.132.246 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.204.0 /
Resource Hash: 4e46417cd650f95e064be882110dd3f25f9be67e12a88873f98a48fa0031f48c

Request headers

Referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 04 Sep 2021 12:27:43 GMT
Content-Encoding: gzip
x-mm-bid-request-time: 1630758460
Last-Modified: Sat, 04 Sep 2021 12:27:40 GMT
Server: MMBD/3.204.0
x-mm-latency: 1 (0)
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
x-mm-dbg: Count
Cache-Control: no-cache
x-mm-host: zrh-router-x69, zrh-bidder-x73
Connection: close
Content-Type: application/x-javascript; charset=UTF-8
Expires: Sat, 04 Sep 2021 12:27:42 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/ Frame 24F9 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/window_focus_fy2019.js

Requested by

Host: abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com
URL: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:17:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 584
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 12:17:59 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 24F9 122 KB
37 KB 19ms
17ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com
URL: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:43 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496346997469"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Sat, 04 Sep 2021 12:27:43 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/ Frame 24F9 14 KB
6 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com
URL: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:24:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 223
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6183
x-xss-protection: 0
server: cafe
etag: 901432759052127119
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 12:24:00 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 24F9 0
0 16ms
14ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSZvAWNLvzaJX_Jg575LzOpvtdyYbVps6ORsKZ_yrOO5Dj7zSnuaa0ACyOGNl5jM8_doDJ8gA8tcQKKV_5rfGVndgAhqA
Requested by: Host: abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com
URL: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H3-29 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 24F9 22 KB
7 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com
URL: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 20:32:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 143740
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 02 Sep 2022 20:32:03 GMT

GET
H3-29 200 vi.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 6FCE 3 KB
3 KB 13ms
6ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/vi.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/022108170213000/amp4ads-v0.mjs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b123d3cd853f7cd9c7d7c92b0ca99a37b4fa7e654fca65be5f1a15fd9253635e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 06:38:23 GMT
x-content-type-options: nosniff
server: cafe
age: 20960
etag: 10932518847931040692
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3099
x-xss-protection: 0
expires: Sun, 05 Sep 2021 06:38:23 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 6FCE 344 B
375 B 13ms
6ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/022108170213000/amp4ads-v0.mjs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 02:55:33 GMT
x-content-type-options: nosniff
server: cafe
age: 34330
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Sun, 05 Sep 2021 02:55:33 GMT

GET
H/1.1 200
OK 5mzy8mffuu6o Show response
hal9000.redintelligence.net/zone/ Frame 24F9 10 KB
3 KB 43ms
13ms Script
text/html 138.201.63.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/5mzy8mffuu6o?subid=&gdpr=1&gdpr_consent=li&rnd=429578352775011392&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D429578352775011392%26mt_id%3D9383153%26mt_adid%3D215543%26mt_sid%3D8951453%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D67346133-663f-4601-8567-86623cee0ce6%26mt_cid%3D67346133-663f-4601-8567-86623cee0ce6%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC4i5MPGYzYdXQPMWP-gaKsI_QA8-HjptcwIbZgsYCwI23ARABIABglYKAgLAHggEXY2EtcHViLTM1ODI4MDk0MzYwMjM3ODbIAQngAgCoAwGqBIcCT9Dvg9Eab1khbGzXuenHyW-TTs0bSY1o_HjgPeXFJNM4h2lUgtVW0_jRjxVwflNMuUwFVibxqnpPvJIx1qBx4hrViR157bqE-GYIsGQIyy3CS21vXatOMJufm_MU747vIj2vdHQKiCAgcpjNHmAgo4snJMyTNmwllCdJEGxhlFzFXkbciM7jIsgPpnOW8AH3q8vinRVsVJ21gqCG_wW2VQ64gU7mxXgt3nzLbQNZaYnNQ19ZLgBdfniMPbbtXFxE2Yg6dderXSmoUDMWn6Fcx67QqtRMEOYZEaOT7PnCeuWg9WPIHhlorLc1hoSICfT1jcIMfBC8ae-v753cR_2XXP3CB1P8Dx_gBAGABqSTrNbUtfy1GKAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3kwH6iOcDxxry1Dcdhe7yavj2lXg%2526client%253Dca-pub-3582809436023786%2526adurl%253D%26redirect%3D
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.164 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 681b1527be09e3c311b7217ae1133b99b299696198c964c84abc6fb6b64b6ddb

Request headers

Referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 04 Sep 2021 12:27:43 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3378
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK ck-confirm
tags.mathtag.com/ Frame 24F9 49 B
329 B 71ms
32ms Image
image/gif 185.29.132.246
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/ck-confirm?bid_id=429578352775011392&node_id=720&exch_id=4
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTkdKaE5HWmpNamd0TURsaFl5MWhNVEUzTFRBd01EQXRNREF3TURBd01EQXdNREF3LzQyOTU3ODM1Mjc3NTAxMTM5Mi85MzgzMTUzLzg5NTE0NTMvNC80REVpTFFGbHRSVTZ3anlsdDFMOUE0dXc4a0RndUlOVHVxYmwyZlRrNWI0LzEvNC8wLzAvMTY0MjA4Ny8zMjgzNDYzNjgwLzIxNTU0My85ODMyNjgvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC80Mjk1NzgzNTI3NzUwMTEzOTIvenJoLzAvMzkzNS82MC85OTkvMi8xOTUuMTgxLjE3NC4wLzAuMDAwLzE2MzA3NTg0NjAvMTYzMDc3MTA2MC80L3B1Yi0zNTgyODA5NDM2MDIzNzg2Lw/-8cKg1Odah8uCEl7H3nUHmTMTPM&nodeid=720&group=eu&auctionid=429578352775011392&shardkey=429578352775011392&sid=8951453&cid=9383153&bp=a_dcbbfj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.144&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC4i5MPGYzYdXQPMWP-gaKsI_QA8-HjptcwIbZgsYCwI23ARABIABglYKAgLAHggEXY2EtcHViLTM1ODI4MDk0MzYwMjM3ODbIAQngAgCoAwGqBIcCT9Dvg9Eab1khbGzXuenHyW-TTs0bSY1o_HjgPeXFJNM4h2lUgtVW0_jRjxVwflNMuUwFVibxqnpPvJIx1qBx4hrViR157bqE-GYIsGQIyy3CS21vXatOMJufm_MU747vIj2vdHQKiCAgcpjNHmAgo4snJMyTNmwllCdJEGxhlFzFXkbciM7jIsgPpnOW8AH3q8vinRVsVJ21gqCG_wW2VQ64gU7mxXgt3nzLbQNZaYnNQ19ZLgBdfniMPbbtXFxE2Yg6dderXSmoUDMWn6Fcx67QqtRMEOYZEaOT7PnCeuWg9WPIHhlorLc1hoSICfT1jcIMfBC8ae-v753cR_2XXP3CB1P8Dx_gBAGABqSTrNbUtfy1GKAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3kwH6iOcDxxry1Dcdhe7yavj2lXg%26client%3Dca-pub-3582809436023786%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.132.246 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.204.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 04 Sep 2021 12:27:43 GMT
Server: MMBD/3.204.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: zrh-router-x44, zrh-bidder-x73
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Sat, 04 Sep 2021 12:27:42 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame 24F9 43 B
360 B 70ms
50ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=4&v2=429578352775011392&v3=983268&v4=8951453&v5=9383153&mt_nsync=1&no_attr=1
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTkdKaE5HWmpNamd0TURsaFl5MWhNVEUzTFRBd01EQXRNREF3TURBd01EQXdNREF3LzQyOTU3ODM1Mjc3NTAxMTM5Mi85MzgzMTUzLzg5NTE0NTMvNC80REVpTFFGbHRSVTZ3anlsdDFMOUE0dXc4a0RndUlOVHVxYmwyZlRrNWI0LzEvNC8wLzAvMTY0MjA4Ny8zMjgzNDYzNjgwLzIxNTU0My85ODMyNjgvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC80Mjk1NzgzNTI3NzUwMTEzOTIvenJoLzAvMzkzNS82MC85OTkvMi8xOTUuMTgxLjE3NC4wLzAuMDAwLzE2MzA3NTg0NjAvMTYzMDc3MTA2MC80L3B1Yi0zNTgyODA5NDM2MDIzNzg2Lw/-8cKg1Odah8uCEl7H3nUHmTMTPM&nodeid=720&group=eu&auctionid=429578352775011392&shardkey=429578352775011392&sid=8951453&cid=9383153&bp=a_dcbbfj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.144&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC4i5MPGYzYdXQPMWP-gaKsI_QA8-HjptcwIbZgsYCwI23ARABIABglYKAgLAHggEXY2EtcHViLTM1ODI4MDk0MzYwMjM3ODbIAQngAgCoAwGqBIcCT9Dvg9Eab1khbGzXuenHyW-TTs0bSY1o_HjgPeXFJNM4h2lUgtVW0_jRjxVwflNMuUwFVibxqnpPvJIx1qBx4hrViR157bqE-GYIsGQIyy3CS21vXatOMJufm_MU747vIj2vdHQKiCAgcpjNHmAgo4snJMyTNmwllCdJEGxhlFzFXkbciM7jIsgPpnOW8AH3q8vinRVsVJ21gqCG_wW2VQ64gU7mxXgt3nzLbQNZaYnNQ19ZLgBdfniMPbbtXFxE2Yg6dderXSmoUDMWn6Fcx67QqtRMEOYZEaOT7PnCeuWg9WPIHhlorLc1hoSICfT1jcIMfBC8ae-v753cR_2XXP3CB1P8Dx_gBAGABqSTrNbUtfy1GKAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3kwH6iOcDxxry1Dcdhe7yavj2lXg%26client%3Dca-pub-3582809436023786%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 3905 f19d76c master cdg-pixel-x28 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 04 Sep 2021 12:27:43 GMT
Server: MT3 3905 f19d76c master cdg-pixel-x28
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 04 Sep 2021 12:27:41 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame 24F9 49 B
329 B 69ms
30ms Image
image/gif 185.29.132.246
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=adx&bid=429578352775011392&st=8951453&time=1630758463&nodeid=720
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTkdKaE5HWmpNamd0TURsaFl5MWhNVEUzTFRBd01EQXRNREF3TURBd01EQXdNREF3LzQyOTU3ODM1Mjc3NTAxMTM5Mi85MzgzMTUzLzg5NTE0NTMvNC80REVpTFFGbHRSVTZ3anlsdDFMOUE0dXc4a0RndUlOVHVxYmwyZlRrNWI0LzEvNC8wLzAvMTY0MjA4Ny8zMjgzNDYzNjgwLzIxNTU0My85ODMyNjgvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC80Mjk1NzgzNTI3NzUwMTEzOTIvenJoLzAvMzkzNS82MC85OTkvMi8xOTUuMTgxLjE3NC4wLzAuMDAwLzE2MzA3NTg0NjAvMTYzMDc3MTA2MC80L3B1Yi0zNTgyODA5NDM2MDIzNzg2Lw/-8cKg1Odah8uCEl7H3nUHmTMTPM&nodeid=720&group=eu&auctionid=429578352775011392&shardkey=429578352775011392&sid=8951453&cid=9383153&bp=a_dcbbfj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.144&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC4i5MPGYzYdXQPMWP-gaKsI_QA8-HjptcwIbZgsYCwI23ARABIABglYKAgLAHggEXY2EtcHViLTM1ODI4MDk0MzYwMjM3ODbIAQngAgCoAwGqBIcCT9Dvg9Eab1khbGzXuenHyW-TTs0bSY1o_HjgPeXFJNM4h2lUgtVW0_jRjxVwflNMuUwFVibxqnpPvJIx1qBx4hrViR157bqE-GYIsGQIyy3CS21vXatOMJufm_MU747vIj2vdHQKiCAgcpjNHmAgo4snJMyTNmwllCdJEGxhlFzFXkbciM7jIsgPpnOW8AH3q8vinRVsVJ21gqCG_wW2VQ64gU7mxXgt3nzLbQNZaYnNQ19ZLgBdfniMPbbtXFxE2Yg6dderXSmoUDMWn6Fcx67QqtRMEOYZEaOT7PnCeuWg9WPIHhlorLc1hoSICfT1jcIMfBC8ae-v753cR_2XXP3CB1P8Dx_gBAGABqSTrNbUtfy1GKAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3kwH6iOcDxxry1Dcdhe7yavj2lXg%26client%3Dca-pub-3582809436023786%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.132.246 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.204.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 04 Sep 2021 12:27:43 GMT
Server: MMBD/3.204.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: zrh-router-x21, zrh-bidder-x73
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Sat, 04 Sep 2021 12:27:42 GMT

GET
H/1.1 200
OK request.php Show response
hal900021.redintelligence.net/ Frame 24F9 613 B
774 B 84ms
48ms Script
application/x-javascript 144.76.238.55
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900021.redintelligence.net/request.php?zone=5mzy8mffuu6o&nw=20&renderingType=javascript&namespace=45c6945a24&subid=&uid=923d1e7af28a1962&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D429578352775011392%26mt_id%3D9383153%26mt_adid%3D215543%26mt_sid%3D8951453%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D67346133-663f-4601-8567-86623cee0ce6%26mt_cid%3D67346133-663f-4601-8567-86623cee0ce6%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC4i5MPGYzYdXQPMWP-gaKsI_QA8-HjptcwIbZgsYCwI23ARABIABglYKAgLAHggEXY2EtcHViLTM1ODI4MDk0MzYwMjM3ODbIAQngAgCoAwGqBIcCT9Dvg9Eab1khbGzXuenHyW-TTs0bSY1o_HjgPeXFJNM4h2lUgtVW0_jRjxVwflNMuUwFVibxqnpPvJIx1qBx4hrViR157bqE-GYIsGQIyy3CS21vXatOMJufm_MU747vIj2vdHQKiCAgcpjNHmAgo4snJMyTNmwllCdJEGxhlFzFXkbciM7jIsgPpnOW8AH3q8vinRVsVJ21gqCG_wW2VQ64gU7mxXgt3nzLbQNZaYnNQ19ZLgBdfniMPbbtXFxE2Yg6dderXSmoUDMWn6Fcx67QqtRMEOYZEaOT7PnCeuWg9WPIHhlorLc1hoSICfT1jcIMfBC8ae-v753cR_2XXP3CB1P8Dx_gBAGABqSTrNbUtfy1GKAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3kwH6iOcDxxry1Dcdhe7yavj2lXg%2526client%253Dca-pub-3582809436023786%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fabfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=null&random=7259551246021&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/5mzy8mffuu6o?subid=&gdpr=1&gdpr_consent=li&rnd=429578352775011392&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D429578352775011392%26mt_id%3D9383153%26mt_adid%3D215543%26mt_sid%3D8951453%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D67346133-663f-4601-8567-86623cee0ce6%26mt_cid%3D67346133-663f-4601-8567-86623cee0ce6%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC4i5MPGYzYdXQPMWP-gaKsI_QA8-HjptcwIbZgsYCwI23ARABIABglYKAgLAHggEXY2EtcHViLTM1ODI4MDk0MzYwMjM3ODbIAQngAgCoAwGqBIcCT9Dvg9Eab1khbGzXuenHyW-TTs0bSY1o_HjgPeXFJNM4h2lUgtVW0_jRjxVwflNMuUwFVibxqnpPvJIx1qBx4hrViR157bqE-GYIsGQIyy3CS21vXatOMJufm_MU747vIj2vdHQKiCAgcpjNHmAgo4snJMyTNmwllCdJEGxhlFzFXkbciM7jIsgPpnOW8AH3q8vinRVsVJ21gqCG_wW2VQ64gU7mxXgt3nzLbQNZaYnNQ19ZLgBdfniMPbbtXFxE2Yg6dderXSmoUDMWn6Fcx67QqtRMEOYZEaOT7PnCeuWg9WPIHhlorLc1hoSICfT1jcIMfBC8ae-v753cR_2XXP3CB1P8Dx_gBAGABqSTrNbUtfy1GKAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3kwH6iOcDxxry1Dcdhe7yavj2lXg%2526client%253Dca-pub-3582809436023786%2526adurl%253D%26redirect%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.238.55 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.55.238.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 37d52f59a49a716879f7574b8c4194e14f8f0cbd5dfc45cf9a0d6594a9fe0eba

Request headers

Referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 12:27:43 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 58252100066538603150070011707021
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 331
Expires: Sat, 04 Sep 2021 13:27:43 +0200

GET
H/1.1 200
OK request_content.php Show response
hal900021.redintelligence.net/ Frame 964E 7 KB
3 KB 35ms
12ms Document
text/html 144.76.238.55
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900021.redintelligence.net/request_content.php?s=58252100066538603150070011707021&a=f80e07d4
Requested by: Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request.php?zone=5mzy8mffuu6o&nw=20&renderingType=javascript&namespace=45c6945a24&subid=&uid=923d1e7af28a1962&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D429578352775011392%26mt_id%3D9383153%26mt_adid%3D215543%26mt_sid%3D8951453%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D67346133-663f-4601-8567-86623cee0ce6%26mt_cid%3D67346133-663f-4601-8567-86623cee0ce6%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC4i5MPGYzYdXQPMWP-gaKsI_QA8-HjptcwIbZgsYCwI23ARABIABglYKAgLAHggEXY2EtcHViLTM1ODI4MDk0MzYwMjM3ODbIAQngAgCoAwGqBIcCT9Dvg9Eab1khbGzXuenHyW-TTs0bSY1o_HjgPeXFJNM4h2lUgtVW0_jRjxVwflNMuUwFVibxqnpPvJIx1qBx4hrViR157bqE-GYIsGQIyy3CS21vXatOMJufm_MU747vIj2vdHQKiCAgcpjNHmAgo4snJMyTNmwllCdJEGxhlFzFXkbciM7jIsgPpnOW8AH3q8vinRVsVJ21gqCG_wW2VQ64gU7mxXgt3nzLbQNZaYnNQ19ZLgBdfniMPbbtXFxE2Yg6dderXSmoUDMWn6Fcx67QqtRMEOYZEaOT7PnCeuWg9WPIHhlorLc1hoSICfT1jcIMfBC8ae-v753cR_2XXP3CB1P8Dx_gBAGABqSTrNbUtfy1GKAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3kwH6iOcDxxry1Dcdhe7yavj2lXg%2526client%253Dca-pub-3582809436023786%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fabfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=null&random=7259551246021&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.238.55 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.55.238.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 026ea6213964c26a5dd48209e52458e77cb8ff397359c941562f2fb6dbf11dc5

Request headers

Host: hal900021.redintelligence.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/

Response headers

Date: Sat, 04 Sep 2021 12:27:43 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Sat, 04 Sep 2021 13:27:43 +0200
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2318
Connection: close
Content-Type: text/html; charset=utf-8

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 2259 1 KB
749 B 20ms
6ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com
URL: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 03 Sep 2021 13:41:14 GMT
expires: Sat, 04 Sep 2021 13:41:14 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 81989
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 24F9 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c699996729da51fd041a10366054c02ab7fb4db3a67d1a5b7df9f98a015636be

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.6.2/ Frame 964E 89 KB
32 KB 29ms
7ms Script
text/javascript 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js

Requested by

Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request_content.php?s=58252100066538603150070011707021&a=f80e07d4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 09:23:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11036
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32245
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 04 Sep 2022 09:23:47 GMT

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame 964E 766 B
876 B 20ms
19ms Script
text/javascript 37.157.6.246
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=48865844;gdpr=1;gdpr_consent=li;click=https%3A%2F%2Fhal900021.redintelligence.net%2Fc%2Fpgz4wxug781yhym%3Ftprde%3D

Requested by

Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request_content.php?s=58252100066538603150070011707021&a=f80e07d4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.246 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

1aeeb078f0be924d4a603061050b650a21dff9deb1958beebffe46213556deed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:43 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 562
expires: -1

GET
H2 200 dpixel
cms.quantserve.com/ Frame 2259 35 B
463 B 26ms
8ms Image
image/gif 2620:116:800d:21:f916:5049:f87f:108e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEDFA63Cb19FFypADkBb7Ts0&google_cver=1&google_push=AYg5qPKGgtQI7vGOT6HTAYzpsdY2NjPr0wtqddlxAlbOGoQCG1Pz_Vy5koE33SSdxD0PWDnZPiz64lLBoz5_L4yRhndhRLhjXQ

Requested by

Host: abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com
URL: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:43 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 2259 0
12 B 56ms
31ms Image
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Lrxb7yQ8K0f7SD9i9YJn8WJaN4dgLH

Requested by

Host: abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com
URL: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:43 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK viewability Show response
hal900021.redintelligence.net/ Frame 964E 0
150 B 35ms
12ms Script
text/html 144.76.238.55
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900021.redintelligence.net/viewability?s=58252100066538603150070011707021&a=6570d656&vb=m
Requested by: Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request_content.php?s=58252100066538603150070011707021&a=f80e07d4
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.238.55 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.55.238.76.144.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hal900021.redintelligence.net/request_content.php?s=58252100066538603150070011707021&a=f80e07d4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 04 Sep 2021 12:27:43 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame 964E 33 KB
16 KB 66ms
17ms Script
text/javascript 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=48865844;gdpr=1;gdpr_consent=li;click=https%3A%2F%2Fhal900021.redintelligence.net%2Fc%2Fpgz4wxug781yhym%3Ftprde%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 5eed273d16f8b9f330c78d58eebc4c1cfb64346a84a9bc8781afe1bc69077d67

Request headers

Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:43 GMT
content-encoding: gzip
last-modified: Mon, 30 Aug 2021 07:04:15 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Sun, 05 Sep 2021 15:45:04 GMT

