credit.hoacucxanh.com Open in urlscan Pro
2606:4700:3034::6815:5c92 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://credit.hoacucxanh.com/
Submission: On January 18 via automatic, source certstream-suspicious (January 18th 2024, 12:11:23 am UTC) — Scanned from DE

Summary HTTP 134 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 17 IPs in 4 countries across 13 domains to perform 134 HTTP transactions. The main IP is 2606:4700:3034::6815:5c92, located in United States and belongs to CLOUDFLARENET, US. The main domain is credit.hoacucxanh.com.
TLS certificate: Issued by E1 on December 14th 2023. Valid for: 3 months.

This is the only time credit.hoacucxanh.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
27	2606:4700:303... 2606:4700:3034::6815:5c92	13335 (CLOUDFLAR...) (CLOUDFLARENET)
33	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1 9	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
30	2a00:1450:400... 2a00:1450:4001:81c::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1 1	54.188.212.1 54.188.212.1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:223... 2600:9000:223f:9200:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
3 4	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
2 4	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 3	185.89.211.12 185.89.211.12	29990 (ASN-APPNEX) (ASN-APPNEX)
10	2a00:1450:400... 2a00:1450:4001:809::2006	15169 (GOOGLE) (GOOGLE)
2	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
2	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
1 2	52.19.219.1 52.19.219.1	16509 (AMAZON-02) (AMAZON-02)
134	17

27 2606:4700:3034::6815:5c92 (United States)

ASN13335 (CLOUDFLARENET, US)

credit.hoacucxanh.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 2a00:1450:4001:81c::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.188.212.1 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-188-212-1.us-west-2.compute.amazonaws.com

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223f:9200:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.162 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.18.36.155 (None, ) 2 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.89.211.12 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:809::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.19.219.1 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-219-1.eu-west-1.compute.amazonaws.com

skydeutschland.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
63	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 110 tpc.googlesyndication.com — Cisco Umbrella Rank: 157	702 KB
27	hoacucxanh.com credit.hoacucxanh.com	321 KB
15	doubleclick.net 4 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 cm.g.doubleclick.net — Cisco Umbrella Rank: 260 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 594	166 KB
10	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 336	347 KB
8	gstatic.com www.gstatic.com	77 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 622	3 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 230	261 KB
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 253	3 KB
2	demdex.net 1 redirects skydeutschland.demdex.net — Cisco Umbrella Rank: 84818	1 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 145
2	adsafeprotected.com 1 redirects pixel.adsafeprotected.com — Cisco Umbrella Rank: 851 static.adsafeprotected.com — Cisco Umbrella Rank: 721	697 B
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 28	2 KB
1	google.com www.google.com — Cisco Umbrella Rank: 2	1 KB
134	13

	Domain	Requested by
33	pagead2.googlesyndication.com	credit.hoacucxanh.com pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net s0.2mdn.net www.googletagservices.com
30	tpc.googlesyndication.com	pagead2.googlesyndication.com googleads.g.doubleclick.net credit.hoacucxanh.com tpc.googlesyndication.com www.gstatic.com s0.2mdn.net
27	credit.hoacucxanh.com	credit.hoacucxanh.com
10	s0.2mdn.net	credit.hoacucxanh.com s0.2mdn.net
9	googleads.g.doubleclick.net	1 redirects pagead2.googlesyndication.com credit.hoacucxanh.com
8	www.gstatic.com	googleads.g.doubleclick.net
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net
4	www.googletagservices.com	googleads.g.doubleclick.net credit.hoacucxanh.com
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
2	skydeutschland.demdex.net	1 redirects googleads.g.doubleclick.net
2	googleads4.g.doubleclick.net	credit.hoacucxanh.com
2	www.googleadservices.com
2	fonts.googleapis.com	googleads.g.doubleclick.net
1	www.google.com	tpc.googlesyndication.com
1	static.adsafeprotected.com	googleads.g.doubleclick.net
1	pixel.adsafeprotected.com	1 redirects
134	17

This site contains links to these domains. Also see Links.

Domain
wpenjoy.com

Subject Issuer	Validity	Valid
hoacucxanh.com E1	`2023-12-14` - `2024-03-13`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh

This page contains 19 frames:

Primary Page: https://credit.hoacucxanh.com/
Frame ID: 96B64E7ACC4A599611712C3969A534F5
Requests: 44 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20190131/zrt_lookup_fy2021.html
Frame ID: CF6A2EDCB97F2F10C1F939A3A3B831E2
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9268344707835381&output=html&adk=1812271804&adf=3025194257&lmt=1705536673&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=188x945_l%7C188x945_r&format=0x0&url=https%3A%2F%2Fcredit.hoacucxanh.com%2F&pra=5&wgl=1&easpi=0&asro=0&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~3~4~6&aslcwct=150&asacwct=25&aslmct=0.8&asamct=0.8&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705536673363&bpp=481&bdt=147&idt=482&shv=r20240116&mjsv=m202401110101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6791242159629&frm=20&pv=2&ga_vid=1355845432.1705536674&ga_sid=1705536674&ga_hid=1864683190&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C95320238%2C44798934%2C95322195%2C95320889%2C95321627%2C95322164&oid=2&pvsid=2962788950057247&tmod=1055939379&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=526
Frame ID: FCA7121CD9F5515262487681C1EB3817
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 48B35B736BEC57E187A8E3697AC07558
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: C1013F1BBD565F171DA71F0439CA4868
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: C2811C2BA6F10A165DBB8DA7F158810C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 4315D4E9395708C2897E24FDFC9B26CA
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGO7j5oACMAE&v=APEucNU-2cS00bHfjamTdAFEEmo9ARjItF2RA2op3mSoxWl7jO2A1trGkyPorT4zI9GTZC0WxmQHrb6Q38MWD9csZG954rC7fNQPpoYs54jMFT1unPPjrZTEZ7zeFdCj3XdktVZqYmex7gqlqRtGKNVR-RZbZsuk3ygrP2z9_bPxR2leP17AzrU
Frame ID: B86F61BE1C5BF62FC223B57FF1CBFFF1
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: F90AAA23932083829D268539B016F942
Requests: 19 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: CE95C51F8629BF5F8D4D1971C9D10C17
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 29AD71BEC25A454C76E159DC0D7571FD
Requests: 2 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Frame ID: 077908774203569265E633F15C38C60E
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16851892589229828232/index.html
Frame ID: E8B5AB1DFEC5383A60E33252AC9ED064
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/P1hqgBmkkNDwT9zug75Po3J06KDKU0QoOZK6hiZMV2E.js
Frame ID: A2662B1CBE8FCAC6D39E08660FA7E48D
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/P1hqgBmkkNDwT9zug75Po3J06KDKU0QoOZK6hiZMV2E.js
Frame ID: AE11883E7425CFC87FCC0E7872E5A5F4
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/P1hqgBmkkNDwT9zug75Po3J06KDKU0QoOZK6hiZMV2E.js
Frame ID: 8CBCD11FE1508B479CCBEC9C563AF416
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/18383340582406016154/index.html?e=69&leftOffset=0&topOffset=0&c=uDyGbiVc5J&t=1&renderingType=2&ev=01_250
Frame ID: A3C62F0E241A05B78AD5A634301E3BBB
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: A0F7AF604FD53BBD2C5CC14C26A732F9
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js
Frame ID: 5B86587599F096D9A61F937D0B61A512
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

credit.hoacucxanh.com

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

134
Requests

94 %
HTTPS

59 %
IPv6

13
Domains

17
Subdomains

17
IPs

4
Countries

1892 kB
Transfer

4852 kB
Size

13
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://wpenjoy.com/
Title: WordPress Theme

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 60

https://pixel.adsafeprotected.com/rfw/st/1878143/77325688/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&bundleId=&ias_dspID=3&ias_campId=1015281894&ias_pubId=pub-9268344707835381&ias_chanId=1&ias_placementId=20877999750&bidurl=https://credit.hoacucxanh.com/&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0iHNBX16bB8FhOni6bxAVP4 HTTP 302
https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&ias_xappb=

Request Chain 83

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELZTT_JSSway1KFeQwrRexk&google_cver=1

Request Chain 84

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZahsouKoR-mSfdg.ho.01wAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELZTT_JSSway1KFeQwrRexk&google_cver=1&google_hm=2

Request Chain 85

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEOVgpenYii4Rn3BqN55X0rA&google_cver=1

Request Chain 86

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDA3MTI1ODk0MzA4NjY3OTMx

Request Chain 107

https://googleads.g.doubleclick.net/pagead/adview?ai=CXST9oWyoZcySON6tjuwPoeKdyA2b5YSzddnavZjAEp7P5q2JAhABILa4rX9glYKggrAHoAGZwdWtKsgBCakCdNLL-YVCtT6oAwHIA0iqBN8BT9DOZnqD1vFCA_WHGt3e_Z77B_fsR0VGQ42iAmV57LD0N5ynlNlAYfPZ3bCPaxa7OGXCOV5bJoeNKFJKccg4is-GQiIEymDBOrtFyT9c-J3n0mWWF2W8aCjnnD3uRBJ0rw1_qISFONEk19J_kFikE38anRIzH4DrtueKpld0icyeHm4CRFAoCFxyWe3IV1Ec7l5wNCUnTtFSNUCqFptxIfYEN_lpdFbBWaAGGPMHZ7M49xKS4KjeLSKJ30L6n7bc61yU_rUh5IzgIJY3tr3Rp2dKDYsyhOzcGCffOGItV8AEnpiKoMcEiAX07NuITqAGLoAHmfmljQWoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHBRDLipUB0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOliYtOac0-WDA5oJR2h0dHBzOi8vemltbWVyYmlvbWV0LmV1L2VuL3Byb2R1Y3RzL2p1Z2dlcnN0aXRjaC1tZW5pc2NhbC1yZXBhaXItZGV2aWNlgAoByAsB2BMD0BUBgBcBshccChoIABIUcHViLTkyNjgzNDQ3MDc4MzUzODEYAA&sigh=_mLtHM28cG0&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTwAvHhf_wND2HPxumvXkSe66faTidks3QB5Z3OcJY6TIboekoWRfIvGfCdK5x9osY6eOq41kF4iEpjb-98hV1KbE0Izg-5GFu8gPe41BMqoYAQ&template_id=419&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2216717440647422379119%22,%22debug_reporting%22:true,%22destination%22:%22https://zimmerbiomet.eu%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211370061977%22],%2222%22:[%22true%22],%224%22:[%2201-18%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%229717631977847400017%22}&andc=true

Request Chain 112

https://skydeutschland.demdex.net/event?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=184104840&d_placement=383214997&d_campaign=31046188&d_bust=991355953&gdpr=&gdpr_consent= HTTP 302
https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=184104840&d_placement=383214997&d_campaign=31046188&d_bust=991355953&gdpr=&gdpr_consent=

134 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
credit.hoacucxanh.com/ 48 KB
10 KB 412ms
229ms Document
text/html 2606:4700:3034::6815:5c92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://credit.hoacucxanh.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:5c92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b315ff0d9f6d4efc412802b2b240b62c7d0c30a360285883549980e6b251a0bf

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 84729e8e2b821c7d-AMS
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 18 Jan 2024 00:11:13 GMT
link: <https://credit.hoacucxanh.com/wp-json/>; rel="https://api.w.org/"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9PfYbIMCj3lS3dZeEBffRzo0nmi5%2FBtBNEalfQ8qzwersrhE0lsBei2j6w%2B4okMgBy8uEnbGGPte7rSUAIWqtDkkJR6gBRMgJRqta0dH7E3aScWj%2BIUsN4m5vvGoAbtljuLnxNSP3nQJ3CpR%2BeSCEdBql5Q%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-litespeed-cache: hit

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 146 KB
50 KB 103ms
56ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9268344707835381

Requested by

Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0ca234157607e98e8ab530c3eca28702367e793f4c5bfa658118ccad71bc8c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://credit.hoacucxanh.com/
Origin: https://credit.hoacucxanh.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:13 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51122
x-xss-protection: 0
server: cafe
etag: 17073966580142694903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 18 Jan 2024 00:11:13 GMT

GET
H2 200 style.min.css
credit.hoacucxanh.com/wp-includes/css/dist/block-library/ 107 KB
15 KB 342ms
338ms Stylesheet
text/css 2606:4700:3034::6815:5c92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://credit.hoacucxanh.com/wp-includes/css/dist/block-library/style.min.css?ver=6.4.2
Requested by: Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:5c92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 698b89c0da3d319754d6a837b5e6d4e6a42dc402d9ffd7559b8c4cb29c644340

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:13 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 12 Jan 2024 02:31:36 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"1add3-65a0a488-d86ac;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fjyj3CvEIjSusCiTenQ2y4He6LRoZMA89ZgmXf47Ae4jQOfA5q7ICuRv03j8pwwlIpDqmdDAT%2Fo3HA1z0u8UVzjMTSK8HHW8%2FqQqZoMLdH84c4JvXjSL3SClSfA0Aw0rnYYxip7vYVEZIMSz7p73x9Ixuy0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 84729e8fad251c7d-AMS
alt-svc: h3=":443"; ma=86400
expires: Thu, 25 Jan 2024 00:11:13 GMT

GET
H2 200 font-awesome.css
credit.hoacucxanh.com/wp-content/themes/blogsite/assets/css/ 35 KB
7 KB 235ms
232ms Stylesheet
text/css 2606:4700:3034::6815:5c92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://credit.hoacucxanh.com/wp-content/themes/blogsite/assets/css/font-awesome.css?ver=6.4.2
Requested by: Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:5c92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e2a387f6a7cdac265c90c59daa4f30eeb1d183b8bcce4858384ab51d33c94533

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:13 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 12 Jan 2024 04:16:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"8d64-65a0bd03-d5b49;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HaG5oZ%2BUUqK0P3O7TZWK8oqWwNlSaQG4CVlAGQq1CKzNYfJqquthmY5FZSF%2FGSDG0857tElvqPvB0KZS79RFbykzWeViNzqaZqWUV0ZJqDbjb1M21TNxCnn4gHK2XA%2BSXzu5BwfaWFLxVtVja5LyC0xMw3I%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 84729e8fad271c7d-AMS
alt-svc: h3=":443"; ma=86400
expires: Thu, 25 Jan 2024 00:11:13 GMT

GET
H2 200 genericons.css
credit.hoacucxanh.com/wp-content/themes/blogsite/genericons/ 154 B
501 B 238ms
235ms Stylesheet
text/css 2606:4700:3034::6815:5c92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://credit.hoacucxanh.com/wp-content/themes/blogsite/genericons/genericons.css?ver=6.4.2
Requested by: Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:5c92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7e3559d6ffac7fc54d6edaa79b6e7330fab33fbdffc174a27c58b25e5b3952d2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:13 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 12 Jan 2024 04:16:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"9a-65a0bd03-d5b68;;;"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ClYYy1Tg5gZ5CZlYYKTtLG%2FfCdQi8kLFe8twB6gMijQxLXOavZAniocL8xINJ9mHsj5PwBFNMHMWLmM5Bt1bGt387JbeoSd11ca7guK6%2FJgn5P6wFF0U%2BZ7UiWWgR9x9Xwjb7IKRVeqQ7UD61d12tIZ5oPs%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 84729e8fad281c7d-AMS
alt-svc: h3=":443"; ma=86400
expires: Thu, 25 Jan 2024 00:11:13 GMT

