xsmb99.me Open in urlscan Pro
103.9.77.196 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://xsmb99.me/
Effective URL:
https://xsmb99.me/
Submission: On February 11 via manual (February 11th 2021, 3:12:52 am UTC) from VN

Summary HTTP 41 Redirects Behaviour Indicators

Summary

This website contacted 15 IPs in 4 countries across 13 domains to perform 41 HTTP transactions. The main IP is 103.9.77.196, located in Ho Chi Minh City, Viet Nam and belongs to VNPT-AS-VN VNPT Corp, VN. The main domain is xsmb99.me.
TLS certificate: Issued by R3 on January 1st 2021. Valid for: 3 months.

This is the only time xsmb99.me was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 13	103.9.77.196 103.9.77.196	45899 (VNPT-AS-V...) (VNPT-AS-VN VNPT Corp)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:3b	20446 (HIGHWINDS3) (HIGHWINDS3)
3	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:800::2008	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::200e	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
1	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::2001	15169 (GOOGLE) (GOOGLE)
41	15

13 103.9.77.196 (Ho Chi Minh City, Viet Nam) 1 redirects

ASN45899 (VNPT-AS-VN VNPT Corp, VN)

xsmb99.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:3b (Netherlands)

ASN20446 (HIGHWINDS3, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	xsmb99.me 1 redirects xsmb99.me	285 KB
7	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	197 KB
6	doubleclick.net googleads.g.doubleclick.net
4	cloudflare.com cdnjs.cloudflare.com	90 KB
3	gstatic.com fonts.gstatic.com	22 KB
2	google-analytics.com www.google-analytics.com	19 KB
1	googletagservices.com www.googletagservices.com	28 KB
1	google.com adservice.google.com	803 B
1	google.de adservice.google.de	803 B
1	googleadservices.com partner.googleadservices.com	640 B
1	googleapis.com fonts.googleapis.com	650 B
1	googletagmanager.com www.googletagmanager.com	39 KB
1	bootstrapcdn.com stackpath.bootstrapcdn.com	21 KB
41	13

	Domain	Requested by
13	xsmb99.me	1 redirects xsmb99.me
6	googleads.g.doubleclick.net	pagead2.googlesyndication.com
5	pagead2.googlesyndication.com	xsmb99.me pagead2.googlesyndication.com
4	cdnjs.cloudflare.com	xsmb99.me cdnjs.cloudflare.com
3	fonts.gstatic.com	fonts.googleapis.com
2	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
1	www.googletagservices.com	pagead2.googlesyndication.com
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	fonts.googleapis.com	xsmb99.me
1	www.googletagmanager.com	xsmb99.me
1	stackpath.bootstrapcdn.com	xsmb99.me
41	14

This site contains no links.

Subject Issuer	Validity	Valid
xsmb99.me R3	`2021-01-01` - `2021-04-01`	3 months	crt.sh
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA	`2020-09-22` - `2021-10-12`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-10-21` - `2021-10-20`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-01-19` - `2021-04-13`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2021-01-19` - `2021-04-13`	3 months	crt.sh
*.googleadservices.com GTS CA 1O1	`2021-01-19` - `2021-04-13`	3 months	crt.sh
*.google.de GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh

This page contains 8 frames:

Primary Page: https://xsmb99.me/
Frame ID: 19C2C497FA34C531C4280E9044011274
Requests: 35 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210208/r20190131/zrt_lookup.html
Frame ID: 3786457A7915B5ED1936C74270FCE0B5
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-9108464640724915&output=html&adk=1812271804&adf=3025194257&lmt=1613013154&plat=1%3A32776%2C2%3A32776%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fxsmb99.me%2F&ea=0&flash=0&pra=5&wgl=1&dt=1613013154070&bpp=12&bdt=302&idt=118&shv=r20210208&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5234300465321&frm=20&pv=2&ga_vid=672242767.1613013154&ga_sid=1613013154&ga_hid=213139995&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068769%2C21068893%2C21068786&oid=3&pvsid=1849697771537269&pem=661&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=0&uci=a!0&fsb=1&dtd=141
Frame ID: C791E99E137AFC22F93D7E32CA24E191
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-9108464640724915&output=html&h=280&adk=2793536430&adf=662524697&pi=t.aa~a.461124662~rp.4&w=350&fwrn=4&fwrnh=100&lmt=1613013154&rafmt=1&to=qs&pwprc=4678874584&psa=0&format=350x280&url=https%3A%2F%2Fxsmb99.me%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1613013154631&bpp=1&bdt=863&idt=0&shv=r20210208&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc70183bcca8c38ff-22932ebc6cba0074%3AT%3D1613013154%3ART%3D1613013154%3AS%3DALNI_MZ3eDTCkjJ15y5YVHgpmDXGhTeieQ&prev_fmts=0x0%2C730x280%2C730x280&nras=3&correlator=5234300465321&frm=20&pv=1&ga_vid=672242767.1613013154&ga_sid=1613013154&ga_hid=213139995&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=2537&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068769%2C21068893%2C21068786&oid=3&pvsid=1849697771537269&pem=661&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&btvi=3&fsb=1&xpc=8ncPbpsHhf&p=https%3A//xsmb99.me&dtd=27
Frame ID: 37B9DD6E4EEAB0667372701E71747FA4
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=2951970533&pi=t.aa~a.585548709~i.49~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1613013154&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2F&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&adsid=NT&dt=1613013154631&bpp=8&bdt=863&idt=-M&shv=r20210208&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc70183bcca8c38ff-22932ebc6cba0074%3AT%3D1613013154%3ART%3D1613013154%3AS%3DALNI_MZ3eDTCkjJ15y5YVHgpmDXGhTeieQ&prev_fmts=0x0&nras=2&correlator=5234300465321&frm=20&pv=1&ga_vid=672242767.1613013154&ga_sid=1613013154&ga_hid=213139995&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=3953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068769%2C21068893%2C21068786&oid=3&pvsid=1849697771537269&pem=661&rx=0&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=yKolXnp8Dr&p=https%3A//xsmb99.me&dtd=17
Frame ID: 58CD0A536280974102CC7B63CCE524B9
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=4021217820&pi=t.aa~a.585548709~i.51~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1613013154&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2F&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&adsid=NT&dt=1613013154631&bpp=1&bdt=862&idt=-M&shv=r20210208&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc70183bcca8c38ff-22932ebc6cba0074%3AT%3D1613013154%3ART%3D1613013154%3AS%3DALNI_MZ3eDTCkjJ15y5YVHgpmDXGhTeieQ&prev_fmts=0x0%2C730x280&nras=3&correlator=5234300465321&frm=20&pv=1&ga_vid=672242767.1613013154&ga_sid=1613013154&ga_hid=213139995&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=4270&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068769%2C21068893%2C21068786&oid=3&pvsid=1849697771537269&pem=661&rx=0&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=QD9YjKVBAu&p=https%3A//xsmb99.me&dtd=24
Frame ID: 400842080B282F7EE8142AB8557C9A2C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210208/r20190131/zrt_lookup.html?fsb=1
Frame ID: E4CDA3182C75AFFF7CDF249C05ED771D
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
Frame ID: BD7A73BC9471BEEC21C3BEC617A536D0
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://xsmb99.me/ HTTP 301
https://xsmb99.me/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