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame 964E 3 KB
2 KB 19ms
19ms Script
text/javascript 37.157.6.246
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?bn=48865844;gdpr=1;gdpr_consent=li;click=https%3A%2F%2Fhal900021.redintelligence.net%2Fc%2Fpgz4wxug781yhym%3Ftprde%3D;js=1;adfxid=1x;9566;set=en-US|en-US|1600X1200|0|300|250|24|8|3|7|1|;fd=0|0&CREFURL=https%3A%2F%2Fwww.otosaigon.com

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.246 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e380c316b56efeb616b1ce4124150936cd46f6aae8ff5413f5b4c8e6e1ac0891

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:43 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 1856
expires: -1

GET
H3-29 200 container.html Show response
abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame D892 6 KB
3 KB 9ms
9ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090101.js?31062462

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.otosaigon.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.otosaigon.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sat, 04 Sep 2021 12:27:39 GMT
expires: Sun, 04 Sep 2022 12:27:39 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 964E 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3-29 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/ Frame E586 223 KB
37 KB 10ms
9ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7bf67883867f93d08cbf4eeac0485e641cb9e5b123e18bef046b7c706cffd28

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/17626451119355985920/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Fri, 03 Sep 2021 20:07:12 GMT
expires: Sat, 03 Sep 2022 20:07:12 GMT
last-modified: Mon, 03 May 2021 14:21:52 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
content-length: 38330
age: 58831
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame D892 0
0 76ms
75ms Fetch
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CJ0aFP2YzYcCqB5TvgAeUraiwDvPE9Pxj5Mr62fAN29keEAEgrv2XImCVgoCAsAegAZXP6PEDyAEJqQK3zvaIH-6zPuACAKgDAcgDAqoEjwJP0C5tR82HIOv13MQ37uxQuDx1T-pD6NbdFwiI6n34VBYlehCBq5bRDq90ugVSDm2PuO7A2kB3aFKEJbQQAd5tAbxrQjc7VWXqlz7hBiENuCWBjXuN3jN2-Ga7xbHE525pPcqQyNp9Scqm6yP9uQR-YyJbQSPzAWREYhTIU7uKPMfRzBQziRZL0m6urDHt_eLm1v3JhZwRCFNJZR2Cb_8JOXTZCh5u_3MFZhvmgN5MY9Hw9VsGxAjKAd6NnbwOKl_2jvu5gk3KcBDEH8wo0EkxnszT5_PsblnUV8PU2jikcWIRV0MaywamFj70P8sIpauY4FRNCXJZqSXN7NS-5b2YiIU3TmNxXKwBTsCWIO4WwAT1utTEwwPgBAGSBQQIBBgBkgUECAUYBKAGXYAH07CXDqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhvYBwHyBwQQgoED0ggJCIDhgBAQARgdgAoByAsB2BMN0BUBmBYBgBcBshceChwIABIUcHViLTM1ODI4MDk0MzYwMjM3ODYYtocT&sigh=9prr1JJ-uHE
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s56-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/ Frame D892 2 KB
1 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/window_focus_fy2019.js

Requested by

Host: abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com
URL: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:17:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 584
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 12:17:59 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D892 122 KB
37 KB 33ms
33ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com
URL: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:43 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496346997469"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Sat, 04 Sep 2021 12:27:43 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/ Frame D892 14 KB
6 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com
URL: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:24:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 223
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6183
x-xss-protection: 0
server: cafe
etag: 901432759052127119
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 12:24:00 GMT

GET
H2 200 Standard Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/ Frame 964E 90 KB
39 KB 25ms
21ms Script
text/javascript 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 5ba549dc734460da9128d5d15de3ec1b86e662f6ff34dd8b29c59068bebe6e85

Request headers

Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:43 GMT
content-encoding: gzip
last-modified: Mon, 30 Aug 2021 07:04:15 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Sun, 05 Sep 2021 15:20:42 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame E586 2 KB
498 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:regular,700|Bungee:regular

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

379587f0cc0fe0137ff92ac3ee3671dd1f90119e17e269e26a807a9a668642a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 04 Sep 2021 12:23:26 GMT
server: ESF
date: Sat, 04 Sep 2021 12:27:43 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 04 Sep 2021 12:27:43 GMT

GET
H3-29 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame E586 16 KB
6 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 14:07:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80434
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sat, 04 Sep 2021 14:07:09 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame E586 26 KB
10 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 20:35:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57134
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sat, 04 Sep 2021 20:35:29 GMT

GET
H3-29 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v20/ Frame E586 23 KB
23 KB 11ms
9ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:regular,700|Bungee:regular

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 17:38:06 GMT
x-content-type-options: nosniff
age: 586177
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23484
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:19:01 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Aug 2022 17:38:06 GMT

GET
H3-29 200 N0bU2SZBIuF2PU_0DXR1.woff2
fonts.gstatic.com/s/bungee/v6/ Frame E586 17 KB
17 KB 12ms
10ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/bungee/v6/N0bU2SZBIuF2PU_0DXR1.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:regular,700|Bungee:regular

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b00176dbbd9e4c77629b36fae58d076c8c3b55754e7c2dd3a6e4986e7ec9c37b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 07:45:54 GMT
x-content-type-options: nosniff
age: 103309
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17268
x-xss-protection: 0
last-modified: Tue, 01 Sep 2020 03:47:49 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 07:45:54 GMT

GET
H3-29 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v20/ Frame E586 22 KB
22 KB 10ms
9ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:regular,700|Bungee:regular

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 11:08:54 GMT
x-content-type-options: nosniff
age: 91129
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22992
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:18:57 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 11:08:54 GMT

POST
H2 200 /
track.adform.net/csimpr/ Frame 964E 35 B
469 B 20ms
19ms Ping
image/gif 37.157.6.246
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=48865844&csi=U_WaL7NbJbN8H7DQRf1FwgQIkE0S-E1Q8fa5gL4DpevZKGWOLEEutt6vWmW1dlSa0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.246 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:43 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://hal900021.redintelligence.net
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
DATA 200
OK truncated
/ Frame D892 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4dc620dfd52d82d0dfcf9e32b037e565344af64506c6848caf2f79273bbbf602

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 10123580.js Show response
s1.adform.net/Banners/Elements/Files/160090/10123580/ Frame 1488 3 KB
1 KB 19ms
18ms Script
application/x-javascript 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10123580/10123580.js?ADFassetID=10123580&bv=258

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8929a31c9c06bfe5f5665ae8edc5a27b88793cf97d5f6cfab707e5aadc9b19db

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:43 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 09:31:42 GMT
server: nginx
etag: W/"611f767e-c8a"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H3-29 200 null-leasing-logo-final_white_1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/ Frame E586 2 KB
2 KB 7ms
7ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/null-leasing-logo-final_white_1.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62cdccf1ab4b4215586295612a4a2ef96fa490250fa96dbccc565f659cab86ab

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 311080
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1738
x-xss-protection: 0
last-modified: Mon, 03 May 2021 14:21:52 GMT
server: sffe
date: Tue, 31 Aug 2021 22:03:03 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 31 Aug 2022 22:03:03 GMT

GET
H3-29 200 autos_licht_1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/ Frame E586 6 KB
6 KB 9ms
8ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/autos_licht_1.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a87352099e9b3946d71f4f73c69f9217ef99278088a177d5eef09df78c11e4ae

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 71964
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5867
x-xss-protection: 0
last-modified: Mon, 03 May 2021 14:21:52 GMT
server: sffe
date: Fri, 03 Sep 2021 16:28:19 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 16:28:19 GMT

GET
H3-29 200 autos.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/ Frame E586 48 KB
48 KB 9ms
8ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/autos.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1c45bfa2dc80f54eb8564aa778a0929a00811168617ee6340cc59f0af48e5cca

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 91301
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49113
x-xss-protection: 0
last-modified: Mon, 03 May 2021 14:21:52 GMT
server: sffe
date: Fri, 03 Sep 2021 11:06:02 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 11:06:02 GMT

GET
H3-29 200 hintergrund_plain.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/ Frame E586 30 KB
30 KB 10ms
9ms Image
image/jpeg 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/hintergrund_plain.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

969231fe165a93933d6908d45bfa09c364b66de37160efea47d87d18d7d37bd8

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 90794
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30604
x-xss-protection: 0
last-modified: Mon, 03 May 2021 14:21:52 GMT
server: sffe
date: Fri, 03 Sep 2021 11:14:29 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 11:14:29 GMT

GET
H2 200 screen.css
s1.adform.net/Banners/Elements/Files/160090/10123580/bvpath_258/ Frame 1488 1 KB
857 B 20ms
19ms Stylesheet
text/css 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10123580/bvpath_258/screen.css

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

c6cbd3c4220735c2d4acc220c54d7745bad06143e7b737cca337c96062047b51

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:43 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 09:31:42 GMT
server: nginx
etag: W/"611f767e-53c"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: text/css

GET
H2 200 Adform.DHTML.js Show response
s1.adform.net/banners/scripts/rmb/ Frame 1488 30 KB
13 KB 22ms
21ms Script
application/x-javascript 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/rmb/Adform.DHTML.js?bv=626
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a

Request headers

Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:43 GMT
content-encoding: gzip
last-modified: Fri, 14 May 2021 12:35:29 GMT
server: nginx
etag: W/"609e6e91-76d9"
x-cache-status: HIT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H2 200 introfill.png
s1.adform.net/Banners/Elements/Files/160090/10123580/bvpath_258/ Frame 1488 117 B
413 B 22ms
20ms Image
image/png 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10123580/bvpath_258/introfill.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

9e9b34f0817548b428e128d5a7551fbc499d01fee0a12d016c323f65b9d4e2fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:43 GMT
last-modified: Fri, 20 Aug 2021 09:31:43 GMT
server: nginx
etag: "611f767f-75"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 117

GET
H2 200 stoerer.png
s1.adform.net/Banners/Elements/Files/160090/10123580/bvpath_258/ Frame 1488 8 KB
8 KB 22ms
20ms Image
image/png 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10123580/bvpath_258/stoerer.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

43376938d50178cc61b27a3fcf1205d5b8112d3eb4d920508e4bdb6f0df3172f

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:43 GMT
last-modified: Fri, 20 Aug 2021 09:31:42 GMT
server: nginx
etag: "611f767e-1fac"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 8108

GET
H2 200 text1.png
s1.adform.net/Banners/Elements/Files/160090/10123580/bvpath_258/ Frame 1488 5 KB
5 KB 23ms
21ms Image
image/png 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10123580/bvpath_258/text1.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

a0e4153884882c63418177298932d5a4934056a76fc9fe461fb385bf0c35363e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:43 GMT
last-modified: Fri, 20 Aug 2021 09:31:42 GMT
server: nginx
etag: "611f767e-1442"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 5186

GET
H2 200 banderole.png
s1.adform.net/Banners/Elements/Files/160090/10123580/bvpath_258/ Frame 1488 19 KB
19 KB 25ms
23ms Image
image/png 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10123580/bvpath_258/banderole.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

9e68c89d2dd1e070d6db5d9e1e3a6878f8e1f7383227ece51a89f256f097e48a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:43 GMT
last-modified: Fri, 20 Aug 2021 09:31:42 GMT
server: nginx
etag: "611f767e-4c4f"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 19535

GET
H2 200 disclaimer.png
s1.adform.net/Banners/Elements/Files/160090/10123580/bvpath_258/ Frame 1488 4 KB
4 KB 26ms
24ms Image
image/png 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10123580/bvpath_258/disclaimer.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

5d050189253c7a0e26d4b13f3e96b6ffac273408a548ecc2460fa5c78b327d6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:43 GMT
last-modified: Fri, 20 Aug 2021 09:31:43 GMT
server: nginx
etag: "611f767f-fdc"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 4060

GET
H2 200 date.png
s1.adform.net/Banners/Elements/Files/160090/10123580/bvpath_258/ Frame 1488 2 KB
2 KB 27ms
25ms Image
image/png 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10123580/bvpath_258/date.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

a3f3bc207e5fec2584cf7a5df2f6d75c4abbb9fbf3d9900f99c6c388e9626230

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:43 GMT
last-modified: Fri, 20 Aug 2021 09:31:43 GMT
server: nginx
etag: "611f767f-623"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 1571

GET
H2 200 cta.png
s1.adform.net/Banners/Elements/Files/160090/10123580/bvpath_258/ Frame 1488 1 KB
1 KB 27ms
26ms Image
image/png 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10123580/bvpath_258/cta.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

67945c81e68d618d335f83c88cb132326672fcf9465fdd8e420a30a8cbb9c95f

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:43 GMT
last-modified: Fri, 20 Aug 2021 09:31:42 GMT
server: nginx
etag: "611f767e-499"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 1177

GET
H2 200 logostart.png
s1.adform.net/Banners/Elements/Files/160090/10123580/bvpath_258/ Frame 1488 6 KB
6 KB 62ms
60ms Image
image/png 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10123580/bvpath_258/logostart.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

4bb0ccca3c05bcecf3e87f670193a6fafd4b4b8527838690009052615a68ec2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:43 GMT
last-modified: Fri, 20 Aug 2021 09:31:42 GMT
server: nginx
etag: "611f767e-16d1"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 5841

GET
H2 200 logo.png
s1.adform.net/Banners/Elements/Files/160090/10123580/bvpath_258/ Frame 1488 4 KB
4 KB 62ms
61ms Image
image/png 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10123580/bvpath_258/logo.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

02b72b855bc20c00ae6cfa83214d58ef1d9522a421ddb0ee4d5e41032de5b81a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:43 GMT
last-modified: Fri, 20 Aug 2021 09:31:43 GMT
server: nginx
etag: "611f767f-e5e"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 3678

GET
H2 200 model.jpg
s1.adform.net/Banners/Elements/Files/160090/10123580/bvpath_258/ Frame 1488 16 KB
16 KB 62ms
61ms Image
image/jpeg 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10123580/bvpath_258/model.jpg

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

ab02cdd01c1f62621a68399ed97180c81c8b3988451a2054791eee62bfcef3c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:43 GMT
last-modified: Fri, 20 Aug 2021 09:31:42 GMT
server: nginx
etag: "611f767e-3e38"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/jpeg
content-length: 15928

GET
H2 200 background.jpg
s1.adform.net/Banners/Elements/Files/160090/10123580/bvpath_258/ Frame 1488 26 KB
26 KB 63ms
62ms Image
image/jpeg 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10123580/bvpath_258/background.jpg

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

5faa41f73ee15713fd12a1ba179bc8566d7047f230e74394658d725c9087c1dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:43 GMT
last-modified: Fri, 20 Aug 2021 09:31:42 GMT
server: nginx
etag: "611f767e-664a"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/jpeg
content-length: 26186

GET
H3-29 200 CSSPlugin.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/plugins/ Frame 1488 38 KB
14 KB 63ms
50ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/plugins/CSSPlugin.min.js

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cbf2228ab439f89b83feb79ea549213521a81212fde9ff67f9c73d002d586198

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 989259
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 13669
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-9833"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0lSwXTQbsUt8pAkds1Qj%2BVAYPKCAk19chgIB%2FDdnp1vjy8ElIets3kxzsOP3ONI%2BxQBHGX0TZ5LFUwSvLAKaYV%2BPyG%2FogKuPYa1JYEslwpOD51hhW5ngWQJF9gbD1FvHWk2eBstOb30RnSrXvT5Wv7Pe"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 689736b00dce1772-FRA
expires: Thu, 25 Aug 2022 12:27:44 GMT

GET
H3-29 200 EasePack.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/easing/ Frame 1488 5 KB
2 KB 60ms
48ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/easing/EasePack.min.js

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37bc930c63149650677d732eea9526432bd8494c55737f45c98e7f8ad7c1e7ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2613910
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1730
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-146f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t19C0KwAtqvlbZQgPYhujyixxKzWK9m83FrMp5CbGLrb%2BfXwNcG5zQgSiPOt8JWE%2FO7ePgQwFqFrqhgBPZAzT5HeeJyQOmoktSe7XWS0hMhu9Pctv9xH6Pr4cp6c7TKxaheo8S7Am%2BLAkSAy5pi%2FEK5Q"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 689736b00dc91772-FRA
expires: Thu, 25 Aug 2022 12:27:44 GMT

GET
H3-29 200 TweenLite.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/ Frame 1488 26 KB
9 KB 66ms
54ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/TweenLite.min.js

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e5b4dd28e58e76dbe83eb2b357fdad7e54b85a9def9bf953063d5970a91ee6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 223049
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 8578
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-697f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pt6jP%2FfEjS0tIppDU3Tpm2qbRBZXrJvZnZvgtIA4HL%2Ba%2Fsz4pk%2F7aLVfxjSRbjmuLvJfZPObwDz2g3swLDYh4J6gSSVwDY0a23tReqxsvKHDSXQIWPNkR%2FtEeIldVjsuxM06D30mf4YeXsFcBm91yg6b"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 689736b00dcc1772-FRA
expires: Thu, 25 Aug 2022 12:27:44 GMT

GET
H2 200 script.js Show response
s1.adform.net/Banners/Elements/Files/160090/10123580/bvpath_258/ Frame 1488 7 KB
1 KB 59ms
58ms Script
application/x-javascript 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10123580/bvpath_258/script.js

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

61a2dcaf96aaaf03fc7f52a5b5a22bc688f64ef33c5b63ab12b5923c5b87d5dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:43 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 09:31:43 GMT
server: nginx
etag: W/"611f767f-1dfc"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H2 200 v2 Show response
vis.vi-serve.com/playlist/ 3 KB
3 KB 359ms
91ms XHR
application/json 18.200.219.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://vis.vi-serve.com/playlist/v2?url=https%3A%2F%2Fwww.otosaigon.com%2Fthreads%2Fcho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318%2F&session_id=hgkkfsly3fb2&category=IAB19%2C%20IAB2%2C%20IAB20%2C%20IAB3%2C%20IAB13&publisherId=107455935234537&language=en%2Cvn%5E0.5&useAllCategories=false&useOnlyCategories=false&pageTitle=Cho%20em%20h%E1%BB%8Fi%20ti%C3%AAu%20hao%20nhi%C3%AAn%20li%E1%BB%87u%20KIA%20CARNIVAL%20-%20&pageDescription=em%20th%E1%BA%A5y%20%E1%BB%9F%20%C4%91%C3%A2y%20ch%C6%B0a%20c%C3%B3%20ai%20n%C3%B3i%20t%E1%BB%9Bi%20kia%20carnival%2C%20b%C3%A1c%20n%C3%A0o%20%C4%91i%20qua%20r%E1%BB%93i%20t%C6%B0%20v%E1%BA%A5n%20gi%C3%BAp%20em%20v%E1%BB%9Bi%0A%20em%20%C4%91ang%20%C4%91%E1%BB%8Bnh%20mua%20chi%E1%BA%BFc%20n%C3%A0y%20nh%C6%B0ng%20ch%C6%B0a%20bi%E1%BA%BFt%20nhi%E1%BB%87n%20li%E1%BB%87u%20xe%20nh%C6%B0%20th%E1%BA%BF%20n%C3%A0o%0A%20em%20%C4%91%E1%BB%8Bnh%20mua%20s%E1%BB%91%20s%C3%A1n%20(V6%20m%C3%A0%20AT%20n%E1%BB%AFa%20gia%20%C4%91%C3%ACnh%20em%20kh%C3%B4ng%20%C4%91%E1%BB%A7%20kinh%20ph%C3%AD%20ch%E1%BA%A1y%20n%C3%B3%20qu%C3%A1).%0A%20C%C3%A1c%20b%C3%A1c%20ch%E1%BA%A1y%20qua%20em%20n%C3%A0y%20r%E1%BB%93i%20cho%20em%20h%E1%BB%8Fi%20em%20n%C3%A0y%20ti%C3%AAu%20hao%20bao...&pageLanguage=vi-VN&mobile=false&playlistLength=5

Requested by

Host: s.vi-serve.com
URL: https://s.vi-serve.com/source.m.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

18.200.219.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-200-219-243.eu-west-1.compute.amazonaws.com

Software

Resource Hash

d4e4139bbdb608d186ba5eccbc824de4be59f58f3ea55b67c6fc9045473a6e00

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

access-control-allow-origin: *
x-execution-time: 00:00.058 ms.
date: Sat, 04 Sep 2021 12:27:44 GMT
content-length: 3198
strict-transport-security: max-age=15724800; includeSubDomains
content-type: application/json; charset=utf-8

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 64ms
63ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021090101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090101.js?31062462

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

85f617a7e817cedb0b8cda384ab9f9f272084513d6d0506f6de405f456a3e006

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 12:27:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8535
x-xss-protection: 0

POST
H3-29 200 keep-alive Show response
www.otosaigon.com/login/ 166 B
904 B 903ms
902ms XHR
application/json 2606:4700:20::681a:a35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.otosaigon.com/login/keep-alive
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/js/vendor/jquery/jquery-3.5.1.min.js?_v=d586bcaf
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:a35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 960b1feee8bb8c9f74430d0d46e8b1dcf9f4eb1e44b4892986eaa5030f654fd9

