urlscan.io logo urlscan.io
SecurityTrails logo

xsmb99.me Open in urlscan Pro
103.9.77.158  Public Scan

Go To Rescan Add Verdict Report
URL: https://xsmb99.me/xsmb-xo-so-mien-bac.html
Submission: On September 17 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 20 IPs in 6 countries across 19 domains to perform 114 HTTP transactions. The main IP is 103.9.77.158, located in Viet Nam and belongs to VNPT-AS-VN VNPT Corp, VN. The main domain is xsmb99.me.
TLS certificate: Issued by R3 on August 29th 2021. Valid for: 3 months.
This is the only time xsmb99.me was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
15 103.9.77.158 45899 (VNPT-AS-V...)
1 104.18.11.207 13335 (CLOUDFLAR...)
4 104.16.19.94 13335 (CLOUDFLAR...)
1 172.217.16.136 15169 (GOOGLE)
14 142.250.185.194 15169 (GOOGLE)
4 142.250.185.202 15169 (GOOGLE)
2 142.250.185.142 15169 (GOOGLE)
9 142.250.185.227 15169 (GOOGLE)
16 216.58.212.162 15169 (GOOGLE)
1 142.250.181.226 15169 (GOOGLE)
1 142.250.186.34 15169 (GOOGLE)
8 142.250.185.130 15169 (GOOGLE)
25 142.250.185.129 15169 (GOOGLE)
3 142.250.185.230 15169 (GOOGLE)
2 4 142.250.185.100 15169 (GOOGLE)
1 172.217.23.102 15169 (GOOGLE)
1 91.228.74.226 16509 (AMAZON-02)
1 1 18.194.175.178 16509 (AMAZON-02)
4 142.250.184.194 15169 (GOOGLE)
1 34.98.67.61 15169 (GOOGLE)
2 2 35.186.253.211 15169 (GOOGLE)
1 1 217.182.200.20 16276 (OVH)
114 20
15    103.9.77.158 (Viet Nam)

ASN45899 (VNPT-AS-VN VNPT Corp, VN)
xsmb99.me
1    104.18.11.207 (None, )

ASN13335 (CLOUDFLARENET, US)
stackpath.bootstrapcdn.com
4    104.16.19.94 (None, )

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    172.217.16.136 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f8.1e100.net
www.googletagmanager.com
14    142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net
pagead2.googlesyndication.com
4    142.250.185.202 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f10.1e100.net
fonts.googleapis.com
2    142.250.185.142 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f14.1e100.net
www.google-analytics.com
9    142.250.185.227 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f3.1e100.net
fonts.gstatic.com
www.gstatic.com
16    216.58.212.162 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f162.1e100.net
googleads.g.doubleclick.net
adservice.google.de
1    142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net
partner.googleadservices.com
1    142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net
adservice.google.de
8    142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net
adservice.google.com
www.googletagservices.com
25    142.250.185.129 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f1.1e100.net
tpc.googlesyndication.com
3    142.250.185.230 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f6.1e100.net
static.doubleclick.net
4    142.250.185.100 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f4.1e100.net
www.google.com
1    172.217.23.102 (United States)

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f6.1e100.net
s0.2mdn.net
1    91.228.74.226 (United Kingdom)

ASN16509 (AMAZON-02, US)
cms.quantserve.com
1    18.194.175.178 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-175-178.eu-central-1.compute.amazonaws.com
d.agkn.com
4    142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net
cm.g.doubleclick.net
1    34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com
odr.mookie1.com
2    35.186.253.211 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com
rtb.openx.net
1    217.182.200.20 (France)

ASN16276 (OVH, FR)
PTR: gcm6.host.hit.gemius.pl
googlecm.hit.gemius.pl
Domain Requested by
25 tpc.googlesyndication.com googleads.g.doubleclick.net
xsmb99.me
tpc.googlesyndication.com
pagead2.googlesyndication.com
15 xsmb99.me xsmb99.me
14 googleads.g.doubleclick.net pagead2.googlesyndication.com
xsmb99.me
googleads.g.doubleclick.net
14 pagead2.googlesyndication.com xsmb99.me
pagead2.googlesyndication.com
googleads.g.doubleclick.net
tpc.googlesyndication.com
www.googletagservices.com
5 www.googletagservices.com pagead2.googlesyndication.com
googleads.g.doubleclick.net
5 fonts.gstatic.com fonts.googleapis.com
4 cm.g.doubleclick.net googleads.g.doubleclick.net
4 www.google.com 2 redirects googleads.g.doubleclick.net
tpc.googlesyndication.com
4 www.gstatic.com googleads.g.doubleclick.net
4 fonts.googleapis.com xsmb99.me
googleads.g.doubleclick.net
4 cdnjs.cloudflare.com xsmb99.me
cdnjs.cloudflare.com
3 static.doubleclick.net googleads.g.doubleclick.net
3 adservice.google.com pagead2.googlesyndication.com
3 adservice.google.de pagead2.googlesyndication.com
2 rtb.openx.net 2 redirects
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
1 googlecm.hit.gemius.pl 1 redirects
1 odr.mookie1.com googleads.g.doubleclick.net
1 d.agkn.com 1 redirects
1 cms.quantserve.com googleads.g.doubleclick.net
1 s0.2mdn.net tpc.googlesyndication.com
1 partner.googleadservices.com pagead2.googlesyndication.com
1 www.googletagmanager.com xsmb99.me
1 stackpath.bootstrapcdn.com xsmb99.me
114 24

This site contains no links.

Subject Issuer Validity Valid
xsmb99.me
R3		 2021-08-29 -
2021-11-27		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-03-01 -
2022-02-28		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-08-23 -
2021-11-15		 3 months crt.sh
upload.video.google.com
GTS CA 1O1		 2021-08-23 -
2021-11-15		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
*.googleadservices.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
*.google.de
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
*.google.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
*.doubleclick.net
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
*.quantserve.com
DigiCert SHA2 High Assurance Server CA		 2020-10-02 -
2021-10-07		 a year crt.sh
*.mookie1.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-02-22 -
2022-03-25		 a year crt.sh

This page contains 19 frames:

Primary Page: https://xsmb99.me/xsmb-xo-so-mien-bac.html
Frame ID: 2BAC6414F38B3D5BC3748A6B12BC95A6
Requests: 42 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20190131/zrt_lookup.html
Frame ID: 9BC034B830EE6D04C98FB94B3738DC45
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&adk=1812271804&adf=3025194257&lmt=1631873992&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873992409&bpp=3&bdt=413&idt=368&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6540816054811&frm=20&pv=2&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&pvsid=1481020496321939&pem=136&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=384
Frame ID: 7693DD01E9BBF9F62F08F583C780C6A1
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=1425483003&pi=t.aa~a.585548709~i.59~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631873993&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993724&bpp=2&bdt=1728&idt=-M&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0&nras=2&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4575&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&pvsid=1481020496321939&pem=136&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=B5cU3gl8Vm&p=https%3A//xsmb99.me&dtd=14
Frame ID: A604D49C307333E8B6F08FA59189CCD9
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=2793536430&adf=662524697&pi=t.aa~a.461124662~rp.4&w=350&fwrn=4&fwrnh=100&lmt=1631873993&rafmt=1&to=qs&pwprc=4678874584&psa=0&format=350x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993724&bpp=1&bdt=1728&idt=1&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0%2C730x280&nras=3&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=1005&ady=2572&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&pvsid=1481020496321939&pem=136&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=FK4e3CKroG&p=https%3A//xsmb99.me&dtd=23
Frame ID: 395ABC28B956FD1830D6E033244EBEBD
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Frame ID: 730191BCAD0B1AD3C4DC16E48F138195
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Frame ID: F51345C477F71A4E8F296ACAB270D262
Requests: 13 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: B696B5CBC12EDBE545415439786B0F84
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: CE3D9D997F0FA5675419153050CC3C96
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/YqSUqZI0IRdbUAy163IJKnGw-hEMSU1MpsI8iakDbOc.js
Frame ID: 623BEBDC40B2BC2F82171385AACF0E68
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/YqSUqZI0IRdbUAy163IJKnGw-hEMSU1MpsI8iakDbOc.js
Frame ID: BE5E42E62CCC40135C26CCBACAE15F4A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.61~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631873994&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993717&bpp=1&bdt=1721&idt=1&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0%2C730x280%2C350x280%2C1600x1200%2C1005x124&nras=6&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4612&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&psts=AGkb-H9zi6d__bVQn0wZI8UupevF7zwdLd20xLSaZP33FchAYgQ0DM5aw624IUc89tlTaSL86g3T_ERn5cXnA7Ry1IC3LIq0HgAH9iOY&pvsid=1481020496321939&pem=136&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=4&fsb=1&xpc=S5kjdI1Vgx&p=https%3A//xsmb99.me&dtd=1085
Frame ID: D0B6EAFD37D779076FBD695AA3BB9571
Requests: 15 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5442514344972767536/index.html
Frame ID: 586B8B4E737D2EEB1D88112493511C20
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=CUe6KyWtEYaK6MJCybLH3h8AByPrF8mTGqoPeqw2Q78THnRYQASDjsZt9YJUCoAGj1rDEA8gBCakCP4OwGki_sz6oAwHIA0iqBMABT9AIpamXhcncKnprtXzbtGqe7rj6M075cBs4SX86DFYfQYq8lrlrKnKGX5j4UK_eld487U8RXcA9_KHSoASYX-a5b6hHH8lNv1HfaaVqEImv0Fk6LR9PZnllz-JU6BPm-VQYHlpeeShh436SBrdlkEXycanOTCdjc4VQECvAFF3-8-9m2S4FH7OJuKi_71LTljDq9OdUwVa3u72AovpzxJdvYlcvHMInKFq8e2v6NwV0xNSajdUCg5YzMjYKXE5bwATHz7S-sgKSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAHxanPO6gH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhvYBwDyBwMQl2rSCAcIgGEQARgfgAoByAsB2BMN0BUBgBcBshccChoIABIUcHViLTkxMDg0NjQ2NDA3MjQ5MTUYAA&sigh=Rnrxk2wZdv4&template_id=419
Frame ID: BBDEAB9A3D61DE7327F025F6DC7C46D3
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 5444639C9BA42D608BFA5EDEBD541E1B
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 78B5498439FA6D2421EF839A548E9148
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/YqSUqZI0IRdbUAy163IJKnGw-hEMSU1MpsI8iakDbOc.js
Frame ID: C2954B5A01D7B185AC185F297ECEBEF4
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: F0C1056ACABC009CA9A5DFA4B6C03E67
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: F36C307EAF30504DB8467EE55D692D4A
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

XSMB – SXMB – Xổ số miền Bắc hôm nay mới nhất – KQXSMB

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

114
Requests

99 %
HTTPS

0 %
IPv6

19
Domains

24
Subdomains

20
IPs

6
Countries

1811 kB
Transfer

3903 kB
Size

20
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 65
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 81
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 103
  • https://d.agkn.com/pixel/2175/?google_gid=CAESEAVNlL7nM0m7EsiRJqELKxY&google_cver=1&google_push=AYg5qPJ22aNykSFYjubqfqJHrMwOxLvnruXMTvap9eQZsVrosQtsX6_YBaFdgxpw5DaqgkF9qgyOC7XJuejmsIDmBeSDNH0xo3Ib HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPJ22aNykSFYjubqfqJHrMwOxLvnruXMTvap9eQZsVrosQtsX6_YBaFdgxpw5DaqgkF9qgyOC7XJuejmsIDmBeSDNH0xo3Ib&google_hm=Q0FFU0VBVk5sTDduTTBtN0VzaVJKcUVMS3hZ
Request Chain 105
  • https://rtb.openx.net/sync/dds?google_gid=CAESEPCKvKYjVexNLhV9fEZRD-I&google_cver=1&google_push=AYg5qPKEO561z0T3oJ0uqKQ-r8mOrfZO8vTkTnEj24xykuWRj0pKWe2baA-GK8EiWq4MgsjJDpkzX4hQwOb3wcgtrNqOhwa6lIzA HTTP 302
  • https://rtb.openx.net/sync/dds?google_gid=CAESEPCKvKYjVexNLhV9fEZRD-I&google_cver=1&google_push=AYg5qPKEO561z0T3oJ0uqKQ-r8mOrfZO8vTkTnEj24xykuWRj0pKWe2baA-GK8EiWq4MgsjJDpkzX4hQwOb3wcgtrNqOhwa6lIzA&ox_sc=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKEO561z0T3oJ0uqKQ-r8mOrfZO8vTkTnEj24xykuWRj0pKWe2baA-GK8EiWq4MgsjJDpkzX4hQwOb3wcgtrNqOhwa6lIzA&google_hm=SH8p5UXWzgwfj4m1xAQ7iQ==
Request Chain 106
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_cver=1&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQhN-uEKXhPBnCx6rN5PD6kqsre0hOf9rah2lOFv-zeC2e-vOM HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQhN-uEKXhPBnCx6rN5PD6kqsre0hOf9rah2lOFv-zeC2e-vOM&s=184023&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQhN-uEKXhPBnCx6rN5PD6kqsre0hOf9rah2lOFv-zeC2e-vOM&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQhN-uEKXhPBnCx6rN5PD6kqsre0hOf9rah2lOFv-zeC2e-vOM&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQhN-uEKXhPBnCx6rN5PD6kqsre0hOf9rah2lOFv-zeC2e-vOM&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQhN-uEKXhPBnCx6rN5PD6kqsre0hOf9rah2lOFv-zeC2e-vOM&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQhN-uEKXhPBnCx6rN5PD6kqsre0hOf9rah2lOFv-zeC2e-vOM&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQhN-uEKXhPBnCx6rN5PD6kqsre0hOf9rah2lOFv-zeC2e-vOM&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQhN-uEKXhPBnCx6rN5PD6kqsre0hOf9rah2lOFv-zeC2e-vOM&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQhN-uEKXhPBnCx6rN5PD6kqsre0hOf9rah2lOFv-zeC2e-vOM&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQhN-uEKXhPBnCx6rN5PD6kqsre0hOf9rah2lOFv-zeC2e-vOM&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQhN-uEKXhPBnCx6rN5PD6kqsre0hOf9rah2lOFv-zeC2e-vOM&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQhN-uEKXhPBnCx6rN5PD6kqsre0hOf9rah2lOFv-zeC2e-vOM&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQhN-uEKXhPBnCx6rN5PD6kqsre0hOf9rah2lOFv-zeC2e-vOM&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQhN-uEKXhPBnCx6rN5PD6kqsre0hOf9rah2lOFv-zeC2e-vOM&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQhN-uEKXhPBnCx6rN5PD6kqsre0hOf9rah2lOFv-zeC2e-vOM&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQhN-uEKXhPBnCx6rN5PD6kqsre0hOf9rah2lOFv-zeC2e-vOM&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQhN-uEKXhPBnCx6rN5PD6kqsre0hOf9rah2lOFv-zeC2e-vOM&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQhN-uEKXhPBnCx6rN5PD6kqsre0hOf9rah2lOFv-zeC2e-vOM&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQhN-uEKXhPBnCx6rN5PD6kqsre0hOf9rah2lOFv-zeC2e-vOM&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQhN-uEKXhPBnCx6rN5PD6kqsre0hOf9rah2lOFv-zeC2e-vOM&google_cver=1
Request Chain 107
  • https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEM7uzCjKkpEPLS0SK4M3wBY&google_cver=1&google_push=AYg5qPLocrcrXcJGV8-UGneynC1lQNPvnL-_MqGFem0Sn6jktfSEme_Jl6R6P5Mov-Pk24IeLg25oneGc7IfW2lyZT13w9lWbJE3AA HTTP 301
  • https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPLocrcrXcJGV8-UGneynC1lQNPvnL-_MqGFem0Sn6jktfSEme_Jl6R6P5Mov-Pk24IeLg25oneGc7IfW2lyZT13w9lWbJE3AA&google_hm=

114 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request xsmb-xo-so-mien-bac.html
xsmb99.me/ 		102 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://xsmb99.me/xsmb-xo-so-mien-bac.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.9.77.158 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software
nginx / PHP/7.3.27 PleskLin
Resource Hash
ea28b703f3ab84181313f4d8097a25669b2f69904af9b560defb44fc6a2a1ef4