animate.css (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link [^>]+(?:\/([\d.]+)\/)?animate\.(?:min\.)?css/i

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

script /react.*\.js/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

41
Requests

100 %
HTTPS

86 %
IPv6

13
Domains

14
Subdomains

15
IPs

4
Countries

703 kB
Transfer

1644 kB
Size

11
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://xsmb99.me/ HTTP 301
https://xsmb99.me/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

41 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
xsmb99.me/
Redirect Chain

http://xsmb99.me/
https://xsmb99.me/

79 KB
13 KB

752ms
384ms

Document
text/html

103.9.77.196
VNPT-AS-VN VNPT Corp

General

Check archive.org

Show headers Download Go to

Full URL: https://xsmb99.me/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 103.9.77.196 Ho Chi Minh City, Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software: nginx / PHP/7.3.27 PleskLin
Resource Hash: 41b11839622e8e3b66d890c3f3495d53258f7b0b6958600f200d2499633af09b

Request headers

:method: GET
:authority: xsmb99.me
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

server: nginx
date: Thu, 11 Feb 2021 03:12:33 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.3.27 PleskLin
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6InpnK1g0Tk9PYWsvY3J4VmlHSU01Qnc9PSIsInZhbHVlIjoiaDJ6SEoySUd3Q2t0SXFXRG0yMlhQTFY2UkVQemh3UFJtb0RpZDc1bXhuaWxEbWVycGlNVnBQcHpGTHQ5WmtYbCIsIm1hYyI6IjMzMjYzOWQzMzZmYjljZmFjMGVhYmYxNzgzOGYzNzQxMTQ2NTEyZWE0MTFlOTg3ZmI4ZGNhODU4N2E2MTQ1ZmYifQ%3D%3D; expires=Thu, 11-Feb-2021 05:12:33 GMT; Max-Age=7200; path=/ xsmb99me_session=eyJpdiI6ImpJb2tUcjM2ekRCZ0VaNHBFOENRVmc9PSIsInZhbHVlIjoiZENpZXEzWWs4cnRlWFp6QW1Zc2czNFV4QzRwbkZPZVZtSlhkUHFvYnZld1RCSXFkbzNLVk5hSFJKbFJTWlRTLyIsIm1hYyI6IjllNjJkNDE0Y2RhNzhiMjNhM2Q3ODVkNTg1ODI2MGI1YmRlNDgxOTc1Nzk4MjMyYTQ2YjM4MjQxN2NhZjZkNTQifQ%3D%3D; expires=Thu, 11-Feb-2021 05:12:33 GMT; Max-Age=7200; path=/; httponly
content-encoding: gzip

Redirect headers

Server: nginx
Date: Thu, 11 Feb 2021 03:12:32 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://xsmb99.me/

GET
H2 200 bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/ 138 KB
21 KB 27ms
8ms Stylesheet
text/css 2001:4de0:ac19::1:b:3b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css

Requested by

Host: xsmb99.me
URL: https://xsmb99.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4de0:ac19::1:b:3b , Netherlands, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

Resource Hash

7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://xsmb99.me
Referer: https://xsmb99.me/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 03:12:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 12 Dec 2018 18:34:11 GMT
etag: "1544639651"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 21050

GET
H2 200 font-awesome.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 37 KB
6 KB 25ms
23ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css

Requested by

Host: xsmb99.me
URL: https://xsmb99.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://xsmb99.me/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 03:12:33 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 2675791
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5884
cf-request-id: 0830ac8ff70000fa3030286000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-9226"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Qq4j7XOz5wYy2B6Nt98T2nyjSVS4wNuTJpLvjTN9AV8gmEg10C92dnFCbOw3CuwBiZRAMELZsB2Jl%2BVdB7cyYz3RepD7%2Bp81I16FCiiHEKk0lCjhVKeGaSjEDLIy8%2FO1Ag%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 61fae3932e5afa30-AMS
expires: Tue, 01 Feb 2022 03:12:33 GMT

GET
H2 200 animate.compat.min.css
cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.0/ 69 KB
5 KB 21ms
19ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.0/animate.compat.min.css

Requested by

Host: xsmb99.me
URL: https://xsmb99.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

423fb3104bee6c447894ee65db4d1cdd47ee7c13ac293829b20254d3fb770a85

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://xsmb99.me/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 03:12:33 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 1832482
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4248
cf-request-id: 0830ac8ff70000fa30e60a9000000001
timing-allow-origin: *
last-modified: Mon, 11 May 2020 12:18:44 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb942a4-113d4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=HmpeZ9qg3aDW6sf7koXsDyzfaRJMjBf4q4ws%2BFDB9tOj1vRxIkzEBexibujCF2rO%2BQQvW03M2lmlQPOuk%2FtXE5ckQ%2FQ6PwcQXCdoLsN0qKhUdWvxbiiJQvEWezzskrbvBA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 61fae3932e5bfa30-AMS
expires: Tue, 01 Feb 2022 03:12:33 GMT