Request headers

sec-fetch-mode: cors
origin: https://www.otosaigon.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
x-requested-with: XMLHttpRequest
cookie: WID=vt151|YTNlj|YTNlj; _ga=GA1.2.2013777321.1630758459; _gid=GA1.2.1004780414.1630758459; _gat_gtag_UA_40673294_1=1; _gat_UA-40673294-1=1; _fbp=fb.1.1630758458631.2122503782; __gads=ID=bdc5fba26f04f273:T=1630758459:S=ALNI_Maj6CgS3DnIZqh2aCXPffmTUzK7gw
content-length: 75
:path: /login/keep-alive
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type: application/x-www-form-urlencoded; charset=UTF-8
accept: application/json, text/javascript, */*; q=0.01
cache-control: no-cache
:authority: www.otosaigon.com
referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Sat, 04 Sep 2021 12:27:45 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-methods: GET, POST, OPTIONS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Sat, 04 Sep 2021 12:27:44 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T64sVp8Hk9aS%2FCd7GUTBIdFs0bhlKO8VjO3flhTK8BALvQnrHPKSNc9YLdxUjyC3WMDQzoIq%2Ffs8SkhATJadRdT3PDgtpzMZNnUtryuOfdm3HMJWB3dKA1ZtKVP%2FFsEi9kjn2KMM89aYrOpY2VPn"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
cache-control: private, no-cache, max-age=0
set-cookie: xf_csrf=gFWk0I2y3xIJDdQY; path=/; secure WID=vt151|YTNlm|YTNlj; path=/
cf-ray: 689736b1eb34d6b1-FRA
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
DATA 200
OK truncated
/ 169 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e023b0c253e6734a8b41e90e969df4e3e0a42dbaae54d088487b3985303ad123

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H3-29 204 ngx_pagespeed_beacon Show response
www.otosaigon.com/ 0
533 B 885ms
884ms XHR
text/plain 2606:4700:20::681a:a35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.otosaigon.com/ngx_pagespeed_beacon?url=http%3A%2F%2Fwww.otosaigon.com%2Fthreads%2Fcho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318%2F

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:a35 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://www.otosaigon.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: WID=vt151|YTNlj|YTNlj; _ga=GA1.2.2013777321.1630758459; _gid=GA1.2.1004780414.1630758459; _gat_gtag_UA_40673294_1=1; _gat_UA-40673294-1=1; _fbp=fb.1.1630758458631.2122503782; __gads=ID=bdc5fba26f04f273:T=1630758459:S=ALNI_Maj6CgS3DnIZqh2aCXPffmTUzK7gw
content-length: 41
:path: /ngx_pagespeed_beacon?url=http%3A%2F%2Fwww.otosaigon.com%2Fthreads%2Fcho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318%2F
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type: application/x-www-form-urlencoded
accept: */*
cache-control: no-cache
:authority: www.otosaigon.com
referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 04 Sep 2021 12:27:45 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mymdjMzpW%2Fui1tzOa%2B7tojq6vuUeFYxbgB%2FyDCk9AR3tPVc8jao7k67Wi2kjoJiTg%2F66VYO%2BcwQLEn6gqKjz9VW2BDB%2FdywpAgjPlMF4iAB62B19vz0CiwH0pdYxhot%2Bn%2Fzsnit1Rx3GTgYPtbiM"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=0, no-cache
cf-ray: 689736b28c25d6b1-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block

POST
H3-29 200 rum Show response
www.otosaigon.com/cdn-cgi/ 0
167 B 10ms
8ms XHR
text/plain 2606:4700:20::681a:a35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.otosaigon.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:a35 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-fetch-mode: cors
origin: https://www.otosaigon.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: WID=vt151|YTNlj|YTNlj; _ga=GA1.2.2013777321.1630758459; _gid=GA1.2.1004780414.1630758459; _gat_gtag_UA_40673294_1=1; _gat_UA-40673294-1=1; _fbp=fb.1.1630758458631.2122503782; __gads=ID=bdc5fba26f04f273:T=1630758459:S=ALNI_Maj6CgS3DnIZqh2aCXPffmTUzK7gw
content-length: 27779
:path: /cdn-cgi/rum?
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: www.otosaigon.com
referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type: application/json

Response headers

date: Sat, 04 Sep 2021 12:27:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://www.otosaigon.com
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 689736b29c2ad6b1-FRA
vary: Origin

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090101.js?31062462

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Sat, 04 Sep 2021 12:27:44 GMT

POST
H3-29 204 ngx_pagespeed_beacon Show response
www.otosaigon.com/ 0
528 B 908ms
908ms XHR
text/plain 2606:4700:20::681a:a35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.otosaigon.com/ngx_pagespeed_beacon?url=http%3A%2F%2Fwww.otosaigon.com%2Fthreads%2Fcho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318%2F

Requested by

Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:a35 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://www.otosaigon.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: WID=vt151|YTNlj|YTNlj; _ga=GA1.2.2013777321.1630758459; _gid=GA1.2.1004780414.1630758459; _gat_gtag_UA_40673294_1=1; _gat_UA-40673294-1=1; _fbp=fb.1.1630758458631.2122503782; __gads=ID=bdc5fba26f04f273:T=1630758459:S=ALNI_Maj6CgS3DnIZqh2aCXPffmTUzK7gw
content-length: 7449
:path: /ngx_pagespeed_beacon?url=http%3A%2F%2Fwww.otosaigon.com%2Fthreads%2Fcho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318%2F
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type: application/x-www-form-urlencoded
accept: */*
cache-control: no-cache
:authority: www.otosaigon.com
referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 04 Sep 2021 12:27:45 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yvT5YEPC3tOo5caQ40OWtySzFq36Ss23Wziq74yEddLlatOG6903g9pCuYSyedTwjUr%2BL92C9tQxWWE1su8jpD%2Bb2fAAXa52zmXAWd%2FehuOTSrA33t2yJ%2FpBOLfyVlcLvCC0hciAbp%2Ffnw1GzuVI"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=0, no-cache
cf-ray: 689736b2dc9dd6b1-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame AC26 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.otosaigon.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.otosaigon.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5029
date: Sat, 04 Sep 2021 11:21:36 GMT
expires: Sun, 04 Sep 2022 11:21:36 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 3968
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 99CF 783 B
537 B 17ms
16ms Document
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

cafddae59229ef29466be0e3011d433f24bf00a399c08c528b1094be3a498aed

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-B8dyE13vZnGwUhi6aL546A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.otosaigon.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.otosaigon.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 04 Sep 2021 12:27:44 GMT
date: Sat, 04 Sep 2021 12:27:44 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-B8dyE13vZnGwUhi6aL546A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 WyPn2IgoBqLw06x46K_q_eg8d-IpxicgJR-1ncxoZqI.js Show response
pagead2.googlesyndication.com/bg/ Frame AC26 35 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/WyPn2IgoBqLw06x46K_q_eg8d-IpxicgJR-1ncxoZqI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b23e7d8882806a2f0d3ac78e8afeafde83c77e229c62720251fb59dcc6866a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 11:21:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3967
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13351
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 04 Sep 2022 11:21:37 GMT

GET
H2 204 /
t.vi-serve.com/ 0
48 B 28ms
28ms Image
text/plain 52.17.85.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.vi-serve.com/?event=NV_LOADED&page_url=https%3A%2F%2Fwww.otosaigon.com%2Fthreads%2Fcho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318%2F&pub_id=107455935234537&channel_id=ft1qwjd9a&placement_id=pltLK33C0krMTw0wref&ad_unit_type=2&session_id=hgkkfsly3fb2&focus=true&player=playerVI&build=m&pageLanguage=vi-vn&placement_w=500&placement_h=0&time_delta=10372&requestedCategories=IAB19,IAB2,IAB20,IAB3,IAB13&requestedLanguage=en,vn^0.5&position_on_page=21&playlist_pos=1&matchedCategory=IAB2&mobile=false&floating=false&nv_video_id=4Jm1q20BotWZybvZTRZx&nv_source_id=101&nv_feed_id=1194&in_view=false&cb=3bfd
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.85.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-85-197.eu-west-1.compute.amazonaws.com
Software: fasthttp /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:44 GMT
server: fasthttp

GET
H2 200 4Jm1q20BotWZybvZTRZx.jpg
nv.vi-serve.com/vis-media/101/1194/ 153 KB
153 KB 97ms
43ms Image
image/jpeg 205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nv.vi-serve.com/vis-media/101/1194/4Jm1q20BotWZybvZTRZx.jpg
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: 0a6a6195f864d4be024657df40caae0f048a70651972c66a23207fcf814ca202

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:44 GMT
last-modified: Sun, 10 Jan 2021 17:18:44 GMT
etag: "1610299124"
x-hw: 1630758464.dop251.am5.t,1630758464.cds282.am5.hn,1630758464.cds029.am5.pr
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 156734

GET
DATA 200
OK truncated
/ 216 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5fe061d3da79d71cb8d7c2b7e72fc2b4e3affb446c1b3807e7e2ab5593988d5b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 204 /
t.vi-serve.com/ 0
48 B 41ms
41ms Image
text/plain 52.17.85.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.vi-serve.com/?event=INFO&page_url=https%3A%2F%2Fwww.otosaigon.com%2Fthreads%2Fcho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318%2F&pub_id=107455935234537&channel_id=ft1qwjd9a&placement_id=pltLK33C0krMTw0wref&ad_unit_type=2&session_id=hgkkfsly3fb2&focus=true&player=playerVI&build=m&pageLanguage=vi-vn&placement_w=500&placement_h=0&time_delta=10374&data=lazy:off&cmpFramework=false&gdprApplies=true&gdprStatus=none&consent=0&segments=&brandSafety=&position_on_page=21&playlist_pos=1&matchedCategory=IAB2&mobile=false&floating=false&in_view=false&cb=b2d6
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.85.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-85-197.eu-west-1.compute.amazonaws.com
Software: fasthttp /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:44 GMT
server: fasthttp

GET
H2 204 /
t.vi-serve.com/ 0
48 B 41ms
41ms Image
text/plain 52.17.85.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.vi-serve.com/?event=INVENTORY&page_url=https%3A%2F%2Fwww.otosaigon.com%2Fthreads%2Fcho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318%2F&pub_id=107455935234537&channel_id=ft1qwjd9a&placement_id=pltLK33C0krMTw0wref&ad_unit_type=2&session_id=hgkkfsly3fb2&focus=true&player=playerVI&build=m&pageLanguage=vi-vn&placement_w=500&placement_h=281&video_w=500&video_h=281&time_delta=10390&position_on_page=21&playlist_pos=1&matchedCategory=IAB2&mobile=false&floating=false&in_view=false&cb=72cc
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.85.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-85-197.eu-west-1.compute.amazonaws.com
Software: fasthttp /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:44 GMT
server: fasthttp

GET
H2 200 sources Show response
call.inforsea.com/adserver/ 9 KB
9 KB 532ms
32ms Fetch
application/json 18.203.62.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://call.inforsea.com/adserver/sources?affiliate_id=ft1qwjd9a&VI_DOMAIN=otosaigon.com&VIC_WIDTH=500&VIC_HEIGHT=281&VI_PUBLISHERID=107455935234537&VI_CDIM2=107455935234537&VI_DNT=0&VI_SEGMENTS=&VI_BSAFE=&VI_GDPR=1&VI_CONSENT=&VI_CDIM1=101&VI_CUSTOM10=IAB2&VI_IAB=IAB2&VI_IABSHORT=2&VI_DURATION=64&VI_CATEGORY=Automotive&VI_TITLE=This%20is%20the%20new%20Kia%20XCeed&VI_VIDSEG=&cb=1feocer35

Requested by

Host: player.inforsea.com
URL: https://player.inforsea.com/player.m.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

18.203.62.2 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-203-62-2.eu-west-1.compute.amazonaws.com

Software

Resource Hash

368515b51a4958d7e64bea11f46da5176084748d3af4ead8e0484aa45dbb95fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:45 GMT
strict-transport-security: max-age=15724800; includeSubDomains
content-type: application/json
access-control-allow-origin: https://www.otosaigon.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 8775
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vi_logo.svg
s.vi-serve.com/ 1 KB
889 B 31ms
30ms Image
image/svg+xml 205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.vi-serve.com/vi_logo.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: UploadServer /
Resource Hash: 3d98123e0840ba76b93bf92147d2664fb0bc23cf37d61561e48fd270bbd0d1de

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-goog-hash: crc32c=kHN4+w==, md5=BaTzNhMnoBMWP5P9UtTwPg==
date: Sat, 04 Sep 2021 12:27:44 GMT
content-encoding: gzip
x-goog-meta-goog-reserved-file-mtime: 1548836449
x-guploader-uploadid: ADPycdtc4W_OHrZFgkaJobCLsXHJ5_-oJ27oTAzZozCEMQcUv0utrK_f5LOT93wG_nU7f66fMEFkvpt2SqakNb0T0vQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 558
x-hw: 1630758464.dop251.am5.t,1630758464.cds282.am5.hn,1630758464.cds239.am5.c
last-modified: Wed, 13 Jan 2021 12:41:20 GMT
server: UploadServer
etag: "05a4f3361327a013163f93fd52d4f03e"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
x-goog-generation: 1610541680744704
access-control-allow-origin: *
cache-control: private, max-age=0, max-age=300, must-revalidate
access-control-allow-credentials: false
x-goog-stored-content-length: 1193
accept-ranges: bytes
content-type: image/svg+xml
access-control-allow-headers: *

GET
H2 204 log
pixel.inforsea.com/server/ 0
48 B 28ms
28ms Image
text/plain 63.33.79.252
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.inforsea.com/server/log?event=v&dim9=10449&session_id=hgkkfsly3fb2&affiliate_id=ft1qwjd9a&domainapp=otosaigon.com&width=500&height=281&visible=75&cb=4954410457724&publisher_id=107455935234537
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.33.79.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-33-79-252.eu-west-1.compute.amazonaws.com
Software: fasthttp /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:44 GMT
server: fasthttp

GET
H2 204 /
t.vi-serve.com/ 0
48 B 29ms
29ms Image
text/plain 52.17.85.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.vi-serve.com/?event=INVIEW&page_url=https%3A%2F%2Fwww.otosaigon.com%2Fthreads%2Fcho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318%2F&pub_id=107455935234537&channel_id=ft1qwjd9a&placement_id=pltLK33C0krMTw0wref&ad_unit_type=2&session_id=hgkkfsly3fb2&focus=true&player=playerVI&build=m&pageLanguage=vi-vn&placement_w=500&placement_h=349&video_w=500&video_h=281&time_delta=10450&position_on_page=21&playlist_pos=1&matchedCategory=IAB2&mobile=false&floating=false&nv_video_id=4Jm1q20BotWZybvZTRZx&nv_source_id=101&nv_feed_id=1194&in_view=true&cb=5a56
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.85.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-85-197.eu-west-1.compute.amazonaws.com
Software: fasthttp /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:44 GMT
server: fasthttp

GET
H3-29 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 24ms
24ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&t=2&li=gpt_2021090101&jk=3776039019293028&bg=!0NOl05fNAAYJpm41CaY7ACkAdvg8Whgwp6qbj98xtY7K5AWAvdj5-DffLchY00Cbc6-9jjADFdohcQIAAADXUgAAABFoAQcKAFN7yqq1hmxrusQxvS9RbXZFJgi2mIWAxyaR57iLv9Lhs_b02m9oerIXUdKGNjFNTJzXdP3-YnVf6BgslAJVAPYfaGQdTN9fGrkkp33xRjKW0WGzFpkCguocOIoXeKe8mtemNwfRrlb9hXCMYcKliGPYgOUI2K11iKDHY0TUT3VaWXtnjtIMwikzRNNj29PiVLZ0WZxhMq0M9EcDVr24fmouuberH3gevTzGl8jfPtTQuhDXo0nYewTRGvhRNm-rM-Le6s_5ZVOkwypBlyuZLjVhc9sGYQnmg21Bxo8Q2LL8U7OrrfyUp8ntO4j4x53wamOf20aoMqqmF3JnmjYeeVTE8icOZziVawUi17CxEQ_0KSONdeLuojXMJzoyijpKBkjI_oySyC8NiwKDCJoZInIAQhbNRKdcan9rDMAy7lgX7he1rgarEfaX2GWlLvwrTNyPOuF4w33hKc88vJoYJwOf70hFUbjudwE2BnrhJbXRZ8_t8FZrtC0sihbNTOBPyLJyNN7zTyjnP4N5svhVxVv04wOFyBtlvEFiKrZA2FQO1uh074hZG3Eh5FZCkJlpGxI75M9EqqbniEooXCXdmqqtbKb-snWnuesR3J1wznPHpceWacyG1N0BERidnbJfKJkNCnBLWlWyCGJk5FXl6wxnLqU1Kk57FZX9iUMEi3I93KXXtRRkQN6HS6y6VikWSd2Pavjmv3JWeny4LjkH39Bli6YVrzCtvoaQnhXG2RywiqdNDFGrZ0ZIeL8RsvPDSYnPs6DqchrMPHL-e3E9b2h9TxWrAztLpn5FS3wjMy_Z8m_ZBvKLuemeV5TbljcJn0h74SySjcE7jAaWb0FE8hngod0DOVN6prMDik-gfgJLUOzCrMVXLi0-mGvWgzp--DSQ_EC4mXot_CsIM21gNTrBgWnenYWMliyRCi2cmJQ0mbXE-27QgKixU0ht7Q22VLE-exP2dO3QrQ
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame C4B6 346 KB
119 KB 188ms
19ms Script
text/javascript 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: player.inforsea.com
URL: https://player.inforsea.com/player.m.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a876f6cbd09c5f245491f6877db2a6bb7faa356893ae8a5f8881b2ad6c64212

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121776
x-xss-protection: 0
expires: Sat, 04 Sep 2021 12:27:45 GMT

GET
H3-29 200 bridge3.478.2_en.html Show response
imasdk.googleapis.com/js/core/ Frame 5B24 574 KB
188 KB 28ms
14ms Document
text/html 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ba74b0b7223564fe5de95a05498160da36162274673a6c4583a757d233c41b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.478.2_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.otosaigon.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.otosaigon.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 192508
date: Fri, 03 Sep 2021 19:55:47 GMT
expires: Sat, 03 Sep 2022 19:55:47 GMT
last-modified: Fri, 03 Sep 2021 19:50:18 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 59518
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ Frame C4B6 44 KB
17 KB 30ms
29ms Script
text/javascript 142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
expires: Sat, 04 Sep 2021 12:27:45 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame C4B6 107 B
122 B 23ms
22ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.otosaigon.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 12:27:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame B401 36 KB
12 KB 12ms
12ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:13:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 844
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Sat, 04 Sep 2021 13:13:41 GMT

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 5B24 81 KB
15 KB 279ms
278ms XHR
text/xml 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21708299310%2C22525610474%2Fca-video-pub-5617098146054077-tag%2F107455935234537&description_url=https%3A%2F%2Fwww.otosaigon.com%2F&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=537749171459315&sdkv=h.3.478.2&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C450x50%2C468x60%2C480x70&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&u_so=l&ctv=0&sdki=44d&adk=3752373520&sdk_apis=2%2C8&sid=943B097F-1ECE-4610-8B7D-2FB350E9424C&eid=44730612%2C44737475&top=https%3A%2F%2Fwww.otosaigon.com%2Fthreads%2Fcho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318%2F&url=https%3A%2F%2Fwww.otosaigon.com%2Fthreads%2Fcho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318%2F&dt=1630758465609&cookie=ID%3Dbdc5fba26f04f273%3AT%3D1630758459%3AS%3DALNI_Maj6CgS3DnIZqh2aCXPffmTUzK7gw&scor=3258566009830955&ged=ve4_td1_tt1_pd1_la1000_er988.394.1143.694_vi0.0.1200.1600_vp100_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

2a954bf31e1f848bf58adc7e3a15261b8ffd0d4358426ae840de8a7afee09e59

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:45 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15232
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 204
No Content 317761 Show response
search.spotxchange.com/openrtb/2.3/dados/ 0
1 KB 75ms
29ms XHR
application/json 185.94.180.123
SPOTX-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://search.spotxchange.com/openrtb/2.3/dados/317761
Requested by: Host: player.inforsea.com
URL: https://player.inforsea.com/player.m.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 185.94.180.123 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sat, 04 Sep 2021 12:27:45 GMT
X-SpotX-Timing-Transform: 0.000470
X-SpotX-Timing-SpotMarket: 0.005439
X-SpotX-Timing-Page-Mux: 0.000303
X-SpotX-Timing-Page-Require: 0.000404
X-fe: 075
Connection: keep-alive
X-SpotX-Timing-Page-Cookie: 0.000041
X-SpotX-Timing-Page: 0.011096
Pragma: no-cache
X-SpotX-Timing-Page-Context: 0.000347
Last-Modified: Sat, 04 Sep 2021 12:27:45 GMT
Server: nginx
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
X-SpotX-Timing-SpotMarket-Primary: 0.005439
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.otosaigon.com
X-SpotX-Timing-Page-Misc: 0.004076
X-SpotX-Timing-Page-Exception: 0.000001
X-SpotX-Timing-SpotMarket-Secondary: 0.000000
X-SpotX-Timing-Page-URI: 0.000015
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ 153 B
368 B 31ms
8ms XHR
application/json 52.28.56.40
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: player.inforsea.com
URL: https://player.inforsea.com/player.m.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.28.56.40 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-56-40.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: f216869f72018835d99618e1184f629b8f3189053c203834e7c237f16b012620

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:45 GMT
content-encoding: gzip
content-type: application/json
access-control-allow-origin: https://www.otosaigon.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 152
expires: 0

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 27 B
377 B 92ms
74ms XHR
application/json 23.37.38.181
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=698683&v=8.1&ac=j&sd=1&nf=1&r=%7B%22id%22%3A%221630758465922-442%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.otosaigon.com%2Fthreads%2Fcho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%7D%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22vi.ai%22%2C%22sid%22%3A%22107455935234537%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A1%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%221630758465922-133%22%2C%22ext%22%3A%7B%22siteID%22%3A%22698683%22%2C%22sid%22%3A%22500x281%22%7D%2C%22bidfloor%22%3A1.5%2C%22bidfloorcur%22%3A%22USD%22%2C%22video%22%3A%7B%22skippable%22%3Afalse%2C%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%5D%2C%22minduration%22%3A1%2C%22maxduration%22%3A60%2C%22api%22%3A%5B2%5D%2C%22protocols%22%3A%5B2%2C3%2C5%2C6%5D%2C%22w%22%3A500%2C%22h%22%3A281%2C%22placement%22%3A1%7D%7D%5D%7D
Requested by: Host: player.inforsea.com
URL: https://player.inforsea.com/player.m.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.38.181 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-38-181.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 40d8cd7abc619c9c0eab9946cc4a4f375a8559b397358c1e3ddab7c73d97ed15