Request headers

:method
GET
:authority
xsmb99.me
:scheme
https
:path
/xsmb-xo-so-mien-bac.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

server
nginx
date
Fri, 17 Sep 2021 10:19:51 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
x-powered-by
PHP/7.3.27 PleskLin
cache-control
private, must-revalidate
pragma
no-cache
expires
-1
set-cookie
XSRF-TOKEN=eyJpdiI6InZFZG9yKzFNYzhCUkM2c0FYelpLNXc9PSIsInZhbHVlIjoiTUhFTURPTkhyOWhoZFZXdzlNV3FhYnM1aEcwNHp5TWVSNlltOVo1NGJGeWdrbjd0TnR3dVRNUG1qdmM1SUwwUyIsIm1hYyI6IjFjZTdkMWRjODAyYjJkODcxZDY0NWMwZmE0NjRiZTc3YjY0NGE2NjFmNDg3NmM0ZWJkYWIwMWM5ZmNjZWNkMzAifQ%3D%3D; expires=Fri, 17-Sep-2021 12:19:51 GMT; Max-Age=7200; path=/ xsmb99me_session=eyJpdiI6IjRwdklXYS96Z3RUb1Q4d3ZOMGtNZmc9PSIsInZhbHVlIjoiRUJiTDZWakh3c3loelIwNXEwZFZVNzdRUFdvZDBMeGJKTkkxUUFPbElJS1o0MjRuVm1Ed3lEckRvTkpzU2NoWSIsIm1hYyI6ImQ2OWM2ODA3NzUyZDA0YTY0MTQ1MGRhMmFmNmVmNDY5MWIzYzI4MmM3YmU4ZjZiM2JkZjQxNzlmZmM5OTJjMGQifQ%3D%3D; expires=Fri, 17-Sep-2021 12:19:51 GMT; Max-Age=7200; path=/; httponly
ms-author-via
DAV
content-encoding
gzip
bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/ 		138 KB
22 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-xo-so-mien-bac.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.11.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://xsmb99.me/
Origin
https://xsmb99.me
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:19:52 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
cdn-edgestorageid
752, 617, 617
access-control-allow-origin
*
cdn-cachedat
2021-07-24 16:36:30
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:06 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
eb25025d53f0359ef81ee21e335f3db5
cf-ray
690199426fa14119-PRG
cdn-requestcountrycode
CZ
cdn-status
200
cdn-requestpullsuccess
True
font-awesome.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 		37 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-xo-so-mien-bac.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.19.94 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:19:52 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
578101
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
5884
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:10:07 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e5f-9226"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PEInbVpBWBFVz3lICh3hELDV70LtzqGV1NRsQAKdvs4lwawM5EwWRVOqcW0MV8aj9R9vfLO1y9zfT2kLFkF0vt5oSh1rYq3tUjGI24RV23Ov34aAXyYgwAmLE8EyjiRxfyFylgC%2F"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
690199426c654125-PRG
expires
Wed, 07 Sep 2022 10:19:52 GMT
animate.compat.min.css
cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.0/ 		69 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.0/animate.compat.min.css
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-xo-so-mien-bac.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.19.94 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
423fb3104bee6c447894ee65db4d1cdd47ee7c13ac293829b20254d3fb770a85
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:19:52 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
464349
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
4248
timing-allow-origin
*
last-modified
Mon, 11 May 2020 12:18:44 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb942a4-113d4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RkwutCf6%2FFGvkHJgVxP%2FmcTeW6xv0N7PXgW83Nt35f3K%2BbP4vuNWVlWAMYLki9oqd6j6TxHhvk3oVnHm53QajEWBiDStT3SfWsWL%2BFckRLAX8v%2FGI%2FDl7qKcwpK4u4DDJZJOqmaJ"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
690199426c694125-PRG
expires
Wed, 07 Sep 2022 10:19:52 GMT
animate.min.css
cdnjs.cloudflare.com/ajax/libs/animate.css/3.7.2/ 		57 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/animate.css/3.7.2/animate.min.css
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-xo-so-mien-bac.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.19.94 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3c770e90f98eb21b0c042fafb49755af93306fbaf42e449524f94fae9fc83295
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:19:52 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
833249
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
3511
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:04:58 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03d2a-e311"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1%2B7PNC7Bj1NYUIzFegMosxDFRayvtaCyK%2Fm05UAlvBB9w93LO%2Bf%2F3chwvZ9GpoUiFEJmi69HonMgA9kP%2BTH458HeSBwEG4WQe0knbGaRxczui35wpDKtAYglTf1Jw4qcelPmkUpu"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
690199426c674125-PRG
expires
Wed, 07 Sep 2022 10:19:52 GMT
main.css
xsmb99.me/user/css/ 		52 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://xsmb99.me/user/css/main.css?v=36
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-xo-so-mien-bac.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.9.77.158 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
67aa0ea54160c6fe82fff6a797329287b02d9cc876bb8430dd321c1e3ab03572

Request headers

:path
/user/css/main.css?v=36
pragma
no-cache
cookie
XSRF-TOKEN=eyJpdiI6InZFZG9yKzFNYzhCUkM2c0FYelpLNXc9PSIsInZhbHVlIjoiTUhFTURPTkhyOWhoZFZXdzlNV3FhYnM1aEcwNHp5TWVSNlltOVo1NGJGeWdrbjd0TnR3dVRNUG1qdmM1SUwwUyIsIm1hYyI6IjFjZTdkMWRjODAyYjJkODcxZDY0NWMwZmE0NjRiZTc3YjY0NGE2NjFmNDg3NmM0ZWJkYWIwMWM5ZmNjZWNkMzAifQ%3D%3D; xsmb99me_session=eyJpdiI6IjRwdklXYS96Z3RUb1Q4d3ZOMGtNZmc9PSIsInZhbHVlIjoiRUJiTDZWakh3c3loelIwNXEwZFZVNzdRUFdvZDBMeGJKTkkxUUFPbElJS1o0MjRuVm1Ed3lEckRvTkpzU2NoWSIsIm1hYyI6ImQ2OWM2ODA3NzUyZDA0YTY0MTQ1MGRhMmFmNmVmNDY5MWIzYzI4MmM3YmU4ZjZiM2JkZjQxNzlmZmM5OTJjMGQifQ%3D%3D
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
xsmb99.me
referer
https://xsmb99.me/xsmb-xo-so-mien-bac.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/xsmb-xo-so-mien-bac.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:19:52 GMT
content-encoding
gzip
last-modified
Sat, 07 Nov 2020 14:09:44 GMT
server
nginx
x-powered-by
PleskLin
etag
W/"5fa6aaa8-ce6e"
vary
Accept-Encoding
content-type
text/css
js
www.googletagmanager.com/gtag/ 		99 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-150732184-1
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-xo-so-mien-bac.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.136 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
5bed3d0bf00537dc6d99cae6d4f516a81f066e22897cec5fa3104728d447b4e1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:19:52 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40354
x-xss-protection
0
last-modified
Fri, 17 Sep 2021 09:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 17 Sep 2021 10:19:52 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		139 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-xo-so-mien-bac.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
3f528e580c54c3f38ce598ee4b5409c70cc84cf54be4c2a196d6a49baa5e30be
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:19:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
49031
x-xss-protection
0
server
cafe
etag
3360723884721450099
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 17 Sep 2021 10:19:52 GMT
loading.gif
xsmb99.me/user/images/ 		672 B
857 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://xsmb99.me/user/images/loading.gif
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-xo-so-mien-bac.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.9.77.158 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
20e759e045642925ef24d225eed7897b5f0d9a5e6740c0a804b1fb6293cb3972

Request headers

:path
/user/images/loading.gif
pragma
no-cache
cookie
XSRF-TOKEN=eyJpdiI6InZFZG9yKzFNYzhCUkM2c0FYelpLNXc9PSIsInZhbHVlIjoiTUhFTURPTkhyOWhoZFZXdzlNV3FhYnM1aEcwNHp5TWVSNlltOVo1NGJGeWdrbjd0TnR3dVRNUG1qdmM1SUwwUyIsIm1hYyI6IjFjZTdkMWRjODAyYjJkODcxZDY0NWMwZmE0NjRiZTc3YjY0NGE2NjFmNDg3NmM0ZWJkYWIwMWM5ZmNjZWNkMzAifQ%3D%3D; xsmb99me_session=eyJpdiI6IjRwdklXYS96Z3RUb1Q4d3ZOMGtNZmc9PSIsInZhbHVlIjoiRUJiTDZWakh3c3loelIwNXEwZFZVNzdRUFdvZDBMeGJKTkkxUUFPbElJS1o0MjRuVm1Ed3lEckRvTkpzU2NoWSIsIm1hYyI6ImQ2OWM2ODA3NzUyZDA0YTY0MTQ1MGRhMmFmNmVmNDY5MWIzYzI4MmM3YmU4ZjZiM2JkZjQxNzlmZmM5OTJjMGQifQ%3D%3D
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
xsmb99.me
referer
https://xsmb99.me/xsmb-xo-so-mien-bac.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/xsmb-xo-so-mien-bac.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:19:52 GMT
ms-author-via
DAV
last-modified
Sat, 19 Oct 2019 09:21:48 GMT
server
nginx
x-powered-by
PleskLin
content-type
image/gif
x-accel-version
0.01
accept-ranges
bytes
content-length
672
etag
"2a0-5953ffaecfdeb"
xsmb99-mau-xsmb.jpg
xsmb99.me/uploads/images/posts/ 		257 KB
258 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://xsmb99.me/uploads/images/posts/xsmb99-mau-xsmb.jpg
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-xo-so-mien-bac.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.9.77.158 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
d952141495e44bf813d733bcb59707696abcb6205138efffd1962066c2aa8681

Request headers

:path
/uploads/images/posts/xsmb99-mau-xsmb.jpg
pragma
no-cache
cookie
XSRF-TOKEN=eyJpdiI6InZFZG9yKzFNYzhCUkM2c0FYelpLNXc9PSIsInZhbHVlIjoiTUhFTURPTkhyOWhoZFZXdzlNV3FhYnM1aEcwNHp5TWVSNlltOVo1NGJGeWdrbjd0TnR3dVRNUG1qdmM1SUwwUyIsIm1hYyI6IjFjZTdkMWRjODAyYjJkODcxZDY0NWMwZmE0NjRiZTc3YjY0NGE2NjFmNDg3NmM0ZWJkYWIwMWM5ZmNjZWNkMzAifQ%3D%3D; xsmb99me_session=eyJpdiI6IjRwdklXYS96Z3RUb1Q4d3ZOMGtNZmc9PSIsInZhbHVlIjoiRUJiTDZWakh3c3loelIwNXEwZFZVNzdRUFdvZDBMeGJKTkkxUUFPbElJS1o0MjRuVm1Ed3lEckRvTkpzU2NoWSIsIm1hYyI6ImQ2OWM2ODA3NzUyZDA0YTY0MTQ1MGRhMmFmNmVmNDY5MWIzYzI4MmM3YmU4ZjZiM2JkZjQxNzlmZmM5OTJjMGQifQ%3D%3D
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
xsmb99.me
referer
https://xsmb99.me/xsmb-xo-so-mien-bac.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/xsmb-xo-so-mien-bac.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:19:52 GMT
last-modified
Mon, 30 Aug 2021 00:47:18 GMT
server
nginx
x-powered-by
PleskLin
etag
"612c2a96-404e5"
content-type
image/jpeg
accept-ranges
bytes
content-length
263397
xsmb99-lich-su-ve-so-mb.jpg
xsmb99.me/uploads/images/posts/ 		75 KB
75 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://xsmb99.me/uploads/images/posts/xsmb99-lich-su-ve-so-mb.jpg
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-xo-so-mien-bac.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.9.77.158 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
ce31b6e4bc78e74f0a700696c55b1095000998dca37264156c7f50d506c21c66

Request headers

:path
/uploads/images/posts/xsmb99-lich-su-ve-so-mb.jpg
pragma
no-cache
cookie
XSRF-TOKEN=eyJpdiI6InZFZG9yKzFNYzhCUkM2c0FYelpLNXc9PSIsInZhbHVlIjoiTUhFTURPTkhyOWhoZFZXdzlNV3FhYnM1aEcwNHp5TWVSNlltOVo1NGJGeWdrbjd0TnR3dVRNUG1qdmM1SUwwUyIsIm1hYyI6IjFjZTdkMWRjODAyYjJkODcxZDY0NWMwZmE0NjRiZTc3YjY0NGE2NjFmNDg3NmM0ZWJkYWIwMWM5ZmNjZWNkMzAifQ%3D%3D; xsmb99me_session=eyJpdiI6IjRwdklXYS96Z3RUb1Q4d3ZOMGtNZmc9PSIsInZhbHVlIjoiRUJiTDZWakh3c3loelIwNXEwZFZVNzdRUFdvZDBMeGJKTkkxUUFPbElJS1o0MjRuVm1Ed3lEckRvTkpzU2NoWSIsIm1hYyI6ImQ2OWM2ODA3NzUyZDA0YTY0MTQ1MGRhMmFmNmVmNDY5MWIzYzI4MmM3YmU4ZjZiM2JkZjQxNzlmZmM5OTJjMGQifQ%3D%3D
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
xsmb99.me
referer
https://xsmb99.me/xsmb-xo-so-mien-bac.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/xsmb-xo-so-mien-bac.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:19:52 GMT
last-modified
Mon, 30 Aug 2021 00:47:18 GMT
server
nginx
x-powered-by
PleskLin
etag
"612c2a96-12a19"
content-type
image/jpeg
accept-ranges
bytes
content-length
76313
du-doan-mien-bac.jpg
xsmb99.me/user/images/ 		23 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://xsmb99.me/user/images/du-doan-mien-bac.jpg
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-xo-so-mien-bac.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.9.77.158 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
057d84a94b4b110faddc611c95a8bd44af3b3f4ce131250a1634c20cb3fca53d

Request headers

:path
/user/images/du-doan-mien-bac.jpg
pragma
no-cache
cookie
XSRF-TOKEN=eyJpdiI6InZFZG9yKzFNYzhCUkM2c0FYelpLNXc9PSIsInZhbHVlIjoiTUhFTURPTkhyOWhoZFZXdzlNV3FhYnM1aEcwNHp5TWVSNlltOVo1NGJGeWdrbjd0TnR3dVRNUG1qdmM1SUwwUyIsIm1hYyI6IjFjZTdkMWRjODAyYjJkODcxZDY0NWMwZmE0NjRiZTc3YjY0NGE2NjFmNDg3NmM0ZWJkYWIwMWM5ZmNjZWNkMzAifQ%3D%3D; xsmb99me_session=eyJpdiI6IjRwdklXYS96Z3RUb1Q4d3ZOMGtNZmc9PSIsInZhbHVlIjoiRUJiTDZWakh3c3loelIwNXEwZFZVNzdRUFdvZDBMeGJKTkkxUUFPbElJS1o0MjRuVm1Ed3lEckRvTkpzU2NoWSIsIm1hYyI6ImQ2OWM2ODA3NzUyZDA0YTY0MTQ1MGRhMmFmNmVmNDY5MWIzYzI4MmM3YmU4ZjZiM2JkZjQxNzlmZmM5OTJjMGQifQ%3D%3D
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
xsmb99.me
referer
https://xsmb99.me/xsmb-xo-so-mien-bac.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/xsmb-xo-so-mien-bac.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:19:52 GMT
last-modified
Thu, 25 Jun 2020 01:59:11 GMT
server
nginx
x-powered-by
PleskLin
etag
"5ef404ef-5d6c"
content-type
image/jpeg
accept-ranges
bytes
content-length
23916
du-doan-mien-trung.jpg
xsmb99.me/user/images/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://xsmb99.me/user/images/du-doan-mien-trung.jpg
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-xo-so-mien-bac.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.9.77.158 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
2360f1c5ffe67a2c07953ca34424848978014440f2f41157dca411f96865bdf9