GET
H2 200 style.css
credit.hoacucxanh.com/wp-content/themes/blogsite/ 70 KB
14 KB 207ms
204ms Stylesheet
text/css 2606:4700:3034::6815:5c92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://credit.hoacucxanh.com/wp-content/themes/blogsite/style.css?ver=20230701
Requested by: Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:5c92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 47aa507aa520ddf600e955596eb5b75a117eba68760dc9b10c5cbdebff98a9f0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:13 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 12 Jan 2024 04:16:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"11945-65a0bd03-d5b86;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MfE2dmFC%2BGHdPGuVS48xV820P9EbUe8FctUNFaoL0jK9j6kz1Auj7%2BHhX%2BcRjZpGjrxyV9dnvLMfM9NVdvl1XLeyELJvTfAlAbfQpFatzibOjqqqaOGymexRcj2uz%2F1LZ10HwqNAv1Jk8ZpmF9z4keoL3nc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 84729e8fad291c7d-AMS
alt-svc: h3=":443"; ma=86400
expires: Thu, 25 Jan 2024 00:11:13 GMT

GET
H2 200 responsive.css
credit.hoacucxanh.com/wp-content/themes/blogsite/ 9 KB
2 KB 207ms
204ms Stylesheet
text/css 2606:4700:3034::6815:5c92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://credit.hoacucxanh.com/wp-content/themes/blogsite/responsive.css?ver=20230701
Requested by: Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:5c92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d7b66acb0c96567acc8707b2473c308c2cb90430df021e86b9c6161e60e3e752

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:13 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 12 Jan 2024 04:16:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"237e-65a0bd03-d5b81;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tv6OfHWVXeQntwvpQWyR4hWldVu63w7lu4LO2yAdAUPjKJ7FDno6pfoFaH6y9bkE2bgqccR8mpVCo5lhZUMBED87lgoHo25SAke9F62Ch%2BOlgemDjiFe08K9vgS9AKmMDmweN0O3dZCxepCoBNy0KN1fibE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 84729e8fad2b1c7d-AMS
alt-svc: h3=":443"; ma=86400
expires: Thu, 25 Jan 2024 00:11:13 GMT

GET
H2 200 jquery.min.js Show response
credit.hoacucxanh.com/wp-includes/js/jquery/ 86 KB
31 KB 376ms
374ms Script
application/x-javascript 2606:4700:3034::6815:5c92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://credit.hoacucxanh.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
Requested by: Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:5c92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:13 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 12 Jan 2024 02:31:36 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"15601-65a0a488-d8c82;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gPeh5l9vilVgdxCbeSwg9UCnIHy%2FB2X%2FpJ8vNbnrhii5wn23enrVUTx%2F%2FLAfZ7JFPeFvGXJYjESKxPJx2ZEsZr1YIoHHOdpD3ym4PF%2BiurPKhpWmEzWmK8qGNkJgvUv%2FluIQekGmYRKydFUb18MN6Qm0i7Y%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
cf-ray: 84729e8fad2c1c7d-AMS
alt-svc: h3=":443"; ma=86400
expires: Thu, 25 Jan 2024 00:11:13 GMT

GET
H2 200 jquery-migrate.min.js Show response
credit.hoacucxanh.com/wp-includes/js/jquery/ 13 KB
5 KB 204ms
202ms Script
application/x-javascript 2606:4700:3034::6815:5c92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://credit.hoacucxanh.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
Requested by: Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:5c92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:13 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 12 Jan 2024 02:31:36 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"3509-65a0a488-d8cd3;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WaH%2BBKpgljRli6e3DE1M8tC4OkceG5LrbBihh5KKIyn2NNlqPWW22ooQIyUimYRgMx%2BVHjr9DgjPC%2BGpLscrBlQpn7LdNf5cRhu6e9QjXrvcAybwLzk4CGgjv0L5sDdWGc7UcsZs0JZezlyMRJWQh%2F9nmYA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
cf-ray: 84729e8fad2d1c7d-AMS
alt-svc: h3=":443"; ma=86400
expires: Thu, 25 Jan 2024 00:11:13 GMT

GET
H2 200 superfish.js Show response
credit.hoacucxanh.com/wp-content/themes/blogsite/assets/js/ 7 KB
3 KB 205ms
203ms Script
application/x-javascript 2606:4700:3034::6815:5c92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://credit.hoacucxanh.com/wp-content/themes/blogsite/assets/js/superfish.js?ver=6.4.2
Requested by: Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:5c92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4bd938863d8e473540c7300aec8fd156822f4701cee5fb6b3328a2cc9b0a012b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:13 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 12 Jan 2024 04:16:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"1d7c-65a0bd03-d5b5e;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fKO%2BqJ3ze3qrHJfP2LvL3kDfyVrVqqj%2BCXL6sDv8JDAQaHAQpMCQ7RYclQJ%2Bb9M1pltX%2FLGWWU%2B%2Fgm4%2BLwO2494n2AAkzaAfok7GXun1e4fTxFov9BLLOFiINfY9CCF5FbdDc42rRescvvY0rykZCaNuwNw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
cf-ray: 84729e8fad2e1c7d-AMS
alt-svc: h3=":443"; ma=86400
expires: Thu, 25 Jan 2024 00:11:13 GMT

GET
H2 200 html5.js Show response
credit.hoacucxanh.com/wp-content/themes/blogsite/assets/js/ 10 KB
3 KB 193ms
192ms Script
application/x-javascript 2606:4700:3034::6815:5c92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://credit.hoacucxanh.com/wp-content/themes/blogsite/assets/js/html5.js?ver=6.4.2
Requested by: Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:5c92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a4b3b91b775b356ac4b5c34ac94dbcc1212ef23b5e89bfa9bfcc92e285a4447a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:13 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 12 Jan 2024 04:16:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"285a-65a0bd03-d5b58;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Mx9D%2BXHVt1z4olrPhERx1bcvkz6hgvPgdXs1lljOcIRlSEKxqVzQEX%2Fp464TGXuCXRujT9%2F2srbl9acR7Uirysnom8kkSr1wGvhX4fQ%2FeG8fG0L0yBx4W%2Fzitln7UxeqCQz6oEsu2IQznJ9qxylj43AO%2Fc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
cf-ray: 84729e8fbd2f1c7d-AMS
alt-svc: h3=":443"; ma=86400
expires: Thu, 25 Jan 2024 00:11:13 GMT

GET
H2 200 jquery.bxslider.js Show response
credit.hoacucxanh.com/wp-content/themes/blogsite/assets/js/ 66 KB
16 KB 282ms
280ms Script
application/x-javascript 2606:4700:3034::6815:5c92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://credit.hoacucxanh.com/wp-content/themes/blogsite/assets/js/jquery.bxslider.js?ver=6.4.2
Requested by: Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:5c92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d9a3e8f06cc8581fd6eeb011535e3fe287f9d38d22be1ec1f9fd9bf804adf62a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:13 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 12 Jan 2024 04:16:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"107e0-65a0bd03-d5b5a;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kbin1lydHJWgVhR%2FTvAJ6uqvefqmJBTCmXMsRvnkOGgvNa%2FJWrqdQbPBcjr21HgKJTdD%2BloMlL8r2Tc%2B5ZmiZPC4Mzy8%2F9ka6D1GZmc9DvZt6kwKt9r8pP%2BSWBYb8mZGFEZrdFnURgcu4nWp5XmF%2B6C7xY4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
cf-ray: 84729e8fbd301c7d-AMS
alt-svc: h3=":443"; ma=86400
expires: Thu, 25 Jan 2024 00:11:13 GMT

GET
H2 200 jquery.tabslet.js Show response
credit.hoacucxanh.com/wp-content/themes/blogsite/assets/js/ 6 KB
2 KB 234ms
233ms Script
application/x-javascript 2606:4700:3034::6815:5c92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://credit.hoacucxanh.com/wp-content/themes/blogsite/assets/js/jquery.tabslet.js?ver=20230701
Requested by: Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:5c92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a7fe9347c265a8ef227a2c0e3e0e6e62e75f14784355f556fa9ddb864c5753f6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:13 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 12 Jan 2024 04:16:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"1701-65a0bd03-d5b5d;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9uz0xSQezbE2dSDXqomG8gsvE0CLz%2FlPgOzCVF2vg7gtgT1QM4nKG%2F0HAtyzzswAuoR95zjXB2CP0RNfl61unplDD56IIewuipPD9mR%2FcmEwoVrUOkg7mHfr4LXvwCktIxu3%2BIpgGMNOpaVqycnCK9t2RuE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
cf-ray: 84729e8fcd3c1c7d-AMS
alt-svc: h3=":443"; ma=86400
expires: Thu, 25 Jan 2024 00:11:13 GMT

GET
H2 200 index.js Show response
credit.hoacucxanh.com/wp-content/themes/blogsite/assets/js/ 30 KB
7 KB 243ms
242ms Script
application/x-javascript 2606:4700:3034::6815:5c92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://credit.hoacucxanh.com/wp-content/themes/blogsite/assets/js/index.js?ver=20230701
Requested by: Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:5c92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85d3987a45a0fdca18652344761e0dce4f3616d51f7788ad3447c18a8eea5291

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:13 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 12 Jan 2024 04:16:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"777c-65a0bd03-d5b59;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W8QdmS7zIHX5DYLh0lRazDYnh7iDhDNGqoOF1WCFt8IR3AQwc6VooG0wXo3EAcrBUeH%2BsHICJDob7vPj3bXy3YyIkuxY7%2Fstb4fn312Da5qJ61hXnUd0OvcXTTyPvLCWzBFbawt9dCKpB30e1vTpzSdprio%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
cf-ray: 84729e8fcd3e1c7d-AMS
alt-svc: h3=":443"; ma=86400
expires: Thu, 25 Jan 2024 00:11:13 GMT

GET
H2 200 jquery.custom.js Show response
credit.hoacucxanh.com/wp-content/themes/blogsite/assets/js/ 3 KB
1 KB 235ms
234ms Script
application/x-javascript 2606:4700:3034::6815:5c92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://credit.hoacucxanh.com/wp-content/themes/blogsite/assets/js/jquery.custom.js?ver=20230701
Requested by: Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:5c92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8e8b70424cd0f3f1f5a9285e3b0d2a0d5546f371544550969facf69b81a0d90

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:13 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 12 Jan 2024 04:16:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"b53-65a0bd03-d5b5b;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lx7o41w4KyiwQyZNB26ORaGSmWH7NzvlcZ2HFR9l4Ogkn8FEKy%2BYKauCLBko7Oj0nBVRNCwHwEfOsunRRz%2Fx5Ss5VQhE%2FXaR9b5IGbrTaZH8HVMWbEScGpHplS9M9HvhuhMDPIoGPwmqaYMJIIYveW3xv1k%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
cf-ray: 84729e8fcd3f1c7d-AMS
alt-svc: h3=":443"; ma=86400
expires: Thu, 25 Jan 2024 00:11:13 GMT

GET
BLOB 200
OK 99544733-369a-4cc7-a999-f220c156ce7f
https://credit.hoacucxanh.com/ 1 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://credit.hoacucxanh.com/99544733-369a-4cc7-a999-f220c156ce7f
Requested by: Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Length: 1245
Content-Type: text/javascript

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401110101/ 402 KB
136 KB 95ms
67ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401110101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9268344707835381&plah=credit.hoacucxanh.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9268344707835381

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

48b4f27028d9a9a59beeb48de1607a647fad54de8526859a27dd0dc434dae9bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:13 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 139523
x-xss-protection: 0
server: cafe
etag: 10644745565864260347
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 18 Jan 2024 00:11:13 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240116/r20190131/ Frame CF6A 9 KB
4 KB 52ms
13ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240116/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9268344707835381

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://credit.hoacucxanh.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 25266
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4173
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 17 Jan 2024 17:10:07 GMT
etag: 9219409622527106327
expires: Wed, 31 Jan 2024 17:10:07 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 44ms
43ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=new_abg_tag&value=true&host_v=false&frequency=0.01&eid=44759875%2C44759926%2C44759837%2C95320238%2C44798934%2C95322195

Requested by

Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 Jan 2024 00:11:13 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=abg::amalserr&status=tcto&guarding=true&timeout=50&rate=0.01&eid=44759875%2C44759926%2C44759837%2C95320238%2C44798934%2C95322195

Requested by

Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 Jan 2024 00:11:13 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 genericons.css
credit.hoacucxanh.com/wp-content/themes/blogsite/genericons/genericons/ 28 KB
16 KB 341ms
341ms Stylesheet
text/css 2606:4700:3034::6815:5c92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://credit.hoacucxanh.com/wp-content/themes/blogsite/genericons/genericons/genericons.css
Requested by: Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/wp-content/themes/blogsite/genericons/genericons.css?ver=6.4.2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:5c92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4ed10d0d64bb1515397e8666a63f484d640dbc5678fa62574e077b7aef1c3af2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/wp-content/themes/blogsite/genericons/genericons.css?ver=6.4.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:13 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 12 Jan 2024 04:16:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"6e6a-65a0bd03-d5b6d;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r9tk6q7PLl5KpXvWqqX1WTqjzVrHL8mbaABEUkyhCJIpa1sPRzmtGj2k%2B29SIzz0Vu%2FZlAFjwCJuo2RZRYjnJr2OwHsoTxH%2FJJihuIkl40fnR5vOBkxfzN4sI7aMjSj1wL8gihJaxXjd4cZAzIApQHS4DvE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 84729e913e206f3a-CDG
alt-svc: h3=":443"; ma=86400
expires: Thu, 25 Jan 2024 00:11:13 GMT

GET
H3 200 genericons-regular-webfont.woff
credit.hoacucxanh.com/wp-content/themes/blogsite/genericons/font/ 17 KB
17 KB 348ms
347ms Font
application/font-woff 2606:4700:3034::6815:5c92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://credit.hoacucxanh.com/wp-content/themes/blogsite/genericons/font/genericons-regular-webfont.woff
Requested by: Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/wp-content/themes/blogsite/style.css?ver=20230701
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:5c92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0e1536ec01be2959f60ab02b0194f62521734031080914187efc25e482fefdc9

Request headers

Referer: https://credit.hoacucxanh.com/wp-content/themes/blogsite/style.css?ver=20230701
Origin: https://credit.hoacucxanh.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:14 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 12 Jan 2024 04:16:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"4348-65a0bd03-d5b67;;;"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pNo7QgHIW2hLASCVDeiEGy7UAzjfYUynniAZ2E60VJm%2FctXukI4qqwsUbE7MfUrqFdU7g4F%2F0F6DMeackdu%2FGinR6DEviWPaHmij69u%2FKX5EyEQUNs3LzK2JxZPtT2L8oTkOeAFWZNzCltGmjYS7WiocEBU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff
cache-control: max-age=14400
cf-ray: 84729e93882c6f3a-CDG
alt-svc: h3=":443"; ma=86400

GET
DATA 200
OK truncated
/ 14 KB
14 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1cfd32e37f8aba263101f06e8f702adfaef55a6601857cf5e2c6dd0b0388dcd6

Request headers

Referer
Origin: https://credit.hoacucxanh.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 44ms
43ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=overlay_settings_from_ppabg&p_s=false&eid=44759875%2C44759926%2C44759837%2C95320238%2C44798934%2C95322195

Requested by

Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 Jan 2024 00:11:13 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 44ms
43ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=afc_etu&etus=4&sig=3&tms=200&eid=44759875%2C44759926%2C44759837%2C95320238%2C44798934%2C95322195

Requested by

Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 Jan 2024 00:11:13 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame FCA7 537 KB
104 KB 591ms
590ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9268344707835381&output=html&adk=1812271804&adf=3025194257&lmt=1705536673&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=188x945_l%7C188x945_r&format=0x0&url=https%3A%2F%2Fcredit.hoacucxanh.com%2F&pra=5&wgl=1&easpi=0&asro=0&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~3~4~6&aslcwct=150&asacwct=25&aslmct=0.8&asamct=0.8&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705536673363&bpp=481&bdt=147&idt=482&shv=r20240116&mjsv=m202401110101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6791242159629&frm=20&pv=2&ga_vid=1355845432.1705536674&ga_sid=1705536674&ga_hid=1864683190&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C95320238%2C44798934%2C95322195%2C95320889%2C95321627%2C95322164&oid=2&pvsid=2962788950057247&tmod=1055939379&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=526