GET
H2 200 animate.min.css
cdnjs.cloudflare.com/ajax/libs/animate.css/3.7.2/ 57 KB
4 KB 20ms
18ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/animate.css/3.7.2/animate.min.css

Requested by

Host: xsmb99.me
URL: https://xsmb99.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c770e90f98eb21b0c042fafb49755af93306fbaf42e449524f94fae9fc83295

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://xsmb99.me/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 03:12:33 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 623033
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3511
cf-request-id: 0830ac8ff70000fa3028b88000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:04:58 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03d2a-e311"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=4O2xZzY04sCkhrztoeKe7oi7O7rfNKN1LwXzWjNI2TZF9eRdhn5OarbtjF7pnmwORgtrNhfQax7KNUn%2BlSoiuKGWXMGbheSmmAVzmP3GmRhdQfLUGisHZnBMKEOfWO6KHw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 61fae3932e5cfa30-AMS
expires: Tue, 01 Feb 2022 03:12:33 GMT

GET
H2 200 main.css
xsmb99.me/user/css/ 52 KB
10 KB 187ms
186ms Stylesheet
text/css 103.9.77.196
VNPT-AS-VN VNPT Corp

General

Check archive.org

Show headers Download Go to

Full URL: https://xsmb99.me/user/css/main.css?v=36
Requested by: Host: xsmb99.me
URL: https://xsmb99.me/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 103.9.77.196 Ho Chi Minh City, Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 67aa0ea54160c6fe82fff6a797329287b02d9cc876bb8430dd321c1e3ab03572

Request headers

Referer: https://xsmb99.me/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 03:12:33 GMT
content-encoding: gzip
last-modified: Sat, 07 Nov 2020 14:09:44 GMT
server: nginx
x-powered-by: PleskLin
etag: W/"5fa6aaa8-ce6e"
vary: Accept-Encoding
content-type: text/css

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 97 KB
39 KB 32ms
32ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-150732184-1

Requested by

Host: xsmb99.me
URL: https://xsmb99.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c5cdbe4c7fdab13310b17da86ac6d46da68fce4d6bd12d788cfde892b6d36853

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://xsmb99.me/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 03:12:33 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39322
x-xss-protection: 0
expires: Thu, 11 Feb 2021 03:12:33 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 134 KB
48 KB 55ms
35ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: xsmb99.me
URL: https://xsmb99.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ce4bfeac909ea87a0078b24769b100b6e1801d9f6cd1d6671e539cf931e85a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xsmb99.me/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 03:12:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 47961
x-xss-protection: 0
server: cafe
etag: 12275503723171052583
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 11 Feb 2021 03:12:33 GMT

GET
H2 200 du-doan-mien-bac.jpg
xsmb99.me/user/images/ 23 KB
24 KB 224ms
224ms Image
image/jpeg 103.9.77.196
VNPT-AS-VN VNPT Corp

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xsmb99.me/user/images/du-doan-mien-bac.jpg
Requested by: Host: xsmb99.me
URL: https://xsmb99.me/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 103.9.77.196 Ho Chi Minh City, Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 057d84a94b4b110faddc611c95a8bd44af3b3f4ce131250a1634c20cb3fca53d

Request headers

Referer: https://xsmb99.me/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 03:12:34 GMT
last-modified: Thu, 25 Jun 2020 01:59:11 GMT
server: nginx
x-powered-by: PleskLin
etag: "5ef404ef-5d6c"
content-type: image/jpeg
accept-ranges: bytes
content-length: 23916

GET
H2 200 du-doan-mien-trung.jpg
xsmb99.me/user/images/ 16 KB
16 KB 352ms
351ms Image
image/jpeg 103.9.77.196
VNPT-AS-VN VNPT Corp

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xsmb99.me/user/images/du-doan-mien-trung.jpg
Requested by: Host: xsmb99.me
URL: https://xsmb99.me/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 103.9.77.196 Ho Chi Minh City, Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 2360f1c5ffe67a2c07953ca34424848978014440f2f41157dca411f96865bdf9

Request headers

Referer: https://xsmb99.me/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 03:12:34 GMT
last-modified: Thu, 25 Jun 2020 01:59:11 GMT
server: nginx
x-powered-by: PleskLin
etag: "5ef404ef-40a6"
content-type: image/jpeg
accept-ranges: bytes
content-length: 16550

GET
H2 200 du-doan-mien-nam.jpg
xsmb99.me/user/images/ 19 KB
19 KB 503ms
501ms Image
image/jpeg 103.9.77.196
VNPT-AS-VN VNPT Corp

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xsmb99.me/user/images/du-doan-mien-nam.jpg
Requested by: Host: xsmb99.me
URL: https://xsmb99.me/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 103.9.77.196 Ho Chi Minh City, Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 49880c9128857dd1dfb0408125209d076b22591095f1ab98e6caa341df5690c5

Request headers

Referer: https://xsmb99.me/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 03:12:34 GMT
last-modified: Thu, 25 Jun 2020 01:59:11 GMT
server: nginx
x-powered-by: PleskLin
etag: "5ef404ef-4a44"
content-type: image/jpeg
accept-ranges: bytes
content-length: 19012

GET
H2 200 jquery-3.5.1.min.js Show response
xsmb99.me/components/ 87 KB
35 KB 512ms
510ms Script
application/javascript 103.9.77.196
VNPT-AS-VN VNPT Corp

General

Check archive.org

Show headers Download Go to

Full URL: https://xsmb99.me/components/jquery-3.5.1.min.js
Requested by: Host: xsmb99.me
URL: https://xsmb99.me/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 103.9.77.196 Ho Chi Minh City, Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f

Request headers

Referer: https://xsmb99.me/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 03:12:34 GMT
content-encoding: gzip
last-modified: Sat, 11 Jul 2020 15:08:51 GMT
server: nginx
x-powered-by: PleskLin
etag: W/"5f09d603-15d83"
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 popper-1.16.min.js Show response
xsmb99.me/components/ 21 KB
8 KB 512ms
511ms Script
application/javascript 103.9.77.196
VNPT-AS-VN VNPT Corp