Request headers

:path
/user/images/du-doan-mien-trung.jpg
pragma
no-cache
cookie
XSRF-TOKEN=eyJpdiI6InZFZG9yKzFNYzhCUkM2c0FYelpLNXc9PSIsInZhbHVlIjoiTUhFTURPTkhyOWhoZFZXdzlNV3FhYnM1aEcwNHp5TWVSNlltOVo1NGJGeWdrbjd0TnR3dVRNUG1qdmM1SUwwUyIsIm1hYyI6IjFjZTdkMWRjODAyYjJkODcxZDY0NWMwZmE0NjRiZTc3YjY0NGE2NjFmNDg3NmM0ZWJkYWIwMWM5ZmNjZWNkMzAifQ%3D%3D; xsmb99me_session=eyJpdiI6IjRwdklXYS96Z3RUb1Q4d3ZOMGtNZmc9PSIsInZhbHVlIjoiRUJiTDZWakh3c3loelIwNXEwZFZVNzdRUFdvZDBMeGJKTkkxUUFPbElJS1o0MjRuVm1Ed3lEckRvTkpzU2NoWSIsIm1hYyI6ImQ2OWM2ODA3NzUyZDA0YTY0MTQ1MGRhMmFmNmVmNDY5MWIzYzI4MmM3YmU4ZjZiM2JkZjQxNzlmZmM5OTJjMGQifQ%3D%3D
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
xsmb99.me
referer
https://xsmb99.me/xsmb-xo-so-mien-bac.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/xsmb-xo-so-mien-bac.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:19:52 GMT
last-modified
Thu, 25 Jun 2020 01:59:11 GMT
server
nginx
x-powered-by
PleskLin
etag
"5ef404ef-40a6"
content-type
image/jpeg
accept-ranges
bytes
content-length
16550
du-doan-mien-nam.jpg
xsmb99.me/user/images/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://xsmb99.me/user/images/du-doan-mien-nam.jpg
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-xo-so-mien-bac.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.9.77.158 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
49880c9128857dd1dfb0408125209d076b22591095f1ab98e6caa341df5690c5

Request headers

:path
/user/images/du-doan-mien-nam.jpg
pragma
no-cache
cookie
XSRF-TOKEN=eyJpdiI6InZFZG9yKzFNYzhCUkM2c0FYelpLNXc9PSIsInZhbHVlIjoiTUhFTURPTkhyOWhoZFZXdzlNV3FhYnM1aEcwNHp5TWVSNlltOVo1NGJGeWdrbjd0TnR3dVRNUG1qdmM1SUwwUyIsIm1hYyI6IjFjZTdkMWRjODAyYjJkODcxZDY0NWMwZmE0NjRiZTc3YjY0NGE2NjFmNDg3NmM0ZWJkYWIwMWM5ZmNjZWNkMzAifQ%3D%3D; xsmb99me_session=eyJpdiI6IjRwdklXYS96Z3RUb1Q4d3ZOMGtNZmc9PSIsInZhbHVlIjoiRUJiTDZWakh3c3loelIwNXEwZFZVNzdRUFdvZDBMeGJKTkkxUUFPbElJS1o0MjRuVm1Ed3lEckRvTkpzU2NoWSIsIm1hYyI6ImQ2OWM2ODA3NzUyZDA0YTY0MTQ1MGRhMmFmNmVmNDY5MWIzYzI4MmM3YmU4ZjZiM2JkZjQxNzlmZmM5OTJjMGQifQ%3D%3D
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
xsmb99.me
referer
https://xsmb99.me/xsmb-xo-so-mien-bac.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/xsmb-xo-so-mien-bac.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:19:52 GMT
last-modified
Thu, 25 Jun 2020 01:59:11 GMT
server
nginx
x-powered-by
PleskLin
etag
"5ef404ef-4a44"
content-type
image/jpeg
accept-ranges
bytes
content-length
19012
jquery-3.5.1.min.js
xsmb99.me/components/ 		87 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://xsmb99.me/components/jquery-3.5.1.min.js
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-xo-so-mien-bac.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.9.77.158 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f

Request headers

:path
/components/jquery-3.5.1.min.js
pragma
no-cache
cookie
XSRF-TOKEN=eyJpdiI6InZFZG9yKzFNYzhCUkM2c0FYelpLNXc9PSIsInZhbHVlIjoiTUhFTURPTkhyOWhoZFZXdzlNV3FhYnM1aEcwNHp5TWVSNlltOVo1NGJGeWdrbjd0TnR3dVRNUG1qdmM1SUwwUyIsIm1hYyI6IjFjZTdkMWRjODAyYjJkODcxZDY0NWMwZmE0NjRiZTc3YjY0NGE2NjFmNDg3NmM0ZWJkYWIwMWM5ZmNjZWNkMzAifQ%3D%3D; xsmb99me_session=eyJpdiI6IjRwdklXYS96Z3RUb1Q4d3ZOMGtNZmc9PSIsInZhbHVlIjoiRUJiTDZWakh3c3loelIwNXEwZFZVNzdRUFdvZDBMeGJKTkkxUUFPbElJS1o0MjRuVm1Ed3lEckRvTkpzU2NoWSIsIm1hYyI6ImQ2OWM2ODA3NzUyZDA0YTY0MTQ1MGRhMmFmNmVmNDY5MWIzYzI4MmM3YmU4ZjZiM2JkZjQxNzlmZmM5OTJjMGQifQ%3D%3D
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
xsmb99.me
referer
https://xsmb99.me/xsmb-xo-so-mien-bac.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/xsmb-xo-so-mien-bac.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:19:52 GMT
content-encoding
gzip
last-modified
Sat, 11 Jul 2020 15:08:51 GMT
server
nginx
x-powered-by
PleskLin
etag
W/"5f09d603-15d83"
vary
Accept-Encoding
content-type
application/javascript
popper-1.16.min.js
xsmb99.me/components/ 		21 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://xsmb99.me/components/popper-1.16.min.js
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-xo-so-mien-bac.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.9.77.158 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
d9fca4eb7997f7c7bd329252b09ba2a45e97dea35730d5ec7215cbb7d62ac3ab

Request headers

:path
/components/popper-1.16.min.js
pragma
no-cache
cookie
XSRF-TOKEN=eyJpdiI6InZFZG9yKzFNYzhCUkM2c0FYelpLNXc9PSIsInZhbHVlIjoiTUhFTURPTkhyOWhoZFZXdzlNV3FhYnM1aEcwNHp5TWVSNlltOVo1NGJGeWdrbjd0TnR3dVRNUG1qdmM1SUwwUyIsIm1hYyI6IjFjZTdkMWRjODAyYjJkODcxZDY0NWMwZmE0NjRiZTc3YjY0NGE2NjFmNDg3NmM0ZWJkYWIwMWM5ZmNjZWNkMzAifQ%3D%3D; xsmb99me_session=eyJpdiI6IjRwdklXYS96Z3RUb1Q4d3ZOMGtNZmc9PSIsInZhbHVlIjoiRUJiTDZWakh3c3loelIwNXEwZFZVNzdRUFdvZDBMeGJKTkkxUUFPbElJS1o0MjRuVm1Ed3lEckRvTkpzU2NoWSIsIm1hYyI6ImQ2OWM2ODA3NzUyZDA0YTY0MTQ1MGRhMmFmNmVmNDY5MWIzYzI4MmM3YmU4ZjZiM2JkZjQxNzlmZmM5OTJjMGQifQ%3D%3D
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
xsmb99.me
referer
https://xsmb99.me/xsmb-xo-so-mien-bac.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/xsmb-xo-so-mien-bac.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:19:52 GMT
content-encoding
gzip
last-modified
Sat, 11 Jul 2020 15:08:51 GMT
server
nginx
x-powered-by
PleskLin
etag
W/"5f09d603-52f0"
vary
Accept-Encoding
content-type
application/javascript
bootstrap.min.js
xsmb99.me/components/bootstrap-4.1.3/js/ 		50 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://xsmb99.me/components/bootstrap-4.1.3/js/bootstrap.min.js
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-xo-so-mien-bac.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.9.77.158 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

Request headers

:path
/components/bootstrap-4.1.3/js/bootstrap.min.js
pragma
no-cache
cookie
XSRF-TOKEN=eyJpdiI6InZFZG9yKzFNYzhCUkM2c0FYelpLNXc9PSIsInZhbHVlIjoiTUhFTURPTkhyOWhoZFZXdzlNV3FhYnM1aEcwNHp5TWVSNlltOVo1NGJGeWdrbjd0TnR3dVRNUG1qdmM1SUwwUyIsIm1hYyI6IjFjZTdkMWRjODAyYjJkODcxZDY0NWMwZmE0NjRiZTc3YjY0NGE2NjFmNDg3NmM0ZWJkYWIwMWM5ZmNjZWNkMzAifQ%3D%3D; xsmb99me_session=eyJpdiI6IjRwdklXYS96Z3RUb1Q4d3ZOMGtNZmc9PSIsInZhbHVlIjoiRUJiTDZWakh3c3loelIwNXEwZFZVNzdRUFdvZDBMeGJKTkkxUUFPbElJS1o0MjRuVm1Ed3lEckRvTkpzU2NoWSIsIm1hYyI6ImQ2OWM2ODA3NzUyZDA0YTY0MTQ1MGRhMmFmNmVmNDY5MWIzYzI4MmM3YmU4ZjZiM2JkZjQxNzlmZmM5OTJjMGQifQ%3D%3D
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
xsmb99.me
referer
https://xsmb99.me/xsmb-xo-so-mien-bac.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/xsmb-xo-so-mien-bac.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:19:52 GMT
content-encoding
gzip
last-modified
Sat, 11 Jul 2020 15:08:51 GMT
server
nginx
x-powered-by
PleskLin
etag
W/"5f09d603-c75f"
vary
Accept-Encoding
content-type
application/javascript
bootstrap-notify.min.js
xsmb99.me/components/bootstrap-notify/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://xsmb99.me/components/bootstrap-notify/bootstrap-notify.min.js
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-xo-so-mien-bac.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.9.77.158 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
2e53746b427784c9032ced6685c330cbe18831b21157b92f287c78a02c4da312

Request headers

:path
/components/bootstrap-notify/bootstrap-notify.min.js
pragma
no-cache
cookie
XSRF-TOKEN=eyJpdiI6InZFZG9yKzFNYzhCUkM2c0FYelpLNXc9PSIsInZhbHVlIjoiTUhFTURPTkhyOWhoZFZXdzlNV3FhYnM1aEcwNHp5TWVSNlltOVo1NGJGeWdrbjd0TnR3dVRNUG1qdmM1SUwwUyIsIm1hYyI6IjFjZTdkMWRjODAyYjJkODcxZDY0NWMwZmE0NjRiZTc3YjY0NGE2NjFmNDg3NmM0ZWJkYWIwMWM5ZmNjZWNkMzAifQ%3D%3D; xsmb99me_session=eyJpdiI6IjRwdklXYS96Z3RUb1Q4d3ZOMGtNZmc9PSIsInZhbHVlIjoiRUJiTDZWakh3c3loelIwNXEwZFZVNzdRUFdvZDBMeGJKTkkxUUFPbElJS1o0MjRuVm1Ed3lEckRvTkpzU2NoWSIsIm1hYyI6ImQ2OWM2ODA3NzUyZDA0YTY0MTQ1MGRhMmFmNmVmNDY5MWIzYzI4MmM3YmU4ZjZiM2JkZjQxNzlmZmM5OTJjMGQifQ%3D%3D
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
xsmb99.me
referer
https://xsmb99.me/xsmb-xo-so-mien-bac.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/xsmb-xo-so-mien-bac.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:19:52 GMT
content-encoding
gzip
last-modified
Sun, 22 Mar 2020 13:05:12 GMT
server
nginx
x-powered-by
PleskLin
etag
W/"5e776288-2310"
vary
Accept-Encoding
content-type
application/javascript
main.js
xsmb99.me/user/js/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://xsmb99.me/user/js/main.js?v=36
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-xo-so-mien-bac.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.9.77.158 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
dbd934625879ee54a986a2a0d98816c0d8cb4c9f1b87c444489ef3f6d61af985

Request headers

:path
/user/js/main.js?v=36
pragma
no-cache
cookie
XSRF-TOKEN=eyJpdiI6InZFZG9yKzFNYzhCUkM2c0FYelpLNXc9PSIsInZhbHVlIjoiTUhFTURPTkhyOWhoZFZXdzlNV3FhYnM1aEcwNHp5TWVSNlltOVo1NGJGeWdrbjd0TnR3dVRNUG1qdmM1SUwwUyIsIm1hYyI6IjFjZTdkMWRjODAyYjJkODcxZDY0NWMwZmE0NjRiZTc3YjY0NGE2NjFmNDg3NmM0ZWJkYWIwMWM5ZmNjZWNkMzAifQ%3D%3D; xsmb99me_session=eyJpdiI6IjRwdklXYS96Z3RUb1Q4d3ZOMGtNZmc9PSIsInZhbHVlIjoiRUJiTDZWakh3c3loelIwNXEwZFZVNzdRUFdvZDBMeGJKTkkxUUFPbElJS1o0MjRuVm1Ed3lEckRvTkpzU2NoWSIsIm1hYyI6ImQ2OWM2ODA3NzUyZDA0YTY0MTQ1MGRhMmFmNmVmNDY5MWIzYzI4MmM3YmU4ZjZiM2JkZjQxNzlmZmM5OTJjMGQifQ%3D%3D
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
xsmb99.me
referer
https://xsmb99.me/xsmb-xo-so-mien-bac.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/xsmb-xo-so-mien-bac.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:19:52 GMT
content-encoding
gzip
last-modified
Mon, 07 Sep 2020 08:46:29 GMT
server
nginx
x-powered-by
PleskLin
etag
W/"5f55f365-25a1"
vary
Accept-Encoding
content-type
application/javascript
css
fonts.googleapis.com/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto&display=swap
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/user/css/main.css?v=36
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.202 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f10.1e100.net
Software
ESF /
Resource Hash
0136a3f123a1e9b3abff969b246786854e58bd66c321dadec9ee9539ed4ede31
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 17 Sep 2021 08:57:42 GMT
server
ESF
date
Fri, 17 Sep 2021 10:19:52 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 17 Sep 2021 10:19:52 GMT
analytics.js
www.google-analytics.com/ 		48 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-150732184-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.142 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 11 Aug 2021 00:32:57 GMT
server
Golfe2
age
5575
date
Fri, 17 Sep 2021 08:46:57 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19747
expires
Fri, 17 Sep 2021 10:46:57 GMT
100conso.png
xsmb99.me/user/images/ 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://xsmb99.me/user/images/100conso.png
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/user/css/main.css?v=36
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.9.77.158 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
3f3cc6491387e3c1eb7ada793afddcd8483c4955b7c24a83449259bd757b22cc

Request headers

:path
/user/images/100conso.png
pragma
no-cache
cookie
XSRF-TOKEN=eyJpdiI6InZFZG9yKzFNYzhCUkM2c0FYelpLNXc9PSIsInZhbHVlIjoiTUhFTURPTkhyOWhoZFZXdzlNV3FhYnM1aEcwNHp5TWVSNlltOVo1NGJGeWdrbjd0TnR3dVRNUG1qdmM1SUwwUyIsIm1hYyI6IjFjZTdkMWRjODAyYjJkODcxZDY0NWMwZmE0NjRiZTc3YjY0NGE2NjFmNDg3NmM0ZWJkYWIwMWM5ZmNjZWNkMzAifQ%3D%3D; xsmb99me_session=eyJpdiI6IjRwdklXYS96Z3RUb1Q4d3ZOMGtNZmc9PSIsInZhbHVlIjoiRUJiTDZWakh3c3loelIwNXEwZFZVNzdRUFdvZDBMeGJKTkkxUUFPbElJS1o0MjRuVm1Ed3lEckRvTkpzU2NoWSIsIm1hYyI6ImQ2OWM2ODA3NzUyZDA0YTY0MTQ1MGRhMmFmNmVmNDY5MWIzYzI4MmM3YmU4ZjZiM2JkZjQxNzlmZmM5OTJjMGQifQ%3D%3D
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
xsmb99.me
referer
https://xsmb99.me/user/css/main.css?v=36
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/user/css/main.css?v=36
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:19:52 GMT
last-modified
Thu, 25 Jun 2020 01:59:11 GMT
server
nginx
x-powered-by
PleskLin
etag
"5ef404ef-58cc"
content-type
image/png
accept-ranges
bytes
content-length
22732
marker_felt_thin.ttf
xsmb99.me/user/fonts/ 		114 KB
114 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://xsmb99.me/user/fonts/marker_felt_thin.ttf
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/user/css/main.css?v=36
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.9.77.158 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
52c5b8c888454bcb11c4df022b15988bce5eb9b7bef1090774c315f9bdf940de