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401110101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9268344707835381&plah=credit.hoacucxanh.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

59cd407c90b2a4c2ddf13d6413e014ca2c00def5c24dd48b958cbb6763641061

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://credit.hoacucxanh.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 106180
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 18 Jan 2024 00:11:14 GMT
expires: Thu, 18 Jan 2024 00:11:14 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 does-applying-for-credit-card-affect-credit-score-300x300.jpg
credit.hoacucxanh.com/wp-content/uploads/2024/01/ 20 KB
20 KB 24ms
23ms Image
image/jpeg 2606:4700:3034::6815:5c92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://credit.hoacucxanh.com/wp-content/uploads/2024/01/does-applying-for-credit-card-affect-credit-score-300x300.jpg
Requested by: Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:5c92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b4119ed5d4d27da0b9e157e64effce628d079e44ecbf7c661a2fe1b33fab68f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:13 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 197035
alt-svc: h3=":443"; ma=86400
content-length: 20177
last-modified: Fri, 12 Jan 2024 09:35:54 GMT
server: cloudflare
etag: "4ed1-65a107fa-d68df;;;"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j8m754n2j4n1iMz%2BBGhA2GkfKi810GzWrZEPMs8EzLm9pUJNUgBv1Pea69nW9%2F9h8%2BAam77KdNQw9Wq7FH5oaJER1VRJmq%2FVN6Z2o%2BgCFeRTJOyMltkXGauRWcT7KliZdn%2FgMQ2j4IRKhoQkvn4bAYcOf%2Fg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 84729e93e8656f3a-CDG
expires: Mon, 22 Jan 2024 17:27:18 GMT

GET
H3 200 is-computershare-legit-300x300.jpg
credit.hoacucxanh.com/wp-content/uploads/2024/01/ 17 KB
17 KB 343ms
341ms Image
image/jpeg 2606:4700:3034::6815:5c92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://credit.hoacucxanh.com/wp-content/uploads/2024/01/is-computershare-legit-300x300.jpg
Requested by: Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:5c92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 500cd0ebc3f28920c5a38dae47023ed5c647271a1635d1afd1a772a4481dfcba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:14 GMT
cf-cache-status: MISS
last-modified: Fri, 12 Jan 2024 09:31:51 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "4304-65a10707-d68ef;;;"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5H7M%2BNtJDQWG4yEC12HwIma2HyRFWGQgmlixos2ZiqSPRIRnxAyks2NQk4lQ2TEtAAMmSAsNy8ibbsszOd3S0JNVUSTznP83x0WyKrRaUA8VhiRmsNNHggUOkOMgE2y4caXPY7xRJAyE9IUA0SQmQX8zeoo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 84729e93e8676f3a-CDG
alt-svc: h3=":443"; ma=86400
content-length: 17156
expires: Thu, 25 Jan 2024 00:11:14 GMT

GET
H3 200 chase-credit-card-for-fair-credit-300x300.jpg
credit.hoacucxanh.com/wp-content/uploads/2024/01/ 11 KB
12 KB 25ms
23ms Image
image/jpeg 2606:4700:3034::6815:5c92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://credit.hoacucxanh.com/wp-content/uploads/2024/01/chase-credit-card-for-fair-credit-300x300.jpg
Requested by: Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:5c92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d172aab1f78c090353f8b507498e327bc011679aba3d8d92e456451de82091da

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:13 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 199511
alt-svc: h3=":443"; ma=86400
content-length: 11752
last-modified: Fri, 12 Jan 2024 09:25:01 GMT
server: cloudflare
etag: "2de8-65a1056d-d68e0;;;"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9DDqXhVVFKVxqf8ay464WwowFkCJv1mMsmfwRXqy1Jfwvi%2BiXZn4JgXBd%2FcWUvdudft%2Fz4h3Mdrie48X1fQXqh%2FkKkttQRNxQhb70%2F4W%2FaOq5URLZxPoyAzQOMzIB6XZ2RU17duBvkFHnWZQQJIyVXN%2B4Wo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 84729e93e8696f3a-CDG
expires: Mon, 22 Jan 2024 16:46:02 GMT

GET
H3 200 filing-bankruptcy-for-credit-card-debt-300x300.jpg
credit.hoacucxanh.com/wp-content/uploads/2024/01/ 15 KB
15 KB 40ms
38ms Image
image/jpeg 2606:4700:3034::6815:5c92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://credit.hoacucxanh.com/wp-content/uploads/2024/01/filing-bankruptcy-for-credit-card-debt-300x300.jpg
Requested by: Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:5c92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cfad56f4135ee07abcf2fbf53368004b07bee21f9215e08c38b28441a0dcb6de

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:13 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 197035
alt-svc: h3=":443"; ma=86400
content-length: 15204
last-modified: Fri, 12 Jan 2024 09:17:14 GMT
server: cloudflare
etag: "3b64-65a1039a-d68e4;;;"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kDpMaxKab88RVUhsFvyCSduFzj1%2FSk91H%2F6NhS1g6qhpBcYy%2BqnCnEPxA2kSzFbdkLWoITU%2F1Eh2ZqAMJGYsk3nKfvwaYvf9TTJ6eJZK3yr7nQ5Y7UCXfrppl0bpoBPovHzRRYtm0ZsHITMZj7b93a3r%2BYk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 84729e93e86a6f3a-CDG
expires: Mon, 22 Jan 2024 17:27:18 GMT

GET
H3 200 credit-card-accepting-small-business-300x300.jpg
credit.hoacucxanh.com/wp-content/uploads/2024/01/ 20 KB
20 KB 344ms
342ms Image
image/jpeg 2606:4700:3034::6815:5c92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://credit.hoacucxanh.com/wp-content/uploads/2024/01/credit-card-accepting-small-business-300x300.jpg
Requested by: Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:5c92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8bf91ea812ac0cab2ba06b3447807d5cdc66e7d660b6447ac56d5d28848ed9c1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:14 GMT
cf-cache-status: MISS
last-modified: Fri, 12 Jan 2024 09:13:40 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "4eae-65a102c4-d68d2;;;"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TuEZ2Sj%2FXIOTu6GrXlvYrf8BB8tlAzdJt1erf0QeQIoeQegz6dX9DFw0PSgBIBVOjGbsxJFJano929K%2FQ8XJtfe%2FAG1SCJuYh8wwt5Avat%2BNntA2t%2B1q1gTB5plNS9kG7A7p8UwHIaIaqUyKFXeDWGl3l6I%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 84729e93e86b6f3a-CDG
alt-svc: h3=":443"; ma=86400
content-length: 20142
expires: Thu, 25 Jan 2024 00:11:14 GMT

GET
H3 200 check-my-credit-report-for-free-300x300.jpg
credit.hoacucxanh.com/wp-content/uploads/2024/01/ 15 KB
15 KB 340ms
339ms Image
image/jpeg 2606:4700:3034::6815:5c92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://credit.hoacucxanh.com/wp-content/uploads/2024/01/check-my-credit-report-for-free-300x300.jpg
Requested by: Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:5c92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eea25630b8a6a5f531c6ba4f7bb6bf5b379137fe1fe4503db5d2e307eb9e5dae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:14 GMT
cf-cache-status: MISS
last-modified: Fri, 12 Jan 2024 09:06:49 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "3be2-65a10129-d68d6;;;"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LII9B%2FNVaVi5dFHPmmBgKspCt99rwpwH3UALasvASTqkNIk8Ali7jvE7cd2l5%2BQB5V8ZPvHR3wgByhxnM8jzE717vOWzrETzwL4WClrgnBfFhmMy2Ldg6ZMWZ7Gg8%2Bn06x9Meke3z5gb%2FqHRKTP2sDyVKkc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 84729e93e86c6f3a-CDG
alt-svc: h3=":443"; ma=86400
content-length: 15330
expires: Thu, 25 Jan 2024 00:11:14 GMT

GET
H3 200 cars-in-the-world-300x300.jpg
credit.hoacucxanh.com/wp-content/uploads/2024/01/ 12 KB
12 KB 232ms
230ms Image
image/jpeg 2606:4700:3034::6815:5c92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://credit.hoacucxanh.com/wp-content/uploads/2024/01/cars-in-the-world-300x300.jpg
Requested by: Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:5c92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85520b70affa8735ae15edb5fa1abc4e7352b93476fa96d6599b30156127ca8d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:14 GMT
cf-cache-status: MISS
last-modified: Fri, 12 Jan 2024 09:02:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "2eec-65a10041-d689e;;;"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EH8jzfED%2BDXQHdtqDuurGmnF5%2FDl9IER83c8wjo8Pn64j3%2FG0g%2BVd2wcNxULu2DQCL2AjxuHnQnd08CDdmdfzUJhWsivlaIIc%2B18d5KtCZxfxnWsOoVu78lD46VO8WL4a0tYnhoa1QDU5%2BwanoD4a0oNO68%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 84729e93e86d6f3a-CDG
alt-svc: h3=":443"; ma=86400
content-length: 12012
expires: Thu, 25 Jan 2024 00:11:14 GMT

GET
H3 200 nerdwallet-credit-card-comparison-300x300.jpg
credit.hoacucxanh.com/wp-content/uploads/2024/01/ 18 KB
19 KB 40ms
38ms Image
image/jpeg 2606:4700:3034::6815:5c92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://credit.hoacucxanh.com/wp-content/uploads/2024/01/nerdwallet-credit-card-comparison-300x300.jpg
Requested by: Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:5c92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b0583467641da1b816d542a9819a7dc8634c924e969c174352f75a049f8187d7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:13 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 199510
alt-svc: h3=":443"; ma=86400
content-length: 18830
last-modified: Fri, 12 Jan 2024 08:56:59 GMT
server: cloudflare
etag: "498e-65a0fedb-d68c0;;;"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l0%2FL2qu8uIWTrSMPUb18vaHrpFPezP4Ra6F%2FPi%2BcCCKY0DQmz%2FQKpQkOSvpt15WkPO1b6I1gBm7luKXqvNhWi5UzbL8qgyoue%2F2S6pAe0VGOqlJpyLbswT6vNrhSzEAjezQb9y9SJMjo3N2QhtSnog%2B7ufk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 84729e93e86e6f3a-CDG
expires: Mon, 22 Jan 2024 16:46:03 GMT

GET
H3 200 can-cars-fly-300x300.jpg
credit.hoacucxanh.com/wp-content/uploads/2024/01/ 11 KB
11 KB 236ms
235ms Image
image/jpeg 2606:4700:3034::6815:5c92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://credit.hoacucxanh.com/wp-content/uploads/2024/01/can-cars-fly-300x300.jpg
Requested by: Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:5c92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2bd1d7b6cd751fed16bfba218e8d7a7de2cfb3b718932091c7f75b555e928bd5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:14 GMT
cf-cache-status: MISS
last-modified: Fri, 12 Jan 2024 08:52:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "2a1e-65a0fdd6-d68b9;;;"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sM2SRceTQg9WxSZhONo9fm42tV6T%2FJnWN5KRKFSI6DMaU%2BjxiBulDFKWMZGYBSNjuqsqkJR4LXZLy1f%2F3aMoPO0vfS2X%2FLjaaKNCJ%2F9q%2BT6DF3XViX%2FJR2QYfD1gY4mDI6qoweIi8RRIbCVyokV8y%2FmnlW0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 84729e93e86f6f3a-CDG
alt-svc: h3=":443"; ma=86400
content-length: 10782
expires: Thu, 25 Jan 2024 00:11:14 GMT

GET
H3 200 should-computers-replace-teachers-pros-and-cons-300x300.jpg
credit.hoacucxanh.com/wp-content/uploads/2024/01/ 22 KB
22 KB 357ms
356ms Image
image/jpeg 2606:4700:3034::6815:5c92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://credit.hoacucxanh.com/wp-content/uploads/2024/01/should-computers-replace-teachers-pros-and-cons-300x300.jpg
Requested by: Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:5c92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16a9e697fb42886d92bb25bbd9340cb358db5c81d5b95c993de7c34ef8ecf177

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:14 GMT
cf-cache-status: MISS
last-modified: Fri, 12 Jan 2024 08:49:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "562f-65a0fcff-d68b0;;;"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ymjaRxb3fTOVbID39EpoYShiBGzCXyl3%2BEIHgsaf8Ob4Y4HjKcaXg%2Bu1var4WfLY%2FncRFrTncJvG%2BrX%2Fsle2zrRCPb%2Brvofe5irjsf0Mf8lxkvkR7qpDebg54vDsFqhV2e71ALjogZRmPanx%2FqreOZuTtGg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 84729e93e8726f3a-CDG
alt-svc: h3=":443"; ma=86400
content-length: 22063
expires: Thu, 25 Jan 2024 00:11:14 GMT

GET
H3 200 wp-emoji-release.min.js Show response
credit.hoacucxanh.com/wp-includes/js/ 18 KB
5 KB 233ms
233ms Script
application/x-javascript 2606:4700:3034::6815:5c92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://credit.hoacucxanh.com/wp-includes/js/wp-emoji-release.min.js?ver=6.4.2
Requested by: Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:5c92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:14 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 12 Jan 2024 02:31:36 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"4904-65a0a488-d8ce2;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wPo0qC8blq6mLJWkIG0MN3vFjNkVwYmmhsGQq8AMDuZzsHF85pr4FHa3DEEQZIlsm6Q8s8eyMzG%2BZt7SzqhXJf0yvEhJEPPnRDtqf0ltpQgcBenQoapQzL%2B8LhLgONBelP31jbqDNSkp2IlWKv0VlZ9eBZY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
cf-ray: 84729e9408956f3a-CDG
alt-svc: h3=":443"; ma=86400
expires: Thu, 25 Jan 2024 00:11:14 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 57ms
56ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240116&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eeaafc10a5e42552267e66056edc72e09b0ab1a06cfa5e23b554d5b5f21ab33b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:14 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12184
x-xss-protection: 0

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401110101/ 162 KB
55 KB 58ms
55ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401110101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

154910895ac3a37d3fec6550bdef7627d9708c13c571e164e325d2bb4fa8e839

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:14 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56395
x-xss-protection: 0
server: cafe
etag: 16115782319165695208
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 18 Jan 2024 00:11:14 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 133ms
68ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 18 Jan 2024 00:11:14 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 47ms
46ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=afc_etu&etus=4&sig=4&tms=200&eid=44759875%2C44759926%2C44759837%2C95320238%2C44798934%2C95322195%2C95320889%2C95321627%2C95322164

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 Jan 2024 00:11:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 48ms
47ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=afc_etu&etus=4&sig=3&tms=200&eid=44759875%2C44759926%2C44759837%2C95320238%2C44798934%2C95322195%2C95320889%2C95321627%2C95322164

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 Jan 2024 00:11:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 49ms
48ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=afc_etu&etus=4&sig=2&tms=200&eid=44759875%2C44759926%2C44759837%2C95320238%2C44798934%2C95322195%2C95320889%2C95321627%2C95322164

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 Jan 2024 00:11:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 48ms
47ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=afc_etu&etus=4&sig=1&tms=200&eid=44759875%2C44759926%2C44759837%2C95320238%2C44798934%2C95322195%2C95320889%2C95321627%2C95322164