General

Check archive.org

Show headers Download Go to

Full URL: https://xsmb99.me/components/popper-1.16.min.js
Requested by: Host: xsmb99.me
URL: https://xsmb99.me/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 103.9.77.196 Ho Chi Minh City, Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: d9fca4eb7997f7c7bd329252b09ba2a45e97dea35730d5ec7215cbb7d62ac3ab

Request headers

Referer: https://xsmb99.me/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 03:12:34 GMT
content-encoding: gzip
last-modified: Sat, 11 Jul 2020 15:08:51 GMT
server: nginx
x-powered-by: PleskLin
etag: W/"5f09d603-52f0"
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 bootstrap.min.js Show response
xsmb99.me/components/bootstrap-4.1.3/js/ 50 KB
17 KB 512ms
511ms Script
application/javascript 103.9.77.196
VNPT-AS-VN VNPT Corp

General

Check archive.org

Show headers Download Go to

Full URL: https://xsmb99.me/components/bootstrap-4.1.3/js/bootstrap.min.js
Requested by: Host: xsmb99.me
URL: https://xsmb99.me/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 103.9.77.196 Ho Chi Minh City, Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

Request headers

Referer: https://xsmb99.me/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 03:12:34 GMT
content-encoding: gzip
last-modified: Sat, 11 Jul 2020 15:08:51 GMT
server: nginx
x-powered-by: PleskLin
etag: W/"5f09d603-c75f"
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 bootstrap-notify.min.js Show response
xsmb99.me/components/bootstrap-notify/ 9 KB
3 KB 512ms
511ms Script
application/javascript 103.9.77.196
VNPT-AS-VN VNPT Corp

General

Check archive.org

Show headers Download Go to

Full URL: https://xsmb99.me/components/bootstrap-notify/bootstrap-notify.min.js
Requested by: Host: xsmb99.me
URL: https://xsmb99.me/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 103.9.77.196 Ho Chi Minh City, Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 2e53746b427784c9032ced6685c330cbe18831b21157b92f287c78a02c4da312

Request headers

Referer: https://xsmb99.me/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 03:12:34 GMT
content-encoding: gzip
last-modified: Sun, 22 Mar 2020 13:05:12 GMT
server: nginx
x-powered-by: PleskLin
etag: W/"5e776288-2310"
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 main.js Show response
xsmb99.me/user/js/ 9 KB
3 KB 512ms
511ms Script
application/javascript 103.9.77.196
VNPT-AS-VN VNPT Corp

General

Check archive.org

Show headers Download Go to

Full URL: https://xsmb99.me/user/js/main.js?v=36
Requested by: Host: xsmb99.me
URL: https://xsmb99.me/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 103.9.77.196 Ho Chi Minh City, Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: dbd934625879ee54a986a2a0d98816c0d8cb4c9f1b87c444489ef3f6d61af985

Request headers

Referer: https://xsmb99.me/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 03:12:34 GMT
content-encoding: gzip
last-modified: Mon, 07 Sep 2020 08:46:29 GMT
server: nginx
x-powered-by: PleskLin
etag: W/"5f55f365-25a1"
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 css
fonts.googleapis.com/ 2 KB
650 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto&display=swap

Requested by

Host: xsmb99.me
URL: https://xsmb99.me/user/css/main.css?v=36

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a430a3f10ce490ee3be6f3159a368b22de00eb7089b4f7980e7de5bf943ad1d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://xsmb99.me/user/css/main.css?v=36
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 11 Feb 2021 02:16:45 GMT
server: ESF
date: Thu, 11 Feb 2021 03:12:33 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 11 Feb 2021 03:12:33 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-150732184-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://xsmb99.me/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 6446
date: Thu, 11 Feb 2021 01:25:07 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Thu, 11 Feb 2021 03:25:07 GMT

GET
H2 200 100conso.png
xsmb99.me/user/images/ 22 KB
22 KB 502ms
501ms Image
image/png 103.9.77.196
VNPT-AS-VN VNPT Corp

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xsmb99.me/user/images/100conso.png
Requested by: Host: xsmb99.me
URL: https://xsmb99.me/user/css/main.css?v=36
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 103.9.77.196 Ho Chi Minh City, Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 3f3cc6491387e3c1eb7ada793afddcd8483c4955b7c24a83449259bd757b22cc

Request headers

Referer: https://xsmb99.me/user/css/main.css?v=36
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 03:12:34 GMT
last-modified: Thu, 25 Jun 2020 01:59:11 GMT
server: nginx
x-powered-by: PleskLin
etag: "5ef404ef-58cc"
content-type: image/png
accept-ranges: bytes
content-length: 22732

GET
H2 200 marker_felt_thin.ttf
xsmb99.me/user/fonts/ 114 KB
114 KB 500ms
499ms Font
application/font-sfnt 103.9.77.196
VNPT-AS-VN VNPT Corp

General

Check archive.org

Show headers Download Go to

Full URL: https://xsmb99.me/user/fonts/marker_felt_thin.ttf
Requested by: Host: xsmb99.me
URL: https://xsmb99.me/user/css/main.css?v=36
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 103.9.77.196 Ho Chi Minh City, Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 52c5b8c888454bcb11c4df022b15988bce5eb9b7bef1090774c315f9bdf940de

Request headers

Origin: https://xsmb99.me
Referer: https://xsmb99.me/user/css/main.css?v=36
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 03:12:34 GMT
last-modified: Wed, 17 Jun 2020 02:29:44 GMT
server: nginx
x-powered-by: PleskLin
etag: "5ee98018-1c75c"
content-type: application/font-sfnt
accept-ranges: bytes
content-length: 116572