Request headers

sec-fetch-mode
cors
origin
https://xsmb99.me
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
sec-fetch-dest
font
cookie
XSRF-TOKEN=eyJpdiI6InZFZG9yKzFNYzhCUkM2c0FYelpLNXc9PSIsInZhbHVlIjoiTUhFTURPTkhyOWhoZFZXdzlNV3FhYnM1aEcwNHp5TWVSNlltOVo1NGJGeWdrbjd0TnR3dVRNUG1qdmM1SUwwUyIsIm1hYyI6IjFjZTdkMWRjODAyYjJkODcxZDY0NWMwZmE0NjRiZTc3YjY0NGE2NjFmNDg3NmM0ZWJkYWIwMWM5ZmNjZWNkMzAifQ%3D%3D; xsmb99me_session=eyJpdiI6IjRwdklXYS96Z3RUb1Q4d3ZOMGtNZmc9PSIsInZhbHVlIjoiRUJiTDZWakh3c3loelIwNXEwZFZVNzdRUFdvZDBMeGJKTkkxUUFPbElJS1o0MjRuVm1Ed3lEckRvTkpzU2NoWSIsIm1hYyI6ImQ2OWM2ODA3NzUyZDA0YTY0MTQ1MGRhMmFmNmVmNDY5MWIzYzI4MmM3YmU4ZjZiM2JkZjQxNzlmZmM5OTJjMGQifQ%3D%3D
:path
/user/fonts/marker_felt_thin.ttf
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
xsmb99.me
referer
https://xsmb99.me/user/css/main.css?v=36
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://xsmb99.me/user/css/main.css?v=36
Origin
https://xsmb99.me
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:19:52 GMT
last-modified
Wed, 17 Jun 2020 02:29:44 GMT
server
nginx
x-powered-by
PleskLin
etag
"5ee98018-1c75c"
content-type
application/font-sfnt
accept-ranges
bytes
content-length
116572
fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.19.94 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
Origin
https://xsmb99.me
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:19:52 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
486737
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
77160
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:10:07 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e5f-12d68"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1A2wDJYiHUep1YLAUpr%2BAZZ%2FxN39wGWNkL4fFF0%2BjhstWsz2bSjWAWrW5q%2BYRx4SJTGHJQG1MKK2Ao73lX83jYN6OoTiK2bf%2Ffa89emo54Ex6O2K4ciEIo2MXhlJDrTAhOlcSLYy"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
690199444cb34137-PRG
expires
Wed, 07 Sep 2022 10:19:52 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f3.1e100.net
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://xsmb99.me
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 14 Sep 2021 04:03:18 GMT
x-content-type-options
nosniff
age
281794
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Mon, 05 Apr 2021 21:10:35 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 14 Sep 2022 04:03:18 GMT
KFOmCnqEu92Fr1Mu7GxKOzY.woff2
fonts.gstatic.com/s/roboto/v27/ 		12 KB
12 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu7GxKOzY.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f3.1e100.net
Software
sffe /
Resource Hash
4e959d9106d846030c0a62de668ec7c5810a3a1282c4f4ca98e1ea0756c75b8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://xsmb99.me
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 12 Sep 2021 17:56:32 GMT
x-content-type-options
nosniff
age
404600
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11860
x-xss-protection
0
last-modified
Mon, 05 Apr 2021 21:10:33 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 12 Sep 2022 17:56:32 GMT
show_ads_impl_with_ama_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109150101/ 		253 KB
94 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109150101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9108464640724915&plah=xsmb99.me
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
bd492896b5c904babc857075d72f8c0baa033b05e3c64964459cc8034a5713e6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:19:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
95723
x-xss-protection
0
server
cafe
etag
17982443011848650094
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Fri, 17 Sep 2021 10:19:52 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20210915/r20190131/ Frame 9BC0 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20210915/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f162.1e100.net
Software
cafe /
Resource Hash
bf5230ffb8745d28c11ae8b743868364f9be8379300bd59d235f402a53ea96ee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20210915/r20190131/zrt_lookup.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://xsmb99.me/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Thu, 16 Sep 2021 12:31:14 GMT
expires
Thu, 30 Sep 2021 12:31:14 GMT
content-type
text/html; charset=UTF-8
etag
13836150016441684253
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4591
x-xss-protection
0
cache-control
public, max-age=1209600
age
78518
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
KFOmCnqEu92Fr1Mu7WxKOzY.woff2
fonts.gstatic.com/s/roboto/v27/ 		5 KB
5 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu7WxKOzY.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f3.1e100.net
Software
sffe /
Resource Hash
fb56f0e08adb026eb4e4b28c2fc33b35ce3ddf30a075f9906ec14caff095fa3c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://xsmb99.me
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 14 Sep 2021 04:06:08 GMT
x-content-type-options
nosniff
age
281624
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5540
x-xss-protection
0
last-modified
Mon, 05 Apr 2021 21:10:35 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 14 Sep 2022 04:06:08 GMT
collect
www.google-analytics.com/j/ 		1 B
21 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j93&a=1053574003&t=pageview&_s=1&dl=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&ul=en-us&de=UTF-8&dt=XSMB%20%E2%80%93%20SXMB%20%E2%80%93%20X%E1%BB%95%20s%E1%BB%91%20mi%E1%BB%81n%20B%E1%BA%AFc%20h%C3%B4m%20nay%20m%E1%BB%9Bi%20nh%E1%BA%A5t%20%E2%80%93%20KQXSMB&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=2006526913&gjid=70541723&cid=546217958.1631873992&tid=UA-150732184-1&_gid=670824563.1631873992&_r=1&gtm=2ou9f0&z=213850470
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.142 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://xsmb99.me/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 17 Sep 2021 10:19:52 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://xsmb99.me
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
cookie.js
partner.googleadservices.com/gampad/ 		199 B
655 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=xsmb99.me&callback=_gfp_s_&client=ca-pub-9108464640724915
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109150101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9108464640724915&plah=xsmb99.me
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
968f501d5fed799ec09dc0bf02157cd9168fb9e751bda45f3204830f3c8be7e6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:19:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
190
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ 		107 B
853 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=xsmb99.me
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109150101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9108464640724915&plah=xsmb99.me
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 17 Sep 2021 10:19:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
570 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=xsmb99.me
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109150101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9108464640724915&plah=xsmb99.me
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 17 Sep 2021 10:19:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 7693 		285 KB
62 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&adk=1812271804&adf=3025194257&lmt=1631873992&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873992409&bpp=3&bdt=413&idt=368&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6540816054811&frm=20&pv=2&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&pvsid=1481020496321939&pem=136&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=384
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109150101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9108464640724915&plah=xsmb99.me
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f162.1e100.net
Software
cafe /
Resource Hash
9aaa71404ace6e716e30d2cc588c11651c1b99792a87ebcd33b12a7b3bcf9af3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-9108464640724915&output=html&adk=1812271804&adf=3025194257&lmt=1631873992&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873992409&bpp=3&bdt=413&idt=368&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6540816054811&frm=20&pv=2&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&pvsid=1481020496321939&pem=136&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=384
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://xsmb99.me/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Fri, 17 Sep 2021 10:19:53 GMT
server
cafe
content-length
63402
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Fri, 17-Sep-2021 10:34:52 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Fri, 17 Sep 2021 10:19:53 GMT
cache-control
private
osd.js
www.googletagservices.com/activeview/js/current/ 		72 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109150101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9108464640724915&plah=xsmb99.me
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
sffe /
Resource Hash
a97000b74006f16532e2d380cbed2e3dabd80ea9b85625fcb123d96cb9a0369a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:19:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27627
x-xss-protection
0
server
sffe
etag
"1631705383510867"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="active-view-scs-read-write-acl"
expires
Fri, 17 Sep 2021 10:19:53 GMT
reactive_library_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109150101/ 		145 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109150101/reactive_library_fy2019.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109150101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9108464640724915&plah=xsmb99.me
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
7185ef50e258dfd3ebb88b04a602a8758777cdb82825b419a8d90dd975788a22
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:19:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
53125
x-xss-protection
0
server
cafe
etag
776041372071558874
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Fri, 17 Sep 2021 10:19:53 GMT
integrator.js
adservice.google.de/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=xsmb99.me
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109150101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9108464640724915&plah=xsmb99.me
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f162.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 17 Sep 2021 10:19:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=xsmb99.me
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109150101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9108464640724915&plah=xsmb99.me
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 17 Sep 2021 10:19:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame A604 		430 B
230 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=1425483003&pi=t.aa~a.585548709~i.59~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631873993&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993724&bpp=2&bdt=1728&idt=-M&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0&nras=2&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4575&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&pvsid=1481020496321939&pem=136&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=B5cU3gl8Vm&p=https%3A//xsmb99.me&dtd=14
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109150101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9108464640724915&plah=xsmb99.me
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f162.1e100.net
Software
cafe /
Resource Hash
046c5264eb6ff664f7860afddd2fa81c639f576591a2933aae9e07d5c525e972
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=1425483003&pi=t.aa~a.585548709~i.59~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631873993&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993724&bpp=2&bdt=1728&idt=-M&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0&nras=2&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4575&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&pvsid=1481020496321939&pem=136&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=B5cU3gl8Vm&p=https%3A//xsmb99.me&dtd=14
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://xsmb99.me/
accept-encoding
gzip, deflate, br
cookie
test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Fri, 17 Sep 2021 10:19:54 GMT
server
cafe
content-length
206
x-xss-protection
0
set-cookie
IDE=AHWqTUnaZxFzl3a6qR4_S6PzIGFTi2Uzch22KESegnYuoenhRPNpiqv6mqPqvf4NkD0; expires=Sun, 17-Sep-2023 10:19:53 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Fri, 17 Sep 2021 10:19:54 GMT
cache-control
private
ads
googleads.g.doubleclick.net/pagead/ Frame 395A 		129 KB
40 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=2793536430&adf=662524697&pi=t.aa~a.461124662~rp.4&w=350&fwrn=4&fwrnh=100&lmt=1631873993&rafmt=1&to=qs&pwprc=4678874584&psa=0&format=350x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993724&bpp=1&bdt=1728&idt=1&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0%2C730x280&nras=3&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=1005&ady=2572&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&pvsid=1481020496321939&pem=136&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=FK4e3CKroG&p=https%3A//xsmb99.me&dtd=23
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109150101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9108464640724915&plah=xsmb99.me
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f162.1e100.net
Software
cafe /
Resource Hash
48a33ab65a39e429f5fe3d6f8bd0b0fbfcd72a1ac98cc7e8e712957e3ae74b9b
Security Headers
Name Value
Content-Security-Policy child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5442514344972767536/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5442514344972767536/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=COLC363khfMCFRAZGwodsfsBGA&gqi=yWtEYYueL6alzAbFhYqICQ&layout=/sadbundle/%24csp%253Der3%24/5442514344972767536/index.html
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=2793536430&adf=662524697&pi=t.aa~a.461124662~rp.4&w=350&fwrn=4&fwrnh=100&lmt=1631873993&rafmt=1&to=qs&pwprc=4678874584&psa=0&format=350x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993724&bpp=1&bdt=1728&idt=1&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0%2C730x280&nras=3&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=1005&ady=2572&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&pvsid=1481020496321939&pem=136&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=FK4e3CKroG&p=https%3A//xsmb99.me&dtd=23
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://xsmb99.me/
accept-encoding
gzip, deflate, br
cookie
test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-security-policy
child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5442514344972767536/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5442514344972767536/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=COLC363khfMCFRAZGwodsfsBGA&gqi=yWtEYYueL6alzAbFhYqICQ&layout=/sadbundle/%24csp%253Der3%24/5442514344972767536/index.html
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Fri, 17 Sep 2021 10:19:54 GMT
server
cafe
content-length
41215
x-xss-protection
0
set-cookie
IDE=AHWqTUn1xzflWkM2mMekGjBv7OxMe0aW-aGorr_OgISz6-VRGHiakVYRRyfxnmqAKI8; expires=Sun, 17-Sep-2023 10:19:53 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Fri, 17 Sep 2021 10:19:54 GMT
cache-control
private
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/ Frame 7301 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109150101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9108464640724915&plah=xsmb99.me
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f162.1e100.net
Software
cafe /
Resource Hash
bf5230ffb8745d28c11ae8b743868364f9be8379300bd59d235f402a53ea96ee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://xsmb99.me/
accept-encoding
gzip, deflate, br
cookie
test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Fri, 17 Sep 2021 01:20:06 GMT
expires
Fri, 01 Oct 2021 01:20:06 GMT
content-type
text/html; charset=UTF-8
etag
13836150016441684253
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4591
x-xss-protection
0
age
32387
cache-control
public, max-age=1209600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/ Frame F513 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109150101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9108464640724915&plah=xsmb99.me
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f162.1e100.net
Software
cafe /
Resource Hash
bf5230ffb8745d28c11ae8b743868364f9be8379300bd59d235f402a53ea96ee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://xsmb99.me/
accept-encoding
gzip, deflate, br
cookie
test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Fri, 17 Sep 2021 01:20:06 GMT
expires
Fri, 01 Oct 2021 01:20:06 GMT
content-type
text/html; charset=UTF-8
etag
13836150016441684253
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4591
x-xss-protection
0
age
32387
cache-control
public, max-age=1209600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
css2
fonts.googleapis.com/ Frame 7301 		4 KB
633 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.202 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f10.1e100.net
Software
ESF /
Resource Hash
e2b5d4752ac81478ad36860fbe67b75bad20bbee7a93e835a25283d310c78999
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 17 Sep 2021 08:56:22 GMT
server
ESF
date
Fri, 17 Sep 2021 10:19:53 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 17 Sep 2021 10:19:53 GMT
feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 7301 		205 B
765 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f3.1e100.net
Software
sffe /
Resource Hash
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 03:17:20 GMT
x-content-type-options
nosniff
age
111753
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
205
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Fri, 16 Sep 2022 03:17:20 GMT
settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 7301 		604 B
695 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f3.1e100.net
Software
sffe /
Resource Hash
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 15:51:36 GMT
x-content-type-options
nosniff
age
66497
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
604
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Fri, 16 Sep 2022 15:51:36 GMT
interstitial_ad_frame_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210913/r20110914/elements/html/ Frame 7301 		17 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210913/r20110914/elements/html/interstitial_ad_frame_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.129 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f1.1e100.net
Software
cafe /
Resource Hash
89e590d44510a10b9602ebffa228e2d8a2f2aeb1acc462b51cd19df5f5434308
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 10:29:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
85844
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7656
x-xss-protection
0
server
cafe
etag
8352096984186353373
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Sep 2021 10:29:09 GMT
ssrh.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame F513 		84 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/ssrh.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.129 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f1.1e100.net
Software
cafe /
Resource Hash
9b5312cb2f154f2bd64ee8746195a63df254d10bfd107a61eec3d5d38dd48bff
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 04:35:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
20654
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30063
x-xss-protection
0
server
cafe
etag
16132151104434394549
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Sat, 18 Sep 2021 04:35:39 GMT
css
fonts.googleapis.com/ Frame B696 		3 KB
578 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.202 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f10.1e100.net
Software
ESF /
Resource Hash
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 17 Sep 2021 08:54:06 GMT
server
ESF
date
Fri, 17 Sep 2021 10:19:53 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 17 Sep 2021 10:19:53 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/ Frame B696 		1 KB
857 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.129 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f1.1e100.net
Software
cafe /
Resource Hash
5d1f3a4ee5a02abdbc66a11aad769dd81cbe4d07f0b3799ff0940ad7b7d6cc1a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 21:17:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
46920
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
830
x-xss-protection
0
server
cafe
etag
3558876194914413708
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Sep 2021 21:17:53 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210913/r20110914/ Frame B696 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210913/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.129 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f1.1e100.net
Software
cafe /
Resource Hash
7195c4763ed26ac25f6be1726145b11ee61f5d27468605eb56a6c0823d101673
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 00:48:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
34272
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7612
x-xss-protection
0
server
cafe
etag
7316329070599479730
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 01 Oct 2021 00:48:41 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/ Frame B696 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.129 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f1.1e100.net
Software
cafe /
Resource Hash
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 09:15:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3835
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1339
x-xss-protection
0
server
cafe
etag
2275704724217174249
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 01 Oct 2021 09:15:58 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame B696 		128 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
sffe /
Resource Hash
fc8bce6b98f344ceb503d0c7c623ecf395808995efd843d616c3e7ab401a116f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:19:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39459
x-xss-protection
0
server
sffe
etag
"1631705359914318"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="active-view-scs-read-write-acl"