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 Jan 2024 00:11:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/ Frame 48B3 9 KB
4 KB 15ms
14ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://credit.hoacucxanh.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 25230
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4173
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 17 Jan 2024 17:10:44 GMT
etag: 9219409622527106327
expires: Wed, 31 Jan 2024 17:10:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/ Frame C101 9 KB
4 KB 14ms
13ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://credit.hoacucxanh.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 25230
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4173
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 17 Jan 2024 17:10:44 GMT
etag: 9219409622527106327
expires: Wed, 31 Jan 2024 17:10:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/ Frame C281 9 KB
4 KB 14ms
13ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://credit.hoacucxanh.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 25230
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4173
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 17 Jan 2024 17:10:44 GMT
etag: 9219409622527106327
expires: Wed, 31 Jan 2024 17:10:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/ Frame 4315 9 KB
4 KB 14ms
14ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://credit.hoacucxanh.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 25230
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4173
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 17 Jan 2024 17:10:44 GMT
etag: 9219409622527106327
expires: Wed, 31 Jan 2024 17:10:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css2
fonts.googleapis.com/ Frame 48B3 4 KB
1 KB 63ms
23ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 18 Jan 2024 00:11:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 18 Jan 2024 00:08:36 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 18 Jan 2024 00:11:14 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 48B3 205 B
295 B 57ms
20ms Image
image/png 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 09:40:51 GMT
x-content-type-options: nosniff
age: 52223
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 16 Jan 2025 09:40:51 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 48B3 604 B
919 B 56ms
18ms Image
image/png 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 02:17:22 GMT
x-content-type-options: nosniff
age: 78832
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 16 Jan 2025 02:17:22 GMT

GET
H2 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240116/r20110914/elements/html/ Frame 48B3 16 KB
7 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240116/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

972f7a26f860f2f122dcf2a4c5cae616df3a4a83e0c8318a1afb824c766fb651

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:10:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25229
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6823
x-xss-protection: 0
server: cafe
etag: 11129212757755515379
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 31 Jan 2024 17:10:45 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240116/r20110914/elements/html/ Frame 48B3 22 KB
9 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240116/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a519c62e734157227e61ce5209158e1b7b484b5f2b68e3ccaed1ffe444de36d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:10:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25229
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9422
x-xss-protection: 0
server: cafe
etag: 10624764489894593518
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 31 Jan 2024 17:10:45 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240116/r20110914/client/ Frame C101 2 KB
903 B 37ms
36ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240116/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:10:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25231
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 31 Jan 2024 17:10:43 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240116/r20110914/ Frame C101 23 KB
9 KB 41ms
39ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240116/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:10:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25231
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9276
x-xss-protection: 0
server: cafe
etag: 3558958386372919956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 31 Jan 2024 17:10:43 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240116/r20110914/client/ Frame C101 3 KB
1 KB 44ms
43ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240116/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:10:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25231
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 31 Jan 2024 17:10:43 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240116/r20110914/client/ Frame C101 20 KB
8 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240116/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:10:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25231
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 31 Jan 2024 17:10:43 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame C101 206 KB
66 KB 116ms
23ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69c32d8650b1e5f0bcb76d787972b68a1ba327ea5bd8da7ab8ca1a04336735c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66453
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1705495733332172"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 18 Jan 2024 00:11:14 GMT

GET
H2 200 4cee352c918c506f58256258d534a665.js Show response
www.gstatic.com/mysidia/ Frame C101 37 KB
16 KB 36ms
14ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/4cee352c918c506f58256258d534a665.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e6b20a1535a6d3ca3d7a611ae199a6f4b464e0b67b450379ed43a7ef3e66957c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:10:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25231
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15452
x-xss-protection: 0
last-modified: Sat, 13 Jan 2024 00:04:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 16 Apr 2024 17:10:43 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame B86F 624 B
246 B 58ms
54ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGO7j5oACMAE&v=APEucNU-2cS00bHfjamTdAFEEmo9ARjItF2RA2op3mSoxWl7jO2A1trGkyPorT4zI9GTZC0WxmQHrb6Q38MWD9csZG954rC7fNQPpoYs54jMFT1unPPjrZTEZ7zeFdCj3XdktVZqYmex7gqlqRtGKNVR-RZbZsuk3ygrP2z9_bPxR2leP17AzrU

Requested by

Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 18 Jan 2024 00:11:14 GMT
expires: Thu, 18 Jan 2024 00:11:14 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame F90A 89 KB
31 KB 145ms
144ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:14 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 18 Jan 2024 00:11:14 GMT

GET
H2

200

skeleton.gif
static.adsafeprotected.com/ Frame F90A
Redirect Chain

https://pixel.adsafeprotected.com/rfw/st/1878143/77325688/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&bundleId=&ias_dspID=3&ias_campId=1015281894&ias_pubId=pub-9268344707835381&ias_chanId=1&ias_place...
https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&ias_xappb=

43 B
482 B

46ms
7ms

Image
image/gif

2600:9000:223f:9200:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&ias_xappb=
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Server: 2600:9000:223f:9200:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 17:29:44 GMT
x-amz-version-id: iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3220892
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 43
last-modified: Mon, 17 Aug 2020 23:55:15 GMT
server: AmazonS3
etag: "45cf913e5d9d3c9b2058033056d3dd23"
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: _g-jbl-759TZyRIbves50MxSCo6KO9-BG4npaicRHLAOqYMq89NGBg==

Redirect headers

pragma: no-cache
date: Thu, 18 Jan 2024 00:11:15 GMT
server: nginx
x-server-name: app09.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&ias_xappb=
cache-control: no-cache
content-length: 0

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240116/r20110914/client/ Frame F90A 3 KB
1 KB 32ms
28ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240116/r20110914/client/window_focus_fy2021.js

Requested by

Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:10:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25231
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 31 Jan 2024 17:10:43 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240116/r20110914/client/ Frame F90A 20 KB
8 KB 28ms
26ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240116/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:10:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25231
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 31 Jan 2024 17:10:43 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame F90A 206 KB
65 KB 139ms
61ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69c32d8650b1e5f0bcb76d787972b68a1ba327ea5bd8da7ab8ca1a04336735c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66453
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1705495733332172"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 18 Jan 2024 00:11:14 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame F90A 42 B
63 B 56ms
54ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AJRSnRgIOUZwJCSS9T4zk3pgNCOuRpK74vLxnM8E-fzX9IObgNQKXO4GIuhxPnHtFIaB8hFtY9GIejX-ew_eD_Cc2is5OBkCdfprClEYpkraemw6A

Requested by

Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 Jan 2024 00:11:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 4b0ef9dfa83525e0607f42119c034d23.js Show response
www.gstatic.com/mysidia/ Frame 4315 9 KB
4 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/4b0ef9dfa83525e0607f42119c034d23.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

97c530c44249746307c2b01b37eed0f53757d139bc4243798f468c71da9844da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:14:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24985
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4079
x-xss-protection: 0
last-modified: Thu, 11 Jan 2024 22:51:41 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 16 Apr 2024 17:14:49 GMT

GET
H2 200 9e7d3f247d8b0aa5115615da07ecb571.js Show response
www.gstatic.com/mysidia/ Frame 4315 42 KB
16 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/9e7d3f247d8b0aa5115615da07ecb571.js?tag=html5_display_upload/html5_exit_api

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

44f6db744eeb76ff8647b8791179a3f7d92e9a8a4a0e339d907b0c4b2869224c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 18:10:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21640
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16673
x-xss-protection: 0
last-modified: Thu, 11 Jan 2024 04:29:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 16 Apr 2024 18:10:34 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240116/r20110914/client/ Frame 4315 2 KB
856 B 28ms
25ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240116/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:10:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25231
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 31 Jan 2024 17:10:43 GMT

GET
H2 200 e9e356ec41155b008235c83648cb19be.js Show response
www.gstatic.com/mysidia/ Frame 4315 23 KB
10 KB 40ms
37ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e9e356ec41155b008235c83648cb19be.js?tag=exit_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d233ae3f0c2b48dc6f71e32ad7e23ba5e1d64b59af7e8d5592375d14887f3e97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 18:10:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21640
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9775
x-xss-protection: 0
last-modified: Sat, 13 Jan 2024 00:04:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 16 Apr 2024 18:10:34 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240116/r20110914/ Frame 4315 23 KB
9 KB 30ms
28ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240116/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:10:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25231
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9276
x-xss-protection: 0
server: cafe
etag: 3558958386372919956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 31 Jan 2024 17:10:43 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240116/r20110914/client/ Frame 4315 3 KB
1 KB 33ms
31ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240116/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:10:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25231
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 31 Jan 2024 17:10:43 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240116/r20110914/client/ Frame 4315 20 KB
8 KB 34ms
33ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240116/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:10:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25231
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 31 Jan 2024 17:10:43 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4315 206 KB
65 KB 114ms
49ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69c32d8650b1e5f0bcb76d787972b68a1ba327ea5bd8da7ab8ca1a04336735c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66453
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1705495733332172"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 18 Jan 2024 00:11:14 GMT

GET
H2 200 4cee352c918c506f58256258d534a665.js Show response
www.gstatic.com/mysidia/ Frame 4315 37 KB
15 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/4cee352c918c506f58256258d534a665.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e6b20a1535a6d3ca3d7a611ae199a6f4b464e0b67b450379ed43a7ef3e66957c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:10:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25231
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15452
x-xss-protection: 0
last-modified: Sat, 13 Jan 2024 00:04:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 16 Apr 2024 17:10:43 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame CE95 13 KB
5 KB 28ms
24ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://credit.hoacucxanh.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 25213
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 17 Jan 2024 17:11:01 GMT
expires: Thu, 16 Jan 2025 17:11:01 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 29AD 829 B
1 KB 72ms
26ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

5bbcad4336c05f1c8886288e16e5c99a3e86c78e2bec51e5c59e62f8f561f86f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ay-R6i1-Fkt2MaUYisAsbw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://credit.hoacucxanh.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-ay-R6i1-Fkt2MaUYisAsbw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 18 Jan 2024 00:11:14 GMT
expires: Thu, 18 Jan 2024 00:11:14 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 css
fonts.googleapis.com/ Frame 0779 6 KB
779 B 26ms
24ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9a4eb2c9445287c34cb0a9ed5cc673460362483f0855bc91f8230dfa46a955e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 18 Jan 2024 00:11:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 17 Jan 2024 23:14:58 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 18 Jan 2024 00:11:14 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240116/r20110914/client/ Frame 0779 2 KB
822 B 15ms
15ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240116/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:10:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25231
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 31 Jan 2024 17:10:43 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240116/r20110914/ Frame 0779 23 KB
9 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240116/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:10:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25231
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9276
x-xss-protection: 0
server: cafe
etag: 3558958386372919956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 31 Jan 2024 17:10:43 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240116/r20110914/client/ Frame 0779 3 KB
1 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240116/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:10:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25231
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 31 Jan 2024 17:10:43 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240116/r20110914/client/ Frame 0779 20 KB
8 KB 24ms
22ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240116/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:10:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25231
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 31 Jan 2024 17:10:43 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0779 206 KB
65 KB 46ms
44ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69c32d8650b1e5f0bcb76d787972b68a1ba327ea5bd8da7ab8ca1a04336735c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66453
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1705495733332172"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 18 Jan 2024 00:11:14 GMT

GET
H2 200 4cee352c918c506f58256258d534a665.js Show response
www.gstatic.com/mysidia/ Frame 0779 37 KB
15 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/4cee352c918c506f58256258d534a665.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e6b20a1535a6d3ca3d7a611ae199a6f4b464e0b67b450379ed43a7ef3e66957c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:10:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25231
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15452
x-xss-protection: 0
last-modified: Sat, 13 Jan 2024 00:04:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 16 Apr 2024 17:10:43 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame B86F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELZTT_JSSway1KFeQwrRexk&google_cver=1

43 B
768 B

23ms
22ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELZTT_JSSway1KFeQwrRexk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGO7j5oACMAE&v=APEucNU-2cS00bHfjamTdAFEEmo9ARjItF2RA2op3mSoxWl7jO2A1trGkyPorT4zI9GTZC0WxmQHrb6Q38MWD9csZG954rC7fNQPpoYs54jMFT1unPPjrZTEZ7zeFdCj3XdktVZqYmex7gqlqRtGKNVR-RZbZsuk3ygrP2z9_bPxR2leP17AzrU
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 Jan 2024 00:11:14 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1saIdMDtjb0Os9WnPMa3kOlZZNLAPK887wCyRollv7kl7oVetO%2FKDziV6MefXGUnfVnJOchYg%2FHKRmxMTDdEyNuVqgsjHbJfS%2Fy%2BHHxVk13VlaqGoXhdGt6wK8tXC0KddOQcQYdkiJ3LmA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 84729e9a8a1230cc-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 18 Jan 2024 00:11:14 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELZTT_JSSway1KFeQwrRexk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame B86F
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZahsouKoR-mSfdg.ho.01wAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELZTT_JSSway1KFeQwrRexk&google_cver=1&google_hm=2

43 B
733 B

19ms
19ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELZTT_JSSway1KFeQwrRexk&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGO7j5oACMAE&v=APEucNU-2cS00bHfjamTdAFEEmo9ARjItF2RA2op3mSoxWl7jO2A1trGkyPorT4zI9GTZC0WxmQHrb6Q38MWD9csZG954rC7fNQPpoYs54jMFT1unPPjrZTEZ7zeFdCj3XdktVZqYmex7gqlqRtGKNVR-RZbZsuk3ygrP2z9_bPxR2leP17AzrU
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 Jan 2024 00:11:15 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wpNI7q0kP9oqQuUqtcq%2BIHcgLXuBXe7gi2WNTu0SPFtejDovkD%2BOCTROsMRWaDzUrHVgNN0QF8INiixWlCnmw65A%2FmKFG1Ps%2BqmwpdPIH4Uf9tKdMTI2eDEjw0nXsr5e%2B0LaOEUo3KuscQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 84729e9ada2e30cc-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 18 Jan 2024 00:11:14 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELZTT_JSSway1KFeQwrRexk&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame B86F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEOVgpenYii4Rn3BqN55X0rA&google_cver=1

43 B
1008 B

15ms
15ms

Image
image/gif

185.89.211.12
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEOVgpenYii4Rn3BqN55X0rA&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGO7j5oACMAE&v=APEucNU-2cS00bHfjamTdAFEEmo9ARjItF2RA2op3mSoxWl7jO2A1trGkyPorT4zI9GTZC0WxmQHrb6Q38MWD9csZG954rC7fNQPpoYs54jMFT1unPPjrZTEZ7zeFdCj3XdktVZqYmex7gqlqRtGKNVR-RZbZsuk3ygrP2z9_bPxR2leP17AzrU

Protocol

Server

185.89.211.12 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 Jan 2024 00:11:14 GMT
an-x-request-uuid: f49bbf29-6550-451c-a40f-0d1f3d353d6a
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 178.162.209.130; 178.162.209.130; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 18 Jan 2024 00:11:14 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEOVgpenYii4Rn3BqN55X0rA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B86F
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDA3MTI1ODk0MzA4NjY3OTMx

170 B
188 B

26ms
26ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDA3MTI1ODk0MzA4NjY3OTMx

Requested by

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 Jan 2024 00:11:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 18 Jan 2024 00:11:14 GMT
an-x-request-uuid: 4dbb50c3-5f1e-4746-bbd5-865ee19b3071
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDA3MTI1ODk0MzA4NjY3OTMx
x-proxy-origin: 178.162.209.130; 178.162.209.130; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16851892589229828232/ Frame E8B5 27 KB
4 KB 15ms
14ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16851892589229828232/index.html

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/9e7d3f247d8b0aa5115615da07ecb571.js?tag=html5_display_upload/html5_exit_api

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3dc80b15db3d7d6884d4854a0ba4884195d47c0147d7605da068cf1f3d4857ab

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 20171
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 4280
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Wed, 17 Jan 2024 18:35:03 GMT
expires: Thu, 16 Jan 2025 18:35:03 GMT
last-modified: Wed, 17 Jan 2024 17:38:33 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 4315 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fdebef6c90fabbaefe29c56b879cd42bc546315e98def614d7855f61ee312e38