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:46 GMT
content-encoding: gzip
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[195.181.174.89], XFF:[]
server: Apache
vary: Is-Traffic-Invalid,Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.otosaigon.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 47
x-ak-client-geo: 12
expires: Sat, 04 Sep 2021 12:27:46 GMT

GET
H2 200 avjp Show response
videointelligence-d.openx.net/v/1.0/ 106 B
478 B 100ms
28ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://videointelligence-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fwww.otosaigon.com%2Fthreads%2Fcho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-120&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=1630758465924-931&nocache=1630758465924&gdpr_consent=&gdpr=1&schain=1.0%2C1!vi.ai%2C107455935234537%2C1%2C%2C%2C&openrtb=%7B%22imp%22%3A%5B%7B%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fx-ms-wmv%22%2C%22video%2Fmp4%22%2C%22application%2Fjavascript%22%5D%2C%22w%22%3A500%2C%22h%22%3A281%7D%7D%5D%2C%22w%22%3A500%2C%22v%22%3A281%7D&auid=545643558&vwd=500&vht=281
Requested by: Host: player.inforsea.com
URL: https://player.inforsea.com/player.m.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.214.0 /
Resource Hash: 730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:46 GMT
via: 1.1 google
server: OXGW/16.214.0
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.otosaigon.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 106
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
117 B 111ms
79ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: player.inforsea.com
URL: https://player.inforsea.com/player.m.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.otosaigon.com
date: Sat, 04 Sep 2021 12:27:44 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H2 204 log
pixel.inforsea.com/server/ 0
48 B 28ms
28ms Image
text/plain 63.33.79.252
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.inforsea.com/server/log?event=b&dim9=11690&session_id=hgkkfsly3fb2&affiliate_id=ft1qwjd9a&domainapp=otosaigon.com&width=500&height=281&visible=75&cb=6845152645600&publisher_id=107455935234537&country=DE&os=Windows&os_version=10&browser=Chrome&browser_version=92&iab=IAB2&ad_source_id=cskqxodat&sell_cpm=0.26&request_cost=0&impc_aa=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.33.79.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-33-79-252.eu-west-1.compute.amazonaws.com
Software: fasthttp /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:45 GMT
server: fasthttp

GET
H2 204 log
pixel.inforsea.com/server/ 0
48 B 28ms
28ms Image
text/plain 63.33.79.252
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.inforsea.com/server/log?event=mu&dim9=11692&session_id=hgkkfsly3fb2&affiliate_id=ft1qwjd9a&domainapp=otosaigon.com&width=500&height=281&visible=75&cb=7420777803867&publisher_id=107455935234537&country=DE&os=Windows&os_version=10&browser=Chrome&browser_version=92&iab=IAB2&ad_source_id=cskqxodat&sell_cpm=0.26&request_cost=0&impc_aa=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.33.79.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-33-79-252.eu-west-1.compute.amazonaws.com
Software: fasthttp /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:45 GMT
server: fasthttp

POST
H2 204 csi
csi.gstatic.com/ Frame 5B24 0
54 B 843ms
284ms Ping
image/gif 2404:6800:4005:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~kt5rhh5z&c=2228270423422&slotId=1114135211711&qqid=CK2Kvdio5fICFRbtdwodBEYJcg&gqid=QWYzYaaRJtqGjuwPofiPuAE&fb=ima_html5-lima&sdkv=h.3.478.2&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vmfc=1&vhc=0&wta=1&hghme=1&ghmsh_eids=44730612%2C44737475&met.4=ghmsh_s.kt5rhhf5~ghmsh_s.kt5rhhf6&ghmsh_mi=22%2C18%2C22%2C18%2C&ghmsh_vi=134%2C136%2C243%2C247%2C134%2C136%2C243%2C247%2C&ghmsh_ai=139%2C140%2C250%2C139%2C140%2C250%2C&ghmsh_gvt=0&ams=1&vs=1280x720&vc=avc1.64001F&mt=video%2Fmp4&vsrc=youtube&bit=22&cpn=YlHw0VpHqJYtUyu_
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4005:812::2003 Central, Hong Kong, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:46 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 5B24 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3-29 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 5B24 42 B
64 B 20ms
18ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=Ca74rQWYzYe3lJ5ba3wOEjKWQB4bm3fZkjdnJ3p4OsJAfEAEg-KHCZ2CVgoCAsAegAdHQ0MkCyAEFqQK3zvaIH-6zPuACAKgDAZgEAKoEsQJP0PdI9gAG4JILLfNG2uxqUC2xvBxuLg4IqG7VAAdHoXxS4a_BqnzBtmez1ScLRtx9esNO90dFUjmkP_2X2C23CwINNOYqqJNztdK5XhWOLo6XdhfYlPAEI1tMLlH91V9CzcSuO5L6yE82Pu4m_l7N3nC_2gBm6ixM0ubiBwZXItHfjAVKUwWbwQp8P7uzMpzbMsEU824OkwcLkBv-WYRjMG_IN0Z8WPoOCdp_EJKEBtD9GMJ6BXWsYrR-bbffgh2QWhBbjBdK9xfoK_FvobnsVwrRiluOio75Z2iEFgWLsZPkEnVCnzd2I4eG68FesqFyCfEYFkuzbCh4q7X1pc3opMnl50wUP9ddJhNRIoCycGVIPooy6936-Nbf9iH-NJfk0pq-4MVnhQbSMaNQdXiYecAEm8_t0dgD4AQBiAXesP79NZIFBggDEAEYAaAGVIAHl6-vtgGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgHnNwbqAfulrECqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcBqAgB0ggJCIDhgBAQARgdmgkqaHR0cHM6Ly93d3cuaHl1bmRhaS5kZS9rYW1wYWduZS9lZGl0aW9uMzAvsQnI_a0t-pkR2YAKA8gLAdALDuALAbgMAbATrbK4DNgTDdgUAdAVAagWAeIWAggBgBcB&sigh=E1zI_NM3yTw&label=show_ad&acvw=&sdkv=h.3.478.2&vci=CmUIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDQ4OTI4Nzc0MDU1NzIMNTQzMTI1MjY4ODczQJ0CUh0QDyUAAPBBKAE6B3Vua25vd25CB3Vua25vd25QABgB

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 adview
pubads.g.doubleclick.net/pagead/ Frame 5B24 0
0 57ms
55ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubads.g.doubleclick.net/pagead/adview?ai=CERhPQWYzYe3lJ5ba3wOEjKWQB4bm3fZkjdnJ3p4OsJAfEAEg-KHCZ2CVgoCAsAegAdHQ0MkCyAEFqQK3zvaIH-6zPuACAKgDAZgEAKoErgJP0PdI9gAG4JILLfNG2uxqUC2xvBxuLg4IqG7VAAdHoXxS4a_BqnzBtmez1ScLRtx9esNO90dFUjmkP_2X2C23CwINNOYqqJNztdK5XhWOLo6XdhfYlPAEI1tMLlH91V9CzcSuO5L6yE82Pu4m_l7N3nC_2gBm6ixM0ubiBwZXItHfjAVKUwWbwQp8P7uzMpzbMsEU824OkwcLkBv-WYRjMG_IN0Z8WPoOCdp_EJKEBtD9GMJ6BXWsYrR-bbffgh2QWhBbjBdK9xfoK_FvobnsVwrRiluOio75Z2iEFgWLsZPkEnVCnzd2I4eG68FesqFyCfEYFkuzbCh4q7X1pc3opMnl50wUP9ddJhNRIoCycGUQPzhY4_ca7EQuQuqggFyNPxG_A04uet-EzlIpbMAEm8_t0dgD4AQBkgUGCBsQARgBoAZUgAeXr6-2AagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAec3BuoB-6WsQKoB6a-G9gHAfIHBBDcx0aoCAHSCAkIgOGAEBABGB2ACgPICwGwE62yuAzCEwYY0dDQyQLIE-2Jh94D2BMN2BQB0BUBqBYB4hYCCAGAFwGyFx4KHAgAEhRwdWItNTYxNzA5ODE0NjA1NDA3NxiszGw&sigh=KifO87AVOns&cmd=Ch1jYS12aWRlby1wdWItNTYxNzA5ODE0NjA1NDA3NxAAGAI&vt=10&sdkv=h.3.478.2&vci=CmUIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDQ4OTI4Nzc0MDU1NzIMNTQzMTI1MjY4ODczQJ0CUh0QDyUAAPBBKAE6B3Vua25vd25CB3Vua25vd25QABgB
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s56-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H2 200 hqdefault.jpg
i.ytimg.com/vi/OA_dKpXFf5w/ Frame 5B24 13 KB
13 KB 41ms
10ms Image
image/jpeg 2a00:1450:4001:82a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/OA_dKpXFf5w/hqdefault.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d07f39204d1a02f22cdeed4cc0dbb907f9fc6b0933736e6acb2c7936781eac7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:11:40 GMT
vary: Origin
server: sffe
age: 965
etag: "0"
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube
content-type: image/jpeg
cache-control: public, max-age=7200
x-content-type-options: nosniff
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12819
x-xss-protection: 0
expires: Sat, 04 Sep 2021 14:11:40 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame C4B6 0
348 B 800ms
284ms Ping
image/gif 2404:6800:4005:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~kt5rhh1o&c=2228270423422&slotId=1114135211711&eee=missing-element&bi=missing-id
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4005:812::2003 Central, Hong Kong, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:46 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 0556 281 B
554 B 37ms
8ms Document
text/html 23.37.42.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=
Requested by: Host: player.inforsea.com
URL: https://player.inforsea.com/player.m.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-42-132.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.otosaigon.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.otosaigon.com/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 23 Feb 2021 20:47:52 GMT
ETag: "402b0-119-5bc0708346e00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sat, 04 Sep 2021 12:27:46 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5B24 0
20 B 41ms
38ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?evt=start&format=TRUEVIEW&lid=143&sdkv=h.3.478.2&e=44730612%2C44737475&id=ima_html5&c=790607940518820&domain=www.otosaigon.com

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

206

videoplayback
rr1---sn-4g5ednz7.googlevideo.com/
Redirect Chain

https://rr7---sn-n02xgoxufvg3-2gbs.googlevideo.com/videoplayback?expire=1630787265&ei=QWYzYabMM4Ox1wLCl6zQAg&ip=195.181.174.89&id=380fdd2a95c57f9c&itag=22&source=youtube&requiressl=yes&mh=5Q&mm=31&...
https://rr1---sn-4g5e6nss.googlevideo.com/videoplayback?expire=1630787265&ei=QWYzYabMM4Ox1wLCl6zQAg&ip=195.181.174.89&id=380fdd2a95c57f9c&itag=22&source=youtube&requiressl=yes&susc=gvp&acao=yes&cti...
https://rr1---sn-4g5ednz7.googlevideo.com/videoplayback?expire=1630787265&ei=QWYzYabMM4Ox1wLCl6zQAg&ip=195.181.174.89&id=380fdd2a95c57f9c&itag=22&source=youtube&requiressl=yes&susc=gvp&acao=yes&cti...

4 MB
4 MB

27ms
7ms

Media
video/mp4

2a00:1450:4001:3d::6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rr1---sn-4g5ednz7.googlevideo.com/videoplayback?expire=1630787265&ei=QWYzYabMM4Ox1wLCl6zQAg&ip=195.181.174.89&id=380fdd2a95c57f9c&itag=22&source=youtube&requiressl=yes&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=30.069&lmt=1630682938102041&txp=5432434&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRQIhANFFRIxFc-qBMgf4bgZJLAbjw4jUpI5UcGN_o3K_HicsAiBNKjy0wV1hKGXdGmhR2Eg13UBk-9lpdcDNxTByhfLDlw==&cpn=YlHw0VpHqJYtUyu_&rm=sn-n02xgoxufvg3-2gbs7k,sn-4g5ezl7e&req_id=d339c95f9ba936e2&redirect_counter=2&fexp=24052760&cms_redirect=yes&ipbypass=yes&mh=5Q&mip=2a01:4f8:121:131a::2&mm=29&mn=sn-4g5ednz7&ms=rdu&mt=1630758287&mv=u&mvi=1&pl=48&lsparams=ipbypass,mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIhAN2gi5j3HtW65KtTjBLPIz4fl9uMNQr5GCkRSGaSJunxAiAi29QBWuSpx5n-8tCZSFb67Ra2TqHS0PO1W60Gpa5OkA%3D%3D

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:3d::6 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

68c2dc18b84694124eb1fc6b2bfe897349841bdfacda58f3330e80ff27aab286

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:46 GMT
x-content-type-options: nosniff
last-modified: Fri, 03 Sep 2021 15:28:58 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
Content-Range: bytes 0-4218793/4218794
client-protocol: quic
cache-control: private, max-age=28499
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 4218794
expires: Sat, 04 Sep 2021 12:27:46 GMT

Redirect headers

date: Sat, 04 Sep 2021 12:27:46 GMT
x-content-type-options: nosniff
last-modified: Wed, 02 May 2007 10:26:10 GMT
server: gvs 1.0
vary: Origin
content-type: text/html
location: https://rr1---sn-4g5ednz7.googlevideo.com/videoplayback?expire=1630787265&ei=QWYzYabMM4Ox1wLCl6zQAg&ip=195.181.174.89&id=380fdd2a95c57f9c&itag=22&source=youtube&requiressl=yes&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=30.069&lmt=1630682938102041&txp=5432434&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRQIhANFFRIxFc-qBMgf4bgZJLAbjw4jUpI5UcGN_o3K_HicsAiBNKjy0wV1hKGXdGmhR2Eg13UBk-9lpdcDNxTByhfLDlw==&cpn=YlHw0VpHqJYtUyu_&rm=sn-n02xgoxufvg3-2gbs7k,sn-4g5ezl7e&req_id=d339c95f9ba936e2&redirect_counter=2&fexp=24052760&cms_redirect=yes&ipbypass=yes&mh=5Q&mip=2a01:4f8:121:131a::2&mm=29&mn=sn-4g5ednz7&ms=rdu&mt=1630758287&mv=u&mvi=1&pl=48&lsparams=ipbypass,mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIhAN2gi5j3HtW65KtTjBLPIz4fl9uMNQr5GCkRSGaSJunxAiAi29QBWuSpx5n-8tCZSFb67Ra2TqHS0PO1W60Gpa5OkA%3D%3D
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
content-length: 0
expires: Sat, 04 Sep 2021 12:27:46 GMT

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame 0808 2 KB
1 KB 29ms
11ms Document
text/html 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: player.inforsea.com
URL: https://player.inforsea.com/player.m.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c

Request headers

Host: js-sec.indexww.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.otosaigon.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.otosaigon.com/

Response headers

Server: Apache
Last-Modified: Thu, 11 Feb 2021 16:12:45 GMT
ETag: "e20015-90b-5bb11ca420f07"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1151
Date: Sat, 04 Sep 2021 12:27:46 GMT
Connection: keep-alive

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 0556 31 KB
10 KB 15ms
15ms Script
text/html 23.37.42.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-42-132.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 1098f28d5edbc596432484aabf1ef10028120b1fcca960cffd5bda99425d7afd

Request headers

Referer: https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 04 Sep 2021 12:27:46 GMT
Content-Encoding: gzip
Last-Modified: Tue, 24 Aug 2021 22:28:41 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=79514
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9360
Expires: Sun, 05 Sep 2021 10:33:00 GMT

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame 76EE 668 B
751 B 24ms
23ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=
Requested by: Host: player.inforsea.com
URL: https://player.inforsea.com/player.m.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.214.0 /
Resource Hash: 42523a989fef6ed6ba69f7bd7b8caa85ae7164cac654f831d51c81db0ccb7ff4

Request headers

:method: GET
:authority: u.openx.net
:scheme: https
:path: /w/1.0/pd?gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.otosaigon.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=ea0003bd-47a4-064b-1a54-1a4c313fe6a0|1630758466
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.otosaigon.com/

Response headers

vary: Accept, Accept-Encoding
set-cookie: i=ea0003bd-47a4-064b-1a54-1a4c313fe6a0|1630758466; Version=1; Expires=Sun, 04-Sep-2022 12:27:46 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1630758466|gekin0vNiygu; Version=1; Expires=Sun, 19-Sep-2021 12:27:46 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.214.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Sat, 04 Sep 2021 12:27:46 GMT
content-type: text/html
content-length: 417
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 0479 38 KB
14 KB 34ms
7ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: player.inforsea.com
URL: https://player.inforsea.com/player.m.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 9005ef18fcfb3897cd13c7ec73f90d2b0da0cc7d6153be58cdbe90ad5e2741c8

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.otosaigon.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.otosaigon.com/

Response headers

last-modified: Tue, 15 Jun 2021 06:07:52 GMT
etag: "13006b6-974e-5c4c7cb53d8cb"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13946
content-type: text/html; charset=UTF-8
cache-control: public, max-age=147944
expires: Mon, 06 Sep 2021 05:33:30 GMT
date: Sat, 04 Sep 2021 12:27:46 GMT
vary: Accept-Encoding

GET
H/1.1 200
OK khaos.jpg
token.rubiconproject.com/ Frame 0556 284 B
536 B 39ms
9ms Image
image/jpg 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/khaos.jpg?gdpr=1
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 284
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
Content-Type: image/jpg

GET
H/1.1

200
OK

Cookie set usermatch Show response
ssum-sec.casalemedia.com/ Frame B509
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?d=https://www.otosaigon.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
https://ssum-sec.casalemedia.com/usermatch?d=https://www.otosaigon.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

2 KB
3 KB

28ms
26ms

Document
text/html

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.otosaigon.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: c4e13fca9a5b3e6a020bdb9b57160684aff71026ced46189efd478c117105bf0

Request headers

Host: ssum-sec.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://js-sec.indexww.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: CMID=YTNmQvz9OrMWSoWqT.gMswAA; CMPS=5221
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://js-sec.indexww.com/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 241|45|39|230|3|156|46|57
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1702
Expires: Sat, 04 Sep 2021 12:27:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 04 Sep 2021 12:27:46 GMT
Connection: keep-alive
Set-Cookie: CMID=YTNmQvz9OrMWSoWqT.gMswAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 04 Sep 2022 12:27:46 GMT CMPS=5221;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 03 Dec 2021 12:27:46 GMT CMPRO=1212;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 03 Dec 2021 12:27:46 GMT CMST=YTNmQmEzZkIA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 05 Sep 2021 12:27:46 GMT CMRUM3=2d6133664205a0&036133664205a0&f16133664205a0&2e6133664205a0&396133664205a0&27613366420b40&9c6133664205a00&e6613366422760;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 04 Sep 2022 12:27:46 GMT

Redirect headers

Server: Apache
Content-Length: 340
Content-Type: text/html; charset=iso-8859-1
Location: https://ssum-sec.casalemedia.com/usermatch?d=https://www.otosaigon.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires: Sat, 04 Sep 2021 12:27:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 04 Sep 2021 12:27:46 GMT
Connection: keep-alive
Set-Cookie: CMID=YTNmQvz9OrMWSoWqT.gMswAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 04 Sep 2022 12:27:46 GMT CMPS=5221;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 03 Dec 2021 12:27:46 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 76EE
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=67346133-663f-4601-8567-86623cee0ce6

43 B
106 B

23ms
23ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=67346133-663f-4601-8567-86623cee0ce6
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.214.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:47 GMT
via: 1.1 google
server: OXGW/16.214.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Sat, 04 Sep 2021 12:27:47 GMT
Server: MT3 3905 f19d76c master cdg-pixel-x26
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=67346133-663f-4601-8567-86623cee0ce6
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sat, 04 Sep 2021 12:27:46 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 76EE
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=1
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=A5iGnwOfhsoYntHJBJqYyFHMg8gYyofPUJkKsoAv

43 B
122 B

25ms
24ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=A5iGnwOfhsoYntHJBJqYyFHMg8gYyofPUJkKsoAv
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.214.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:46 GMT
via: 1.1 google
server: OXGW/16.214.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:46 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=A5iGnwOfhsoYntHJBJqYyFHMg8gYyofPUJkKsoAv
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 76EE
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://c1.adform.net/serving/cookie/match?CC=1&party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5857657559995791910

43 B
106 B

24ms
23ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5857657559995791910
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.214.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:46 GMT
via: 1.1 google
server: OXGW/16.214.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:46 GMT
server: nginx
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5857657559995791910
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame 76EE 70 B
264 B 221ms
139ms Image
image/gif 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=39ac3ce4-ee23-39bc-4082-d2a45518d55d&gdpr=1
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:46 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3-29 200 pixel
cm.g.doubleclick.net/ Frame 76EE 170 B
188 B 27ms
26ms Image
image/png 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MTVjM2VmMmUtMjc1NC02NzE4LTU1NjItODgxZDlmZmExYjNk

Requested by

Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 76EE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOQc9l2mtZsYNGwqMiV7Xo8&google_cver=1

43 B
106 B

24ms
23ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOQc9l2mtZsYNGwqMiV7Xo8&google_cver=1
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.214.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:46 GMT
via: 1.1 google
server: OXGW/16.214.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:46 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOQc9l2mtZsYNGwqMiV7Xo8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 0479 0
42 B 290ms
12ms Script
text/plain 185.64.189.115
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=58119700&p=158055&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=1&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.115 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:44 GMT
content-length: 0