GET
H2 200 fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ 75 KB
76 KB 19ms
18ms Font
application/octet-stream 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Origin: https://xsmb99.me
Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 03:12:34 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 2579098
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 77160
cf-request-id: 0830ac90db00000b6773be9000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-12d68"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2BaGKg439V7tEgEbw1sfbkUQzrbkCa3U4fIe0zXpgKWUVm94mUXT93dNx5ICnd90TZC03DUTnUij%2F8xhZpnktWnp9nfz%2F9c8vSOuCzZRQzN3KMto0FqzG3o1K4Qik72iu8w%3D%3D"}],"max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 61fae39499af0b67-AMS
expires: Tue, 01 Feb 2022 03:12:34 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://xsmb99.me
Referer: https://fonts.googleapis.com/css?family=Roboto&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 09 Feb 2021 05:54:34 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 163080
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11016
x-xss-protection: 0
expires: Wed, 09 Feb 2022 05:54:34 GMT

GET
H3-Q050 200 KFOmCnqEu92Fr1Mu7GxKKTU1Kvnz.woff2
fonts.gstatic.com/s/roboto/v20/ 8 KB
8 KB 27ms
13ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu7GxKKTU1Kvnz.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto&display=swap

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f36d71c69bcec4ce625d2923d36a4b1f64bbc2e5691c99cf8a4f3b0f79d1edb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://xsmb99.me
Referer: https://fonts.googleapis.com/css?family=Roboto&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 10 Feb 2021 15:39:49 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:46 GMT
server: sffe
age: 41565
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8024
x-xss-protection: 0
expires: Thu, 10 Feb 2022 15:39:49 GMT

GET
H3-Q050 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210208/r20190131/ 226 KB
86 KB 77ms
61ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210208/r20190131/show_ads_impl_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

094eb70f761bc25fd6594b69e51efffc9b5430cfaad125f2e82bfd4009895f43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xsmb99.me/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 03:12:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 86814
x-xss-protection: 0
server: cafe
etag: 8889400180175641948
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 11 Feb 2021 03:12:34 GMT

GET
H2 200 zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20210208/r20190131/ Frame 3786 0
0 8ms
8ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210208/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210208/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://xsmb99.me/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://xsmb99.me/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 10 Feb 2021 04:07:16 GMT
expires: Wed, 24 Feb 2021 04:07:16 GMT
content-type: text/html; charset=UTF-8
etag: 6440208225989294717
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4777
x-xss-protection: 0
age: 83118
cache-control: public, max-age=1209600
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 KFOmCnqEu92Fr1Mu7WxKKTU1Kvnz.woff2
fonts.gstatic.com/s/roboto/v20/ 3 KB
3 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu7WxKKTU1Kvnz.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto&display=swap

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6742ec1271dff587e859a90ce7e4bee26cfd60625f5bb95325650c6b04afda8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://xsmb99.me
Referer: https://fonts.googleapis.com/css?family=Roboto&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Feb 2021 09:20:00 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:45 GMT
server: sffe
age: 582754
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3384
x-xss-protection: 0
expires: Fri, 04 Feb 2022 09:20:00 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 1 B
63 B 13ms
13ms XHR
text/plain 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=213139995&t=pageview&_s=1&dl=https%3A%2F%2Fxsmb99.me%2F&ul=en-us&de=UTF-8&dt=X%E1%BB%95%20s%E1%BB%91%20%E2%80%93%20K%E1%BA%BFt%20qu%E1%BA%A3%20x%E1%BB%95%20s%E1%BB%91%20h%C3%B4m%20nay%20%E2%80%93%20X%E1%BB%95%20s%E1%BB%91%20h%C3%B4m%20nay%20%7C%20xsmb99.me&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUABAAAAAC~&jid=263536197&gjid=1682834894&cid=672242767.1613013154&tid=UA-150732184-1&_gid=702307591.1613013154&_r=1&gtm=2ou230&tc=x&z=697411768

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://xsmb99.me/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 11 Feb 2021 03:12:34 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://xsmb99.me
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 199 B
640 B 67ms
44ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=xsmb99.me&callback=_gfp_s_&client=ca-pub-9108464640724915

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210208/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

535faf08b8720a54d9922384734cac0a5077732dabd1d2cb6530601d449be2b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xsmb99.me/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 03:12:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 192
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
803 B 48ms
27ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=xsmb99.me

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210208/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xsmb99.me/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 11 Feb 2021 03:12:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
803 B 48ms
28ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=xsmb99.me

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210208/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xsmb99.me/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 11 Feb 2021 03:12:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame C791 0
0 348ms
348ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-9108464640724915&output=html&adk=1812271804&adf=3025194257&lmt=1613013154&plat=1%3A32776%2C2%3A32776%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fxsmb99.me%2F&ea=0&flash=0&pra=5&wgl=1&dt=1613013154070&bpp=12&bdt=302&idt=118&shv=r20210208&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5234300465321&frm=20&pv=2&ga_vid=672242767.1613013154&ga_sid=1613013154&ga_hid=213139995&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068769%2C21068893%2C21068786&oid=3&pvsid=1849697771537269&pem=661&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=0&uci=a!0&fsb=1&dtd=141

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210208/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-9108464640724915&output=html&adk=1812271804&adf=3025194257&lmt=1613013154&plat=1%3A32776%2C2%3A32776%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fxsmb99.me%2F&ea=0&flash=0&pra=5&wgl=1&dt=1613013154070&bpp=12&bdt=302&idt=118&shv=r20210208&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5234300465321&frm=20&pv=2&ga_vid=672242767.1613013154&ga_sid=1613013154&ga_hid=213139995&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068769%2C21068893%2C21068786&oid=3&pvsid=1849697771537269&pem=661&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=0&uci=a!0&fsb=1&dtd=141
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://xsmb99.me/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://xsmb99.me/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 11 Feb 2021 03:12:34 GMT
server: cafe
content-length: 44668
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 11-Feb-2021 03:27:34 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Thu, 11 Feb 2021 03:12:34 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 74 KB
28 KB 47ms
45ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210208/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80a1ae567d396855243284e674876bb0d856f0e7a18d3c0142f0828513716dfe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xsmb99.me/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 03:12:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1612960672666234"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 28344
x-xss-protection: 0
expires: Thu, 11 Feb 2021 03:12:34 GMT

GET
H3-Q050 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210208/r20190131/ 141 KB
51 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210208/r20190131/reactive_library_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210208/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3fcd3dd3a7638080dc4eccb4dc2547fc70f1213029b2727495bc45067a42586f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xsmb99.me/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 03:12:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 52019
x-xss-protection: 0
server: cafe
etag: 18388692917184113558
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 11 Feb 2021 03:12:34 GMT