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F90A 0
20 B 44ms
43ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=7971836569194&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 Jan 2024 00:11:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F90A 0
20 B 43ms
43ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=7971836569194&version=m202309260101&ct=76&x=1&cor=12104170357698564000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 Jan 2024 00:11:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame F90A 101 KB
40 KB 70ms
69ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BYafx6yc7lLQQ7EUSGKArmggBdO25C5qvcrF8nkl85TYna3SWy9nANA29CBmB2JQkyTxLkUhJvwqq1y3sj_7neHLtXs1tWB7bDXm20mhV2Hdpwta9n_CjDwiXpn0-eGmxwl1eZn1Kww3QGwKg0jc-w4Yc-sotSWBQCoX-4iLWu7uNVLNA&dbm_d=AKAmf-AEIg5r407CPOf2qydWjjltVpubY4XtwQJWCDOvFVh0ptLK0HIZ8JNYi-YrjAGBlGKuCVLxDMH_mMr4XEkPDH92hxErAW6GvY5a7U9GNglFeRVA1pe8NDyQoFowowucI36qa9KJt_5xjwnJ9Hf9PwKGYQirEKqd06DD1QdMS9pyoNTWI2dJYkalRRArSTPpkGOmjoyEYMxkOq4U-O7ORDblJqcvQr4rmTzfdFaJ_AdYmwFGyTsl4_dwYujRtDMVfdUJIqYjrCCRRrKiZNpu9k8RmjeT2FBVDWlN6MP-c_eUq-CgAKy80bO5AkfgwXDgFvx2tRzfDAkjpcFiMPxY5lMJskAX6BCObC_smQHu5tLPLm3I_SenDB2Rp8gBLrxf1vAndZe0wu_kOzoOoz0EJ9cHxOUWHZx4Uq7xVLeGMih5AvWHaNGnj4g0mVQ_3sRk_8xuijaJrfD0DR3fKo_nyLqFIgYjIMcUlH8Qc8HbvT20vK_AUwIW5qc6UrF6zKir_w-RoD7TY4fwpDdrjAcLh1FS63VGdRUB5xxfaQw-ikB7LrKSZ3sxoZJRxN4AdqJQWDinJAounuFDOxK1gUe1WctLWoH2KSCTGxSCvwvLuKubG11vat07NcggaCtMzp9WGzaLEZZRYMHGUX9A-mCpKAq3epsNeN5Xya88liwoVBPsPjaaJECK_yhOI45QbjBQFpHucYtIjmJy1LynvS2FHV5cnBWVjOdnMpX25UGgvb0KtknhOCf17diUzwJ8pjZfgDnCBfAkeNECXtW-XdYjgHsBIOShnI97fLYGdztiqJcaI-VLj-yMCVap5Y2xbL5pFU3i8689aMK_VPPf95nYeryN-mrajsVfCQOuADgYxasiz6Bw8n7cpb5zzem-RvvWc-6tblxEDrSwG1GPbIam8Ln-mprXjmTQlagMTiX3oHbuxUgdDUjC2Ws_DODfgZZJx9zEc6v1FTXKEkZAcrdFmDm4OaIC8j7JQH1ey6DMXLWzLY6hb7rkreMaq3alNn3dobboBLtALkLWdyqlTF_hv0Ppha6SvqH_ZsD55jJBgmRZv9TPCt7cRhHo0L5BkYjGc6CZnS4SMqnpcCHlQdgpXO1LDqMGQQ0tcECPOnJzmIJj10_3FCx_6IgLqKDC1m1be7YxPwHwNC8eplj7AHVoX4VEDzrpt_7fLkB3pOWHe7HtD7PIRgsjBk5q_gYMc89ERvYbVNglzKy5Zt_V7CnVHJn6c9-mQvX1QdFsWIFATqvz9WFrTia0Jomws_je7I4fzr0kS6ajCi3X_CapXmHq4IaEQ_0XjZzIOt_HoiZ5E4YR4OfkSVL45Bd5iQKxGr7daK5322VYYdoZ6RnwuEqu5fXdmF14Q2NLe00po3vdakEj-cgLuxmIDOmm8ui9cIFEy8rei-xl6RUVNd29i-S9XylBhCtG07JihHgXxr7TvjHxK7CjgrUWcki_xeXwEyIV6MHO5iwcDm0C1SnAPDTC2OYpEOETWG1coTfKpB894BbmreXtEQOqfGpeeGWHU91Rf3TIyWqaTHfpIlUrAe4WkC03uWRfXcCtQ1VaDnuX50i8jssD4ropAo3-HAj_QaWWecF1-ztngwV1n1gecRxWAxcKuP1LtCMP7H_aq_JdcGttMhpHgpI11XNNPVBru4dwJrYQFIlQf2LWT3Flh6nwPY1oFCCASex_zyF8vXftWtr-cFsYPKEzhjjuOUMo4aVbvm0QK9ABy7Xe46NppM_gwZGCrJGOFIhe0MVWpTUOQshS_7MXYahfe51T3MtG9z2YYSce63ZaQlW3xGAhvriboQMP2ybgbMWzI6CHS6qQv_7MBgQNwLENEV2lGLuAJNVXKMlyhkFcaKMeM8TEgavuVaEKoyqIi43cg2Sk5mcdoSoFOMBBYSUZyinGPBnUSjptfxXRViyXxDgSF9qtH2wk3CEIunomMtz1EyC09f6K2aNfCXFSnQVvP2RpdLsr7sW3AgN5_IghtafgiTtjeuVxUCh94Z5AGqX9B6xlZgpoI6BWculObqhTYlbgxwprvnqaZ-2DDM2xpJDMivgKzgGbuKRb1QKVNmK4rbWHMQ-ICgwPB1ITWMt5eSJeLuiumQab7Z-h2ZqNeh79kf-eq0a_Eu7g-KuTudaPtXycmQm_d3zWwliiToKHW5G0HvHF1EHEkyli6_M7VhCu3fYIRBQni3dUswYZ5WdSGhkQ1Yq8NUtuntwUj7eQ8FY7u9-dYmyK6Mt1_MLLAriAK7cHMh9sbQ3TZ3na7ZF6mS8ELCkp_bjEnf2fhxkWJa7lh3OtPsj3_xaZq4US9s55CcQoH-0kAlaoRQQN5X3pjP0irP02hrLd3pSJGRByiYkDuOiNCUxgHotFQPEWXLiEkYEpGwenJeAmNftXCyS27DdRuIYnwRW7fB98dICG-KCGsd7T6VnEtc3l7BGKAEq3LgeE03GqwpSCgvwu1A-JzncQhIj1_ezRVxmErLZBZzjyF4Y6wOEvmbwhMq9Z3nz3YBrUjotIf7ggd6YHFhv233mxjM7O5tcFDP6mrllN3cz4pkBLyXTXnyUDWbMcgt9rhMvwj17T4ZOkMeVW6Uh7eKo_8SSMZcrb4HwMUGwuOPZtbM5X7VbU0niU1wclyZw1ucWd8fPIPvMe06s32JeUu-timyj1XMNd6rPkmTi015hFrvhcze_AXeaCKM8PbOcbh0HyKNYsNoZuuoB-o43xcgeFb-cN2CrYUGW7JIKNiZBA9MVjATkNcyxbGSJpEdLWdg1zWQ58nTOtPVfUVan5WXP7WbdtRlTR2E0456Bg5fhf25cQSKEnAQhUIzQR3gjMQedr_1ajd5xGSKE2PZWdkE1wu5s6K11xZvpeiFScIdPzxAXS_3S--Dt8KRgaI1LZFNtQteqprk9ZC-iFLQtmXD3J6rwbzzcbvdVjSIx2INv2rxfWctQhN0XnZCpXRUoSB2a-UE3pahZcn7IgPUPBpIOkbdmlbghWo4s9yWYVvpmac7dgoZ0bWJbXN_l3ReTvwnOkuq_TiPSyxlYNnucWj0ix5-rdfX2c83CoDc4xyEmHPTxTmHwQl80RRWuI9tCMSfkurXplXgzwLf-pCG3tWjtYfz2Xqg5-b0-XZRFq9FO3mYoQUnZtMln6X1PYU_oS41RTnS-tJwgqSaqhJOGbHtFtKxjyCN4dkmWpfIAQPBlmVffcXRP9cb91mXwVa-l3uffhlkrNvzkkwW5Cwh5wYd9UekVu9Y_15s87Z6p-m7J6zf9idF7-MqIhhkyGLV1KBB2dsZorZXH4tkLDbWMg8eG8eUyRwNGsAXngp8_x4re7TvhcDxgDp7jSWUJ3LuamPgaiG68x7LHbumVXEozn_SpUlR7D219RRQiD0fjOLE1c9h6XuEr28EddhBhsRDwqPl2TTAkiTNd8Jpo1jHVXNsx67-A1HsxQXB1BOnVt9GU8MDHceSarIKNNkfBxJRYcOK9Md6P6JeIXMH2tG17iPxrrOuMbXX4QzUdOBkjoRCKZr2ytdhiX6RdIp_nX09NJKuoWB8uvZWCPS2q6kg&cid=CAQSTwAvHhf_wND2HPxumvXkSe66faTidks3QB5Z3OcJY6TIboekoWRfIvGfCdK5x9osY6eOq41kF4iEpjb-98hV1KbE0Izg-5GFu8gPe41BMqoYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fcredit.hoacucxanh.com%2F&ds=l&xdt=1&iif=1&cor=12104170357698564000&adk=1761367584&idt=151&cac=0&dtd=9

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e0626538e7688b50e1b0fbcfbc10d25a845a990f042d75756dcb0762c415b608

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 Jan 2024 00:11:15 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40443
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame E8B5 6 KB
3 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16851892589229828232/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f4813e4fe6dd891838e421479bf603f6d3f0d2a55b90517b875a77050471d4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16851892589229828232/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 15:41:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30561
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2551
x-xss-protection: 0
server: cafe
etag: 4618035238173732404
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 18 Jan 2024 15:41:54 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame E8B5 34 KB
13 KB 18ms
15ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16851892589229828232/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16851892589229828232/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 19:07:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18236
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13035
x-xss-protection: 0
server: cafe
etag: 2319883687766034370
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 18 Jan 2024 19:07:19 GMT

GET
H3 200 fbb121ce222252c0f91b6e39148f25de.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16851892589229828232/ Frame E8B5 75 KB
22 KB 19ms
17ms Script
application/x-javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16851892589229828232/fbb121ce222252c0f91b6e39148f25de.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16851892589229828232/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ddd1ebc72eefea8442c0f0461e6f3c14ad5f198d275a1ca8ce04833809bda421

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16851892589229828232/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Thu, 16 Jan 2025 18:35:03 GMT
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 17 Jan 2024 18:35:03 GMT
age: 20172
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22927
x-xss-protection: 0
last-modified: Wed, 17 Jan 2024 17:38:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 29AD 0
0 44ms
43ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240116&jk=2962788950057247&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame CE95 39 KB
15 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:09:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25320
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 16 Jan 2025 17:09:15 GMT

GET
H3 200 P1hqgBmkkNDwT9zug75Po3J06KDKU0QoOZK6hiZMV2E.js Show response
pagead2.googlesyndication.com/bg/ Frame A266 51 KB
19 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/P1hqgBmkkNDwT9zug75Po3J06KDKU0QoOZK6hiZMV2E.js

Requested by

Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3f586a8019a490d0f04fdcee83be4fa37274e8a0ca5344283992ba86264c5761

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 02:24:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78383
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19859
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 16 Jan 2025 02:24:52 GMT

GET
H3 200 P1hqgBmkkNDwT9zug75Po3J06KDKU0QoOZK6hiZMV2E.js Show response
pagead2.googlesyndication.com/bg/ Frame AE11 51 KB
19 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/P1hqgBmkkNDwT9zug75Po3J06KDKU0QoOZK6hiZMV2E.js

Requested by

Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3f586a8019a490d0f04fdcee83be4fa37274e8a0ca5344283992ba86264c5761

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 02:24:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78383
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19859
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 16 Jan 2025 02:24:52 GMT