expires
Fri, 17 Sep 2021 10:19:53 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/ Frame B696 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.129 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f1.1e100.net
Software
cafe /
Resource Hash
127fef9bff9c4a7bd820146a3785bf8c7d3c5dbf48dd087f2e0f1d91a25e32c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:16:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
174
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6211
x-xss-protection
0
server
cafe
etag
18326705275735229343
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 01 Oct 2021 10:16:59 GMT
8b8c639f95e935c054a6465040a495ee.js
www.gstatic.com/mysidia/ Frame B696 		26 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/8b8c639f95e935c054a6465040a495ee.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f3.1e100.net
Software
sffe /
Resource Hash
42dc9aece188c290c3303813e9f91c1d596f1267899f3b3357280be43c16ab53
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 15 Sep 2021 22:25:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
129261
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10883
x-xss-protection
0
last-modified
Tue, 14 Sep 2021 04:03:11 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="mysidia"
expires
Tue, 14 Dec 2021 22:25:32 GMT
15223088113225867703_8979365721658609417.jpeg
static.doubleclick.net/dynamic/5/206847429/ Frame F513 		18 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.doubleclick.net/dynamic/5/206847429/15223088113225867703_8979365721658609417.jpeg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.230 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f6.1e100.net
Software
sffe /
Resource Hash
7fd0692105176e88d89fa2983267b497e1589dcb1e9ba6af68e39423980b82f1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 10 Sep 2021 12:24:34 GMT
x-content-type-options
nosniff
last-modified
Fri, 10 Sep 2021 04:57:32 GMT
server
sffe
age
597319
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18673
x-xss-protection
0
expires
Sat, 10 Sep 2022 12:24:34 GMT
15527770207187956134_8584123760372900530.jpeg
static.doubleclick.net/dynamic/5/206847429/ Frame F513 		24 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.doubleclick.net/dynamic/5/206847429/15527770207187956134_8584123760372900530.jpeg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.230 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f6.1e100.net
Software
sffe /
Resource Hash
93cd65ce3662c6cffe32a75f5b4ef49159b801036ba9728b9983c052940eddfa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 13:42:56 GMT
x-content-type-options
nosniff
age
74217
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24468
x-xss-protection
0
last-modified
Thu, 16 Sep 2021 04:57:41 GMT
server
sffe
report-to
{"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-programmable"
expires
Fri, 16 Sep 2022 13:42:56 GMT
8862367882887658931_8351947019560321897.jpeg
static.doubleclick.net/dynamic/5/206847429/ Frame F513 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.doubleclick.net/dynamic/5/206847429/8862367882887658931_8351947019560321897.jpeg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.230 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f6.1e100.net
Software
sffe /
Resource Hash
3a2a9b6157c433301ceb0174cd6d3ac76526a3d4366de3b417ceb2057f4942e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 10 Sep 2021 12:46:51 GMT
x-content-type-options
nosniff
last-modified
Fri, 10 Sep 2021 04:57:45 GMT
server
sffe
age
595982
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17641
x-xss-protection
0
expires
Sat, 10 Sep 2022 12:46:51 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210913/r20110914/ Frame F513 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210913/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.129 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f1.1e100.net
Software
cafe /
Resource Hash
7195c4763ed26ac25f6be1726145b11ee61f5d27468605eb56a6c0823d101673
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 00:48:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
34272
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7612
x-xss-protection
0
server
cafe
etag
7316329070599479730
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 01 Oct 2021 00:48:41 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/ Frame F513 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.129 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f1.1e100.net
Software
cafe /
Resource Hash
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:19:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1339
x-xss-protection
0
server
cafe
etag
2275704724217174249
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 01 Oct 2021 10:19:53 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame F513 		128 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
sffe /
Resource Hash
fc8bce6b98f344ceb503d0c7c623ecf395808995efd843d616c3e7ab401a116f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:19:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39459
x-xss-protection
0
server
sffe
etag
"1631705359914318"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="active-view-scs-read-write-acl"
expires
Fri, 17 Sep 2021 10:19:53 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/ Frame F513 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.129 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f1.1e100.net
Software
cafe /
Resource Hash
127fef9bff9c4a7bd820146a3785bf8c7d3c5dbf48dd087f2e0f1d91a25e32c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:16:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
174
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6211
x-xss-protection
0
server
cafe
etag
18326705275735229343
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 01 Oct 2021 10:16:59 GMT
15009675341483630711
tpc.googlesyndication.com/simgad/ Frame F513 		52 KB
52 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/15009675341483630711
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.129 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f1.1e100.net
Software
sffe /
Resource Hash
b6a25ff6ea2c8c87be58e3086ef6a3369d000aa507db56571097d5ec55ec730f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 14 Sep 2021 08:56:14 GMT
x-content-type-options
nosniff
age
264219
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
52897
x-xss-protection
0
last-modified
Tue, 09 Apr 2019 07:07:55 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 14 Sep 2022 08:56:14 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame F513 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CsmW5yGtEYcqONNKI9fgPuZuCwAzfh_HiY5vLzMOdDpaCzYWIFhABIOOxm31glQKgAfnczPADyAEJqQLtbxej0T6FPqgDAcgDywSqBMIBT9D4-opCiLpr9HVr49TI-UUfbSa-Rw0hSbJUc7iFaA6Ptj7SmBQlDimGxmz1a6bJKnOMIJwGeFZQibtpscAV95f-nD05wrCzWNOUYTC778TqxpqA7Rc4M83jqf9dKAQwe7rGh7IQfl_7jLpxGnPEJOUSHLjV2ILSztq_I6aVG7UpyqJ5iqfnSQewbkNa9MIYxaE6h3WNHZNBo0vu1ajwiNxbR3LQ_KFhCC1y7-q_ucHwbJ0vWJoEHKdcHY6zlzUIE97ABPyB9eKdA5IFBAgEGAGSBQQIBRgEoAYugAfXuP8yqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhvYBwDyBwQQ3KsC0ggHCIBhEAEYH4AKAcgLAdgTDIgUAdAVAYAXAbIXHAoaCAASFHB1Yi05MTA4NDY0NjQwNzI0OTE1GAA&sigh=29idrO4Lcg0&template_id=494
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-xo-so-mien-bac.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f162.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Fri, 17 Sep 2021 10:19:53 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 17 Sep 2021 10:19:53 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame CE3D 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f162.1e100.net
Software
safe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/drt/s?v=r20120211
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
accept-encoding
gzip, deflate, br
cookie
IDE=AHWqTUnTkaU9HHqeQwvcfajBk_sJUk32FWg5ZAlNd-pNu3xk1ZoanunPIsq4l4eRCe8
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Fri, 17 Sep 2021 10:00:06 GMT
server
safe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
1187
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame F513 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d48fc3c9b3f261e43b66fafa3705f5152d907672488b78ed187805084804c74f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
YqSUqZI0IRdbUAy163IJKnGw-hEMSU1MpsI8iakDbOc.js
pagead2.googlesyndication.com/bg/ Frame 623B 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/YqSUqZI0IRdbUAy163IJKnGw-hEMSU1MpsI8iakDbOc.js
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-xo-so-mien-bac.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
sffe /
Resource Hash
62a494a9923421175b500cb5eb72092a71b0fa110c494d4ca6c23c89a9036ce7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:38:56 GMT
content-encoding
br
x-content-type-options
nosniff
age
6058
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13243
x-xss-protection
0
last-modified
Mon, 13 Sep 2021 14:08:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="botguard-scs"
expires
Sat, 17 Sep 2022 08:38:56 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame CE3D
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f162.1e100.net
Software
safe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/drt/si?st=NO_DATA
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/
accept-encoding
gzip, deflate, br
cookie
IDE=AHWqTUnTkaU9HHqeQwvcfajBk_sJUk32FWg5ZAlNd-pNu3xk1ZoanunPIsq4l4eRCe8
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Fri, 17 Sep 2021 10:19:54 GMT
server
safe
content-length
0
x-xss-protection
0
set-cookie
DSID=NO_DATA; expires=Fri, 17-Sep-2021 11:19:54 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Fri, 17 Sep 2021 10:19:54 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Fri, 17 Sep 2021 10:19:54 GMT
server
safe
content-length
257
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
YqSUqZI0IRdbUAy163IJKnGw-hEMSU1MpsI8iakDbOc.js
pagead2.googlesyndication.com/bg/ Frame BE5E 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/YqSUqZI0IRdbUAy163IJKnGw-hEMSU1MpsI8iakDbOc.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
sffe /
Resource Hash
62a494a9923421175b500cb5eb72092a71b0fa110c494d4ca6c23c89a9036ce7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:38:56 GMT
content-encoding
br
x-content-type-options
nosniff
age
6058
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13243
x-xss-protection
0
last-modified
Mon, 13 Sep 2021 14:08:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="botguard-scs"
expires
Sat, 17 Sep 2022 08:38:56 GMT
integrator.js
adservice.google.de/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=xsmb99.me
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109150101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9108464640724915&plah=xsmb99.me
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f162.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 17 Sep 2021 10:19:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=xsmb99.me
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109150101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9108464640724915&plah=xsmb99.me
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 17 Sep 2021 10:19:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame D0B6 		90 KB
30 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.61~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631873994&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993717&bpp=1&bdt=1721&idt=1&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0%2C730x280%2C350x280%2C1600x1200%2C1005x124&nras=6&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4612&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&psts=AGkb-H9zi6d__bVQn0wZI8UupevF7zwdLd20xLSaZP33FchAYgQ0DM5aw624IUc89tlTaSL86g3T_ERn5cXnA7Ry1IC3LIq0HgAH9iOY&pvsid=1481020496321939&pem=136&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=4&fsb=1&xpc=S5kjdI1Vgx&p=https%3A//xsmb99.me&dtd=1085
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109150101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9108464640724915&plah=xsmb99.me
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f162.1e100.net
Software
cafe /
Resource Hash
99ae23199891b381ac29a5666425146a7bf4162d9582e218515c014b4a4888fc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.61~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631873994&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993717&bpp=1&bdt=1721&idt=1&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0%2C730x280%2C350x280%2C1600x1200%2C1005x124&nras=6&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4612&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&psts=AGkb-H9zi6d__bVQn0wZI8UupevF7zwdLd20xLSaZP33FchAYgQ0DM5aw624IUc89tlTaSL86g3T_ERn5cXnA7Ry1IC3LIq0HgAH9iOY&pvsid=1481020496321939&pem=136&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=4&fsb=1&xpc=S5kjdI1Vgx&p=https%3A//xsmb99.me&dtd=1085
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://xsmb99.me/
accept-encoding
gzip, deflate, br
cookie
DSID=NO_DATA; IDE=AHWqTUn1xzflWkM2mMekGjBv7OxMe0aW-aGorr_OgISz6-VRGHiakVYRRyfxnmqAKI8
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Fri, 17 Sep 2021 10:19:55 GMT
server
cafe
content-length
30883
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
index.html
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5442514344972767536/ Frame 586B 		11 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5442514344972767536/index.html
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-xo-so-mien-bac.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.129 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f1.1e100.net
Software
sffe /
Resource Hash
6dd3fa0ac0babf2ccc9285caa721a145c225a7d5207e9a662f32bf6e8b99e56e
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sadbundle/$csp%3Der3$/5442514344972767536/index.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-type
text/html
access-control-allow-origin
*
content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
2960
date
Tue, 14 Sep 2021 04:12:13 GMT
expires
Wed, 14 Sep 2022 04:12:13 GMT
last-modified
Thu, 11 Feb 2021 09:56:43 GMT
x-content-type-options
nosniff
x-dns-prefetch-control
off
content-encoding
gzip
server
sffe
x-xss-protection
0
age
281261
cache-control
public, max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
adview
googleads.g.doubleclick.net/pagead/ Frame BBDE 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CUe6KyWtEYaK6MJCybLH3h8AByPrF8mTGqoPeqw2Q78THnRYQASDjsZt9YJUCoAGj1rDEA8gBCakCP4OwGki_sz6oAwHIA0iqBMABT9AIpamXhcncKnprtXzbtGqe7rj6M075cBs4SX86DFYfQYq8lrlrKnKGX5j4UK_eld487U8RXcA9_KHSoASYX-a5b6hHH8lNv1HfaaVqEImv0Fk6LR9PZnllz-JU6BPm-VQYHlpeeShh436SBrdlkEXycanOTCdjc4VQECvAFF3-8-9m2S4FH7OJuKi_71LTljDq9OdUwVa3u72AovpzxJdvYlcvHMInKFq8e2v6NwV0xNSajdUCg5YzMjYKXE5bwATHz7S-sgKSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAHxanPO6gH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhvYBwDyBwMQl2rSCAcIgGEQARgfgAoByAsB2BMN0BUBgBcBshccChoIABIUcHViLTkxMDg0NjQ2NDA3MjQ5MTUYAA&sigh=Rnrxk2wZdv4&template_id=419
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-xo-so-mien-bac.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f162.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=2793536430&adf=662524697&pi=t.aa~a.461124662~rp.4&w=350&fwrn=4&fwrnh=100&lmt=1631873993&rafmt=1&to=qs&pwprc=4678874584&psa=0&format=350x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993724&bpp=1&bdt=1728&idt=1&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0%2C730x280&nras=3&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=1005&ady=2572&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&pvsid=1481020496321939&pem=136&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=FK4e3CKroG&p=https%3A//xsmb99.me&dtd=23
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Fri, 17 Sep 2021 10:19:54 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210913/r20110914/ Frame BBDE 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210913/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=2793536430&adf=662524697&pi=t.aa~a.461124662~rp.4&w=350&fwrn=4&fwrnh=100&lmt=1631873993&rafmt=1&to=qs&pwprc=4678874584&psa=0&format=350x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993724&bpp=1&bdt=1728&idt=1&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0%2C730x280&nras=3&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=1005&ady=2572&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&pvsid=1481020496321939&pem=136&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=FK4e3CKroG&p=https%3A//xsmb99.me&dtd=23
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.129 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f1.1e100.net
Software
cafe /
Resource Hash
7195c4763ed26ac25f6be1726145b11ee61f5d27468605eb56a6c0823d101673
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 00:48:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
34273
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7612
x-xss-protection
0
server
cafe
etag
7316329070599479730
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 01 Oct 2021 00:48:41 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/ Frame BBDE 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=2793536430&adf=662524697&pi=t.aa~a.461124662~rp.4&w=350&fwrn=4&fwrnh=100&lmt=1631873993&rafmt=1&to=qs&pwprc=4678874584&psa=0&format=350x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993724&bpp=1&bdt=1728&idt=1&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0%2C730x280&nras=3&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=1005&ady=2572&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&pvsid=1481020496321939&pem=136&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=FK4e3CKroG&p=https%3A//xsmb99.me&dtd=23
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.129 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f1.1e100.net
Software
cafe /
Resource Hash
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 09:15:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3836
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1339
x-xss-protection
0
server
cafe
etag
2275704724217174249
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 01 Oct 2021 09:15:58 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame BBDE 		128 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=2793536430&adf=662524697&pi=t.aa~a.461124662~rp.4&w=350&fwrn=4&fwrnh=100&lmt=1631873993&rafmt=1&to=qs&pwprc=4678874584&psa=0&format=350x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993724&bpp=1&bdt=1728&idt=1&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0%2C730x280&nras=3&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=1005&ady=2572&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&pvsid=1481020496321939&pem=136&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=FK4e3CKroG&p=https%3A//xsmb99.me&dtd=23
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
sffe /
Resource Hash
fc8bce6b98f344ceb503d0c7c623ecf395808995efd843d616c3e7ab401a116f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:19:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39459
x-xss-protection
0
server
sffe
etag
"1631705359914318"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="active-view-scs-read-write-acl"
expires
Fri, 17 Sep 2021 10:19:55 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/ Frame BBDE 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=2793536430&adf=662524697&pi=t.aa~a.461124662~rp.4&w=350&fwrn=4&fwrnh=100&lmt=1631873993&rafmt=1&to=qs&pwprc=4678874584&psa=0&format=350x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993724&bpp=1&bdt=1728&idt=1&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0%2C730x280&nras=3&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=1005&ady=2572&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&pvsid=1481020496321939&pem=136&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=FK4e3CKroG&p=https%3A//xsmb99.me&dtd=23
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.129 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f1.1e100.net
Software
cafe /
Resource Hash
127fef9bff9c4a7bd820146a3785bf8c7d3c5dbf48dd087f2e0f1d91a25e32c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:16:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
175
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6211
x-xss-protection
0
server
cafe
etag
18326705275735229343
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 01 Oct 2021 10:16:59 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame 5444 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=2793536430&adf=662524697&pi=t.aa~a.461124662~rp.4&w=350&fwrn=4&fwrnh=100&lmt=1631873993&rafmt=1&to=qs&pwprc=4678874584&psa=0&format=350x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993724&bpp=1&bdt=1728&idt=1&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0%2C730x280&nras=3&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=1005&ady=2572&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&pvsid=1481020496321939&pem=136&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=FK4e3CKroG&p=https%3A//xsmb99.me&dtd=23
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f162.1e100.net
Software
safe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/drt/s?v=r20120211
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=2793536430&adf=662524697&pi=t.aa~a.461124662~rp.4&w=350&fwrn=4&fwrnh=100&lmt=1631873993&rafmt=1&to=qs&pwprc=4678874584&psa=0&format=350x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993724&bpp=1&bdt=1728&idt=1&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0%2C730x280&nras=3&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=1005&ady=2572&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&pvsid=1481020496321939&pem=136&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=FK4e3CKroG&p=https%3A//xsmb99.me&dtd=23
accept-encoding
gzip, deflate, br
cookie
DSID=NO_DATA; IDE=AHWqTUn1xzflWkM2mMekGjBv7OxMe0aW-aGorr_OgISz6-VRGHiakVYRRyfxnmqAKI8
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=2793536430&adf=662524697&pi=t.aa~a.461124662~rp.4&w=350&fwrn=4&fwrnh=100&lmt=1631873993&rafmt=1&to=qs&pwprc=4678874584&psa=0&format=350x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993724&bpp=1&bdt=1728&idt=1&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0%2C730x280&nras=3&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=1005&ady=2572&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&pvsid=1481020496321939&pem=136&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=FK4e3CKroG&p=https%3A//xsmb99.me&dtd=23