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame 37B9 0
0 274ms
274ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-9108464640724915&output=html&h=280&adk=2793536430&adf=662524697&pi=t.aa~a.461124662~rp.4&w=350&fwrn=4&fwrnh=100&lmt=1613013154&rafmt=1&to=qs&pwprc=4678874584&psa=0&format=350x280&url=https%3A%2F%2Fxsmb99.me%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1613013154631&bpp=1&bdt=863&idt=0&shv=r20210208&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc70183bcca8c38ff-22932ebc6cba0074%3AT%3D1613013154%3ART%3D1613013154%3AS%3DALNI_MZ3eDTCkjJ15y5YVHgpmDXGhTeieQ&prev_fmts=0x0%2C730x280%2C730x280&nras=3&correlator=5234300465321&frm=20&pv=1&ga_vid=672242767.1613013154&ga_sid=1613013154&ga_hid=213139995&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=2537&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068769%2C21068893%2C21068786&oid=3&pvsid=1849697771537269&pem=661&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&btvi=3&fsb=1&xpc=8ncPbpsHhf&p=https%3A//xsmb99.me&dtd=27

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210208/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-9108464640724915&output=html&h=280&adk=2793536430&adf=662524697&pi=t.aa~a.461124662~rp.4&w=350&fwrn=4&fwrnh=100&lmt=1613013154&rafmt=1&to=qs&pwprc=4678874584&psa=0&format=350x280&url=https%3A%2F%2Fxsmb99.me%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1613013154631&bpp=1&bdt=863&idt=0&shv=r20210208&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc70183bcca8c38ff-22932ebc6cba0074%3AT%3D1613013154%3ART%3D1613013154%3AS%3DALNI_MZ3eDTCkjJ15y5YVHgpmDXGhTeieQ&prev_fmts=0x0%2C730x280%2C730x280&nras=3&correlator=5234300465321&frm=20&pv=1&ga_vid=672242767.1613013154&ga_sid=1613013154&ga_hid=213139995&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=2537&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068769%2C21068893%2C21068786&oid=3&pvsid=1849697771537269&pem=661&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&btvi=3&fsb=1&xpc=8ncPbpsHhf&p=https%3A//xsmb99.me&dtd=27
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://xsmb99.me/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://xsmb99.me/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 11 Feb 2021 03:12:34 GMT
server: cafe
content-length: 6115
x-xss-protection: 0
set-cookie: IDE=AHWqTUlB44pEoUCg6rCsnkNM3HPcOWvWRQXC5XTtX1rFZpijFPyv2sKtBv59tfgVbyk; expires=Tue, 08-Mar-2022 03:12:34 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Thu, 11 Feb 2021 03:12:34 GMT
cache-control: private

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame 58CD 0
0 508ms
507ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=2951970533&pi=t.aa~a.585548709~i.49~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1613013154&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2F&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&adsid=NT&dt=1613013154631&bpp=8&bdt=863&idt=-M&shv=r20210208&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc70183bcca8c38ff-22932ebc6cba0074%3AT%3D1613013154%3ART%3D1613013154%3AS%3DALNI_MZ3eDTCkjJ15y5YVHgpmDXGhTeieQ&prev_fmts=0x0&nras=2&correlator=5234300465321&frm=20&pv=1&ga_vid=672242767.1613013154&ga_sid=1613013154&ga_hid=213139995&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=3953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068769%2C21068893%2C21068786&oid=3&pvsid=1849697771537269&pem=661&rx=0&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=yKolXnp8Dr&p=https%3A//xsmb99.me&dtd=17

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210208/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8547201108073527084/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8547201108073527084/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPbs6qDu4O4CFWBkFQgdnw4EWQ&gqi=oqAkYKTMKrWA1fAP09G90A8&layout=/sadbundle/%24csp%253Der3%24/8547201108073527084/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=2951970533&pi=t.aa~a.585548709~i.49~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1613013154&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2F&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&adsid=NT&dt=1613013154631&bpp=8&bdt=863&idt=-M&shv=r20210208&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc70183bcca8c38ff-22932ebc6cba0074%3AT%3D1613013154%3ART%3D1613013154%3AS%3DALNI_MZ3eDTCkjJ15y5YVHgpmDXGhTeieQ&prev_fmts=0x0&nras=2&correlator=5234300465321&frm=20&pv=1&ga_vid=672242767.1613013154&ga_sid=1613013154&ga_hid=213139995&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=3953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068769%2C21068893%2C21068786&oid=3&pvsid=1849697771537269&pem=661&rx=0&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=yKolXnp8Dr&p=https%3A//xsmb99.me&dtd=17
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://xsmb99.me/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://xsmb99.me/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8547201108073527084/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8547201108073527084/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPbs6qDu4O4CFWBkFQgdnw4EWQ&gqi=oqAkYKTMKrWA1fAP09G90A8&layout=/sadbundle/%24csp%253Der3%24/8547201108073527084/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 11 Feb 2021 03:12:35 GMT
server: cafe
content-length: 36926
x-xss-protection: 0
set-cookie: IDE=AHWqTUkJ-w1JEU-mRDfu1de25ulZRZUp-b6-tXH6bYkdXPWohARke11M10eHgpzGPDo; expires=Tue, 08-Mar-2022 03:12:34 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Thu, 11 Feb 2021 03:12:35 GMT
cache-control: private

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame 4008 0
0 534ms
534ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=4021217820&pi=t.aa~a.585548709~i.51~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1613013154&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2F&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&adsid=NT&dt=1613013154631&bpp=1&bdt=862&idt=-M&shv=r20210208&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc70183bcca8c38ff-22932ebc6cba0074%3AT%3D1613013154%3ART%3D1613013154%3AS%3DALNI_MZ3eDTCkjJ15y5YVHgpmDXGhTeieQ&prev_fmts=0x0%2C730x280&nras=3&correlator=5234300465321&frm=20&pv=1&ga_vid=672242767.1613013154&ga_sid=1613013154&ga_hid=213139995&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=4270&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068769%2C21068893%2C21068786&oid=3&pvsid=1849697771537269&pem=661&rx=0&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=QD9YjKVBAu&p=https%3A//xsmb99.me&dtd=24