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame F90A 172 KB
61 KB 132ms
12ms Script
text/javascript 2a00:1450:4001:809::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 18:14:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21398
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 18 Jan 2024 18:14:37 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20240116/r20110914/elements/html/ Frame F90A 12 KB
4 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240116/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BYafx6yc7lLQQ7EUSGKArmggBdO25C5qvcrF8nkl85TYna3SWy9nANA29CBmB2JQkyTxLkUhJvwqq1y3sj_7neHLtXs1tWB7bDXm20mhV2Hdpwta9n_CjDwiXpn0-eGmxwl1eZn1Kww3QGwKg0jc-w4Yc-sotSWBQCoX-4iLWu7uNVLNA&dbm_d=AKAmf-AEIg5r407CPOf2qydWjjltVpubY4XtwQJWCDOvFVh0ptLK0HIZ8JNYi-YrjAGBlGKuCVLxDMH_mMr4XEkPDH92hxErAW6GvY5a7U9GNglFeRVA1pe8NDyQoFowowucI36qa9KJt_5xjwnJ9Hf9PwKGYQirEKqd06DD1QdMS9pyoNTWI2dJYkalRRArSTPpkGOmjoyEYMxkOq4U-O7ORDblJqcvQr4rmTzfdFaJ_AdYmwFGyTsl4_dwYujRtDMVfdUJIqYjrCCRRrKiZNpu9k8RmjeT2FBVDWlN6MP-c_eUq-CgAKy80bO5AkfgwXDgFvx2tRzfDAkjpcFiMPxY5lMJskAX6BCObC_smQHu5tLPLm3I_SenDB2Rp8gBLrxf1vAndZe0wu_kOzoOoz0EJ9cHxOUWHZx4Uq7xVLeGMih5AvWHaNGnj4g0mVQ_3sRk_8xuijaJrfD0DR3fKo_nyLqFIgYjIMcUlH8Qc8HbvT20vK_AUwIW5qc6UrF6zKir_w-RoD7TY4fwpDdrjAcLh1FS63VGdRUB5xxfaQw-ikB7LrKSZ3sxoZJRxN4AdqJQWDinJAounuFDOxK1gUe1WctLWoH2KSCTGxSCvwvLuKubG11vat07NcggaCtMzp9WGzaLEZZRYMHGUX9A-mCpKAq3epsNeN5Xya88liwoVBPsPjaaJECK_yhOI45QbjBQFpHucYtIjmJy1LynvS2FHV5cnBWVjOdnMpX25UGgvb0KtknhOCf17diUzwJ8pjZfgDnCBfAkeNECXtW-XdYjgHsBIOShnI97fLYGdztiqJcaI-VLj-yMCVap5Y2xbL5pFU3i8689aMK_VPPf95nYeryN-mrajsVfCQOuADgYxasiz6Bw8n7cpb5zzem-RvvWc-6tblxEDrSwG1GPbIam8Ln-mprXjmTQlagMTiX3oHbuxUgdDUjC2Ws_DODfgZZJx9zEc6v1FTXKEkZAcrdFmDm4OaIC8j7JQH1ey6DMXLWzLY6hb7rkreMaq3alNn3dobboBLtALkLWdyqlTF_hv0Ppha6SvqH_ZsD55jJBgmRZv9TPCt7cRhHo0L5BkYjGc6CZnS4SMqnpcCHlQdgpXO1LDqMGQQ0tcECPOnJzmIJj10_3FCx_6IgLqKDC1m1be7YxPwHwNC8eplj7AHVoX4VEDzrpt_7fLkB3pOWHe7HtD7PIRgsjBk5q_gYMc89ERvYbVNglzKy5Zt_V7CnVHJn6c9-mQvX1QdFsWIFATqvz9WFrTia0Jomws_je7I4fzr0kS6ajCi3X_CapXmHq4IaEQ_0XjZzIOt_HoiZ5E4YR4OfkSVL45Bd5iQKxGr7daK5322VYYdoZ6RnwuEqu5fXdmF14Q2NLe00po3vdakEj-cgLuxmIDOmm8ui9cIFEy8rei-xl6RUVNd29i-S9XylBhCtG07JihHgXxr7TvjHxK7CjgrUWcki_xeXwEyIV6MHO5iwcDm0C1SnAPDTC2OYpEOETWG1coTfKpB894BbmreXtEQOqfGpeeGWHU91Rf3TIyWqaTHfpIlUrAe4WkC03uWRfXcCtQ1VaDnuX50i8jssD4ropAo3-HAj_QaWWecF1-ztngwV1n1gecRxWAxcKuP1LtCMP7H_aq_JdcGttMhpHgpI11XNNPVBru4dwJrYQFIlQf2LWT3Flh6nwPY1oFCCASex_zyF8vXftWtr-cFsYPKEzhjjuOUMo4aVbvm0QK9ABy7Xe46NppM_gwZGCrJGOFIhe0MVWpTUOQshS_7MXYahfe51T3MtG9z2YYSce63ZaQlW3xGAhvriboQMP2ybgbMWzI6CHS6qQv_7MBgQNwLENEV2lGLuAJNVXKMlyhkFcaKMeM8TEgavuVaEKoyqIi43cg2Sk5mcdoSoFOMBBYSUZyinGPBnUSjptfxXRViyXxDgSF9qtH2wk3CEIunomMtz1EyC09f6K2aNfCXFSnQVvP2RpdLsr7sW3AgN5_IghtafgiTtjeuVxUCh94Z5AGqX9B6xlZgpoI6BWculObqhTYlbgxwprvnqaZ-2DDM2xpJDMivgKzgGbuKRb1QKVNmK4rbWHMQ-ICgwPB1ITWMt5eSJeLuiumQab7Z-h2ZqNeh79kf-eq0a_Eu7g-KuTudaPtXycmQm_d3zWwliiToKHW5G0HvHF1EHEkyli6_M7VhCu3fYIRBQni3dUswYZ5WdSGhkQ1Yq8NUtuntwUj7eQ8FY7u9-dYmyK6Mt1_MLLAriAK7cHMh9sbQ3TZ3na7ZF6mS8ELCkp_bjEnf2fhxkWJa7lh3OtPsj3_xaZq4US9s55CcQoH-0kAlaoRQQN5X3pjP0irP02hrLd3pSJGRByiYkDuOiNCUxgHotFQPEWXLiEkYEpGwenJeAmNftXCyS27DdRuIYnwRW7fB98dICG-KCGsd7T6VnEtc3l7BGKAEq3LgeE03GqwpSCgvwu1A-JzncQhIj1_ezRVxmErLZBZzjyF4Y6wOEvmbwhMq9Z3nz3YBrUjotIf7ggd6YHFhv233mxjM7O5tcFDP6mrllN3cz4pkBLyXTXnyUDWbMcgt9rhMvwj17T4ZOkMeVW6Uh7eKo_8SSMZcrb4HwMUGwuOPZtbM5X7VbU0niU1wclyZw1ucWd8fPIPvMe06s32JeUu-timyj1XMNd6rPkmTi015hFrvhcze_AXeaCKM8PbOcbh0HyKNYsNoZuuoB-o43xcgeFb-cN2CrYUGW7JIKNiZBA9MVjATkNcyxbGSJpEdLWdg1zWQ58nTOtPVfUVan5WXP7WbdtRlTR2E0456Bg5fhf25cQSKEnAQhUIzQR3gjMQedr_1ajd5xGSKE2PZWdkE1wu5s6K11xZvpeiFScIdPzxAXS_3S--Dt8KRgaI1LZFNtQteqprk9ZC-iFLQtmXD3J6rwbzzcbvdVjSIx2INv2rxfWctQhN0XnZCpXRUoSB2a-UE3pahZcn7IgPUPBpIOkbdmlbghWo4s9yWYVvpmac7dgoZ0bWJbXN_l3ReTvwnOkuq_TiPSyxlYNnucWj0ix5-rdfX2c83CoDc4xyEmHPTxTmHwQl80RRWuI9tCMSfkurXplXgzwLf-pCG3tWjtYfz2Xqg5-b0-XZRFq9FO3mYoQUnZtMln6X1PYU_oS41RTnS-tJwgqSaqhJOGbHtFtKxjyCN4dkmWpfIAQPBlmVffcXRP9cb91mXwVa-l3uffhlkrNvzkkwW5Cwh5wYd9UekVu9Y_15s87Z6p-m7J6zf9idF7-MqIhhkyGLV1KBB2dsZorZXH4tkLDbWMg8eG8eUyRwNGsAXngp8_x4re7TvhcDxgDp7jSWUJ3LuamPgaiG68x7LHbumVXEozn_SpUlR7D219RRQiD0fjOLE1c9h6XuEr28EddhBhsRDwqPl2TTAkiTNd8Jpo1jHVXNsx67-A1HsxQXB1BOnVt9GU8MDHceSarIKNNkfBxJRYcOK9Md6P6JeIXMH2tG17iPxrrOuMbXX4QzUdOBkjoRCKZr2ytdhiX6RdIp_nX09NJKuoWB8uvZWCPS2q6kg&cid=CAQSTwAvHhf_wND2HPxumvXkSe66faTidks3QB5Z3OcJY6TIboekoWRfIvGfCdK5x9osY6eOq41kF4iEpjb-98hV1KbE0Izg-5GFu8gPe41BMqoYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fcredit.hoacucxanh.com%2F&ds=l&xdt=1&iif=1&cor=12104170357698564000&adk=1761367584&idt=151&cac=0&dtd=9

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9159ff44d7094b8c99c902b187018a7e1115252e3c0438f9d4622295cd00d287

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 15:05:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32740
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4383
x-xss-protection: 0
server: cafe
etag: 1583492410672046836
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 31 Jan 2024 15:05:35 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20240116/r20110914/ Frame F90A 31 KB
12 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240116/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9dfbb8e1be036059aea6dd87bdbefa7ecada3617fb3f404ba4647ebbbf8160b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 15:31:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31189
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11885
x-xss-protection: 0
server: cafe
etag: 16863283086342074828
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 31 Jan 2024 15:31:26 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame F90A 41 KB
14 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:14:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24987
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Jan 2025 17:14:48 GMT

GET
H3 200 986d12bca5bbe9adee09dc3f55771ae0.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16851892589229828232/media/ Frame E8B5 3 KB
3 KB 14ms
14ms Image
image/png 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16851892589229828232/media/986d12bca5bbe9adee09dc3f55771ae0.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16851892589229828232/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7bedc367823756f80557aef8e6986f2409fc3fce27ee349d77e5f6bf9d248fec

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16851892589229828232/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Thu, 16 Jan 2025 18:35:03 GMT
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Wed, 17 Jan 2024 18:35:03 GMT
x-content-type-options: nosniff
age: 20172
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3089
x-xss-protection: 0
last-modified: Wed, 17 Jan 2024 17:38:33 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 998cade3c0f42aec2a561cffc2681c97.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16851892589229828232/media/ Frame E8B5 7 KB
7 KB 22ms
22ms Image
image/png 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16851892589229828232/media/998cade3c0f42aec2a561cffc2681c97.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16851892589229828232/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e14a83e5cdd81f74cecded91684413446b2672c8fc2247e719decf10b0f2bcab

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16851892589229828232/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Thu, 16 Jan 2025 18:35:03 GMT
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Wed, 17 Jan 2024 18:35:03 GMT
x-content-type-options: nosniff
age: 20172
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7350
x-xss-protection: 0
last-modified: Wed, 17 Jan 2024 17:38:33 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 slate_pro_300_normal.ttf
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16851892589229828232/fonts/ Frame E8B5 74 KB
44 KB 15ms
15ms Font
font/ttf 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16851892589229828232/fonts/slate_pro_300_normal.ttf

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16851892589229828232/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

19c968d7d23bc57c3af30a1d92ddb14053ff2cb169f74d49af0e8eda3f84b067

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16851892589229828232/index.html
Origin: https://tpc.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Thu, 16 Jan 2025 18:35:03 GMT
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 17 Jan 2024 18:35:03 GMT
age: 20172
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44935
x-xss-protection: 0
last-modified: Wed, 17 Jan 2024 17:38:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 slate_pro_400_normal.ttf
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16851892589229828232/fonts/ Frame E8B5 77 KB
48 KB 14ms
14ms Font
font/ttf 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16851892589229828232/fonts/slate_pro_400_normal.ttf

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16851892589229828232/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f4680e430c0a9c6f3afe29d817c2b2234e38f0094538c693cee666817d594b72

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16851892589229828232/index.html
Origin: https://tpc.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Thu, 16 Jan 2025 18:35:03 GMT
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 17 Jan 2024 18:35:03 GMT
age: 20172
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49004
x-xss-protection: 0
last-modified: Wed, 17 Jan 2024 17:38:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 4315
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CXST9oWyoZcySON6tjuwPoeKdyA2b5YSzddnavZjAEp7P5q2JAhABILa4rX9glYKggrAHoAGZwdWtKsgBCakCdNLL-YVCtT6oAwHIA0iqBN8BT9DOZnqD1vFCA_WHGt3e_Z77B_fsR0VGQ42...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2216717440647422379119%22,%22debug_reporting%22:true,%22destination%22:%22https://zimmerbiomet.eu%22,%22event_report_window%...

0
0

85ms
45ms

Fetch
text/css

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2216717440647422379119%22,%22debug_reporting%22:true,%22destination%22:%22https://zimmerbiomet.eu%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211370061977%22],%2222%22:[%22true%22],%224%22:[%2201-18%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%229717631977847400017%22}&andc=true

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:15 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"16717440647422379119","debug_reporting":true,"destination":"https://zimmerbiomet.eu","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11370061977"],"22":["true"],"4":["01-18"],"6":["true"]},"priority":"500","source_event_id":"9717631977847400017"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 18 Jan 2024 00:11:15 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 18 Jan 2024 00:11:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"16717440647422379119","debug_reporting":true,"destination":"https://zimmerbiomet.eu","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11370061977"],"22":["true"],"4":["01-18"],"6":["true"]},"priority":"500","source_event_id":"9717631977847400017"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 P1hqgBmkkNDwT9zug75Po3J06KDKU0QoOZK6hiZMV2E.js Show response
pagead2.googlesyndication.com/bg/ Frame 8CBC 51 KB
19 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/P1hqgBmkkNDwT9zug75Po3J06KDKU0QoOZK6hiZMV2E.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3f586a8019a490d0f04fdcee83be4fa37274e8a0ca5344283992ba86264c5761

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 02:24:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78383
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19859
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 16 Jan 2025 02:24:52 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 102ms
44ms Preflight
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 18 Jan 2024 00:11:15 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/18383340582406016154/ Frame A3C6 30 KB
6 KB 100ms
47ms Document
text/html 2a00:1450:4001:809::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/18383340582406016154/index.html?e=69&leftOffset=0&topOffset=0&c=uDyGbiVc5J&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

676611680682d6389c9edc48333bb61f622c5bf43b1039f8de4615a52eae191e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 18 Jan 2024 00:11:15 GMT
expires: Fri, 17 Jan 2025 00:11:15 GMT
last-modified: Tue, 17 Jan 2023 12:28:26 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame F90A 0
0 131ms
59ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstLBm9dwUCXN-2zw6aIBRR_bCoLVM22OrAeCb24e-zg7dvV9sBPc2O7J5xCA09d3BabW62McAGoQwZlOQNcKgP2YQla2B3Pfnv6Rlh2aJGXq7UQ471pFWlHFkNOyc5S6w6fFdeno8Bk0tJQtQwQFNd_tHQLqIqUl2qi-IYi8d4zL1gaMOClJUVpf2qqW9rtdaA7SI2bt0sEyHbI6vNNp9vlnZgyo39pYSsQNFhpI5oQrS1W4a41uT5zL0by3qG27r9y7hQY4E3TW5xIKMZGIERCV1gGxGfm0eIATPNvywyj0Uw73h-FSQirjUM7o2DLiTndMvR-kqEwdjbWqRChA2uvbLw6GLcrfGb2BDuxcXnS4DPvABKH7BMJ8QcN1g1NF_AjeP5-0aiY61oP4yzaT49fwhewh6vXJS_22vYrLSJx1uVHEWvpspXD6rKHhtbiCh-rq5sBVaOCZZmDy_fgmkTsQUUFPkDO7LGYnUKmtISBl04kV3nEou7kG_tyFpD9pASNLdQVt5slbqEnES6j_UspKtG-IQxeK724lBf8DPJ3RY3AyCqcWoZfktutgU_XmX-2RppNxtyBcB7WXOSqFfusp2m8dPT2KkaREsDJx-iwWQ0FAzLchiG3EClc1UiJ3Yngcb1czqZtm0qNpoE--kLTUcmOYlcqV8m1XXjSmR8-nYE1wMenc5z3AI6Ap0FgwRoG2UmQ21qWkCfPQRNWhhvEN4PDLijR0oUt0JvZoMfdm8E8Ig8jhyC9vqhY4p7kF3IRWi5fZLq2sXxlpR0hAg-NwdjmG3G6iAOdfyAXz39ThiTv0omCcOp_zkF7udBmcZAWabVZ1VyoTkWHlAfxkSVKD6sZCBmdTSp8NqnJl252qBfZWar9cynjg6exWipYsqItqj_kcWazObIqBAtzMSXE0HovjR8efK3OTJxpURB1kBLJTB1KSfkb3g0D7G9UL6YJcFN4-KfuI5droYOrgithIdCDt1cduExS3J9ahDqHELV7oDZZ0Jv9aZG3-u1TGOfBSL4vK9TotTb7pJlqA1HcF88qyOjrIjG2jBDqtSW8Symu2kLEvjFnbUcupJu5N1lrKWAErxH5xSe0hg8CBgdvKHA1ie_askGzvgny6PYMxYWHmXJro86ClAK958ojs8oRHJ51TDxyvgiSPhJ0MmkLoxUHpoENVWndrgwoeFDmBigbu0Yfb1YQ-cdFxR_Q3Gq2y9Ts2au1OA2RPHWhKY9foh8xdimHGv-7BL14kjvVamX2esolsvc2h1oYOJAXKBPLCwW4IsUz3No7_2h0VEmAY2hsjQskghCgu4PqUWmVbwlI914b9Wa1_bRP_rY&sai=AMfl-YSVuOQfju0BTbWj31i73NC3qr1qkNe2Z2j7RMnUqwvwPa3Zn3dEAiG66PkszIseNmzBPzhYXo8c3QC1m3MCXwW1XW_PlWl6vUaJQYHC9UOUf6y5hkUwbreQtMiyyFkbxquPACHZnXxRrT5w4x6zkXQgmltTEUBr_0f0QVlOn8FeKYmKwSWfnilf7V4E4CqFKXg81JGx78_zhuEkdUxDlwEEi8HE2jSIwLv6RtdLBjEqRjTVx31itRUAR6cWr8bgTkt-0gmiXaunfYWZ_87-sOmN22FAMyHgeG6CNfvGXQ&sig=Cg0ArKJSzGgynwZUlmvMEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=420&cbvp=1&cstd=408&cisv=r20240116.22936&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 18 Jan 2024 00:11:15 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2

200

firstevent
skydeutschland.demdex.net/ Frame F90A
Redirect Chain

https://skydeutschland.demdex.net/event?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=184104840&d_placement=383214997&d_campaign=31046188&d_bust=991355953&gdpr=&gdpr_cons...
https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=184104840&d_placement=383214997&d_campaign=31046188&d_bust=991355953&gdpr=&gdpr...