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Fri, 17 Sep 2021 10:00:06 GMT
server
safe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
1188
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
gen_csp
pagead2.googlesyndication.com/pagead/ Frame BBDE 		0
20 B 		Other
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=COLC363khfMCFRAZGwodsfsBGA&gqi=yWtEYYueL6alzAbFhYqICQ&layout=/sadbundle/%24csp%253Der3%24/5442514344972767536/index.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=2793536430&adf=662524697&pi=t.aa~a.461124662~rp.4&w=350&fwrn=4&fwrnh=100&lmt=1631873993&rafmt=1&to=qs&pwprc=4678874584&psa=0&format=350x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993724&bpp=1&bdt=1728&idt=1&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0%2C730x280&nras=3&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=1005&ady=2572&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&pvsid=1481020496321939&pem=136&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=FK4e3CKroG&p=https%3A//xsmb99.me&dtd=23
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/csp-report

Response headers

pragma
no-cache
date
Fri, 17 Sep 2021 10:19:54 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
exitapi-impl.js
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 586B 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5442514344972767536/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.129 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f1.1e100.net
Software
cafe /
Resource Hash
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 17:48:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
59497
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3271
x-xss-protection
0
server
cafe
etag
7483759447172721109
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Fri, 17 Sep 2021 17:48:17 GMT
addata.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 586B 		26 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5442514344972767536/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.129 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f1.1e100.net
Software
cafe /
Resource Hash
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:03:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
8197
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10382
x-xss-protection
0
server
cafe
etag
12806417668659483808
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Sat, 18 Sep 2021 08:03:17 GMT
gsap_3.2.4_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame 586B 		57 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.2.4_min.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5442514344972767536/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f6.1e100.net
Software
sffe /
Resource Hash
e8403779d45a9590b43c0ecf984ebe11e75fd2982630d658390a6001a6768770
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:19:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23276
x-xss-protection
0
last-modified
Thu, 05 Mar 2020 03:53:22 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 17 Sep 2021 10:19:54 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame 5444
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=2793536430&adf=662524697&pi=t.aa~a.461124662~rp.4&w=350&fwrn=4&fwrnh=100&lmt=1631873993&rafmt=1&to=qs&pwprc=4678874584&psa=0&format=350x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993724&bpp=1&bdt=1728&idt=1&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0%2C730x280&nras=3&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=1005&ady=2572&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&pvsid=1481020496321939&pem=136&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=FK4e3CKroG&p=https%3A//xsmb99.me&dtd=23
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f162.1e100.net
Software
safe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/drt/si?st=NO_DATA
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/
accept-encoding
gzip, deflate, br
cookie
DSID=NO_DATA; IDE=AHWqTUn1xzflWkM2mMekGjBv7OxMe0aW-aGorr_OgISz6-VRGHiakVYRRyfxnmqAKI8
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Fri, 17 Sep 2021 10:19:55 GMT
server
safe
content-length
0
x-xss-protection
0
set-cookie
DSID=NO_DATA; expires=Fri, 17-Sep-2021 11:19:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Fri, 17 Sep 2021 10:19:55 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Fri, 17 Sep 2021 10:19:54 GMT
server
safe
content-length
257
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
imagesuv0myt5eb1rnnbxsp1ds.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5442514344972767536/ Frame 586B 		906 B
935 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5442514344972767536/imagesuv0myt5eb1rnnbxsp1ds.png
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5442514344972767536/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.129 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f1.1e100.net
Software
sffe /
Resource Hash
0a9ff3f6b8d132ef3022c28d875ab2217b7b35259a6bfd10b8e56b4b87046019
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
129951
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
906
x-xss-protection
0
last-modified
Thu, 11 Feb 2021 09:56:43 GMT
server
sffe
date
Wed, 15 Sep 2021 22:14:04 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 15 Sep 2022 22:14:04 GMT
1ad6b5aa39cdeb703ff094f477328c96.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5442514344972767536/ Frame 586B 		38 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5442514344972767536/1ad6b5aa39cdeb703ff094f477328c96.png
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5442514344972767536/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.129 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f1.1e100.net
Software
sffe /
Resource Hash
953ad5605189ea38166999307dd0641b5a3c42d4bd1dfd183848143c3fc2252b
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
389709
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38697
x-xss-protection
0
last-modified
Thu, 11 Feb 2021 09:56:43 GMT
server
sffe
date
Sun, 12 Sep 2021 22:04:46 GMT
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 12 Sep 2022 22:04:46 GMT
YqSUqZI0IRdbUAy163IJKnGw-hEMSU1MpsI8iakDbOc.js
pagead2.googlesyndication.com/bg/ Frame 586B 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/YqSUqZI0IRdbUAy163IJKnGw-hEMSU1MpsI8iakDbOc.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
sffe /
Resource Hash
62a494a9923421175b500cb5eb72092a71b0fa110c494d4ca6c23c89a9036ce7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:38:56 GMT
content-encoding
br
x-content-type-options
nosniff
age
6059
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13243
x-xss-protection
0
last-modified
Mon, 13 Sep 2021 14:08:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="botguard-scs"
expires
Sat, 17 Sep 2022 08:38:56 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame F513 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuYJO7bue9OU_nQZeQ1nBL_Ihl41FqQjE1aDxB9YZnpkWjuzUfbB5hzASJg8pe6pM26UL_AoUCGp6gxCfu3XOZBheqtI8RGUiusmAFivqTIM-Ougf8&sai=AMfl-YR8hyydVr6xUDNGvP-z7GujlKlsezAC1YVZtL4FVdKVTU8usKk4Fq9Ue8Mznph2O1fuOfQTNEZ8_q6V&sig=Cg0ArKJSzLxsmoad_guCEAE&id=lidar2&mcvt=1030&p=1106,298,1230,1303&mtos=102,785,1030,1106,1182&tos=102,683,245,76,76&v=20210915&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=21&adk=1812271801&rs=2&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&eosm=0&rst=1631873993782&rpt=231&r=v
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 17 Sep 2021 10:19:55 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
css
fonts.googleapis.com/ Frame D0B6 		3 KB
578 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.61~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631873994&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993717&bpp=1&bdt=1721&idt=1&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0%2C730x280%2C350x280%2C1600x1200%2C1005x124&nras=6&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4612&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&psts=AGkb-H9zi6d__bVQn0wZI8UupevF7zwdLd20xLSaZP33FchAYgQ0DM5aw624IUc89tlTaSL86g3T_ERn5cXnA7Ry1IC3LIq0HgAH9iOY&pvsid=1481020496321939&pem=136&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=4&fsb=1&xpc=S5kjdI1Vgx&p=https%3A//xsmb99.me&dtd=1085
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.202 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f10.1e100.net
Software
ESF /
Resource Hash
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 17 Sep 2021 08:56:23 GMT
server
ESF
date
Fri, 17 Sep 2021 10:19:55 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 17 Sep 2021 10:19:55 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/ Frame D0B6 		1 KB
862 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.61~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631873994&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993717&bpp=1&bdt=1721&idt=1&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0%2C730x280%2C350x280%2C1600x1200%2C1005x124&nras=6&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4612&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&psts=AGkb-H9zi6d__bVQn0wZI8UupevF7zwdLd20xLSaZP33FchAYgQ0DM5aw624IUc89tlTaSL86g3T_ERn5cXnA7Ry1IC3LIq0HgAH9iOY&pvsid=1481020496321939&pem=136&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=4&fsb=1&xpc=S5kjdI1Vgx&p=https%3A//xsmb99.me&dtd=1085
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.129 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f1.1e100.net
Software
cafe /
Resource Hash
5d1f3a4ee5a02abdbc66a11aad769dd81cbe4d07f0b3799ff0940ad7b7d6cc1a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 21:17:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
46922
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
830
x-xss-protection
0
server
cafe
etag
3558876194914413708
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Sep 2021 21:17:53 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210913/r20110914/ Frame D0B6 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210913/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.61~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631873994&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993717&bpp=1&bdt=1721&idt=1&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0%2C730x280%2C350x280%2C1600x1200%2C1005x124&nras=6&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4612&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&psts=AGkb-H9zi6d__bVQn0wZI8UupevF7zwdLd20xLSaZP33FchAYgQ0DM5aw624IUc89tlTaSL86g3T_ERn5cXnA7Ry1IC3LIq0HgAH9iOY&pvsid=1481020496321939&pem=136&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=4&fsb=1&xpc=S5kjdI1Vgx&p=https%3A//xsmb99.me&dtd=1085
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.129 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f1.1e100.net
Software
cafe /
Resource Hash
7195c4763ed26ac25f6be1726145b11ee61f5d27468605eb56a6c0823d101673
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 00:48:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
34274
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7612
x-xss-protection
0
server
cafe
etag
7316329070599479730
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 01 Oct 2021 00:48:41 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/ Frame D0B6 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.61~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631873994&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993717&bpp=1&bdt=1721&idt=1&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0%2C730x280%2C350x280%2C1600x1200%2C1005x124&nras=6&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4612&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&psts=AGkb-H9zi6d__bVQn0wZI8UupevF7zwdLd20xLSaZP33FchAYgQ0DM5aw624IUc89tlTaSL86g3T_ERn5cXnA7Ry1IC3LIq0HgAH9iOY&pvsid=1481020496321939&pem=136&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=4&fsb=1&xpc=S5kjdI1Vgx&p=https%3A//xsmb99.me&dtd=1085
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.129 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f1.1e100.net
Software
cafe /
Resource Hash
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 09:15:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3837
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1339
x-xss-protection
0
server
cafe
etag
2275704724217174249
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 01 Oct 2021 09:15:58 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame D0B6 		128 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.61~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631873994&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993717&bpp=1&bdt=1721&idt=1&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0%2C730x280%2C350x280%2C1600x1200%2C1005x124&nras=6&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4612&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&psts=AGkb-H9zi6d__bVQn0wZI8UupevF7zwdLd20xLSaZP33FchAYgQ0DM5aw624IUc89tlTaSL86g3T_ERn5cXnA7Ry1IC3LIq0HgAH9iOY&pvsid=1481020496321939&pem=136&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=4&fsb=1&xpc=S5kjdI1Vgx&p=https%3A//xsmb99.me&dtd=1085
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
sffe /
Resource Hash
fc8bce6b98f344ceb503d0c7c623ecf395808995efd843d616c3e7ab401a116f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:19:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39459
x-xss-protection
0
server
sffe
etag
"1631705359914318"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="active-view-scs-read-write-acl"
expires
Fri, 17 Sep 2021 10:19:55 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/ Frame D0B6 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.61~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631873994&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993717&bpp=1&bdt=1721&idt=1&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0%2C730x280%2C350x280%2C1600x1200%2C1005x124&nras=6&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4612&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&psts=AGkb-H9zi6d__bVQn0wZI8UupevF7zwdLd20xLSaZP33FchAYgQ0DM5aw624IUc89tlTaSL86g3T_ERn5cXnA7Ry1IC3LIq0HgAH9iOY&pvsid=1481020496321939&pem=136&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=4&fsb=1&xpc=S5kjdI1Vgx&p=https%3A//xsmb99.me&dtd=1085
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.129 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f1.1e100.net
Software
cafe /
Resource Hash
127fef9bff9c4a7bd820146a3785bf8c7d3c5dbf48dd087f2e0f1d91a25e32c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:16:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
176
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6211
x-xss-protection
0
server
cafe
etag
18326705275735229343
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 01 Oct 2021 10:16:59 GMT
l
www.google.com/ads/measurement/ Frame D0B6 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaQz7OsgRLpu0y0dxJmHOZHIAhAfkUQgfN2QJEp-yH2uzKHZLf4hs9tZGKQb00bU4pirbbeG5JSjTovis1-vlWNckazciw
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.61~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631873994&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993717&bpp=1&bdt=1721&idt=1&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0%2C730x280%2C350x280%2C1600x1200%2C1005x124&nras=6&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4612&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&psts=AGkb-H9zi6d__bVQn0wZI8UupevF7zwdLd20xLSaZP33FchAYgQ0DM5aw624IUc89tlTaSL86g3T_ERn5cXnA7Ry1IC3LIq0HgAH9iOY&pvsid=1481020496321939&pem=136&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=4&fsb=1&xpc=S5kjdI1Vgx&p=https%3A//xsmb99.me&dtd=1085
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.100 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f4.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
8b8c639f95e935c054a6465040a495ee.js
www.gstatic.com/mysidia/ Frame D0B6 		26 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/8b8c639f95e935c054a6465040a495ee.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.61~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631873994&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993717&bpp=1&bdt=1721&idt=1&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0%2C730x280%2C350x280%2C1600x1200%2C1005x124&nras=6&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4612&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&psts=AGkb-H9zi6d__bVQn0wZI8UupevF7zwdLd20xLSaZP33FchAYgQ0DM5aw624IUc89tlTaSL86g3T_ERn5cXnA7Ry1IC3LIq0HgAH9iOY&pvsid=1481020496321939&pem=136&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=4&fsb=1&xpc=S5kjdI1Vgx&p=https%3A//xsmb99.me&dtd=1085
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f3.1e100.net
Software
sffe /
Resource Hash
42dc9aece188c290c3303813e9f91c1d596f1267899f3b3357280be43c16ab53
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 15 Sep 2021 22:25:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
129263
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10883
x-xss-protection
0
last-modified
Tue, 14 Sep 2021 04:03:11 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="mysidia"
expires
Tue, 14 Dec 2021 22:25:32 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame D0B6 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CdblpymtEYdydM7CE9fgPwcSPuALZjY22Y7H6uavLDve3vs-IChABIOOxm31glQKgAaKdla8CyAEJqQJ8TU0HxcCzPqgDAcgDywSqBLkBT9BlsLHs4hmh3L7msd8t7fvMEFaUM_LksTt1deV8qJ8ov-m7BFcHgawX4J7ihq0Azs-WLqA9WMMET06BfPPstN-18lCPc2m-2-p7PS-lon_Ba3SNBLhGL6pVNVnP44w8ULhEapltRs6qrE3NHrkQm_txbYi_9iMC2CvImn0QDny_qnuLiI44czPg4vTRuQjPgEkrhHKbYuAciv2uyE2xTriiSeHemSc81NEDQeYf1knItXRD05Epxi3ABM_13qTDA5IFBAgEGAGSBQQIBRgEoAYugAfG4urQAagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhvYBwDyBwMQkkPSCAcIgGEQARgfgAoByAsBuBOIJ9gTDdAVAZgWAYAXAbIXHAoaCAASFHB1Yi05MTA4NDY0NjQwNzI0OTE1GAA&sigh=prmER0TRkc8&template_id=5000
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.61~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631873994&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993717&bpp=1&bdt=1721&idt=1&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0%2C730x280%2C350x280%2C1600x1200%2C1005x124&nras=6&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4612&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&psts=AGkb-H9zi6d__bVQn0wZI8UupevF7zwdLd20xLSaZP33FchAYgQ0DM5aw624IUc89tlTaSL86g3T_ERn5cXnA7Ry1IC3LIq0HgAH9iOY&pvsid=1481020496321939&pem=136&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=4&fsb=1&xpc=S5kjdI1Vgx&p=https%3A//xsmb99.me&dtd=1085
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f162.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.61~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631873994&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993717&bpp=1&bdt=1721&idt=1&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0%2C730x280%2C350x280%2C1600x1200%2C1005x124&nras=6&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4612&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&psts=AGkb-H9zi6d__bVQn0wZI8UupevF7zwdLd20xLSaZP33FchAYgQ0DM5aw624IUc89tlTaSL86g3T_ERn5cXnA7Ry1IC3LIq0HgAH9iOY&pvsid=1481020496321939&pem=136&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=4&fsb=1&xpc=S5kjdI1Vgx&p=https%3A//xsmb99.me&dtd=1085