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210208/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=4021217820&pi=t.aa~a.585548709~i.51~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1613013154&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2F&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&adsid=NT&dt=1613013154631&bpp=1&bdt=862&idt=-M&shv=r20210208&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc70183bcca8c38ff-22932ebc6cba0074%3AT%3D1613013154%3ART%3D1613013154%3AS%3DALNI_MZ3eDTCkjJ15y5YVHgpmDXGhTeieQ&prev_fmts=0x0%2C730x280&nras=3&correlator=5234300465321&frm=20&pv=1&ga_vid=672242767.1613013154&ga_sid=1613013154&ga_hid=213139995&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=4270&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068769%2C21068893%2C21068786&oid=3&pvsid=1849697771537269&pem=661&rx=0&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=QD9YjKVBAu&p=https%3A//xsmb99.me&dtd=24
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://xsmb99.me/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://xsmb99.me/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 11 Feb 2021 03:12:35 GMT
server: cafe
content-length: 27214
x-xss-protection: 0
set-cookie: IDE=AHWqTUmHazUJJyw-DtggazVFYFpO_OH0aXlSXJXIqxvArQ1w5sJeyGpder6b8oXCk24; expires=Tue, 08-Mar-2022 03:12:34 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Thu, 11 Feb 2021 03:12:35 GMT
cache-control: private

GET
H3-Q050 200 zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20210208/r20190131/ Frame E4CD 0
0 6ms
6ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210208/r20190131/zrt_lookup.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210208/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210208/r20190131/zrt_lookup.html?fsb=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://xsmb99.me/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://xsmb99.me/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 10 Feb 2021 06:05:33 GMT
expires: Wed, 24 Feb 2021 06:05:33 GMT
content-type: text/html; charset=UTF-8
etag: 6440208225989294717
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4777
x-xss-protection: 0
age: 76021
cache-control: public, max-age=1209600
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
6 KB 32ms
32ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210208&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210208/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e006ce874b4386820df30224dad717b7eabb39bb57aafd082c007a6485321f23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xsmb99.me/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 11 Feb 2021 03:12:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6498
x-xss-protection: 0

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210208/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xsmb99.me/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 03:12:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1611170586013198"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6403
x-xss-protection: 0
expires: Thu, 11 Feb 2021 03:12:35 GMT

GET
H3-Q050 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/221/ Frame BD7A 0
0 7ms
6ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/221/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://xsmb99.me/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://xsmb99.me/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4984
date: Thu, 11 Feb 2021 01:28:27 GMT
expires: Fri, 11 Feb 2022 01:28:27 GMT
last-modified: Tue, 08 Dec 2020 21:41:15 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 6248
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
54 B 41ms
41ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=221&t=2&li=gda_r20210208&jk=1849697771537269&bg=!p6SlpOfNAAWP4B5EjzsAKQB2-Dxa4731JCQoT5TwDpViv-zvpXEqOGOdXTi22E0KK9GUvyvWn9T8AgAAAFhSAAAAE2gBBwoAQ3lFKkQ1ffVooeWbjHwhc8gu3DSKVo4z7yjaUtrsa8RL6lQtHs_vfJzIYHZp9xdXzUYYObz5Hk-Hwl76d_kt83SLQMOZAc-GduStO4s5gA52asLa59muBcJDThxtAfIDxNigs17gtv41QCFj_LzWFR4Yjp5GelP2SUj5csrq0dqN9mfM8u9jqPXYSC03yIzyvV5ji79FjwfDZrt1UdkjAabKoTTNlzRdU7Ul7CuhjfNFhDwTdu-rSqOLLodgheAjlRF_1S7sGd9k9iKoMdMkrdEnLMF8bqJviWVtqI7PkeHQ-OfiXaUbaSxcKCbm-8pC7B9ApyKfwJxzctCmuGiYRvWU9nTBgsPDJNX-dlq49FkyjUbSdA6crE9jqqa9ENNtLlIf5j4fHFl20eOHKgD5QLvesDvRCQDnxkSRxd4DYTXKjNgUeVnrW6TBSCF3tblTI3rlJhkJFwCvvwvGQSjLxg93LcyQPRP_rT4kMw2WOMtH4QTDWbO2GqPPkvj966BIkl2SMugh_T-iEGBKCbM6a8X7nMxWUc7qAz0J3RAZzRbQcFBTRzGpt80IzaJ21e88c8KQ9dzNoxXLYfuGeNl62hHPQW1Ucx-JiITSvrWqqBNk7ia1ZyajU5FURVQXJ6f4ztbGfXgaTnMHRYjjhpGQWe_NtabaGkF9GvapYnonxE21hLF5zHFGqg340yW71joQ7LIrQ_6G

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xsmb99.me/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 11 Feb 2021 03:12:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/gif