42 B
733 B

38ms
35ms

Image
image/gif

52.19.219.1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=184104840&d_placement=383214997&d_campaign=31046188&d_bust=991355953&gdpr=&gdpr_consent=

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240116/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Server

52.19.219.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-19-219-1.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

dcs: dcs-prod-irl1-2-v054-08513f95b.edge-irl1.demdex.com 4 ms
pragma: no-cache
date: Thu, 18 Jan 2024 00:11:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: zl+r22LnTGM=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

dcs: dcs-prod-irl1-1-v054-04bfcd41e.edge-irl1.demdex.com 0 ms
pragma: no-cache
date: Thu, 18 Jan 2024 00:11:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-tid: JioLs5x8R18=
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
location: https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=184104840&d_placement=383214997&d_campaign=31046188&d_bust=991355953&gdpr=&gdpr_consent=
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 46ms
45ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_stats&wpc=ca-pub-9268344707835381&su=credit.hoacucxanh.com&eid=44759875%2C44759926%2C44759837%2C95320238%2C44798934%2C95322195%2C95320889%2C95321627%2C95322164&doc=complete&pg_h=3156&pg_w=1600&pg_hs=3156&c=0&aa_c=0&d=0&all_d=0&ard=0&all_ard=0&dt=d

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 Jan 2024 00:11:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame A0F7 38 KB
13 KB 17ms
15ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 24987
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 17 Jan 2024 17:14:48 GMT
expires: Thu, 16 Jan 2025 17:14:48 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 P1hqgBmkkNDwT9zug75Po3J06KDKU0QoOZK6hiZMV2E.js Show response
pagead2.googlesyndication.com/bg/ Frame E8B5 51 KB
19 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/P1hqgBmkkNDwT9zug75Po3J06KDKU0QoOZK6hiZMV2E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3f586a8019a490d0f04fdcee83be4fa37274e8a0ca5344283992ba86264c5761

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 02:24:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78383
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19859
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 16 Jan 2025 02:24:52 GMT

GET
H3 200 style.css
s0.2mdn.net/sadbundle/18383340582406016154/ Frame A3C6 6 KB
2 KB 17ms
16ms Stylesheet
text/css 2a00:1450:4001:809::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/18383340582406016154/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/18383340582406016154/index.html?e=69&leftOffset=0&topOffset=0&c=uDyGbiVc5J&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9bb3329fceb32eeb7471704ed5c4de1029ff2a9405593917ec9f3b0234e8da02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18383340582406016154/index.html?e=69&leftOffset=0&topOffset=0&c=uDyGbiVc5J&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Thu, 16 Jan 2025 13:04:03 GMT
date: Wed, 17 Jan 2024 13:04:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40032
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1807
x-xss-protection: 0
last-modified: Tue, 17 Jan 2023 12:28:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame A3C6 118 KB
40 KB 15ms
13ms Script
text/javascript 2a00:1450:4001:809::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/18383340582406016154/index.html?e=69&leftOffset=0&topOffset=0&c=uDyGbiVc5J&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18383340582406016154/index.html?e=69&leftOffset=0&topOffset=0&c=uDyGbiVc5J&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 19:49:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15735
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 18 Jan 2024 19:49:00 GMT

GET
H3 200 gsap_3.9.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame A3C6 63 KB
25 KB 59ms
58ms Script
text/javascript 2a00:1450:4001:809::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.9.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/18383340582406016154/index.html?e=69&leftOffset=0&topOffset=0&c=uDyGbiVc5J&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18383340582406016154/index.html?e=69&leftOffset=0&topOffset=0&c=uDyGbiVc5J&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25329
x-xss-protection: 0
last-modified: Wed, 29 Dec 2021 19:08:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 18 Jan 2024 00:11:15 GMT

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame A0F7 39 KB
15 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:09:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25320
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 16 Jan 2025 17:09:15 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame CE95 0
10 B 15ms
13ms Image
text/plain 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?hFTi6g
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:15 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame F90A 0
0 58ms
49ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstLBm9dwUCXN-2zw6aIBRR_bCoLVM22OrAeCb24e-zg7dvV9sBPc2O7J5xCA09d3BabW62McAGoQwZlOQNcKgP2YQla2B3Pfnv6Rlh2aJGXq7UQ471pFWlHFkNOyc5S6w6fFdeno8Bk0tJQtQwQFNd_tHQLqIqUl2qi-IYi8d4zL1gaMOClJUVpf2qqW9rtdaA7SI2bt0sEyHbI6vNNp9vlnZgyo39pYSsQNFhpI5oQrS1W4a41uT5zL0by3qG27r9y7hQY4E3TW5xIKMZGIERCV1gGxGfm0eIATPNvywyj0Uw73h-FSQirjUM7o2DLiTndMvR-kqEwdjbWqRChA2uvbLw6GLcrfGb2BDuxcXnS4DPvABKH7BMJ8QcN1g1NF_AjeP5-0aiY61oP4yzaT49fwhewh6vXJS_22vYrLSJx1uVHEWvpspXD6rKHhtbiCh-rq5sBVaOCZZmDy_fgmkTsQUUFPkDO7LGYnUKmtISBl04kV3nEou7kG_tyFpD9pASNLdQVt5slbqEnES6j_UspKtG-IQxeK724lBf8DPJ3RY3AyCqcWoZfktutgU_XmX-2RppNxtyBcB7WXOSqFfusp2m8dPT2KkaREsDJx-iwWQ0FAzLchiG3EClc1UiJ3Yngcb1czqZtm0qNpoE--kLTUcmOYlcqV8m1XXjSmR8-nYE1wMenc5z3AI6Ap0FgwRoG2UmQ21qWkCfPQRNWhhvEN4PDLijR0oUt0JvZoMfdm8E8Ig8jhyC9vqhY4p7kF3IRWi5fZLq2sXxlpR0hAg-NwdjmG3G6iAOdfyAXz39ThiTv0omCcOp_zkF7udBmcZAWabVZ1VyoTkWHlAfxkSVKD6sZCBmdTSp8NqnJl252qBfZWar9cynjg6exWipYsqItqj_kcWazObIqBAtzMSXE0HovjR8efK3OTJxpURB1kBLJTB1KSfkb3g0D7G9UL6YJcFN4-KfuI5droYOrgithIdCDt1cduExS3J9ahDqHELV7oDZZ0Jv9aZG3-u1TGOfBSL4vK9TotTb7pJlqA1HcF88qyOjrIjG2jBDqtSW8Symu2kLEvjFnbUcupJu5N1lrKWAErxH5xSe0hg8CBgdvKHA1ie_askGzvgny6PYMxYWHmXJro86ClAK958ojs8oRHJ51TDxyvgiSPhJ0MmkLoxUHpoENVWndrgwoeFDmBigbu0Yfb1YQ-cdFxR_Q3Gq2y9Ts2au1OA2RPHWhKY9foh8xdimHGv-7BL14kjvVamX2esolsvc2h1oYOJAXKBPLCwW4IsUz3No7_2h0VEmAY2hsjQskghCgu4PqUWmVbwlI914b9Wa1_bRP_rY&sai=AMfl-YSVuOQfju0BTbWj31i73NC3qr1qkNe2Z2j7RMnUqwvwPa3Zn3dEAiG66PkszIseNmzBPzhYXo8c3QC1m3MCXwW1XW_PlWl6vUaJQYHC9UOUf6y5hkUwbreQtMiyyFkbxquPACHZnXxRrT5w4x6zkXQgmltTEUBr_0f0QVlOn8FeKYmKwSWfnilf7V4E4CqFKXg81JGx78_zhuEkdUxDlwEEi8HE2jSIwLv6RtdLBjEqRjTVx31itRUAR6cWr8bgTkt-0gmiXaunfYWZ_87-sOmN22FAMyHgeG6CNfvGXQ&sig=Cg0ArKJSzGgynwZUlmvMEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=742&vt=11&dtpt=322&dett=3&cstd=408&cisv=r20240116.22936&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: credit.hoacucxanh.com
URL: https://credit.hoacucxanh.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:15 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame F90A 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4113fa2999db9f24e8d60b0403560188e8a5620729ee1601c36151f4a026308f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 nowtvtext-bold.woff2
s0.2mdn.net/creatives/assets/3690075/ Frame A3C6 30 KB
30 KB 34ms
33ms Font
font/woff2 2a00:1450:4001:809::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/3690075/nowtvtext-bold.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/18383340582406016154/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

20c74099800465c67556724a9ff0f7f5160e51c541392c2fa1836cd7f785682b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/18383340582406016154/style.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:00:36 GMT
x-content-type-options: nosniff
age: 639
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30332
x-xss-protection: 0
last-modified: Fri, 15 Oct 2021 08:32:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 18 Jan 2024 00:15:36 GMT

GET
H3 200 nowtvtext-regular.woff2
s0.2mdn.net/creatives/assets/3690075/ Frame A3C6 29 KB
29 KB 34ms
33ms Font
font/woff2 2a00:1450:4001:809::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/3690075/nowtvtext-regular.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/18383340582406016154/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b60269b139f53846dacaf5effdae581cd34b908990abdc44c915db3f649a478e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/18383340582406016154/style.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:02:39 GMT
x-content-type-options: nosniff
age: 516
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29628
x-xss-protection: 0
last-modified: Fri, 15 Oct 2021 08:33:12 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 18 Jan 2024 00:17:39 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame A3C6 8 KB
6 KB 59ms
53ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84a806feedc8946c6b2d3cc19013768aee1fc9cbd9f684a69410b0c6f39a3aa2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:16 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5809
x-xss-protection: 0

GET
H3 200 DCO_WOW_GoT_Binge_160x600_1.jpg_1704959227725_DCO_WOW_GoT_Binge_160x600_1.jpg
s0.2mdn.net/dynamic/2/11030228/s0.2mdn.net/creatives/assets/5097321/ Frame A3C6 79 KB
79 KB 21ms
16ms Image
image/jpeg 2a00:1450:4001:809::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/11030228/s0.2mdn.net/creatives/assets/5097321/DCO_WOW_GoT_Binge_160x600_1.jpg_1704959227725_DCO_WOW_GoT_Binge_160x600_1.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

838493930dac2ef5083c29f2f41e8441103cd75509d42e6663dbf0323949d034

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18383340582406016154/index.html?e=69&leftOffset=0&topOffset=0&c=uDyGbiVc5J&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 02:38:16 GMT
x-content-type-options: nosniff
age: 77580
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 80419
x-xss-protection: 0
last-modified: Thu, 11 Jan 2024 07:47:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 16 Jan 2025 02:38:16 GMT

GET
H3 200 DCO_WOW_GoT_Binge_160x600_2.jpg_1704959227725_DCO_WOW_GoT_Binge_160x600_2.jpg
s0.2mdn.net/dynamic/2/11030228/s0.2mdn.net/creatives/assets/5097321/ Frame A3C6 77 KB
77 KB 27ms
21ms Image
image/jpeg 2a00:1450:4001:809::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/11030228/s0.2mdn.net/creatives/assets/5097321/DCO_WOW_GoT_Binge_160x600_2.jpg_1704959227725_DCO_WOW_GoT_Binge_160x600_2.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a3fb2bf94f809979cac0f62f435bc6fa6c2f54b5af92321bf203868d088974e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18383340582406016154/index.html?e=69&leftOffset=0&topOffset=0&c=uDyGbiVc5J&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 23:11:28 GMT
x-content-type-options: nosniff
age: 89988
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78554
x-xss-protection: 0
last-modified: Thu, 11 Jan 2024 07:49:13 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Jan 2025 23:11:28 GMT