GET
H3-29 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 5B24 42 B
64 B 22ms
22ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=Ca74rQWYzYe3lJ5ba3wOEjKWQB4bm3fZkjdnJ3p4OsJAfEAEg-KHCZ2CVgoCAsAegAdHQ0MkCyAEFqQK3zvaIH-6zPuACAKgDAZgEAKoEsQJP0PdI9gAG4JILLfNG2uxqUC2xvBxuLg4IqG7VAAdHoXxS4a_BqnzBtmez1ScLRtx9esNO90dFUjmkP_2X2C23CwINNOYqqJNztdK5XhWOLo6XdhfYlPAEI1tMLlH91V9CzcSuO5L6yE82Pu4m_l7N3nC_2gBm6ixM0ubiBwZXItHfjAVKUwWbwQp8P7uzMpzbMsEU824OkwcLkBv-WYRjMG_IN0Z8WPoOCdp_EJKEBtD9GMJ6BXWsYrR-bbffgh2QWhBbjBdK9xfoK_FvobnsVwrRiluOio75Z2iEFgWLsZPkEnVCnzd2I4eG68FesqFyCfEYFkuzbCh4q7X1pc3opMnl50wUP9ddJhNRIoCycGVIPooy6936-Nbf9iH-NJfk0pq-4MVnhQbSMaNQdXiYecAEm8_t0dgD4AQBiAXesP79NZIFBggDEAEYAaAGVIAHl6-vtgGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgHnNwbqAfulrECqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcBqAgB0ggJCIDhgBAQARgdmgkqaHR0cHM6Ly93d3cuaHl1bmRhaS5kZS9rYW1wYWduZS9lZGl0aW9uMzAvsQnI_a0t-pkR2YAKA8gLAdALDuALAbgMAbATrbK4DNgTDdgUAdAVAagWAeIWAggBgBcB&sigh=E1zI_NM3yTw&label=video_ad_loaded&acvw=&sdkv=h.3.478.2&vci=CmUIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDQ4OTI4Nzc0MDU1NzIMNTQzMTI1MjY4ODczQJ0CUh0QDyUAAAxCKAE6B3Vua25vd25CB3Vua25vd25QABgB

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 Oy6hyfNY.js Show response
tpc.googlesyndication.com/sodar/ Frame 5B24 41 KB
15 KB 11ms
8ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Oy6hyfNY.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b2ea1c9f3587781b58285cf64279e67f6329a3924fb93f81529f1826e2f4d16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 10:57:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 91830
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15406
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 10:57:16 GMT

GET
H3-29 200 adview
pubads.g.doubleclick.net/pagead/ Frame 5B24 0
0 64ms
54ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubads.g.doubleclick.net/pagead/adview?ai=CERhPQWYzYe3lJ5ba3wOEjKWQB4bm3fZkjdnJ3p4OsJAfEAEg-KHCZ2CVgoCAsAegAdHQ0MkCyAEFqQK3zvaIH-6zPuACAKgDAZgEAKoErgJP0PdI9gAG4JILLfNG2uxqUC2xvBxuLg4IqG7VAAdHoXxS4a_BqnzBtmez1ScLRtx9esNO90dFUjmkP_2X2C23CwINNOYqqJNztdK5XhWOLo6XdhfYlPAEI1tMLlH91V9CzcSuO5L6yE82Pu4m_l7N3nC_2gBm6ixM0ubiBwZXItHfjAVKUwWbwQp8P7uzMpzbMsEU824OkwcLkBv-WYRjMG_IN0Z8WPoOCdp_EJKEBtD9GMJ6BXWsYrR-bbffgh2QWhBbjBdK9xfoK_FvobnsVwrRiluOio75Z2iEFgWLsZPkEnVCnzd2I4eG68FesqFyCfEYFkuzbCh4q7X1pc3opMnl50wUP9ddJhNRIoCycGUQPzhY4_ca7EQuQuqggFyNPxG_A04uet-EzlIpbMAEm8_t0dgD4AQBkgUGCBsQARgBoAZUgAeXr6-2AagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAec3BuoB-6WsQKoB6a-G9gHAfIHBBDcx0aoCAHSCAkIgOGAEBABGB2ACgPICwGwE62yuAzCEwYY0dDQyQLIE-2Jh94D2BMN2BQB0BUBqBYB4hYCCAGAFwGyFx4KHAgAEhRwdWItNTYxNzA5ODE0NjA1NDA3NxiszGw&sigh=KifO87AVOns&cmd=Ch1jYS12aWRlby1wdWItNTYxNzA5ODE0NjA1NDA3NxAAGAI&sdkv=h.3.478.2
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s56-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H2 200 B26458506.312845884;dc_trk_aid=505492845;dc_trk_cid=157141650;dc_dbm_token=AD1EzRQAAAA5CjIKDAgAFQAAAAAdAAAAABIMCAAVAAAAAB0AAAAAIhII3rD-_TWoAuKd0AKwAo2q-wpAOxCzqJIB1qIJPnTl-KeWBqOtoaGL8g==;ord=41574...
ad.doubleclick.net/ddm/trackimp/N822516.3772727IWEVIDEO/ Frame 5B24 42 B
118 B 45ms
35ms Image
image/gif 142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N822516.3772727IWEVIDEO/B26458506.312845884;dc_trk_aid=505492845;dc_trk_cid=157141650;dc_dbm_token=AD1EzRQAAAA5CjIKDAgAFQAAAAAdAAAAABIMCAAVAAAAAB0AAAAAIhII3rD-_TWoAuKd0AKwAo2q-wpAOxCzqJIB1qIJPnTl-KeWBqOtoaGL8g==;ord=4157421698;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;ltd=;dc_exteid=1315784188977966487;dc_av=536;dc_sk=1;dc_ctype=84;dc_ref=;dc_pubid=3;dc_btype=23?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 5B24 42 B
64 B 23ms
16ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=ClWgXQWYzYe3lJ5ba3wOEjKWQB4bm3fZkjdnJ3p4OsJAfEAEg-KHCZ2CVgoCAsAegAdHQ0MkCyAEFqQK3zvaIH-6zPuACAKgDAZgEAKoErgJP0PdI9gAG4JILLfNG2uxqUC2xvBxuLg4IqG7VAAdHoXxS4a_BqnzBtmez1ScLRtx9esNO90dFUjmkP_2X2C23CwINNOYqqJNztdK5XhWOLo6XdhfYlPAEI1tMLlH91V9CzcSuO5L6yE82Pu4m_l7N3nC_2gBm6ixM0ubiBwZXItHfjAVKUwWbwQp8P7uzMpzbMsEU824OkwcLkBv-WYRjMG_IN0Z8WPoOCdp_EJKEBtD9GMJ6BXWsYrR-bbffgh2QWhBbjBdK9xfoK_FvobnsVwrRiluOio75Z2iEFgWLsZPkEnVCnzd2I4eG68FesqFyCfEYFkuzbCh4q7X1pc3opMnl50wUP9ddJhNRIoCycGUQPzhY4_ca7EQuQuqggFyNPxG_A04uet-EzlIpbMAEm8_t0dgD4AQBiAXesP79NaAGVIAHl6-vtgGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgHnNwbqAfulrECqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcBqAgB0ggJCIDhgBAQARgdgAoDyAsBsBOtsrgM2BMN2BQB0BUBqBYB4hYCCAGAFwE&sigh=WGj8JwI52uA&cmd=Ch1jYS12aWRlby1wdWItNTYxNzA5ODE0NjA1NDA3NxAAGAI&label=vast_creativeview&ad_mt=0&acvw=sv%3D903%26cb%3Dima%26e%3D19%26nas%3D1%26sdk%3Dh%26p%3D988,394,1269,894%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D30000%26vmtime%3D-1%26is%3D275%26cs%3D274%26c%3D0.75%26mc%3D0.75%26nc%3D0.75%26mv%3D0%26nv%3D0%26lte%3D0.75%26ces%26femt%3D412%26femvt%3D0%26emc%3D1%26emuc%3D0%26emb%3D0,1,0,0,0%26avms%3Dexc%26qi%3D511313762%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D0%26psa%3D0%26ptlt%3D1630758466147%26pngs%3D9,14,15%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0.05%26t%3D1630758465984&sdkv=h.3.478.2&vci=CmgIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDQ4OTI4Nzc0MDU1NzIMNTQzMTI1MjY4ODczQJ0CUiAQDyUAAAxCKAE6B3Vua25vd25CB3Vua25vd25IygFQABgB

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 5B24 42 B
64 B 26ms
19ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstbtTtX-KzAALS15AfbG84lfgOWrW-dkqxqqbystGqtDDFDt8kOXnQ8qYyRBu-AJyV5JcbqDS__ScxajedglIcGQ0U_gllFPGyRz2FXAyzvEYAaGVVM1hjuspMELQ&sai=AMfl-YQUH9CkGv9IQchtlZZhP5xxTDglNiSZpYNLUdmjWs2J4Lr81MQ0Nwfvy2LmLuhv6QazvQHxbbuDaz12UK1-GDxri-uM0fJGz5CZ5bJfB1YVf6scQy_wSPd1bItZ&sig=Cg0ArKJSzJbj8CyI5JyBEAE&cid=CAASF-RoULHxue9iXgn9T2U6yLN7ZEmWdfsR&id=lidarv&acvw=sv%3D903%26cb%3Dima%26e%3D15%26nas%3D1%26sdk%3Dh%26p%3D988,394,1269,894%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D30000%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D275%26ic%3D274%26cs%3D274%26c%3D0.75%26mc%3D0.75%26nc%3D0.75%26mv%3D0%26nv%3D0%26lte%3D0.75%26ces%26femt%3D412%26femvt%3D0%26emc%3D1%26emuc%3D0%26emb%3D0,1,0,0,0%26avms%3Dexc%26qi%3D511313762%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D0%26psa%3D0%26ptlt%3D1630758466149%26pngs%3D9,14,15%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.05%26t%3D1630758465984&avm=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview_ext
pagead2.googlesyndication.com/ Frame 5B24 42 B
64 B 21ms
14ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/activeview_ext?id=lidarv&avm=1&dc_pubid=3&dc_exteid=1315784188977966487&acvw=sv%3D903%26cb%3Dima%26e%3D15%26nas%3D1%26sdk%3Dh%26p%3D988,394,1269,894%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D30000%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D275%26ic%3D274%26cs%3D274%26c%3D0.75%26mc%3D0.75%26nc%3D0.75%26mv%3D0%26nv%3D0%26lte%3D0.75%26ces%26femt%3D412%26femvt%3D0%26emc%3D1%26emuc%3D0%26emb%3D0,1,0,0,0%26avms%3Dexc%26qi%3D511313762%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D0%26psa%3D0%26ptlt%3D1630758466149%26pngs%3D9,14,15%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.05%26t%3D1630758465984?

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pubid=3;dc_exteid=1315784188977966487;met=1;ecn1=1;etm1=0;eid1=200101;acvw=sv%3D903%26cb%3Dima%26e%3D15%26nas%3D1%26sdk%3Dh%26p%3D988,394,1269,894%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D...
ade.googlesyndication.com/ddm/activity_ext/ Frame 5B24 42 B
107 B 100ms
51ms Image
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid=3;dc_exteid=1315784188977966487;met=1;ecn1=1;etm1=0;eid1=200101;acvw=sv%3D903%26cb%3Dima%26e%3D15%26nas%3D1%26sdk%3Dh%26p%3D988,394,1269,894%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D30000%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D275%26ic%3D274%26cs%3D274%26c%3D0.75%26mc%3D0.75%26nc%3D0.75%26mv%3D0%26nv%3D0%26lte%3D0.75%26ces%26femt%3D412%26femvt%3D0%26emc%3D1%26emuc%3D0%26emb%3D0,1,0,0,0%26avms%3Dexc%26qi%3D511313762%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D0%26psa%3D0%26ptlt%3D1630758466149%26pngs%3D9,14,15%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.05%26t%3D1630758465984?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 5B24 42 B
64 B 27ms
21ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=ClWgXQWYzYe3lJ5ba3wOEjKWQB4bm3fZkjdnJ3p4OsJAfEAEg-KHCZ2CVgoCAsAegAdHQ0MkCyAEFqQK3zvaIH-6zPuACAKgDAZgEAKoErgJP0PdI9gAG4JILLfNG2uxqUC2xvBxuLg4IqG7VAAdHoXxS4a_BqnzBtmez1ScLRtx9esNO90dFUjmkP_2X2C23CwINNOYqqJNztdK5XhWOLo6XdhfYlPAEI1tMLlH91V9CzcSuO5L6yE82Pu4m_l7N3nC_2gBm6ixM0ubiBwZXItHfjAVKUwWbwQp8P7uzMpzbMsEU824OkwcLkBv-WYRjMG_IN0Z8WPoOCdp_EJKEBtD9GMJ6BXWsYrR-bbffgh2QWhBbjBdK9xfoK_FvobnsVwrRiluOio75Z2iEFgWLsZPkEnVCnzd2I4eG68FesqFyCfEYFkuzbCh4q7X1pc3opMnl50wUP9ddJhNRIoCycGUQPzhY4_ca7EQuQuqggFyNPxG_A04uet-EzlIpbMAEm8_t0dgD4AQBiAXesP79NaAGVIAHl6-vtgGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgHnNwbqAfulrECqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcBqAgB0ggJCIDhgBAQARgdgAoDyAsBsBOtsrgM2BMN2BQB0BUBqBYB4hYCCAGAFwE&sigh=WGj8JwI52uA&cmd=Ch1jYS12aWRlby1wdWItNTYxNzA5ODE0NjA1NDA3NxAAGAI&label=part2viewed&ad_mt=0&acvw=sv%3D903%26cb%3Dima%26e%3D0%26nas%3D1%26sdk%3Dh%26p%3D988,394,1269,894%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D30000%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D275%26i0%3D275%26ic%3D0%26cs%3D274%26c%3D0.75%26mc%3D0.75%26nc%3D0.75%26mv%3D0%26nv%3D0%26lte%3D0.75%26ces%26femt%3D412%26femvt%3D0%26emc%3D1%26emuc%3D0%26emb%3D0,1,0,0,0%26avms%3Dexc%26qi%3D511313762%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D0%26psa%3D0%26ptlt%3D1630758466151%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.05%26t%3D1630758465984&sdkv=h.3.478.2&vci=CmgIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDQ4OTI4Nzc0MDU1NzIMNTQzMTI1MjY4ODczQJ0CUiAQDyUAAAxCKAE6B3Vua25vd25CB3Vua25vd25IygFQABgB

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pubid=3;dc_exteid=1315784188977966487;met=1;ecn1=1;etm1=0;eid1=11;acvw=sv%3D903%26cb%3Dima%26e%3D0%26nas%3D1%26sdk%3Dh%26p%3D988,394,1269,894%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0...
ade.googlesyndication.com/ddm/activity_ext/ Frame 5B24 42 B
107 B 100ms
51ms Image
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid=3;dc_exteid=1315784188977966487;met=1;ecn1=1;etm1=0;eid1=11;acvw=sv%3D903%26cb%3Dima%26e%3D0%26nas%3D1%26sdk%3Dh%26p%3D988,394,1269,894%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D30000%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D275%26i0%3D275%26ic%3D0%26cs%3D274%26c%3D0.75%26mc%3D0.75%26nc%3D0.75%26mv%3D0%26nv%3D0%26lte%3D0.75%26ces%26femt%3D412%26femvt%3D0%26emc%3D1%26emuc%3D0%26emb%3D0,1,0,0,0%26avms%3Dexc%26qi%3D511313762%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D0%26psa%3D0%26ptlt%3D1630758466151%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.05%26t%3D1630758465984?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5B24 0
20 B 47ms
41ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?evt=showui&format=TRUEVIEW&lid=143&sdkv=h.3.478.2&e=44730612%2C44737475&id=ima_html5&c=790607940518820&domain=www.otosaigon.com

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 5B24 42 B
64 B 27ms
21ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=ClWgXQWYzYe3lJ5ba3wOEjKWQB4bm3fZkjdnJ3p4OsJAfEAEg-KHCZ2CVgoCAsAegAdHQ0MkCyAEFqQK3zvaIH-6zPuACAKgDAZgEAKoErgJP0PdI9gAG4JILLfNG2uxqUC2xvBxuLg4IqG7VAAdHoXxS4a_BqnzBtmez1ScLRtx9esNO90dFUjmkP_2X2C23CwINNOYqqJNztdK5XhWOLo6XdhfYlPAEI1tMLlH91V9CzcSuO5L6yE82Pu4m_l7N3nC_2gBm6ixM0ubiBwZXItHfjAVKUwWbwQp8P7uzMpzbMsEU824OkwcLkBv-WYRjMG_IN0Z8WPoOCdp_EJKEBtD9GMJ6BXWsYrR-bbffgh2QWhBbjBdK9xfoK_FvobnsVwrRiluOio75Z2iEFgWLsZPkEnVCnzd2I4eG68FesqFyCfEYFkuzbCh4q7X1pc3opMnl50wUP9ddJhNRIoCycGUQPzhY4_ca7EQuQuqggFyNPxG_A04uet-EzlIpbMAEm8_t0dgD4AQBiAXesP79NaAGVIAHl6-vtgGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgHnNwbqAfulrECqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcBqAgB0ggJCIDhgBAQARgdgAoDyAsBsBOtsrgM2BMN2BQB0BUBqBYB4hYCCAGAFwE&sigh=WGj8JwI52uA&cmd=Ch1jYS12aWRlby1wdWItNTYxNzA5ODE0NjA1NDA3NxAAGAI&label=admute&ad_mt=0&acvw=sv%3D903%26cb%3Dima%26e%3D10%26nas%3D1%26sdk%3Dh%26p%3D988,394,1269,894%26tos%3D0,22,0,0,0%26mtos%3D0,22,22,22,22%26amtos%3D0,0,0,0,0%26mcvt%3D22%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D22%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D22%26pst%3D-1%26dur%3D30000%26vmtime%3D-1%26dvs%3D22%26dfvs%3D0%26dvpt%3D22%26is%3D275%26i0%3D275%26ic%3D4096%26cs%3D4370%26c%3D0.75%26mc%3D0.75%26nc%3D0.75%26mv%3D0%26nv%3D0%26lte%3D0.75%26ces%26femt%3D412%26femvt%3D0%26emc%3D1%26emuc%3D0%26emb%3D0,1,0,0,0%26avms%3Dexc%26qi%3D511313762%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D0%26psa%3D0%26ptlt%3D1630758466164%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,22&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.05%26t%3D1630758465984&sdkv=h.3.478.2&vci=CmgIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDQ4OTI4Nzc0MDU1NzIMNTQzMTI1MjY4ODczQJ0CUiAQDyUAAAxCKAE6B3Vua25vd25CB3Vua25vd25IygFQABgB

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pubid=3;dc_exteid=1315784188977966487;met=1;ecn1=1;etm1=0;eid1=16;acvw=sv%3D903%26cb%3Dima%26e%3D10%26nas%3D1%26sdk%3Dh%26p%3D988,394,1269,894%26tos%3D0,22,0,0,0%26mtos%3D0,22,22,22,22%26amtos%3...
ade.googlesyndication.com/ddm/activity_ext/ Frame 5B24 42 B
515 B 99ms
50ms Image
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid=3;dc_exteid=1315784188977966487;met=1;ecn1=1;etm1=0;eid1=16;acvw=sv%3D903%26cb%3Dima%26e%3D10%26nas%3D1%26sdk%3Dh%26p%3D988,394,1269,894%26tos%3D0,22,0,0,0%26mtos%3D0,22,22,22,22%26amtos%3D0,0,0,0,0%26mcvt%3D22%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D22%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D22%26pst%3D-1%26dur%3D30000%26vmtime%3D-1%26dvs%3D22%26dfvs%3D0%26dvpt%3D22%26is%3D275%26i0%3D275%26ic%3D4096%26cs%3D4370%26c%3D0.75%26mc%3D0.75%26nc%3D0.75%26mv%3D0%26nv%3D0%26lte%3D0.75%26ces%26femt%3D412%26femvt%3D0%26emc%3D1%26emuc%3D0%26emb%3D0,1,0,0,0%26avms%3Dexc%26qi%3D511313762%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D0%26psa%3D0%26ptlt%3D1630758466164%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,22;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.05%26t%3D1630758465984?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ 46 KB
13 KB 1515ms
47ms Script
application/javascript 52.50.243.239
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=927929&advId=vi_stories&campId=vi_stories&pubId=www.otosaigon.com&chanId=107455935234537&placementId=cskqxodat
Requested by: Host: s.vi-serve.com
URL: https://s.vi-serve.com/source.m.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.243.239 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-243-239.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 9a44b6d5f2b58b566d8882dd64c684e89f03cfdc597a9b7e9abba7a974a5c605

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:47 GMT
content-encoding: gzip
x-server-name: app20.ie.303net.net
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 204 log
pixel.inforsea.com/server/ 0
48 B 34ms
30ms Image
text/plain 63.33.79.252
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.inforsea.com/server/log?event=i&dim9=11953&session_id=hgkkfsly3fb2&affiliate_id=ft1qwjd9a&domainapp=otosaigon.com&width=500&height=281&visible=75&cb=5452793691381&publisher_id=107455935234537&country=DE&os=Windows&os_version=10&browser=Chrome&browser_version=92&iab=IAB2&ad_source_id=cskqxodat&sell_cpm=0.26&request_cost=0&impc_aa=false&dim8=1&adsource_hash=RWfKzGHqmy7Lr-yfeH_PVXx72SOzZkWh-ga71-Af23klax9wHB1Z5xS_OJ7hvm9rsHyjLDqP3d4DdWuyBnylLD4ZSSohNxlumt8D6jkL_HMM7Ukg2ByT5j455WK1-BnQsXlJte_X5r5M5EUpI9TojdVjArXB9QkpfHMgxHwLAyTeov9PrdbXiw
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.33.79.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-33-79-252.eu-west-1.compute.amazonaws.com
Software: fasthttp /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:46 GMT
server: fasthttp