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Fri, 17 Sep 2021 10:19:55 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
downsize_200k_v1
tpc.googlesyndication.com/simgad/17924219242015221835/ Frame D0B6 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/17924219242015221835/downsize_200k_v1?w=400&h=209
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.61~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631873994&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993717&bpp=1&bdt=1721&idt=1&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0%2C730x280%2C350x280%2C1600x1200%2C1005x124&nras=6&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4612&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&psts=AGkb-H9zi6d__bVQn0wZI8UupevF7zwdLd20xLSaZP33FchAYgQ0DM5aw624IUc89tlTaSL86g3T_ERn5cXnA7Ry1IC3LIq0HgAH9iOY&pvsid=1481020496321939&pem=136&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=4&fsb=1&xpc=S5kjdI1Vgx&p=https%3A//xsmb99.me&dtd=1085
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.129 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f1.1e100.net
Software
sffe /
Resource Hash
e3726c5b52654e19a53060ab398c21dd8a40dd96093c921303eb1766b5aa03f5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 13 Sep 2021 04:35:41 GMT
x-content-type-options
nosniff
age
366254
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16775
x-xss-protection
0
last-modified
Fri, 13 Aug 2021 08:28:03 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 13 Sep 2022 04:35:41 GMT
truncated
/ Frame D0B6 		209 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 78B5 		1 KB
749 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.61~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631873994&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993717&bpp=1&bdt=1721&idt=1&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0%2C730x280%2C350x280%2C1600x1200%2C1005x124&nras=6&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4612&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&psts=AGkb-H9zi6d__bVQn0wZI8UupevF7zwdLd20xLSaZP33FchAYgQ0DM5aw624IUc89tlTaSL86g3T_ERn5cXnA7Ry1IC3LIq0HgAH9iOY&pvsid=1481020496321939&pem=136&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=4&fsb=1&xpc=S5kjdI1Vgx&p=https%3A//xsmb99.me&dtd=1085
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
pagead2.googlesyndication.com
:scheme
https
:path
/pagead/s/cookie_push_onload.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Thu, 16 Sep 2021 21:06:15 GMT
expires
Fri, 17 Sep 2021 21:06:15 GMT
content-type
text/html; charset=UTF-8
etag
48472445140208031
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
724
x-xss-protection
0
age
47621
cache-control
public, max-age=86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame BBDE 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d5bb3460555fcd83c457bf3d6562f6e8a60f3a31776d9e48557968393f39dcd4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame D0B6 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
476d10a57259d63e8076eb3beb448edde46bff2cd1eadc5263a28a18b2b9f91d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame D0B6 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesans/v36/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f3.1e100.net
Software
sffe /
Resource Hash
1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 14 Sep 2021 08:44:05 GMT
x-content-type-options
nosniff
age
264951
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21660
x-xss-protection
0
last-modified
Wed, 01 Sep 2021 18:07:18 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 14 Sep 2022 08:44:05 GMT
4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame D0B6 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesans/v36/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f3.1e100.net
Software
sffe /
Resource Hash
c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 14 Sep 2021 04:08:17 GMT
x-content-type-options
nosniff
age
281499
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21424
x-xss-protection
0
last-modified
Wed, 01 Sep 2021 18:08:24 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 14 Sep 2022 04:08:17 GMT
dpixel
cms.quantserve.com/ Frame 78B5 		35 B
462 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEGo-XIA4dEmku9WcVqoPEHA&google_cver=1&google_push=AYg5qPI7sQ63x9up6gxOxmFENX8B-wND7TgHZQ_pN5eTv7pZwIhIlQNa62Aw6eCnI1gO2rsz_gGweD2_cG4FA3OW4L3IfhOQzB-S
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.61~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631873994&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993717&bpp=1&bdt=1721&idt=1&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0%2C730x280%2C350x280%2C1600x1200%2C1005x124&nras=6&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4612&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&psts=AGkb-H9zi6d__bVQn0wZI8UupevF7zwdLd20xLSaZP33FchAYgQ0DM5aw624IUc89tlTaSL86g3T_ERn5cXnA7Ry1IC3LIq0HgAH9iOY&pvsid=1481020496321939&pem=136&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=4&fsb=1&xpc=S5kjdI1Vgx&p=https%3A//xsmb99.me&dtd=1085
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.228.74.226 , United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 17 Sep 2021 10:19:56 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 78B5
Redirect Chain
  • https://d.agkn.com/pixel/2175/?google_gid=CAESEAVNlL7nM0m7EsiRJqELKxY&google_cver=1&google_push=AYg5qPJ22aNykSFYjubqfqJHrMwOxLvnruXMTvap9eQZsVrosQtsX6_YBaFdgxpw5DaqgkF9qgyOC7XJuejmsIDmBeSDNH0xo3Ib
  • https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPJ22aNykSFYjubqfqJHrMwOxLvnruXMTvap9eQZsVrosQtsX6_YBaFdgxpw5DaqgkF9qgyOC7XJuejmsIDmBeSDNH0xo3Ib&google_hm=Q0FFU0VBVk5sTDduTTBtN...
170 B
329 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPJ22aNykSFYjubqfqJHrMwOxLvnruXMTvap9eQZsVrosQtsX6_YBaFdgxpw5DaqgkF9qgyOC7XJuejmsIDmBeSDNH0xo3Ib&google_hm=Q0FFU0VBVk5sTDduTTBtN0VzaVJKcUVMS3hZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 17 Sep 2021 10:19:56 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 17 Sep 2021 10:19:55 GMT
Server
Apache-Coyote/1.1
P3P
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPJ22aNykSFYjubqfqJHrMwOxLvnruXMTvap9eQZsVrosQtsX6_YBaFdgxpw5DaqgkF9qgyOC7XJuejmsIDmBeSDNH0xo3Ib&google_hm=Q0FFU0VBVk5sTDduTTBtN0VzaVJKcUVMS3hZ
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Sat, 01 Jan 2000 00:00:00 GMT
sync
odr.mookie1.com/t/v2/ Frame 78B5 		43 B
607 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://odr.mookie1.com/t/v2/sync?tagid=V2_4530&src.visitorid=CAESEDLSKI0jJeJGOD-XyUdu1Rw&google_cver=1&google_push=AYg5qPL6HfT6yr3W6ZGh23LOzmT6IcskPNqH_3wnrjKL2melSuSwBcjqz1Eb5qtvwNMlXJbhotPFris_5T7uxcUWBtJdhQbYGap3
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.61~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631873994&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993717&bpp=1&bdt=1721&idt=1&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0%2C730x280%2C350x280%2C1600x1200%2C1005x124&nras=6&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4612&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&psts=AGkb-H9zi6d__bVQn0wZI8UupevF7zwdLd20xLSaZP33FchAYgQ0DM5aw624IUc89tlTaSL86g3T_ERn5cXnA7Ry1IC3LIq0HgAH9iOY&pvsid=1481020496321939&pem=136&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=4&fsb=1&xpc=S5kjdI1Vgx&p=https%3A//xsmb99.me&dtd=1085
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
61.67.98.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 17 Sep 2021 10:19:56 GMT
via
1.1 google
server
Apache
p3p
CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif;charset=UTF-8
alt-svc
clear
content-length
43
x-application-context
application
expires
Thu, 01 Jan 1970 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 78B5
Redirect Chain
  • https://rtb.openx.net/sync/dds?google_gid=CAESEPCKvKYjVexNLhV9fEZRD-I&google_cver=1&google_push=AYg5qPKEO561z0T3oJ0uqKQ-r8mOrfZO8vTkTnEj24xykuWRj0pKWe2baA-GK8EiWq4MgsjJDpkzX4hQwOb3wcgtrNqOhwa6lIzA
  • https://rtb.openx.net/sync/dds?google_gid=CAESEPCKvKYjVexNLhV9fEZRD-I&google_cver=1&google_push=AYg5qPKEO561z0T3oJ0uqKQ-r8mOrfZO8vTkTnEj24xykuWRj0pKWe2baA-GK8EiWq4MgsjJDpkzX4hQwOb3wcgtrNqOhwa6lIzA&...
  • https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKEO561z0T3oJ0uqKQ-r8mOrfZO8vTkTnEj24xykuWRj0pKWe2baA-GK8EiWq4MgsjJDpkzX4hQwOb3wcgtrNqOhwa6lIzA&google_hm=SH8p5UXWzgwfj4m1xAQ7iQ==
170 B
232 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKEO561z0T3oJ0uqKQ-r8mOrfZO8vTkTnEj24xykuWRj0pKWe2baA-GK8EiWq4MgsjJDpkzX4hQwOb3wcgtrNqOhwa6lIzA&google_hm=SH8p5UXWzgwfj4m1xAQ7iQ==
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 17 Sep 2021 10:19:56 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 17 Sep 2021 10:19:56 GMT
via
1.1 google
server
Cowboy
access-control-allow-origin
null
vary
Origin
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKEO561z0T3oJ0uqKQ-r8mOrfZO8vTkTnEj24xykuWRj0pKWe2baA-GK8EiWq4MgsjJDpkzX4hQwOb3wcgtrNqOhwa6lIzA&google_hm=SH8p5UXWzgwfj4m1xAQ7iQ==
access-control-expose-headers
cache-control
private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
content-length
0
x-request-id
mlgnkt8khku58fm5d9hqk4a2tea1siuo
pixel
cm.g.doubleclick.net/ Frame 78B5
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_cver=1&googl...
  • https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AY...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQ...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQ...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQ...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQ...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQ...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQ...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQ...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQ...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQ...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQ...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQ...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQ...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQ...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQ...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQ...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQ...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQ...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQ...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQ...
0
0
pixel
cm.g.doubleclick.net/ Frame 78B5
Redirect Chain
  • https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEM7uzCjKkpEPLS0SK4M3wBY&google_cver=1&google_push=AYg5qPLocrcrXcJGV8-UGney...
  • https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPLocrcrXcJGV8-UGneynC1lQNPvnL-_MqGFem0Sn6jktfSEme_Jl6R6P5Mov-Pk24IeLg25oneGc7IfW2lyZT13w9lWbJE3AA&google_hm=
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPLocrcrXcJGV8-UGneynC1lQNPvnL-_MqGFem0Sn6jktfSEme_Jl6R6P5Mov-Pk24IeLg25oneGc7IfW2lyZT13w9lWbJE3AA&google_hm=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 17 Sep 2021 10:19:56 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 17 Sep 2021 10:19:56 GMT
server
GHC
p3p
CP="NOI DSP COR NID PSAo OUR IND"
location
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPLocrcrXcJGV8-UGneynC1lQNPvnL-_MqGFem0Sn6jktfSEme_Jl6R6P5Mov-Pk24IeLg25oneGc7IfW2lyZT13w9lWbJE3AA&google_hm=
cache-control
no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
accept-ranges
none
content-length
0
expires
Thu, 16 Sep 2021 10:19:56 GMT
attr
cm.g.doubleclick.net/pixel/ Frame 78B5 		0
244 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IFNImuk3t6N_-rCCfMUsmZ0DyXcgo9r-7CHB1NZnlPjh_1e358Ex-8DBT5e6mN1qs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.61~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631873994&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993717&bpp=1&bdt=1721&idt=1&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0%2C730x280%2C350x280%2C1600x1200%2C1005x124&nras=6&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4612&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&psts=AGkb-H9zi6d__bVQn0wZI8UupevF7zwdLd20xLSaZP33FchAYgQ0DM5aw624IUc89tlTaSL86g3T_ERn5cXnA7Ry1IC3LIq0HgAH9iOY&pvsid=1481020496321939&pem=136&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=4&fsb=1&xpc=S5kjdI1Vgx&p=https%3A//xsmb99.me&dtd=1085
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:19:56 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
sodar
pagead2.googlesyndication.com/getconfig/ 		11 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210915&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109150101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9108464640724915&plah=xsmb99.me
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
f495f9fd176d0d5d08af3d393d29429ac91e1c13251ca3b9be953870f335bbaa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 17 Sep 2021 10:19:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8588
x-xss-protection
0
YqSUqZI0IRdbUAy163IJKnGw-hEMSU1MpsI8iakDbOc.js
pagead2.googlesyndication.com/bg/ Frame C295 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/YqSUqZI0IRdbUAy163IJKnGw-hEMSU1MpsI8iakDbOc.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.61~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631873994&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993717&bpp=1&bdt=1721&idt=1&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0%2C730x280%2C350x280%2C1600x1200%2C1005x124&nras=6&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4612&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&psts=AGkb-H9zi6d__bVQn0wZI8UupevF7zwdLd20xLSaZP33FchAYgQ0DM5aw624IUc89tlTaSL86g3T_ERn5cXnA7Ry1IC3LIq0HgAH9iOY&pvsid=1481020496321939&pem=136&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=4&fsb=1&xpc=S5kjdI1Vgx&p=https%3A//xsmb99.me&dtd=1085
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
sffe /
Resource Hash
62a494a9923421175b500cb5eb72092a71b0fa110c494d4ca6c23c89a9036ce7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:38:56 GMT
content-encoding
br
x-content-type-options
nosniff
age
6060
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13243
x-xss-protection
0
last-modified
Mon, 13 Sep 2021 14:08:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="botguard-scs"
expires
Sat, 17 Sep 2022 08:38:56 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109150101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9108464640724915&plah=xsmb99.me
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.129 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f1.1e100.net
Software
sffe /
Resource Hash
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 10:19:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1624308425655142"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6467
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
expires
Fri, 17 Sep 2021 10:19:56 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/224/ Frame F0C1 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.129 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f1.1e100.net
Software
sffe /
Resource Hash
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/224/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://xsmb99.me/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5029
date
Fri, 17 Sep 2021 10:10:54 GMT
expires
Sat, 17 Sep 2022 10:10:54 GMT
last-modified
Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
542
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame F36C 		783 B
534 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.100 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f4.1e100.net
Software
GSE /
Resource Hash
f8efdd84aa65da4a166c8c14a56bfa03ddb468ed0468aa7fbbf882d2a2449a56
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-echfjBu9EnBNyhBVApF5zA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/aframe
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://xsmb99.me/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy-report-only
require-corp; report-to="recaptcha"
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Fri, 17 Sep 2021 10:19:56 GMT
date
Fri, 17 Sep 2021 10:19:56 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-echfjBu9EnBNyhBVApF5zA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
512
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
YqSUqZI0IRdbUAy163IJKnGw-hEMSU1MpsI8iakDbOc.js
pagead2.googlesyndication.com/bg/ Frame F0C1 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/YqSUqZI0IRdbUAy163IJKnGw-hEMSU1MpsI8iakDbOc.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
sffe /
Resource Hash
62a494a9923421175b500cb5eb72092a71b0fa110c494d4ca6c23c89a9036ce7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:38:56 GMT
content-encoding
br
x-content-type-options
nosniff
age
6060
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13243
x-xss-protection
0
last-modified
Mon, 13 Sep 2021 14:08:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="botguard-scs"
expires
Sat, 17 Sep 2022 08:38:56 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame F36C 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20210915&jk=1481020496321939&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20210915&jk=1481020496321939&bg=!GBulG1_NAAaUnz4elJ87ACkAdvg8WsRdL0f76sHizVLeBhEd40zPHQkGsdAFwv-RBlWeTTWYs498TgIAAABYUgAAAApoAQcKAHW28d7ahPtYUd8D6Wm9n3HZE9wBg-VgaZpQxEaqfuxNUepNhhM3ftLC3vVgTN6GFkj7S6nn0atLdGgXa5kmTUhB5B3wQEy0KIkEx65tMDGd_DKg3FHVcd5qjFhTw682IGRakwJTEv6RJAPRyD5oyGXGiiee0UGZAofNiVuJCowi4YMKzbX-B4hDGrEHnalweHeGhjv9Yg9ze1vo3lnLhFbcCiQHB3eeXpjZeWa6Of4JhC8sU8t3kq5JvvRqxVDvcMi3lqzNBNlaGTOlKFkBNLybkDjn65vZb8hXPAEgFPB1CyLHRf83ckOQCu_4XpItX9P4pv6WgLO0T4GBvI2xEPmTVoJGn87f9qf7lR1uTX8EB53HwIqMxQZ3sOUlG15AJgy_BpuUXwRbUFdyE24sS3F3KDbfuLlUb2XbSSjwq61huz0YW4lDTm7hrgIJhyZh_txWPA_0wjEiPw8Dvb-okSUxeBCqSeO1LehAHxI77NJ5-iTR_-pW0fQ1t0igTdmHWrZkMicl_ghGGLJYXMPz2czQUihtYkSl4ZPfmalFylpVTOSIBPx9VPiMmY5eVkWv11fvmgMu2Kxl_fvrzFYFAl7Rv5YmLFV5_bu-irbLg-lPftr64k8uFdxZsiRoYNvG0uX8KwQ7Cp-IlIV50XMDaorrWJvMxw06irqJVyShkVRMHbDSwIHu8L56EDSIS5O0tvXqR3qxwn9l1C1wiD2VPjNryWxt7DBTqXC2QFNnWkCtL_I_HP18KaksvGxhver6mNRc6MMoH_TYgBbJPodFm1YxCJaW0QcwO6NEhguoIcFIULbJgSeylziKcX9dwmuAv8TJI3vrfrLV2sIBkFU-KKrhLZ55GaJjd84tOPaTRcHBbsa2JhfAR00O4at3PTuAT2k-tsdvNBnQYDJoqxbmeyN11FxLzO1dpzWvYPcu0YMD6BIQKcXWVdTyJyhT8WQ2DxPwxbD8_ACDuBNHRCNhA_DHvoB4MyajbZrQscruGSoJuFCx1Jr8WkHFNgMeJfjIxQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 17 Sep 2021 10:19:56 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
truncated
/ 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cm.g.doubleclick.net
URL
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQhN-uEKXhPBnCx6rN5PD6kqsre0hOf9rah2lOFv-zeC2e-vOM&google_cver=1