Verdicts & Comments Add Verdict or Comment

69 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.redintelligence.net/	1970-01-19 18:13:09	Name: 8lcfmzhxc8d6_uid Value: d7790e9f6fe000c2
.doubleclick.net/	1970-01-19 16:03:36	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-20 01:25:09	Name: IDE Value: AHWqTUmHazUJJyw-DtggazVFYFpO_OH0aXlSXJXIqxvArQ1w5sJeyGpder6b8oXCk24
.xsmb99.me/	1970-01-20 01:25:09	Name: __gads Value: ID=c70183bcca8c38ff-22932ebc6cba0074:T=1613013154:RT=1613013154:S=ALNI_MZ3eDTCkjJ15y5YVHgpmDXGhTeieQ
.xsmb99.me/	1969-12-31 23:59:59	Name: gadsTest Value: test
.xsmb99.me/	1970-01-19 16:04:59	Name: _gid Value: GA1.2.702307591.1613013154
.xsmb99.me/	1970-01-20 09:34:45	Name: _ga Value: GA1.2.672242767.1613013154
.xsmb99.me/	1970-01-19 16:03:33	Name: _gat_gtag_UA_150732184_1 Value: 1
xsmb99.me/	1970-01-19 16:03:40	Name: xsmb99me_session Value: eyJpdiI6ImpJb2tUcjM2ekRCZ0VaNHBFOENRVmc9PSIsInZhbHVlIjoiZENpZXEzWWs4cnRlWFp6QW1Zc2czNFV4QzRwbkZPZVZtSlhkUHFvYnZld1RCSXFkbzNLVk5hSFJKbFJTWlRTLyIsIm1hYyI6IjllNjJkNDE0Y2RhNzhiMjNhM2Q3ODVkNTg1ODI2MGI1YmRlNDgxOTc1Nzk4MjMyYTQ2YjM4MjQxN2NhZjZkNTQifQ%3D%3D
www.yello.de/	1970-01-20 00:49:09	Name: yace Value: W3siaWQiOiJjb21tdWljYXRpb25BZHMiLCJjIjoidiIsIm1jIjpudWxsLCJwIjp7InZwIjoiY29tbWFkcyIsIlVudGVyVmVydHJpZWJzcGFydG5lckNvZGUiOiIxMjM1OSIsInNpZCI6IjEyMzU5VjE5ODMyMTI2TVMxMDkwODEwMDAxMzY3OTgwMDk1MTQwNzAxMTUwMjAwMSJ9LCJ0IjoiMjAyMS0wMi0xMVQwMzoxMjozNS41MTM3MzcxKzAwOjAwIiwidG8iOiIyMDIxLTAyLTE0VDAzOjEyOjM1LjUxMzczODgrMDA6MDAifV0%3D
xsmb99.me/	1970-01-19 16:03:40	Name: XSRF-TOKEN Value: eyJpdiI6InpnK1g0Tk9PYWsvY3J4VmlHSU01Qnc9PSIsInZhbHVlIjoiaDJ6SEoySUd3Q2t0SXFXRG0yMlhQTFY2UkVQemh3UFJtb0RpZDc1bXhuaWxEbWVycGlNVnBQcHpGTHQ5WmtYbCIsIm1hYyI6IjMzMjYzOWQzMzZmYjljZmFjMGVhYmYxNzgzOGYzNzQxMTQ2NTEyZWE0MTFlOTg3ZmI4ZGNhODU4N2E2MTQ1ZmYifQ%3D%3D

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
pagead2.googlesyndication.com
partner.googleadservices.com
stackpath.bootstrapcdn.com
tpc.googlesyndication.com
www.google-analytics.com
www.googletagmanager.com
www.googletagservices.com
xsmb99.me
103.9.77.196
142.250.186.98
2001:4de0:ac19::1:b:3b
2606:4700::6810:125e
2606:4700::6810:135e
2a00:1450:4001:800::2008
2a00:1450:4001:801::200e
2a00:1450:4001:80f::2001
2a00:1450:4001:80f::200a
2a00:1450:4001:812::200e
2a00:1450:4001:827::2002
2a00:1450:4001:828::2002
2a00:1450:4001:828::2003
2a00:1450:4001:829::2003
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
057d84a94b4b110faddc611c95a8bd44af3b3f4ce131250a1634c20cb3fca53d
094eb70f761bc25fd6594b69e51efffc9b5430cfaad125f2e82bfd4009895f43
0ce4bfeac909ea87a0078b24769b100b6e1801d9f6cd1d6671e539cf931e85a5
2360f1c5ffe67a2c07953ca34424848978014440f2f41157dca411f96865bdf9
2e53746b427784c9032ced6685c330cbe18831b21157b92f287c78a02c4da312
36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c
3c770e90f98eb21b0c042fafb49755af93306fbaf42e449524f94fae9fc83295
3f3cc6491387e3c1eb7ada793afddcd8483c4955b7c24a83449259bd757b22cc
3fcd3dd3a7638080dc4eccb4dc2547fc70f1213029b2727495bc45067a42586f
41b11839622e8e3b66d890c3f3495d53258f7b0b6958600f200d2499633af09b
423fb3104bee6c447894ee65db4d1cdd47ee7c13ac293829b20254d3fb770a85
49880c9128857dd1dfb0408125209d076b22591095f1ab98e6caa341df5690c5
52c5b8c888454bcb11c4df022b15988bce5eb9b7bef1090774c315f9bdf940de
535faf08b8720a54d9922384734cac0a5077732dabd1d2cb6530601d449be2b5
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f
6742ec1271dff587e859a90ce7e4bee26cfd60625f5bb95325650c6b04afda8d
67aa0ea54160c6fe82fff6a797329287b02d9cc876bb8430dd321c1e3ab03572
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11
80a1ae567d396855243284e674876bb0d856f0e7a18d3c0142f0828513716dfe
a430a3f10ce490ee3be6f3159a368b22de00eb7089b4f7980e7de5bf943ad1d4
c5cdbe4c7fdab13310b17da86ac6d46da68fce4d6bd12d788cfde892b6d36853
d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc
d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39
d9fca4eb7997f7c7bd329252b09ba2a45e97dea35730d5ec7215cbb7d62ac3ab
dbd934625879ee54a986a2a0d98816c0d8cb4c9f1b87c444489ef3f6d61af985
e006ce874b4386820df30224dad717b7eabb39bb57aafd082c007a6485321f23
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f36d71c69bcec4ce625d2923d36a4b1f64bbc2e5691c99cf8a4f3b0f79d1edb4

xsmb99.me Open in urlscan Pro 103.9.77.196 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

41 Requests

100 %HTTPS

86 %IPv6

13 Domains

14 Subdomains

15 IPs

4 Countries

703 kBTransfer

1644 kBSize

11 Cookies

0 Outgoing links

Page URL History

Redirected requests

41 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

xsmb99.me Open in urlscan Pro
103.9.77.196 Public Scan

Screenshot
Live screenshot

Full Image

41
Requests

100 %
HTTPS

86 %
IPv6

13
Domains

14
Subdomains

15
IPs

4
Countries

703 kB
Transfer

1644 kB
Size

11
Cookies

41 HTTP transactions
1 data transactions