GET
H2 204 /
t.vi-serve.com/ 0
48 B 35ms
30ms Image
text/plain 52.17.85.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.vi-serve.com/?event=IMP&page_url=https%3A%2F%2Fwww.otosaigon.com%2Fthreads%2Fcho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318%2F&pub_id=107455935234537&channel_id=ft1qwjd9a&placement_id=pltLK33C0krMTw0wref&ad_unit_type=2&session_id=hgkkfsly3fb2&focus=true&player=playerVI&build=m&pageLanguage=vi-vn&placement_w=500&placement_h=349&video_w=500&video_h=281&time_delta=11955&ad_source_id=cskqxodat&overlapped=0.00&position_on_page=21&playlist_pos=1&matchedCategory=IAB2&mobile=false&floating=false&nv_video_id=4Jm1q20BotWZybvZTRZx&nv_source_id=101&nv_feed_id=1194&in_view=true&cb=e9a4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.85.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-85-197.eu-west-1.compute.amazonaws.com
Software: fasthttp /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:46 GMT
server: fasthttp

GET
H2 204 log
pixel.inforsea.com/server/ 0
48 B 29ms
28ms Image
text/plain 63.33.79.252
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.inforsea.com/server/log?event=s&dim9=11969&session_id=hgkkfsly3fb2&affiliate_id=ft1qwjd9a&domainapp=otosaigon.com&width=500&height=281&visible=75&cb=4459389761440&publisher_id=107455935234537&country=DE&os=Windows&os_version=10&browser=Chrome&browser_version=92&iab=IAB2&ad_source_id=cskqxodat&sell_cpm=0.26&request_cost=0&impc_aa=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.33.79.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-33-79-252.eu-west-1.compute.amazonaws.com
Software: fasthttp /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:46 GMT
server: fasthttp

GET
H2 204 log
pixel.inforsea.com/server/ 0
48 B 29ms
28ms Image
text/plain 63.33.79.252
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.inforsea.com/server/log?event=pl&dim9=11969&session_id=hgkkfsly3fb2&affiliate_id=ft1qwjd9a&domainapp=otosaigon.com&width=500&height=281&visible=75&cb=2968056633130&publisher_id=107455935234537&country=DE&os=Windows&os_version=10&browser=Chrome&browser_version=92&iab=IAB2&ad_source_id=cskqxodat&sell_cpm=0.26&request_cost=0&impc_aa=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.33.79.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-33-79-252.eu-west-1.compute.amazonaws.com
Software: fasthttp /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:46 GMT
server: fasthttp

GET
DATA 200
OK truncated
/ 196 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 229ce7c32c2305a91ac697887158545117878df9a9f4d10019a8840bef1d964f

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 204 log
pixel.inforsea.com/server/ 0
48 B 28ms
28ms Image
text/plain 63.33.79.252
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.inforsea.com/server/log?event=mu&dim9=11973&session_id=hgkkfsly3fb2&affiliate_id=ft1qwjd9a&domainapp=otosaigon.com&width=500&height=281&visible=75&cb=2590177019958&publisher_id=107455935234537&country=DE&os=Windows&os_version=10&browser=Chrome&browser_version=92&iab=IAB2&ad_source_id=cskqxodat&sell_cpm=0.26&request_cost=0&impc_aa=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.33.79.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-33-79-252.eu-west-1.compute.amazonaws.com
Software: fasthttp /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:46 GMT
server: fasthttp

POST
H2 204 log
pixel.inforsea.com/server/ 0
0 89ms
30ms Fetch 63.33.79.252
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.inforsea.com/server/log
Requested by: Host: player.inforsea.com
URL: https://player.inforsea.com/player.m.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.33.79.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-33-79-252.eu-west-1.compute.amazonaws.com
Software: fasthttp /
Resource Hash

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 04 Sep 2021 12:27:46 GMT
server: fasthttp

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame B509
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YTNmQvz9OrMWSoWqT-gMswAABLwAAAIB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YTNmQvz9OrMWSoWqT-gMswAABLwAAAIB&dcc=t

43 B
645 B

100ms
100ms

Image
image/gif

209.54.177.54
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YTNmQvz9OrMWSoWqT-gMswAABLwAAAIB&dcc=t

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.otosaigon.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.177.54 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 12:27:46 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: VWW3D8Y3ZH9K2MPYY0BM
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 12:27:46 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: WXGDJXZ4HP366BY2N2WR
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YTNmQvz9OrMWSoWqT-gMswAABLwAAAIB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame B509
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YTNmQvz9OrMWSoWqT.gMswAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEFkCDknGgwKh6MIl655WcOg&google_cver=1&gdpr=1&google_hm=2

43 B
1000 B

18ms
18ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEFkCDknGgwKh6MIl655WcOg&google_cver=1&gdpr=1&google_hm=2
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.otosaigon.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 12:27:46 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 04 Sep 2021 12:27:46 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:46 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEFkCDknGgwKh6MIl655WcOg&google_cver=1&gdpr=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 341
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame B509 70 B
265 B 39ms
32ms Image
image/gif 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.otosaigon.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:46 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

usermatchredir
ssum-sec.casalemedia.com/ Frame B509
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YTNmQvz9OrMWSoWqT-gMswAABLwAAAIB&gdpr_consent=&us_privacy=&gdpr=1
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEOprzy69gRNtccFt91xL4GU&google_cver=1

43 B
315 B

13ms
12ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEOprzy69gRNtccFt91xL4GU&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.otosaigon.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 12:27:46 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Sat, 04 Sep 2021 12:27:46 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:46 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEOprzy69gRNtccFt91xL4GU&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 343
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame B509
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D&gdpr=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=67346133-663f-4601-8567-86623cee0ce6&gdpr=1&gdpr_consent=

43 B
1 KB

15ms
15ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=67346133-663f-4601-8567-86623cee0ce6&gdpr=1&gdpr_consent=
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.otosaigon.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 12:27:47 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 04 Sep 2021 12:27:47 GMT

Redirect headers

Date: Sat, 04 Sep 2021 12:27:47 GMT
Server: MT3 3905 f19d76c master cdg-pixel-x27
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=67346133-663f-4601-8567-86623cee0ce6&gdpr=1&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sat, 04 Sep 2021 12:27:46 GMT

GET
H/1.1 200
OK cookiesync
bttrack.com/pixel/ Frame B509 35 B
380 B 3439ms
96ms Image
image/gif 192.132.33.46
BIDTELLECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bttrack.com/pixel/cookiesync?source=67e94f23-25d6-4008-8236-375d1743c2e0&secure=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.otosaigon.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS: 46.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

X-ServerName: Track001-dc3
Pragma: no-cache
Date: Sat, 04 Sep 2021 12:27:13 GMT
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Cache-Control: private,no-cache
Content-Type: image/gif
Content-Length: 35
Expires: -1

GET
H/1.1 400
Request failed due to privacy signals getuid
secure.adnxs.com/ Frame B509 0
0 3067ms
7ms Image
text/html 37.252.172.37
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.otosaigon.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 37.252.172.37 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame B509
Redirect Chain

https://p.rfihub.com/cm?in=1&pub=2079&gdpr=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=1875819622467421821

43 B
1 KB

17ms
16ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=1875819622467421821
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.otosaigon.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 12:27:49 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 04 Sep 2021 12:27:49 GMT

Redirect headers

Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=1875819622467421821
Date: Sat, 04 Sep 2021 12:27:49 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1 200
OK htw-pixel.gif
js-sec.indexww.com/ht/ Frame B509 43 B
425 B 14ms
9ms Image
image/gif 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://js-sec.indexww.com/ht/htw-pixel.gif?YTNmQvz9OrMWSoWqT.gMswAA%261212
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.otosaigon.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 04 Sep 2021 12:27:46 GMT
Last-Modified: Tue, 24 Jan 2017 19:36:04 GMT
Server: Apache
ETag: "da1f1d-2b-546dc3a097100"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=3109
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 04 Sep 2021 13:19:35 GMT

GET
H3-29 200 hhrtBw21.html Show response
tpc.googlesyndication.com/sodar/ Frame B7F2 23 KB
9 KB 10ms
9ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/hhrtBw21.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Oy6hyfNY.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

861aed070db50ce0da9928455deff784c115b44540b09450f225ff7cff0c7429

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/hhrtBw21.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://imasdk.googleapis.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://imasdk.googleapis.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8727
date: Sat, 28 Aug 2021 16:14:54 GMT
expires: Sun, 28 Aug 2022 16:14:54 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 591172
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 sPFK_utnHoJbThnSSnWKQb5GMqY7ForsYhsB2_mMG84.js Show response
pagead2.googlesyndication.com/bg/ Frame B7F2 35 KB
13 KB 10ms
6ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/sPFK_utnHoJbThnSSnWKQb5GMqY7ForsYhsB2_mMG84.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/hhrtBw21.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b0f14afeeb671e825b4e19d24a758a41be4632a63b168aec621b01dbf98c1bce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 02:44:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35010
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13254
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 04 Sep 2022 02:44:16 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B7F2 0
20 B 41ms
41ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=36&t=2&li=v_h.3.478.2&bgai=BtVfPQWYzYe3lJ5ba3wOEjKWQBwAAAAA4AboFEwjmtbvYqOXyAhVag4MHHSH8Axc&bg=!4eKl4qbNAAYJpm41CaY7ACkAdvg8WtQR7Xm5xvjoEl8QovMJhSP2kBlGg8abC042Fo7xrSMHnXnj1AIAAABTUgAAAAloAQcKALS4R7_m98fXntfCDbcDwz35IM8lcrVaM3EFPrESMboMzL1fUuJlAQKGr6xRIFtsTObXUwKDRq9OhWJCbOCnyQ1oragn5uFzFoEiX49KMwD2T2izAcY3I17LQ4nwISl0NFU4xaC6iYiqDUiSZmUZJkVhPF6X0qTqTYexNFgRxnrnuo7nk7GHtzn6OXBO0geM3KQF6uLpabHuiKlwK7jKJXjSPccqqholwzgofbaLicIy9bexdniZAjGA_E9MAbEkbOYWfwwhDHHQjyMnM8-ZqJs43j9ffIZ38dN0vMMkrCtZ4Xi6DSHFGWEYa7k-q4y_K6ey_z5oF9JBRCevUFV8z5KN3ubHsL8puW4QMMeogyqwVCJ5gejHkJbegMYKSe6PyViy-EqaWJgmA19eQNlSwwc-WccG-HfWkl6mHVHUZmnawK2Pj46XRXWNeFyOG4byf4irnxtUFTiGRkk_X5YTaSgC7uZDQBL58onVDawgeMNTa0KiLHj8cnNKs_1cYVmuk5AIAOnyOELf7DyarpKkaZH9fw4YWX-KrmIWi5xTRZQB3uIXHurEsYmk4iapUW8nbdnEOf1nsiVdh6WNYiKSTBnW2OtW8mOBGYqJ_rb44qbMUL4pQAW4fQmgK87Z6EEUGFPs6xKBDIx-NtdSQFeW2YqynNnyLyMS0DsJS23YbKtS0Mzc7-30pEHTTosfMqtaP7JmMlptDjiOGnJ3yj9EeeOSk2UCMdrRwid1e-d8ZPLasJVoSx79wpFvI3y0Nz06KXTJ1Q8pGdzX-nbxP2YbgurWVH-KGMOZGlHb659dOepy1lyRHelKG4pVvfq65oYkA-IN750Ps5CoUugLkDUuj9VCJvMaIxk4CdI6cNDIiEQLJodIzM1eKOTND0k92vZ0SX6IJASC3OjZmRdfjrSUI7wM7BfT0wxA_td-qYnKJ1J7yUVdMciN1Ruevv5Z8zMtImDm-roxOUNvJQo8JhjednpATcCvH6lVUsU

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 playback
s.youtube.com/api/stats/ Frame C29A 0
0 50ms
20ms Image
text/html 2a00:1450:400c:c04::8a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.youtube.com/api/stats/playback?ns=yt&fexp=44730612%2C44737475&el=adunit&cpn=YlHw0VpHqJYtUyu_&docid=OA_dKpXFf5w&ver=2&cmt=0.199&fmt=18&rt=0.000&adformat=2_2_1&euri=https%3A%2F%2Fwww.otosaigon.com%2F&len=30.000&vtype=gvp&c=web_gvp_ads&cver=h.0.0.0&cbr=Chrome&cbrver=92.0.4515.159&cos=Linux%20x86_64&cosver=537.36&cplatform=desktop&mos=1&volume=0&delay=28&rtn=10
Requested by: Host: blank
URL: about:blank
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c04::8a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

POST
H2 204 csi
csi.gstatic.com/ Frame 5B24 0
54 B 284ms
283ms Ping
image/gif 2404:6800:4005:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=2~kt5rhhfx&c=2228270423422&slotId=1114135211711&qqid=CK2Kvdio5fICFRbtdwodBEYJcg&gqid=QWYzYaaRJtqGjuwPofiPuAE&fb=ima_html5-lima&sdkv=h.3.478.2&mrd=4&aab=1&itv=1&met.4=ghmsh_s.kt5rhhfy~vss_tr.e5~vss_pp.qn
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4005:812::2003 Central, Hong Kong, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:46 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 main.gr.19.8.242.js Show response
static.adsafeprotected.com/ 187 KB
59 KB 152ms
75ms Script
application/javascript 52.18.40.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.gr.19.8.242.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=927929&advId=vi_stories&campId=vi_stories&pubId=www.otosaigon.com&chanId=107455935234537&placementId=cskqxodat
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.40.16 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-40-16.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 5e9dc26b28d8f13a4129556d996723b6478e4c42120ac19d60f7fc7b4357750e

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:47 GMT
content-encoding: gzip
last-modified: Wed, 01 Sep 2021 20:47:29 GMT
server: nginx/1.16.1
age: 38
etag: W/"605440a6f1da03ee6c7a85ebb9d7ba51"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame 3C17 80 KB
21 KB 31ms
30ms Script
application/javascript 52.18.40.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: www.otosaigon.com
URL: https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.40.16 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-40-16.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:47 GMT
content-encoding: gzip
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: nginx/1.16.1
age: 1114118
etag: W/"9304f57298c3834ff107ea7ccb547996"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000

GET
H2 200 mon
pixel.adsafeprotected.com/ 43 B
215 B 33ms
33ms Image
image/gif 52.50.243.239
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=927929&advId=vi_stories&campId=vi_stories&pubId=www.otosaigon.com&chanId=107455935234537&placementId=cskqxodat&adsafe_url=https%3A%2F%2Fwww.otosaigon.com%2Fthreads%2Fcho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318%2F&adsafe_type=abdq&adsafe_url=https%3A%2F%2Fwww.otosaigon.com%2F&adsafe_type=f&adsafe_jsinfo=,id:6cc394b2-a389-9669-26dc-8a6cad374d21,c:nfGF5F,sl:outOfView,em:false,fr:true,thd:1,mn:app20ie,pt:1-5-15,wc:0.0.1600.1200,ac:0.0.1.1,am:s,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r,br:u,abv:na,an:n,oam:0,scm:publ1.grpm1,nbld:0,mtim:184,fm:sI2Ql4A+1*.927929%7C11%7C121%7C122%7C123%7C13%7C141%7C142%7C143%7C1511%7C152%7C16%7C171%7C172%7C18%7C19%7C1a1%7C1a2%7C1b1%7C1c%7C1d1%7C1e%7C1f,idMap:1*,rp:s,pl:,rmeas:0,rend:0,renddet:na,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,et:212,oid:834be3bb-0d7b-11ec-882b-02467abe7cd0,v:19.8.242,sp:1,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.243.239 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-243-239.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:47 GMT
x-server-name: app02.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
216 B 960ms
96ms Image
image/gif 54.156.11.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=927929&asId=6cc394b2-a389-9669-26dc-8a6cad374d21&tv=%7Bc:nfGF6y,pingTime:-2,time:266,type:a,im:%7BpBlk:225,sf:0,pom:1,prf:%7BbeA:13481,beZ:13482,mfA:13664,cmA:13666,inA:13666,inZ:13672,prA:13672,prZ:13687,si:13692,poA:13693,bl:13706,poZ:13706,cmZ:13706,mfZ:13706,loA:13741,loZ:13741,ecZ:13745,ltA:13746,ltZ:13746,idA:13706,idZ:13740%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:1,h:1,t:211%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:266,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:211,wc:0.0.1600.1200,ac:0.0.1.1,am:s,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B78~0%5D,as:%5B78~1.1%5D%7D%7D%5D,slEventCount:1,em:false,fr:true,e:,tt:jload,dtt:0,fm:sI2Ql4A+1*.927929%7C11%7C121%7C122%7C123%7C13%7C141%7C142%7C143%7C1511%7C152%7C16%7C171%7C172%7C18%7C19%7C1a1%7C1a2%7C1b1%7C1c%7C1d1%7C1e%7C1f,idMap:1*,rmeas:1,rend:0,renddet:na,slid:%5B%5D,sinceFw:52,readyFired:true%7D&br=u
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.156.11.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-156-11-91.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:48 GMT
x-server-name: dt09.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 897ms
96ms Image
image/gif 54.156.11.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=927929&asId=6cc394b2-a389-9669-26dc-8a6cad374d21&tv=%7Bc:nfGF7z,time:330,type:e,im:%7BpWait:4%7D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:330,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:211,wc:0.0.1600.1200,ac:0.0.1.1,am:s,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B142~0%5D,as:%5B142~1.1%5D%7D%7D%5D,slEventCount:1,em:false,fr:true,e:,tt:jload,dtt:0,fm:sI2Ql4A+1*.927929%7C11%7C121%7C122%7C123%7C13%7C141%7C142%7C143%7C1511%7C152%7C16%7C171%7C172%7C18%7C19%7C1a1%7C1a2%7C1b1%7C1c%7C1d1%7C1e%7C1f,idMap:1*,rmeas:1,rend:0,renddet:na%7D&br=u
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.156.11.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-156-11-91.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:48 GMT
x-server-name: dt10.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3-29 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 5B24 42 B
64 B 26ms
25ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstbtTtX-KzAALS15AfbG84lfgOWrW-dkqxqqbystGqtDDFDt8kOXnQ8qYyRBu-AJyV5JcbqDS__ScxajedglIcGQ0U_gllFPGyRz2FXAyzvEYAaGVVM1hjuspMELQ&sai=AMfl-YQUH9CkGv9IQchtlZZhP5xxTDglNiSZpYNLUdmjWs2J4Lr81MQ0Nwfvy2LmLuhv6QazvQHxbbuDaz12UK1-GDxri-uM0fJGz5CZ5bJfB1YVf6scQy_wSPd1bItZ&sig=Cg0ArKJSzJbj8CyI5JyBEAE&cid=CAASF-RoULHxue9iXgn9T2U6yLN7ZEmWdfsR&id=lidarv&acvw=sv%3D903%26cb%3Dima%26e%3D9%26nas%3D1%26sdk%3Dh%26p%3D988,394,1269,894%26tos%3D0,2033,0,0,0%26mtos%3D0,2033,2033,2033,2033%26amtos%3D0,0,0,0,0%26mcvt%3D2033%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D2033%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D450%26pst%3D428%26dur%3D30000%26vmtime%3D1925%26dtos%3D2033%26dtoss%3D1%26dvs%3D2011%26dfvs%3D0%26dvpt%3D2011%26is%3D275%26i0%3D275%26ic%3D1%26cs%3D4371%26c%3D0.75%26mc%3D0.75%26nc%3D0.75%26mv%3D0%26nv%3D0%26lte%3D0.75%26ces%26femt%3D412%26femvt%3D0%26emc%3D11%26emuc%3D0%26emb%3D0,11,0,0,0%26avms%3Dexc%26qi%3D511313762%26psm%3D-2147483645%26psv%3D-2147483645%26psfv%3D0%26psa%3D0%26ptlt%3D1630758468175%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,2033&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.05%26t%3D1630758465984

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview_ext
pagead2.googlesyndication.com/ Frame 5B24 42 B
64 B 15ms
14ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/activeview_ext?id=lidarv&dc_pubid=3&dc_exteid=1315784188977966487&acvw=sv%3D903%26cb%3Dima%26e%3D9%26nas%3D1%26sdk%3Dh%26p%3D988,394,1269,894%26tos%3D0,2033,0,0,0%26mtos%3D0,2033,2033,2033,2033%26amtos%3D0,0,0,0,0%26mcvt%3D2033%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D2033%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D450%26pst%3D428%26dur%3D30000%26vmtime%3D1925%26dtos%3D2033%26dtoss%3D1%26dvs%3D2011%26dfvs%3D0%26dvpt%3D2011%26is%3D275%26i0%3D275%26ic%3D1%26cs%3D4371%26c%3D0.75%26mc%3D0.75%26nc%3D0.75%26mv%3D0%26nv%3D0%26lte%3D0.75%26ces%26femt%3D412%26femvt%3D0%26emc%3D11%26emuc%3D0%26emb%3D0,11,0,0,0%26avms%3Dexc%26qi%3D511313762%26psm%3D-2147483645%26psv%3D-2147483645%26psfv%3D0%26psa%3D0%26ptlt%3D1630758468175%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,2033&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.05%26t%3D1630758465984?