Verdicts & Comments Add Verdict or Comment

66 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| onbeforexrselect boolean| originAgentCluster object| google_tag_manager object| dataLayer function| gtag object| google_tag_data string| GoogleAnalyticsObject function| ga object| google_js_reporting_queue number| google_srt object| google_logging_queue object| google_ad_modifications object| ggeac boolean| google_measure_js_timing object| google_reactive_ads_global_state object| adsbygoogle boolean| _gfp_a_ object| google_sa_queue object| google_sl_win function| google_process_slots object| google_persistent_state_async function| google_spfd number| google_unique_id object| google_sv_map string| google_user_agent_client_hint object| gaplugins object| gaGlobal object| gaData function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter function| google_sa_impl object| __google_ad_urls number| google_global_correlator number| __google_ad_urls_id object| googleToken object| googleIMState boolean| _gfp_p_ function| processGoogleToken object| google_prev_clients object| google_jobrunner object| ampInaboxIframes object| ampInaboxPendingMessages boolean| google_osd_loaded boolean| google_onload_fired function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb object| google_llp number| google_lpabyc object| googletag function| $ function| jQuery function| Popper object| bootstrap function| notify object| GoogleGcLKhOms object| google_image_requests

20 Cookies

Domain/Path Name / Value
xsmb99.me/ Name: XSRF-TOKEN
Value: eyJpdiI6InZFZG9yKzFNYzhCUkM2c0FYelpLNXc9PSIsInZhbHVlIjoiTUhFTURPTkhyOWhoZFZXdzlNV3FhYnM1aEcwNHp5TWVSNlltOVo1NGJGeWdrbjd0TnR3dVRNUG1qdmM1SUwwUyIsIm1hYyI6IjFjZTdkMWRjODAyYjJkODcxZDY0NWMwZmE0NjRiZTc3YjY0NGE2NjFmNDg3NmM0ZWJkYWIwMWM5ZmNjZWNkMzAifQ%3D%3D
xsmb99.me/ Name: xsmb99me_session
Value: eyJpdiI6IjRwdklXYS96Z3RUb1Q4d3ZOMGtNZmc9PSIsInZhbHVlIjoiRUJiTDZWakh3c3loelIwNXEwZFZVNzdRUFdvZDBMeGJKTkkxUUFPbElJS1o0MjRuVm1Ed3lEckRvTkpzU2NoWSIsIm1hYyI6ImQ2OWM2ODA3NzUyZDA0YTY0MTQ1MGRhMmFmNmVmNDY5MWIzYzI4MmM3YmU4ZjZiM2JkZjQxNzlmZmM5OTJjMGQifQ%3D%3D
.xsmb99.me/ Name: _ga
Value: GA1.2.546217958.1631873992
.xsmb99.me/ Name: _gid
Value: GA1.2.670824563.1631873992
.xsmb99.me/ Name: _gat_gtag_UA_150732184_1
Value: 1
.xsmb99.me/ Name: __gads
Value: ID=44ae08fbc22b0497-22d6ec022fc90054:T=1631873992:RT=1631873992:S=ALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA
.doubleclick.net/ Name: DSID
Value: NO_DATA
.doubleclick.net/ Name: IDE
Value: AHWqTUn1xzflWkM2mMekGjBv7OxMe0aW-aGorr_OgISz6-VRGHiakVYRRyfxnmqAKI8
.quantserve.com/ Name: d
Value: EB4BCQGiJIEA
.quantserve.com/ Name: mc
Value: 61446bcc-172ac-1cefe-1dbea
.openx.net/ Name: i
Value: 44859c80-45d7-48d5-a32d-0dea733a32ce|1631873996
.agkn.com/ Name: ab
Value: 0001%3AIzdcsss2liYq%2Fo%2FvAAfZuoyyHXFqmh6B
.agkn.com/ Name: u
Value: C|0CEAo1yhMKNcoTAAAAAAAAQ13AQCAAQpAAAAAAA
.casalemedia.com/ Name: CMID
Value: YURrzNRFMVdwEp5jTOovnAAA
.casalemedia.com/ Name: CMPS
Value: 5215
.casalemedia.com/ Name: CMPRO
Value: 1103
.casalemedia.com/ Name: CMST
Value: YURrzGFEa8wA
.mookie1.com/ Name: id
Value: 10810890906490870578
.mookie1.com/ Name: mdata
Value: 1|10810890906490870578|1631873996229
.mookie1.com/ Name: ov
Value: 0fdd1fe40d7630132379dfba18df0eaa

5 Console Messages

Source Level URL
Text
security error URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1#RS-1-&adk=1812271801&client=ca-pub-9108464640724915&fa=1&ifi=7&uci=a!7&btvi=3(Line 19)
Message:
The Content Security Policy 'child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_Monte_GpaSingleIframe.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_Monte_GpaSingleIframe.html' was delivered via a <meta> element outside the document's <head>, which is disallowed. The policy has been ignored.
security error URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=2793536430&adf=662524697&pi=t.aa~a.461124662~rp.4&w=350&fwrn=4&fwrnh=100&lmt=1631873993&rafmt=1&to=qs&pwprc=4678874584&psa=0&format=350x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993724&bpp=1&bdt=1728&idt=1&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0%2C730x280&nras=3&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=1005&ady=2572&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&pvsid=1481020496321939&pem=136&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=FK4e3CKroG&p=https%3A//xsmb99.me&dtd=23
Message:
Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp=er3$/5442514344972767536/index.html".
security error URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=2793536430&adf=662524697&pi=t.aa~a.461124662~rp.4&w=350&fwrn=4&fwrnh=100&lmt=1631873993&rafmt=1&to=qs&pwprc=4678874584&psa=0&format=350x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-xo-so-mien-bac.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631873993724&bpp=1&bdt=1728&idt=1&shv=r20210915&mjsv=m202109150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D44ae08fbc22b0497-22d6ec022fc90054%3AT%3D1631873992%3ART%3D1631873992%3AS%3DALNI_MbG3GBM96tdh1tHegceQVgV_jIqpA&prev_fmts=0x0%2C730x280&nras=3&correlator=6540816054811&frm=20&pv=1&ga_vid=546217958.1631873992&ga_sid=1631873993&ga_hid=1053574003&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=1005&ady=2572&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C44748552&oid=3&pvsid=1481020496321939&pem=136&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=FK4e3CKroG&p=https%3A//xsmb99.me&dtd=23
Message:
Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp=er3$/5442514344972767536/index.html".
other warning URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5442514344972767536/index.html#t=3421059967909722805&p=https%3A%2F%2Fgoogleads.g.doubleclick.net
Message:
<link rel=preload> has an invalid `href` value
network error URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YURrzNRFMVdwEp5jTOovnAAABE8AAAIB&google_gid=CAESEOuhd5u765geXmCu69u02nE&google_push=AYg5qPKlkmUf24-UGNuH3zUO7Wt_h3kb8TSV9mbCbe-Riohj8OQhN-uEKXhPBnCx6rN5PD6kqsre0hOf9rah2lOFv-zeC2e-vOM&google_cver=1
Message:
Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
cdnjs.cloudflare.com
cm.g.doubleclick.net
cms.quantserve.com
d.agkn.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googlecm.hit.gemius.pl
odr.mookie1.com
pagead2.googlesyndication.com
partner.googleadservices.com
rtb.openx.net
s0.2mdn.net
stackpath.bootstrapcdn.com
static.doubleclick.net
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
xsmb99.me
cm.g.doubleclick.net
103.9.77.158
104.16.19.94
104.18.11.207
142.250.181.226
142.250.184.194
142.250.185.100
142.250.185.129
142.250.185.130
142.250.185.142
142.250.185.194
142.250.185.202
142.250.185.227
142.250.185.230
142.250.186.34
172.217.16.136
172.217.23.102
18.194.175.178
216.58.212.162
217.182.200.20
34.98.67.61
35.186.253.211
91.228.74.226
0136a3f123a1e9b3abff969b246786854e58bd66c321dadec9ee9539ed4ede31
046c5264eb6ff664f7860afddd2fa81c639f576591a2933aae9e07d5c525e972
057d84a94b4b110faddc611c95a8bd44af3b3f4ce131250a1634c20cb3fca53d
0a9ff3f6b8d132ef3022c28d875ab2217b7b35259a6bfd10b8e56b4b87046019
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
127fef9bff9c4a7bd820146a3785bf8c7d3c5dbf48dd087f2e0f1d91a25e32c3
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d
20e759e045642925ef24d225eed7897b5f0d9a5e6740c0a804b1fb6293cb3972
2360f1c5ffe67a2c07953ca34424848978014440f2f41157dca411f96865bdf9
2e53746b427784c9032ced6685c330cbe18831b21157b92f287c78a02c4da312
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c
3a2a9b6157c433301ceb0174cd6d3ac76526a3d4366de3b417ceb2057f4942e7
3c770e90f98eb21b0c042fafb49755af93306fbaf42e449524f94fae9fc83295
3f3cc6491387e3c1eb7ada793afddcd8483c4955b7c24a83449259bd757b22cc
3f528e580c54c3f38ce598ee4b5409c70cc84cf54be4c2a196d6a49baa5e30be
423fb3104bee6c447894ee65db4d1cdd47ee7c13ac293829b20254d3fb770a85
42dc9aece188c290c3303813e9f91c1d596f1267899f3b3357280be43c16ab53
476d10a57259d63e8076eb3beb448edde46bff2cd1eadc5263a28a18b2b9f91d
48a33ab65a39e429f5fe3d6f8bd0b0fbfcd72a1ac98cc7e8e712957e3ae74b9b
49880c9128857dd1dfb0408125209d076b22591095f1ab98e6caa341df5690c5
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e959d9106d846030c0a62de668ec7c5810a3a1282c4f4ca98e1ea0756c75b8e
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
52c5b8c888454bcb11c4df022b15988bce5eb9b7bef1090774c315f9bdf940de
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
5bed3d0bf00537dc6d99cae6d4f516a81f066e22897cec5fa3104728d447b4e1
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5d1f3a4ee5a02abdbc66a11aad769dd81cbe4d07f0b3799ff0940ad7b7d6cc1a
6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f
62a494a9923421175b500cb5eb72092a71b0fa110c494d4ca6c23c89a9036ce7
67aa0ea54160c6fe82fff6a797329287b02d9cc876bb8430dd321c1e3ab03572
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6dd3fa0ac0babf2ccc9285caa721a145c225a7d5207e9a662f32bf6e8b99e56e
7185ef50e258dfd3ebb88b04a602a8758777cdb82825b419a8d90dd975788a22
7195c4763ed26ac25f6be1726145b11ee61f5d27468605eb56a6c0823d101673
7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11
7fd0692105176e88d89fa2983267b497e1589dcb1e9ba6af68e39423980b82f1
89e590d44510a10b9602ebffa228e2d8a2f2aeb1acc462b51cd19df5f5434308
93cd65ce3662c6cffe32a75f5b4ef49159b801036ba9728b9983c052940eddfa
953ad5605189ea38166999307dd0641b5a3c42d4bd1dfd183848143c3fc2252b
968f501d5fed799ec09dc0bf02157cd9168fb9e751bda45f3204830f3c8be7e6
99ae23199891b381ac29a5666425146a7bf4162d9582e218515c014b4a4888fc
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9aaa71404ace6e716e30d2cc588c11651c1b99792a87ebcd33b12a7b3bcf9af3
9b5312cb2f154f2bd64ee8746195a63df254d10bfd107a61eec3d5d38dd48bff
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a97000b74006f16532e2d380cbed2e3dabd80ea9b85625fcb123d96cb9a0369a
b6a25ff6ea2c8c87be58e3086ef6a3369d000aa507db56571097d5ec55ec730f
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
bd492896b5c904babc857075d72f8c0baa033b05e3c64964459cc8034a5713e6
bf5230ffb8745d28c11ae8b743868364f9be8379300bd59d235f402a53ea96ee
c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
ce31b6e4bc78e74f0a700696c55b1095000998dca37264156c7f50d506c21c66
d48fc3c9b3f261e43b66fafa3705f5152d907672488b78ed187805084804c74f
d5bb3460555fcd83c457bf3d6562f6e8a60f3a31776d9e48557968393f39dcd4
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc
d952141495e44bf813d733bcb59707696abcb6205138efffd1962066c2aa8681
d9fca4eb7997f7c7bd329252b09ba2a45e97dea35730d5ec7215cbb7d62ac3ab
dbd934625879ee54a986a2a0d98816c0d8cb4c9f1b87c444489ef3f6d61af985
e2b5d4752ac81478ad36860fbe67b75bad20bbee7a93e835a25283d310c78999
e3726c5b52654e19a53060ab398c21dd8a40dd96093c921303eb1766b5aa03f5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8403779d45a9590b43c0ecf984ebe11e75fd2982630d658390a6001a6768770
ea28b703f3ab84181313f4d8097a25669b2f69904af9b560defb44fc6a2a1ef4
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f495f9fd176d0d5d08af3d393d29429ac91e1c13251ca3b9be953870f335bbaa
f8efdd84aa65da4a166c8c14a56bfa03ddb468ed0468aa7fbbf882d2a2449a56
fb56f0e08adb026eb4e4b28c2fc33b35ce3ddf30a075f9906ec14caff095fa3c
fc8bce6b98f344ceb503d0c7c623ecf395808995efd843d616c3e7ab401a116f
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62