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 dc_pubid=3;dc_exteid=1315784188977966487;met=1;ecn1=1;etm1=0;eid1=200000;acvw=sv%3D903%26cb%3Dima%26e%3D9%26nas%3D1%26sdk%3Dh%26p%3D988,394,1269,894%26tos%3D0,2033,0,0,0%26mtos%3D0,2033,2033,2033,2...
ade.googlesyndication.com/ddm/activity_ext/ Frame 5B24 42 B
63 B 72ms
51ms Image
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid=3;dc_exteid=1315784188977966487;met=1;ecn1=1;etm1=0;eid1=200000;acvw=sv%3D903%26cb%3Dima%26e%3D9%26nas%3D1%26sdk%3Dh%26p%3D988,394,1269,894%26tos%3D0,2033,0,0,0%26mtos%3D0,2033,2033,2033,2033%26amtos%3D0,0,0,0,0%26mcvt%3D2033%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D2033%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D450%26pst%3D428%26dur%3D30000%26vmtime%3D1925%26dtos%3D2033%26dtoss%3D1%26dvs%3D2011%26dfvs%3D0%26dvpt%3D2011%26is%3D275%26i0%3D275%26ic%3D1%26cs%3D4371%26c%3D0.75%26mc%3D0.75%26nc%3D0.75%26mv%3D0%26nv%3D0%26lte%3D0.75%26ces%26femt%3D412%26femvt%3D0%26emc%3D11%26emuc%3D0%26emb%3D0,11,0,0,0%26avms%3Dexc%26qi%3D511313762%26psm%3D-2147483645%26psv%3D-2147483645%26psfv%3D0%26psa%3D0%26ptlt%3D1630758468175%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,2033;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.05%26t%3D1630758465984?

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 log
pixel.inforsea.com/server/ 0
48 B 31ms
30ms Image
text/plain 63.33.79.252
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.inforsea.com/server/log?event=2s&dim9=13959&session_id=hgkkfsly3fb2&affiliate_id=ft1qwjd9a&domainapp=otosaigon.com&width=500&height=281&visible=75&cb=3957774538054&publisher_id=107455935234537&country=DE&os=Windows&os_version=10&browser=Chrome&browser_version=92&iab=IAB2&ad_source_id=cskqxodat&sell_cpm=0.26&request_cost=0&impc_aa=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.33.79.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-33-79-252.eu-west-1.compute.amazonaws.com
Software: fasthttp /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:48 GMT
server: fasthttp

GET
H2 204 /
t.vi-serve.com/ 0
48 B 30ms
28ms Image
text/plain 52.17.85.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.vi-serve.com/?event=VIEWABLE_IMP&page_url=https%3A%2F%2Fwww.otosaigon.com%2Fthreads%2Fcho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318%2F&pub_id=107455935234537&channel_id=ft1qwjd9a&placement_id=pltLK33C0krMTw0wref&ad_unit_type=2&session_id=hgkkfsly3fb2&focus=true&player=playerVI&build=m&pageLanguage=vi-vn&placement_w=500&placement_h=349&video_w=500&video_h=281&time_delta=13972&ad_source_id=cskqxodat&overlapped=0.00&position_on_page=21&playlist_pos=1&matchedCategory=IAB2&mobile=false&floating=false&nv_video_id=4Jm1q20BotWZybvZTRZx&nv_source_id=101&nv_feed_id=1194&in_view=true&cb=9726
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.85.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-85-197.eu-west-1.compute.amazonaws.com
Software: fasthttp /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:48 GMT
server: fasthttp

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 512ms
96ms Image
image/gif 54.156.11.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=927929&asId=6cc394b2-a389-9669-26dc-8a6cad374d21&tv=%7Bc:nfGFdG,pingTime:-10,time:708,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fC0xMjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Mi4wLjQ1MTUuMTU5IFNhZmFyaS81MzcuMzZ8fDF8fDF8fEdvb2dsZSBJbmMufHxu,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022002222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000002220002220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1630758468403%7C%7Ccde7bb815f70ff18cfcfdc7d78c67998%7C%7C605f01b1409979f1b4f5151f8eefb28a%7C%7Cfcb07a5c88671a8ac1863d3928ac92a2%7C%7C90027c46a70744065370e37bda87ff03%7C%7C16f11ceb635b791dd1f70333a0c364fb%7C%7C3e2fc7b9d62e3e17974014b51e1044ca%7C%7C6de57e7b3b464341816ea5e7881c7471%7C%7C1629390669%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.156.11.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-156-11-91.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:48 GMT
x-server-name: dt02.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

POST
H2 200 /
track.adform.net/serving/unload/ Frame 964E 35 B
478 B 19ms
18ms Ping
image/gif 37.157.6.246
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=0@@48865844,6145589570428525892,0|0|0|0|0|0|0|0|0||0|1|||||1|0|0|pGbCz8o1K2Xi5nP9TebYOumn3tQYot-A0|||11||0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.246 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:48 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://hal900021.redintelligence.net
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 101ms
100ms Image
image/gif 54.156.11.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=927929&asId=6cc394b2-a389-9669-26dc-8a6cad374d21&tv=%7Bc:nfGFoV,time:1405,type:e,env:%7Bnr_p:1,nr_publ1:1,nr_grpm1:1%7D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:1405,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:211,wc:0.0.1600.1200,ac:0.0.1.1,am:s,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1217~0%5D,as:%5B1217~1.1%5D%7D%7D%5D,slEventCount:1,em:false,fr:true,e:,tt:jload,dtt:900,fm:sI2Ql4A+1*.927929%7C11%7C121%7C122%7C123%7C13%7C141%7C142%7C143%7C1511%7C152%7C16%7C171%7C172%7C18%7C19%7C1a1%7C1a2%7C1b1%7C1c%7C1d1%7C1e%7C1f,idMap:1*,rmeas:1,rend:0,renddet:na%7D&br=u
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.156.11.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-156-11-91.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:49 GMT
x-server-name: dt19.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 5B24 42 B
212 B 19ms
19ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=ClWgXQWYzYe3lJ5ba3wOEjKWQB4bm3fZkjdnJ3p4OsJAfEAEg-KHCZ2CVgoCAsAegAdHQ0MkCyAEFqQK3zvaIH-6zPuACAKgDAZgEAKoErgJP0PdI9gAG4JILLfNG2uxqUC2xvBxuLg4IqG7VAAdHoXxS4a_BqnzBtmez1ScLRtx9esNO90dFUjmkP_2X2C23CwINNOYqqJNztdK5XhWOLo6XdhfYlPAEI1tMLlH91V9CzcSuO5L6yE82Pu4m_l7N3nC_2gBm6ixM0ubiBwZXItHfjAVKUwWbwQp8P7uzMpzbMsEU824OkwcLkBv-WYRjMG_IN0Z8WPoOCdp_EJKEBtD9GMJ6BXWsYrR-bbffgh2QWhBbjBdK9xfoK_FvobnsVwrRiluOio75Z2iEFgWLsZPkEnVCnzd2I4eG68FesqFyCfEYFkuzbCh4q7X1pc3opMnl50wUP9ddJhNRIoCycGUQPzhY4_ca7EQuQuqggFyNPxG_A04uet-EzlIpbMAEm8_t0dgD4AQBiAXesP79NaAGVIAHl6-vtgGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgHnNwbqAfulrECqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcBqAgB0ggJCIDhgBAQARgdgAoDyAsBsBOtsrgM2BMN2BQB0BUBqBYB4hYCCAGAFwE&sigh=WGj8JwI52uA&cmd=Ch1jYS12aWRlby1wdWItNTYxNzA5ODE0NjA1NDA3NxAAGAI&label=video_skip_shown&ad_mt=5179&acvw=sv%3D903%26cb%3Dima%26nas%3D1%26sdk%3Dh%26p%3D988,394,1269,894%26p0%3D988,394,1269,894%26tos%3D0,5246,0,0,0%26mtos%3D0,5246,5246,5246,5246%26amtos%3D0,0,0,0,0%26mcvt%3D5246%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26a0%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D5246%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D1056%26pst%3D428%26dur%3D30000%26vmtime%3D5178%26is%3D275%26i0%3D275%26cs%3D4371%26c%3D0.75%26c0%3D0.75%26mc%3D0.75%26nc%3D0.75%26mv%3D0%26nv%3D0%26qmt%3D0,5246,5246,5246,5246%26qnc%3D0.75%26qmv%3D0%26qnv%3D0%26lte%3D0.75%26ces%26femt%3D412%26femvt%3D0%26emc%3D27%26emuc%3D0%26emb%3D0,27,0,0,0%26avms%3Dexc%26qi%3D511313762%26psm%3D-2147483585%26psv%3D-2147483585%26psfv%3D0%26psa%3D0%26ptlt%3D1630758471389%26pngs%3D9s,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,5246%26ss0%3D0.05&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0.05%26t%3D1630758465984&sdkv=h.3.478.2&vci=CmgIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDQ4OTI4Nzc0MDU1NzIMNTQzMTI1MjY4ODczQJ0CUiAQDyUAAAxCKAE6B3Vua25vd25CB3Vua25vd25IygFQABgB

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:51 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 98ms
97ms Image
image/gif 54.156.11.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=927929&asId=6cc394b2-a389-9669-26dc-8a6cad374d21&tv=%7Bc:nfGGrq,time:5404,type:e,env:%7Bnr_p:5%7D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:5404,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:211,wc:0.0.1600.1200,ac:0.0.1.1,am:s,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B5216~0%5D,as:%5B5216~1.1%5D%7D%7D%5D,slEventCount:1,em:false,fr:true,e:,tt:jload,dtt:105,fm:sI2Ql4A+1*.927929%7C11%7C121%7C122%7C123%7C13%7C141%7C142%7C143%7C1511%7C152%7C16%7C171%7C172%7C18%7C19%7C1a1%7C1a2%7C1b1%7C1c%7C1d1%7C1e%7C1f,idMap:1*,rmeas:1,rend:0,renddet:na%7D&br=u
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.156.11.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-156-11-91.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:53 GMT
x-server-name: dt07.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 5B24 42 B
210 B 53ms
51ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=ClWgXQWYzYe3lJ5ba3wOEjKWQB4bm3fZkjdnJ3p4OsJAfEAEg-KHCZ2CVgoCAsAegAdHQ0MkCyAEFqQK3zvaIH-6zPuACAKgDAZgEAKoErgJP0PdI9gAG4JILLfNG2uxqUC2xvBxuLg4IqG7VAAdHoXxS4a_BqnzBtmez1ScLRtx9esNO90dFUjmkP_2X2C23CwINNOYqqJNztdK5XhWOLo6XdhfYlPAEI1tMLlH91V9CzcSuO5L6yE82Pu4m_l7N3nC_2gBm6ixM0ubiBwZXItHfjAVKUwWbwQp8P7uzMpzbMsEU824OkwcLkBv-WYRjMG_IN0Z8WPoOCdp_EJKEBtD9GMJ6BXWsYrR-bbffgh2QWhBbjBdK9xfoK_FvobnsVwrRiluOio75Z2iEFgWLsZPkEnVCnzd2I4eG68FesqFyCfEYFkuzbCh4q7X1pc3opMnl50wUP9ddJhNRIoCycGUQPzhY4_ca7EQuQuqggFyNPxG_A04uet-EzlIpbMAEm8_t0dgD4AQBiAXesP79NaAGVIAHl6-vtgGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgHnNwbqAfulrECqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcBqAgB0ggJCIDhgBAQARgdgAoDyAsBsBOtsrgM2BMN2BQB0BUBqBYB4hYCCAGAFwE&sigh=WGj8JwI52uA&cmd=Ch1jYS12aWRlby1wdWItNTYxNzA5ODE0NjA1NDA3NxAAGAI&label=videoplaytime25&ad_mt=7683&acvw=sv%3D903%26cb%3Dima%26e%3D1%26nas%3D1%26sdk%3Dh%26p%3D988,394,1269,894%26tos%3D0,7751,0,0,0%26mtos%3D0,7751,7751,7751,7751%26amtos%3D0,0,0,0,0%26mcvt%3D7751%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D7751%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D1658%26pst%3D428%26dur%3D30000%26vmtime%3D7682%26dtos%3D5718%26dtoss%3D2%26dvs%3D5718%26dfvs%3D0%26dvpt%3D5718%26is%3D275%26i0%3D275%26i1%3D275%26ic%3D0%26cs%3D4371%26c%3D0.75%26mc%3D0.75%26nc%3D0.75%26mv%3D0%26nv%3D0%26qmt%3D0,7751,7751,7751,7751%26qnc%3D0.75%26qmv%3D0%26qnv%3D0%26lte%3D0.75%26ces%26femt%3D412%26femvt%3D0%26emc%3D40%26emuc%3D0%26emb%3D0,40,0,0,0%26avms%3Dexc%26qi%3D511313762%26psm%3D-2147483393%26psv%3D-2147483393%26psfv%3D0%26psa%3D0%26ptlt%3D1630758473893%26pngs%3D9s,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,7751&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.05%26t%3D1630758465984&sdkv=h.3.478.2&vci=CmgIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDQ4OTI4Nzc0MDU1NzIMNTQzMTI1MjY4ODczQJ0CUiAQDyUAAAxCKAE6B3Vua25vd25CB3Vua25vd25IygFQABgB

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:53 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pubid=3;dc_exteid=1315784188977966487;met=1;ecn1=1;etm1=0;eid1=960584;acvw=sv%3D903%26cb%3Dima%26e%3D1%26nas%3D1%26sdk%3Dh%26p%3D988,394,1269,894%26tos%3D0,7751,0,0,0%26mtos%3D0,7751,7751,7751,7...
ade.googlesyndication.com/ddm/activity_ext/ Frame 5B24 42 B
107 B 55ms
54ms Image
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid=3;dc_exteid=1315784188977966487;met=1;ecn1=1;etm1=0;eid1=960584;acvw=sv%3D903%26cb%3Dima%26e%3D1%26nas%3D1%26sdk%3Dh%26p%3D988,394,1269,894%26tos%3D0,7751,0,0,0%26mtos%3D0,7751,7751,7751,7751%26amtos%3D0,0,0,0,0%26mcvt%3D7751%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D7751%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D1658%26pst%3D428%26dur%3D30000%26vmtime%3D7682%26dtos%3D5718%26dtoss%3D2%26dvs%3D5718%26dfvs%3D0%26dvpt%3D5718%26is%3D275%26i0%3D275%26i1%3D275%26ic%3D0%26cs%3D4371%26c%3D0.75%26mc%3D0.75%26nc%3D0.75%26mv%3D0%26nv%3D0%26qmt%3D0,7751,7751,7751,7751%26qnc%3D0.75%26qmv%3D0%26qnv%3D0%26lte%3D0.75%26ces%26femt%3D412%26femvt%3D0%26emc%3D40%26emuc%3D0%26emb%3D0,40,0,0,0%26avms%3Dexc%26qi%3D511313762%26psm%3D-2147483393%26psv%3D-2147483393%26psfv%3D0%26psa%3D0%26ptlt%3D1630758473893%26pngs%3D9s,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,7751;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.05%26t%3D1630758465984?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:53 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 log
pixel.inforsea.com/server/ 0
48 B 53ms
52ms Image
text/plain 63.33.79.252
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.inforsea.com/server/log?event=q1&dim9=19682&session_id=hgkkfsly3fb2&affiliate_id=ft1qwjd9a&domainapp=otosaigon.com&width=500&height=281&visible=75&cb=6087805912697&publisher_id=107455935234537&country=DE&os=Windows&os_version=10&browser=Chrome&browser_version=92&iab=IAB2&ad_source_id=cskqxodat&sell_cpm=0.26&request_cost=0&impc_aa=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.33.79.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-33-79-252.eu-west-1.compute.amazonaws.com
Software: fasthttp /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:53 GMT
server: fasthttp

GET
H2 204 /
t.vi-serve.com/ 0
48 B 53ms
52ms Image
text/plain 52.17.85.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.vi-serve.com/?event=AD_25&page_url=https%3A%2F%2Fwww.otosaigon.com%2Fthreads%2Fcho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318%2F&pub_id=107455935234537&channel_id=ft1qwjd9a&placement_id=pltLK33C0krMTw0wref&ad_unit_type=2&session_id=hgkkfsly3fb2&focus=true&player=playerVI&build=m&pageLanguage=vi-vn&placement_w=500&placement_h=349&video_w=500&video_h=281&time_delta=19682&ad_source_id=cskqxodat&position_on_page=21&playlist_pos=1&matchedCategory=IAB2&mobile=false&floating=false&nv_video_id=4Jm1q20BotWZybvZTRZx&nv_source_id=101&nv_feed_id=1194&in_view=true&cb=0d46
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.85.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-85-197.eu-west-1.compute.amazonaws.com
Software: fasthttp /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.otosaigon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 12:27:53 GMT
server: fasthttp

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E586 0
463 B 75ms
56ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=html5-mon&a0=layout&f0=layout&s0=0&d0=200.0000&a1=https&f1=layout_html&s1=0&d1=14.0000&i=518901649397&t=419&c=p&lp=%2Fsadbundle%2F%24csp%253Der3%24%2F17626451119355985920%2Findex.html&qqi=CIDGoteo5fICFZQ34AodlBYK5g

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 12:27:54 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET

aclk
www.googleadservices.com/pagead/ Frame 5B24
Redirect Chain

https://googleads.g.doubleclick.net/aclk?sa=l&ai=Ca74rQWYzYe3lJ5ba3wOEjKWQB4bm3fZkjdnJ3p4OsJAfEAEg-KHCZ2CVgoCAsAegAdHQ0MkCyAEFqQK3zvaIH-6zPuACAKgDAZgEAKoEsQJP0PdI9gAG4JILLfNG2uxqUC2xvBxuLg4IqG7VAAd...
https://www.googleadservices.com/pagead/aclk?sa=L&ai=CI8sLQWYzYe3lJ5ba3wOEjKWQB4bm3fZkjdnJ3p4OsJAfEAEg-KHCZ2CVgoCAsAegAdHQ0MkCyAEFqQK3zvaIH-6zPuACAKgDAZgEAKoEsQJP0PdI9gAG4JILLfNG2uxqUC2xvBxuLg4IqG7...

0
0

GET
H2 204 watchtime
s.youtube.com/api/stats/ Frame 4CA4 0
0 17ms
17ms Image
text/html 2a00:1450:400c:c04::8a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.youtube.com/api/stats/watchtime?rti=10&st=0.000&et=10.059&rtn=20.000&ns=yt&fexp=44730612%2C44737475&el=adunit&cpn=YlHw0VpHqJYtUyu_&docid=OA_dKpXFf5w&ver=2&cmt=10.059&fmt=18&rt=10.000&adformat=2_2_1&euri=https%3A%2F%2Fwww.otosaigon.com%2F&len=30.000&vtype=gvp&c=web_gvp_ads&cver=h.0.0.0&cbr=Chrome&cbrver=92.0.4515.159&cos=Linux%20x86_64&cosver=537.36&cplatform=desktop
Requested by: Host: blank
URL: about:blank
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c04::8a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/aclk?sa=L&ai=CI8sLQWYzYe3lJ5ba3wOEjKWQB4bm3fZkjdnJ3p4OsJAfEAEg-KHCZ2CVgoCAsAegAdHQ0MkCyAEFqQK3zvaIH-6zPuACAKgDAZgEAKoEsQJP0PdI9gAG4JILLfNG2uxqUC2xvBxuLg4IqG7VAAdHoXxS4a_BqnzBtmez1ScLRtx9esNO90dFUjmkP_2X2C23CwINNOYqqJNztdK5XhWOLo6XdhfYlPAEI1tMLlH91V9CzcSuO5L6yE82Pu4m_l7N3nC_2gBm6ixM0ubiBwZXItHfjAVKUwWbwQp8P7uzMpzbMsEU824OkwcLkBv-WYRjMG_IN0Z8WPoOCdp_EJKEBtD9GMJ6BXWsYrR-bbffgh2QWhBbjBdK9xfoK_FvobnsVwrRiluOio75Z2iEFgWLsZPkEnVCnzd2I4eG68FesqFyCfEYFkuzbCh4q7X1pc3opMnl50wUP9ddJhNRIoCycGVIPooy6936-Nbf9iH-NJfk0pq-4MVnhQbSMaNQdXiYecAEm8_t0dgD4AQBiAXesP79NZIFBggDEAEYAcAFbqAGVIAHl6-vtgGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgHnNwbqAfulrECqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcBqAgB0ggJCIDhgBAQARgdmgkqaHR0cHM6Ly93d3cuaHl1bmRhaS5kZS9rYW1wYWduZS9lZGl0aW9uMzAvsQnI_a0t-pkR2YAKA8gLAdALDuALAbgMAbATrbK4DNgTDdgUAdAVAagWAeIWAggBgBcB&num=1&client=ca-pub-4364561325077639&ctype=110&label=video_10s_engaged_view&ad_mt=10059&acvw=sv%3D903%26cb%3Dima%26nas%3D1%26sdk%3Dh%26p%3D988,394,1269,894%26p0%3D988,394,1269,894%26p1%3D988,394,1269,894%26tos%3D0,10246,0,0,0%26mtos%3D0,10246,10246,10246,10246%26amtos%3D0,0,0,0,0%26mtos1%3D0,7751,0%26mcvt%3D10246%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26a0%3D0%26a1%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D10246%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D2264%26pst%3D428%26dur%3D30000%26vmtime%3D10058%26is%3D275%26i0%3D275%26i1%3D275%26cs%3D4371%26c%3D0.75%26c0%3D0.75%26c1%3D0.75%26mc%3D0.75%26nc%3D0.75%26mv%3D0%26nv%3D0%26qmt%3D0,2495,2495,2495,2495%26qnc%3D0.75%26qmv%3D0%26qnv%3D0%26lte%3D0.75%26ces%26femt%3D412%26femvt%3D0%26emc%3D52%26emuc%3D0%26emb%3D0,52,0,0,0%26avms%3Dexc%26qi%3D511313762%26psm%3D-2147481601%26psv%3D-2147481601%26psfv%3D0%26psa%3D0%26ptlt%3D1630758476389%26pngs%3D9s,14,15s%26veid%3Dxdi:0,amp:0%26ssb%3D0,0,0,0,0,0,0,0,0,0,10246%26ss0%3D0.05%26ss1%3D0.05&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0.05%26t%3D1630758465984&cid=CAQSKQCNIrLMrguxaw723Ir0Vvovlvu_Leg80d5EhmM27lEFdk0qBZa3Y1p9&dblrd=1&val=ChAyMmViNDk5NmU2YzgwMDA0EMzMzYkGGgiJMMDVS4dJciABKAE&sig=AOD64_0SzOxlMtYsDCGVPIkrH5_EQUTuog&adurl=https://ad.doubleclick.net/ddm/trackclk/N822516.3772727IWEVIDEO/B26458506.312845884%3Bdc_trk_aid%3D505492845%3Bdc_trk_cid%3D157141650%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Btfua%3D%3Bltd%3D

Verdicts & Comments Add Verdict or Comment

92 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-19 20:59:22	Name: DSID Value: NO_DATA
.otosaigon.com/	1970-01-20 06:20:54	Name: __gads Value: ID=bdc5fba26f04f273:T=1630758459:S=ALNI_Maj6CgS3DnIZqh2aCXPffmTUzK7gw
.otosaigon.com/	1970-01-19 23:08:54	Name: _fbp Value: fb.1.1630758458631.2122503782
.otosaigon.com/	1970-01-19 20:59:18	Name: _gat_gtag_UA_40673294_1 Value: 1
.otosaigon.com/	1970-01-19 20:59:18	Name: _gat_UA-40673294-1 Value: 1
.otosaigon.com/	1970-01-19 21:00:44	Name: _gid Value: GA1.2.1004780414.1630758459
.doubleclick.net/	1970-01-20 06:20:54	Name: IDE Value: AHWqTUkhA8f9RHxlC9aO0J_i4-9faNmcvOZX3Zme_qCShU04NEyZoHbcK0duvgMg
.otosaigon.com/	1970-01-20 14:30:30	Name: _ga Value: GA1.2.2013777321.1630758459
www.otosaigon.com/	1969-12-31 23:59:59	Name: WID Value: vt151\|YTNlj\|YTNlj

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	info	URL: https://cdn.ampproject.org/rtv/022108170213000/amp4ads-v0.mjs(Line 6) Message: Powered by AMP ⚡ HTML – Version 2108170213000 https://www.otosaigon.com/threads/cho-em-hoi-tieu-hao-nhien-lieu-kia-carnival.1634318/
console-api	log	URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js(Line 1) Message: OneSignal: Using fallback ES5 Stub for backwards compatibility.
console-api	log	URL: https://hal900021.redintelligence.net/request_content.php?s=58252100066538603150070011707021&a=f80e07d4(Line 11) Message: fbex_capture:1
console-api	log	URL: https://hal900021.redintelligence.net/request_content.php?s=58252100066538603150070011707021&a=f80e07d4(Line 11) Message: fbex_capture:2
console-api	debug	URL: https://static.adsafeprotected.com/sca.17.5.12.js(Line 32) Message: a: 0.001953125 ms
console-api	log	URL: https://hal900021.redintelligence.net/request_content.php?s=58252100066538603150070011707021&a=f80e07d4(Line 11) Message: fbex_capture:3
console-api	log	URL: https://hal900021.redintelligence.net/request_content.php?s=58252100066538603150070011707021&a=f80e07d4(Line 11) Message: fbex_capture:last

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

abfc37dd4bf691cb0e167728b93f1c40.safeframe.googlesyndication.com
ad.doubleclick.net
ade.googlesyndication.com
ads.pubmatic.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
bttrack.com
c1.adform.net
call.inforsea.com
cdn.ampproject.org
cdn.onesignal.com
cdn1.otosaigon.com
cdnjs.cloudflare.com
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
csi.gstatic.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
eu-u.openx.net
eus.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
hal9000.redintelligence.net
hal900021.redintelligence.net
hbopenbid.pubmatic.com
htlb.casalemedia.com
i.ytimg.com
image6.pubmatic.com
imasdk.googleapis.com
js-sec.indexww.com
match.adsrvr.org
nv.vi-serve.com
p.rfihub.com
pagead2.googlesyndication.com
pixel.adsafeprotected.com
pixel.inforsea.com
pixel.mathtag.com
pixel.quantserve.com
player.inforsea.com
prebid-server.rubiconproject.com
pubads.g.doubleclick.net
rr1---sn-4g5e6nss.googlevideo.com
rr1---sn-4g5ednz7.googlevideo.com
rr7---sn-n02xgoxufvg3-2gbs.googlevideo.com
s.amazon-adsystem.com
s.vi-serve.com
s.youtube.com
s0.2mdn.net
s1.adform.net
search.spotxchange.com
secure.adnxs.com
securepubads.g.doubleclick.net
ssum-sec.casalemedia.com
static.adsafeprotected.com
static.cloudflareinsights.com
stats.g.doubleclick.net
sync.mathtag.com
t.vi-serve.com
tags.mathtag.com
token.rubiconproject.com
tpc.googlesyndication.com
track.adform.net
u.openx.net
us-u.openx.net
videointelligence-d.openx.net
vis.vi-serve.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.otosaigon.com
www.googleadservices.com
13.248.242.197
138.201.63.164
142.250.181.226
142.250.185.102
142.250.185.226
142.250.185.66
144.76.238.55
18.200.219.243
18.203.62.2
185.29.132.246
185.29.134.244
185.64.189.112
185.64.189.115
185.94.180.123
192.132.33.46
193.0.160.129
2.18.233.180
2.18.233.201
2.18.234.21
205.185.216.10
209.54.177.54
23.37.38.181
23.37.42.132
2404:6800:4005:812::2003
2606:4700:20::681a:a35
2606:4700::6810:135e
2606:4700::6810:5f41
2606:4700::6812:e234
2620:116:800d:21:f916:5049:f87f:108e
2a00:1450:4001:3d::6
2a00:1450:4001:5e::6
2a00:1450:4001:802::2001
2a00:1450:4001:810::2002
2a00:1450:4001:810::2008
2a00:1450:4001:812::2001
2a00:1450:4001:812::200a
2a00:1450:4001:827::2001
2a00:1450:4001:827::2003
2a00:1450:4001:829::200a
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::200e
2a00:1450:4001:82a::2016
2a00:1450:4001:82f::200a
2a00:1450:4001:831::2002
2a00:1450:4001:831::2004
2a00:1450:400c:c04::8a
2a00:1450:400c:c08::9d
2a01:28:cb6:3::12
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
35.244.159.8
37.157.4.39
37.157.5.73
37.157.6.246
37.252.172.37
52.17.85.197
52.18.40.16
52.28.56.40
52.50.243.239
54.156.11.91
63.33.79.252
69.173.144.139
026ea6213964c26a5dd48209e52458e77cb8ff397359c941562f2fb6dbf11dc5
0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467
02b72b855bc20c00ae6cfa83214d58ef1d9522a421ddb0ee4d5e41032de5b81a
04b97f56fa4b4a095f76084fab448f1365ef7a59096fc49abb0411ff2bec7f06
084b9814e69633dca216a358f04e4839899db35389604b40294adc1b72bb37ae
0a6a6195f864d4be024657df40caae0f048a70651972c66a23207fcf814ca202
0ab06cf65bdf8b799e08cdbbab0c150a304366226fde00db258f6bfea2ef0407
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
0d5a97294223d62bc6719aa84f478e7aeb1618df0631b30dee48e6c843818d7a
0d955e9c6adc86c2323a4ea95174886fbd41f51073b3301274fc2009243eb698
1098f28d5edbc596432484aabf1ef10028120b1fcca960cffd5bda99425d7afd
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5
12c4cf29fbd81217e5b71a45af47a0e35ce7ea084179fa901755c8e3432fefd1
16afd5948106c3aaf382436d2bcf111486dd2e35e3082e1b02b29e43eb2e99eb
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
182227da36476403253412438e62f6d3269e419b45f914bee4ce04b5881d3e8a
1953422f75aefd63e875ed7ddcd4346d9dbf74f064e26c49e95612a23df4a35b
1aeeb078f0be924d4a603061050b650a21dff9deb1958beebffe46213556deed
1c45bfa2dc80f54eb8564aa778a0929a00811168617ee6340cc59f0af48e5cca
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
1d164e457f95499c4ce6d394a38c84789da175ef9ed3eb3f263b84d33260a7d0
229ce7c32c2305a91ac697887158545117878df9a9f4d10019a8840bef1d964f
233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285
2405bd02584cae91a0a4c434fec3e72f392d07e1bedc993c3b16baa7800bbdfd
243266827c84227076ef5997d831eb751e2817d23397c9942f2d5be707c08fee
27b62528cb42562658c316e11c563147078b6182dab93e37c9fae1b29ce44527
2a2399d510fe0bb91bf136a84c8f186c5bd3a57a2aac94a39bf167850588717f
2a954bf31e1f848bf58adc7e3a15261b8ffd0d4358426ae840de8a7afee09e59
335b59e615135313a66319e641cdad6ac3489a600e04d4181c859699bed4babe
33f741884d49aa4540005845acbcfc179b071230ead16ff1f950b0c88e7e184c
368515b51a4958d7e64bea11f46da5176084748d3af4ead8e0484aa45dbb95fd
36edff18f192ec15ad37a30311270db2d5e67ba52b998a6dced3c834117bd907
379587f0cc0fe0137ff92ac3ee3671dd1f90119e17e269e26a807a9a668642a9
37bc930c63149650677d732eea9526432bd8494c55737f45c98e7f8ad7c1e7ff
37d52f59a49a716879f7574b8c4194e14f8f0cbd5dfc45cf9a0d6594a9fe0eba
3b1a12213c131e6be67d89644201d6b08c120d07aa0b6913d31f73d7d09b9572
3b2ea1c9f3587781b58285cf64279e67f6329a3924fb93f81529f1826e2f4d16
3d98123e0840ba76b93bf92147d2664fb0bc23cf37d61561e48fd270bbd0d1de
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
40d8cd7abc619c9c0eab9946cc4a4f375a8559b397358c1e3ddab7c73d97ed15
42523a989fef6ed6ba69f7bd7b8caa85ae7164cac654f831d51c81db0ccb7ff4
43376938d50178cc61b27a3fcf1205d5b8112d3eb4d920508e4bdb6f0df3172f
485ef94c52a4c62277533950ca70e9c4b13f97eed65cc868b22bd8c37e3ada11
48bb89434a42b4fb519f27e9272e018e8151383b4b7f46f26260f5fd29e5f05e
492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032
4bb0ccca3c05bcecf3e87f670193a6fafd4b4b8527838690009052615a68ec2e
4c81ff4efb04c5797d57737fd85aee45fffaac2b59b4c65add4a291f4b378a38
4dc620dfd52d82d0dfcf9e32b037e565344af64506c6848caf2f79273bbbf602
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e46417cd650f95e064be882110dd3f25f9be67e12a88873f98a48fa0031f48c
4ed3678001746d71ccf369c290138a4dd62c8969fb3193c668b41c063899f626
4f72af3d7b96dc44bca6dca1ef2372a5b2ba73854fbba6da41d6752eb207be8d
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
58f76b0b684536fbea8ae9ae7177607e81a261407916e9a86e063b02948e9adc
5b23e7d8882806a2f0d3ac78e8afeafde83c77e229c62720251fb59dcc6866a2
5ba549dc734460da9128d5d15de3ec1b86e662f6ff34dd8b29c59068bebe6e85
5d050189253c7a0e26d4b13f3e96b6ffac273408a548ecc2460fa5c78b327d6f
5d693f43e82a0ad9cf42285eefd6bbd3953d9f3fe6cd18124765c1ca17008a1f
5dc7e19fb451f1d64df8ab4a670f777c88101d8519e1dc670940dd03625457b2
5e9dc26b28d8f13a4129556d996723b6478e4c42120ac19d60f7fc7b4357750e
5eed273d16f8b9f330c78d58eebc4c1cfb64346a84a9bc8781afe1bc69077d67
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
5faa41f73ee15713fd12a1ba179bc8566d7047f230e74394658d725c9087c1dd
5fe061d3da79d71cb8d7c2b7e72fc2b4e3affb446c1b3807e7e2ab5593988d5b
61a2dcaf96aaaf03fc7f52a5b5a22bc688f64ef33c5b63ab12b5923c5b87d5dd
62cdccf1ab4b4215586295612a4a2ef96fa490250fa96dbccc565f659cab86ab
65e0979334fe5c03eaccb80871f8ea6433aff2312657f40005a25b3faa5c9c54
67945c81e68d618d335f83c88cb132326672fcf9465fdd8e420a30a8cbb9c95f
681b1527be09e3c311b7217ae1133b99b299696198c964c84abc6fb6b64b6ddb
68c2dc18b84694124eb1fc6b2bfe897349841bdfacda58f3330e80ff27aab286
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6ba74b0b7223564fe5de95a05498160da36162274673a6c4583a757d233c41b1
6c62cd1dff8577abea354f379662b20f5df40234f03ac527083dab6ec3ecbe45
6e9fcceaa68cbf84cbcf9bfc5ce9d984f0994e468e708354244f14568d14a0a6
710541fe2b114e146b9e7c8d80d76bbee7a51e1eabb14e0e3b3f9f7a9e7e0f4c
730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658
75970d2edf903237a88bf7dee75f7f78dcece4b01bfd0451b33c0aad0cb6a21b
786fa88a3865f20b9630631fbe22c69260475045ae648f26d7543c4eb3488364
7c49cd8d9e713543e90f560daef101b2806874ca29eb7e6db382cd46138a9ef7
7e5b4dd28e58e76dbe83eb2b357fdad7e54b85a9def9bf953063d5970a91ee6a
7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c
82b3a9ac8b099ace96214d4ef3e68f4aa4aceeb570f37c8a4ce22f1e82be7af5
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84d65b42eb50cdb66f5dfd20d4ab84b24983f56382575ea493ee8ae71f9d3242
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
859bbfed1cc557ff3b7bd83fa0676acece6e9b4a28be8ca20edd1e5f56994609
859c73b1c255a0df742a1feaee291b6966b1e71076049d06c9dee9b844493c85
85f617a7e817cedb0b8cda384ab9f9f272084513d6d0506f6de405f456a3e006
861aed070db50ce0da9928455deff784c115b44540b09450f225ff7cff0c7429
888917d3e3c7fda9e1f3c65bde162ff23a7bf8505c18059c3e6e6e0aaa307f7c
8929a31c9c06bfe5f5665ae8edc5a27b88793cf97d5f6cfab707e5aadc9b19db
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20
8d67d0c9faccb04c46191d2e821f776b7362eaa8f470409269f6a665c8b43774
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d9f1e7a5653eade39c663ba7e740f5f8b51fde9a7fcc7e2d59b0338598e5075
9005ef18fcfb3897cd13c7ec73f90d2b0da0cc7d6153be58cdbe90ad5e2741c8
9158e53d7052a6df65c12e3a59a8c77a8be353425523e4eff057fa5578e654ad
9248542b55f10b006b86fd81d43c2f1ebf570293d74a331ec7daed7f63149dec
933247953977a794be40964c0f4659e28f3006fd2f663a22cadd309fe3964906
960b1feee8bb8c9f74430d0d46e8b1dcf9f4eb1e44b4892986eaa5030f654fd9
969231fe165a93933d6908d45bfa09c364b66de37160efea47d87d18d7d37bd8
9a44b6d5f2b58b566d8882dd64c684e89f03cfdc597a9b7e9abba7a974a5c605
9a876f6cbd09c5f245491f6877db2a6bb7faa356893ae8a5f8881b2ad6c64212
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9e68c89d2dd1e070d6db5d9e1e3a6878f8e1f7383227ece51a89f256f097e48a
9e780c848dc68c52d42fa48306ece0e217223b0709721d746455dda75bbf08fe
9e87268fae4ae747d9a06d8962d5b7b0fb472ab432eb2bd29415b188825ee758
9e9b34f0817548b428e128d5a7551fbc499d01fee0a12d016c323f65b9d4e2fd
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0e4153884882c63418177298932d5a4934056a76fc9fe461fb385bf0c35363e
a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e
a1f8b57e372eb599e67cbc53e9f86699cea9caf3931d9cb5709b8a8db61f4555
a213b67eebe575881cc62cd8800129e15d9ca92049b2e37832bf83d9fa2ed79e
a318c59fc4322369a187c36d2219bdd851b76af38182b366e1934620ac3f107d
a39a8cea3aeca06b6e77ff10ad01496592dd445d73747fbb791ad62e5e996f26
a3c1b2810caf750d69a32b747d99360d8e8dacf85b59c51f45178f0fbbf33609
a3f3bc207e5fec2584cf7a5df2f6d75c4abbb9fbf3d9900f99c6c388e9626230
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a74d8afd5efb83f662a89e6efe1502fd550616c31d729a91d7084ba0e351c0e2
a787057935ac5467741ab7814ba3d2575408f0b0cbe5222c1ea6ccd7bca90940
a7bf67883867f93d08cbf4eeac0485e641cb9e5b123e18bef046b7c706cffd28
a87352099e9b3946d71f4f73c69f9217ef99278088a177d5eef09df78c11e4ae
ab02cdd01c1f62621a68399ed97180c81c8b3988451a2054791eee62bfcef3c9
abc1bbfb097cfaf4715fe823adb40881f8ed35a943692d5c037945c2fcc56340
aca78b4715adbf0d27ea5e6ac7a5ac7d3eb55f051f2b767dd05f2f558c2ee3ac
b00176dbbd9e4c77629b36fae58d076c8c3b55754e7c2dd3a6e4986e7ec9c37b
b0f14afeeb671e825b4e19d24a758a41be4632a63b168aec621b01dbf98c1bce
b123d3cd853f7cd9c7d7c92b0ca99a37b4fa7e654fca65be5f1a15fd9253635e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1cdc6b6c847d47d017169aebaf9f652eda7b1ced7634a56102e1258d76f155a
b4efe3fee8ad1e7cfa740ad7cf75431c2642afac3d68aafeb76591aa3df1692c
b6bf8847aab8d1abb999cae6d7e4911a8e95c8fefb282c448b90d340edc194d4
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
b70aa192cf670ffbccd24885ff71e159e03c809b890abe15e74cce9f497dd8e5
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bd3a2482b7b952b621e16a05c3bb1847829d057fb1384f4c32d1362b8153e967
bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a
bf921c508b5b894f98bbe7a73fade7b515a06a10b0ea85454acf09a15c4c74b8
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
c4126cad9f3e209d0e4b86ead7ab90046e250f9c39561b7573ea3c96bf6d363e
c4e13fca9a5b3e6a020bdb9b57160684aff71026ced46189efd478c117105bf0
c4efeeb957e361500bf19ba26282beae1a8e4083c5ccff10dccab2eaa09acd45
c5b18fdeddbe23e0b0680b4f78739700a95243102298a72877918a3cdbe8b3f7
c5b978d3be0ad69327462d0dd38bfef5bea5cc67553b773d6067151ad134863f
c699996729da51fd041a10366054c02ab7fb4db3a67d1a5b7df9f98a015636be
c6cbd3c4220735c2d4acc220c54d7745bad06143e7b737cca337c96062047b51
c919a89e874cd07d75e545e1abf1487cacf80bc12cdc5493e2856a44ffd3712e
cafddae59229ef29466be0e3011d433f24bf00a399c08c528b1094be3a498aed
cbf2228ab439f89b83feb79ea549213521a81212fde9ff67f9c73d002d586198
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
d07f39204d1a02f22cdeed4cc0dbb907f9fc6b0933736e6acb2c7936781eac7a
d08cfefee077a19a537ae66216a98573f4a0b534227e544e49f89edda2afd373
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f
d4e4139bbdb608d186ba5eccbc824de4be59f58f3ea55b67c6fc9045473a6e00
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e023b0c253e6734a8b41e90e969df4e3e0a42dbaae54d088487b3985303ad123
e2050ed4a8ab3f74cc1a26ef380fdacc9004ec320d33bb088fccdbeef36cb657
e380c316b56efeb616b1ce4124150936cd46f6aae8ff5413f5b4c8e6e1ac0891
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f216869f72018835d99618e1184f629b8f3189053c203834e7c237f16b012620
f31bb4e1df33a58caf861acf297d4bc37a95fb253ebd156811fffc2bcf006edc
f412a6c508914bc4ff5161e8cc911176bdf5a6b4abe2100b4cdd45e9854a7ef3
f4a74fe2cef1d4e3ca293944e20763b350954439d0966a662691d304d9e1aac3
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fae2773cd95cb857866b4b3a54777c88f6c03e0167bf323c2a1f431985887b61
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
fe8445e07939c1a541e88c5e7888cf7aa9a54c3e708d2e8a1a14b943c5bdb376

www.otosaigon.com Open in urlscan Pro 2606:4700:20::681a:a35 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

310 Requests

96 %HTTPS

44 %IPv6

39 Domains

77 Subdomains

58 IPs

9 Countries

7790 kBTransfer

12899 kBSize

9 Cookies

2 Outgoing links

Redirected requests

310 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.otosaigon.com Open in urlscan Pro
2606:4700:20::681a:a35 Public Scan

Screenshot
Live screenshot

Full Image

310
Requests

96 %
HTTPS

44 %
IPv6

39
Domains

77
Subdomains

58
IPs

9
Countries

7790 kB
Transfer

12899 kB
Size

9
Cookies

310 HTTP transactions
2 data transactions