GET
H3 200 blank.png_1670941006737_blank.png
s0.2mdn.net/dynamic/2/11030228/s0.2mdn.net/creatives/assets/4631681/ Frame A3C6 95 B
120 B 20ms
14ms Image
image/png 2a00:1450:4001:809::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/11030228/s0.2mdn.net/creatives/assets/4631681/blank.png_1670941006737_blank.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9df9512d0f2332b34e43e220b6bdc675dc6b663e72406edde64fd96dc9128e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18383340582406016154/index.html?e=69&leftOffset=0&topOffset=0&c=uDyGbiVc5J&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 14:21:28 GMT
x-content-type-options: nosniff
age: 121788
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95
x-xss-protection: 0
last-modified: Tue, 13 Dec 2022 14:19:23 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Jan 2025 14:21:28 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame A3C6 17 KB
6 KB 30ms
28ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 00:11:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 18 Jan 2024 00:11:16 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 4315 42 B
64 B 49ms
48ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstYkQJxElIITbtfnJHoIiZBYE0BXvdS8GQ_BB3dzmBO0sIBgf0jbEAm0zMTDWcyHFtMolR7hTg1AzUWzo9i9BsUaxJqCuAv9nk35xFAXlVkaob0X2BEndt2CuSnK34997d76nR1vWSka3bPd1eavUPB2nplnFdGVqAkYML4y8SUNU1J6hINkKMsQU5IbvhhpdwliZG4FLy2hHFvR8rd5hLox9_C8EFBhw42weEEKhfWV_TRPYmNs51Bm1yvWNbBAxoocXM12KAOfjusfPt4F_5vfSuAFnBhCRd8f0OMODqq3LD7mlM-Y1ITg3o-RvHK5Qdl4MwxQBnySCQEC4oIkcoKf0jiYFy7pXNaJ7Qoakm-0-ViozN58dmbzhWoskQcR1dy1kFtJaZ7VlXZOqak1nr6v-eV6HiWOA_bHJoKcKW4oqghr72-2MPr9eEYux5poRK0YcBv9TOC6EKJY29_blEnwYSkQ3xzzKcdJHA2X8kav9tHb3NRA2owVpb7Psw4FBUP8m5v3WxNTLoLGgdcGro1fez9KGNQ_B_9Uyl0u6Dzc_nON5ekFCQOaUOghfKqBXZZ84KEAuIyjlI8RGv_ex7txyIikV6GCjZVMxyMdKuFU_s653fwjKi3o-LpixAembtPs2YnhpDI9JiMrsUuaZO49JnZXX_iXz96BzTDE2t7PVLlkiZ-CDIjmKMHJZ7klmEUxrrh6ED4TC8EANS_eBkRR96xzJu6K9uNGTs-C6L2OX2GneemcL4t-_sBIJ9YOjwehayl2LtpYJyr-mEZjImTY5PCwzLcwjVK2cdPsthPdVC4dCgt3C3iZy3t1f9r5rgsyNPrV0FbWgxO2w6oifvsKn5s6WYaTued7V4jULOeNIJEG7HcjCAtpXx-TM_B4kyltMG3HhqqdvCI_PKEAiNQRGeuRqF1Fkr24QP6MDIFocC0BWtZd8SwfvnIsBeBDmQEaBq1Zte8x2T4MiWdE4XoklgQYH4mMR_gTRZJwmqiDHNtdWDvyZz-Nuq9Wqfawe_CcxQX0eRFLMaDWOHHLvi5M_y4zWVzIJKOSHA1MAi9HVV08RcxsmMc-VMMGBgtmuuyOgk-eopN1rhG0vcyi8FWKGzOypAqA6J9USvYyj5upUfKwHSN9RG_BxOrWl_REFjXkHqF1k3L-k1QwAZkHt6c&sai=AMfl-YSq1oQMNdVyfm1V4d4pXpLLA6R3bpfzjlaGVk4cE4e4e9-_Yv_Ig4VE_TyS-d4Ta4KSHnorcNkI7JLxlTePsnLlkTNjlEOb5h-GY5wjPA-EIPge0kFpl1xEWk1KRn4a4KbXk43EKV3ZmR8j6gsX9-K7220wKj-ZzbC-dqk&sig=Cg0ArKJSzDeiD6y7nykHEAE&cid=CAQSTwAvHhf_wND2HPxumvXkSe66faTidks3QB5Z3OcJY6TIboekoWRfIvGfCdK5x9osY6eOq41kF4iEpjb-98hV1KbE0Izg-5GFu8gPe41BMqoYAQ&id=lidar2&mcvt=1002&p=0,0,124,1005&mtos=178,875,1002,1070,1070&tos=178,697,127,68,0&v=20240117&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1705536674634&rpt=371&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 Jan 2024 00:11:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame 5B86 39 KB
15 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:09:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25321
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 16 Jan 2025 17:09:15 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A0F7 0
20 B 51ms
50ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BFGHCo2yoZd6DA5_gx_APwuakqA8AAAAAOAHgBAI&bg=!bW6lbiHNAAa8BdJLnAU7ADQBe5WfOB2wleO0Ey4olb_ASwHsIciw2d-3UuoGN6DixPYYh29Ofe1lqyfu8J11O5N1_51JAgAAASRSAAAABmgBB5kDCLSDs3YLYma5AwxE5kfOf2mRAU3vO0erUdf4D-tUe-iVwC4rqvVPUZlEijNZpSq-FXgJyFRPNC4yarmnLOHTfa3atOQH7WaQdbs3R_HWmp0IH3FBiu3JvYCoz3BXWKscQS-4H6LIkMnkCqWAWi1X3iwY_FfZz7Z9qC7BHQPUBpwDZY-6XG_Fgvd2-bhQLbICgGmyKucycOs5Keie1JmJl38bQm0Hpmktwn4tJYrc8uTqNF7BSgG-horBLzIHRLoFo1fvHR5IbQs53p6uMfuG0FpmCAhzEsFboiCEuiwToVHLS5TVm5hjGIwSS1i5P7DeqqWtSC1S_FJkkZj9H-c7TJ8HKcjqy8ZvFbYswyFlyB1814YqNXhbnkGJJ73hM8oxUqXuCSWxZPn3Z9OXwBQtzjDuve06AuhWp1-04YJae8YIimv5Htq1cjlrMcTJmc298B-kJjTRuaUs9r1XLMqzC1aRiycSaNRvdHyuEnXFZDbxTVQ-q7dxilv6n7Es7SIJLuuGUkabrLiY64nCiJwyZLZMHgtB6aGz-Jfb-kHKYWl96031PIHpPQ8Z551JbWUwTAVpDvE47gIcj1RQezE_9ZdIMRa8d398XGGR_Y8LhG0rR_0_zT0knJiwR6aQAFK1N7TMgModQ2oIUaDZgAqMwpyPBgg0YVnyRehzuJlm841bhqUKplq48MwtGKxUL9PcxcshavRQuPCU2sgzRocLg7fyEDTFImWUyDmTGHNkmnRF4hKe6MvwqRA2cJoPseT6gfxwUXsquPYfx1duC1SPtqLgbdTvF2lQj395z2rEfI2KiGuteNATEZ5VQmm2lhTwuyJKomoWEqI_aJES29snvpMUbz_UgbDiDOklvfTHQRZGr8gbDk7Xz7x9Oxq6XXQ9kPLzT0GsFZdb9rywXipaDw6xM4RhE72EP-kSF30vo7Fn1N8RtsKWpJTL9JeAqrFiElJSdP2ZOZcu8Lg3I84XklPUDizJQH2v-tyoPtvzcn2v9T6b8j1hb69_DCnwwvUd1s_W6qAgn7W3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 Jan 2024 00:11:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 114ms
53ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240116&jk=2962788950057247&bg=!mJulm9TNAAa8BdJLnAU7ADQBe5WfOLI1YzSL1gvlsJaQuIwvdroYC2LBKarO1vz0sugOuKBSvFuUKOy3p1U29pKihwtfAgAAAohSAAAAB2gBB5kCvHf5xhZXUWPE2MgzMFNlJx5DMTv_aUVp-PD9Ov69l5lPV0-LXxcwt8Le7yN4XiWqlQz1jqm8go03IqqVI3cs0BHmWXG2mK5IjqmOl5kBMqwP6QmnIEhTTAoME2wKRN4mdnkOK1J6R1UNRvoxQEEyCYhCIbBW2XQa8qI723sz3gbO-m63Lx4qVwvn7WbX7pjuzrhl9ZYkqibjEMSgBEGlToL8V2f6Pi50T-vjV7i2BzkVYQrfFdL_Poa_tM_RlW4_n2L8YeMmtAHy3hHFcaCqAbXfo0S_Dc7sx4GhV0aOa7U9BNz5yOms2hCf0r2Oo3JWqybb_LS0hfannP8F5UvYpUXyoWO6EDyaZdNtfbWr2qrzk40G73MWzmMfShOG3RQEryn7Tn04ErfHx5wmWAser-eSfjG-pJaheI8hvtSgJjfVKMhqenfS6tSWNsKLcLOtXtXI_54uv0Cg6Ile0oTqi2Fi8-QqucE2STbpOMi7ylTszHlQ2qcNgX3sPO3iJgYvOo7hkbpa7TTqe4-rT9lszsMQXR3lEGzbVanYvxPiCC6eBCYW68f_KToRlWK9cY2ZCMDx2raXc1RO3BTchWzOu927Xs2fSsrhCkN8lKQ_r4TqCY3k3jR48N44hTzkoQcVx-h4Wdnx4D3KzLFyuNjaM1SfZC6hproXUu8IUNtSHVP8vYmxH97oTmzwRnRWs16-tDDZz8NT3OP_o3GgiRcCdnjXmTAfajAysTCrlSrdXhDPUGhe9xJDeyDu6sTDHvAYulKLNh7kMl_fjI3f941UKNmIF66ebBZex8fEY3XouyGNfRWadbC_GhnjjSWI7dGlIx8mhPbnHvorK-seBvoXbB5VhYk8NtyoSMG0kPd0rlaVyE3bQM0IpMAuLq_gILsRf0VKRbHgjcZoox29zdVVzBQy3f2IBddBEOFZak0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credit.hoacucxanh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F90A 0
20 B 90ms
83ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=7971836569194&version=m202309260101&ct=76&x=1&cor=12104170357698564000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 Jan 2024 00:11:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F90A 42 B
64 B 121ms
90ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssAPm_iYS_h9aRvxp6Y-m_G-phvPtrh3gTq0gg12H5zFPPqCEVG3he-mnaGQeetxjzxnMOuk63gNuSQhopoFWeRVuIqeqUK3t1dEUNPI2KhVM2tXATRmmupRIXUdumZSElkkZYEFrKGR5QCbhUOLT4ZNthK&sai=AMfl-YTN_zoOW4RvMAdlLywsobXXNx2fPu_3Jj36iBfEp_G1JMZsiYBxjejQUrUrls_cHThtKjkRXhB2exQfNMRW4Ud-0M5oahyd70TrEDF85MJYM0EVIKe829ghWIKJ6mbfyXwNCAnkZuPcG0tEBzWceA&sig=Cg0ArKJSzGnrl8lUBSMZEAE&cid=CAQSTwAvHhf_wND2HPxumvXkSe66faTidks3QB5Z3OcJY6TIboekoWRfIvGfCdK5x9osY6eOq41kF4iEpjb-98hV1KbE0Izg-5GFu8gPe41BMqoYAQ&id=lidar2&mcvt=1001&p=0,0,618,160&mtos=0,1001,1001,1001,1001&tos=0,1001,0,0,0&v=20240117&bin=7&avms=nio&bs=0,0&mc=0.97&if=1&vu=1&app=0&itpl=20&adk=1812271804&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1705536674712&rpt=491&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 Jan 2024 00:11:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

46 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-21 03:07:12	Name: IDE Value: AHWqTUlr9JOYsJvgqHWZ_SF3fbmrJy_AwhrPoGupFTZcUbI5WzMAv94lQyDSirf1
.hoacucxanh.com/	1970-01-21 03:07:12	Name: __gads Value: ID=874db574675239be:T=1705536673:RT=1705536673:S=ALNI_MZaYx0mLc0QQMzQB4p5LdYBdo7CxA
.hoacucxanh.com/	1970-01-21 03:07:12	Name: __gpi Value: UID=00000d4398085ba2:T=1705536673:RT=1705536673:S=ALNI_MZv_GYD5i9ZUh4Kh39Yd0mDwveISw
.casalemedia.com/	1970-01-21 02:31:12	Name: CMID Value: ZahsouKoR-mSfdg.ho.01wAA
.casalemedia.com/	1970-01-20 19:55:12	Name: CMPS Value: 1172
.casalemedia.com/	1970-01-20 19:55:12	Name: CMPRO Value: 1172
.adnxs.com/	1970-01-20 19:55:12	Name: uuid2 Value: 407125894308667931
.adnxs.com/	1970-01-20 19:55:12	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E>4j+APs!]tbPl1M>e)ZlrFUfJ+tGXxomAJ-<NCA`_J<Tq#e?pbmdFsWi:YZRYs%jQ`Y3If)y3KL9D3I?+P-BZXW
.adnxs.com/	1970-01-21 03:21:36	Name: XANDR_PANID Value: FKJpaVGNdt3sA86BmJKUxgbDis6KuxM5TsCJ24laLQ2Msdv4x19ONVN-Y88xw4agKzCsTpDgtg7R1NFF-2DrNOYaVFrre7eJBD9PCJ1fjuk.
.doubleclick.net/	1970-01-20 22:04:48	Name: APC Value: AfxxVi5ZtsSFyC9TVW9aesud1GJv-I4PiDlkIQpG2-99QyCvTOKNVg
.googleadservices.com/	1970-01-20 19:55:12	Name: ar_debug Value: 1
.demdex.net/	1970-01-20 22:04:48	Name: demdex Value: 68420625161366572234391706739925742948
.skydeutschland.demdex.net/	1970-01-20 22:04:48	Name: skydeutschland Value: 68420625161366572234391706739925742948

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cm.g.doubleclick.net
credit.hoacucxanh.com
dsum-sec.casalemedia.com
fonts.googleapis.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
pagead2.googlesyndication.com
pixel.adsafeprotected.com
s0.2mdn.net
skydeutschland.demdex.net
static.adsafeprotected.com
tpc.googlesyndication.com
www.google.com
www.googleadservices.com
www.googletagservices.com
www.gstatic.com
104.18.36.155
142.250.185.162
142.250.186.130
142.250.186.34
185.89.211.12
2600:9000:223f:9200:8:48e:53c0:93a1
2606:4700:3034::6815:5c92
2a00:1450:4001:808::2003
2a00:1450:4001:809::2006
2a00:1450:4001:811::2002
2a00:1450:4001:81c::2001
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:830::2004
2a00:1450:4001:831::200a
52.19.219.1
54.188.212.1
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0e1536ec01be2959f60ab02b0194f62521734031080914187efc25e482fefdc9
154910895ac3a37d3fec6550bdef7627d9708c13c571e164e325d2bb4fa8e839
16a9e697fb42886d92bb25bbd9340cb358db5c81d5b95c993de7c34ef8ecf177
19c968d7d23bc57c3af30a1d92ddb14053ff2cb169f74d49af0e8eda3f84b067
1cfd32e37f8aba263101f06e8f702adfaef55a6601857cf5e2c6dd0b0388dcd6
2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e
20c74099800465c67556724a9ff0f7f5160e51c541392c2fa1836cd7f785682b
2bd1d7b6cd751fed16bfba218e8d7a7de2cfb3b718932091c7f75b555e928bd5
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
3b4119ed5d4d27da0b9e157e64effce628d079e44ecbf7c661a2fe1b33fab68f
3dc80b15db3d7d6884d4854a0ba4884195d47c0147d7605da068cf1f3d4857ab
3f586a8019a490d0f04fdcee83be4fa37274e8a0ca5344283992ba86264c5761
4113fa2999db9f24e8d60b0403560188e8a5620729ee1601c36151f4a026308f
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
44f6db744eeb76ff8647b8791179a3f7d92e9a8a4a0e339d907b0c4b2869224c
453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22
47aa507aa520ddf600e955596eb5b75a117eba68760dc9b10c5cbdebff98a9f0
48b4f27028d9a9a59beeb48de1607a647fad54de8526859a27dd0dc434dae9bc
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4bd938863d8e473540c7300aec8fd156822f4701cee5fb6b3328a2cc9b0a012b
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4ed10d0d64bb1515397e8666a63f484d640dbc5678fa62574e077b7aef1c3af2
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
500cd0ebc3f28920c5a38dae47023ed5c647271a1635d1afd1a772a4481dfcba
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
59cd407c90b2a4c2ddf13d6413e014ca2c00def5c24dd48b958cbb6763641061
5bbcad4336c05f1c8886288e16e5c99a3e86c78e2bec51e5c59e62f8f561f86f
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
676611680682d6389c9edc48333bb61f622c5bf43b1039f8de4615a52eae191e
698b89c0da3d319754d6a837b5e6d4e6a42dc402d9ffd7559b8c4cb29c644340
69c32d8650b1e5f0bcb76d787972b68a1ba327ea5bd8da7ab8ca1a04336735c0
6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f
6f4813e4fe6dd891838e421479bf603f6d3f0d2a55b90517b875a77050471d4b
7a519c62e734157227e61ce5209158e1b7b484b5f2b68e3ccaed1ffe444de36d
7bedc367823756f80557aef8e6986f2409fc3fce27ee349d77e5f6bf9d248fec
7e3559d6ffac7fc54d6edaa79b6e7330fab33fbdffc174a27c58b25e5b3952d2
838493930dac2ef5083c29f2f41e8441103cd75509d42e6663dbf0323949d034
84a806feedc8946c6b2d3cc19013768aee1fc9cbd9f684a69410b0c6f39a3aa2
85520b70affa8735ae15edb5fa1abc4e7352b93476fa96d6599b30156127ca8d
85d3987a45a0fdca18652344761e0dce4f3616d51f7788ad3447c18a8eea5291
8bf91ea812ac0cab2ba06b3447807d5cdc66e7d660b6447ac56d5d28848ed9c1
9159ff44d7094b8c99c902b187018a7e1115252e3c0438f9d4622295cd00d287
972f7a26f860f2f122dcf2a4c5cae616df3a4a83e0c8318a1afb824c766fb651
97c530c44249746307c2b01b37eed0f53757d139bc4243798f468c71da9844da
9a3fb2bf94f809979cac0f62f435bc6fa6c2f54b5af92321bf203868d088974e
9a4eb2c9445287c34cb0a9ed5cc673460362483f0855bc91f8230dfa46a955e1
9bb3329fceb32eeb7471704ed5c4de1029ff2a9405593917ec9f3b0234e8da02
9df9512d0f2332b34e43e220b6bdc675dc6b663e72406edde64fd96dc9128e1b
9dfbb8e1be036059aea6dd87bdbefa7ecada3617fb3f404ba4647ebbbf8160b1
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a4b3b91b775b356ac4b5c34ac94dbcc1212ef23b5e89bfa9bfcc92e285a4447a
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a7fe9347c265a8ef227a2c0e3e0e6e62e75f14784355f556fa9ddb864c5753f6
b0583467641da1b816d542a9819a7dc8634c924e969c174352f75a049f8187d7
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b315ff0d9f6d4efc412802b2b240b62c7d0c30a360285883549980e6b251a0bf
b60269b139f53846dacaf5effdae581cd34b908990abdc44c915db3f649a478e
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
cfad56f4135ee07abcf2fbf53368004b07bee21f9215e08c38b28441a0dcb6de
d0ca234157607e98e8ab530c3eca28702367e793f4c5bfa658118ccad71bc8c2
d172aab1f78c090353f8b507498e327bc011679aba3d8d92e456451de82091da
d233ae3f0c2b48dc6f71e32ad7e23ba5e1d64b59af7e8d5592375d14887f3e97
d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae
d7b66acb0c96567acc8707b2473c308c2cb90430df021e86b9c6161e60e3e752
d8e8b70424cd0f3f1f5a9285e3b0d2a0d5546f371544550969facf69b81a0d90
d9a3e8f06cc8581fd6eeb011535e3fe287f9d38d22be1ec1f9fd9bf804adf62a
ddd1ebc72eefea8442c0f0461e6f3c14ad5f198d275a1ca8ce04833809bda421
e0626538e7688b50e1b0fbcfbc10d25a845a990f042d75756dcb0762c415b608
e14a83e5cdd81f74cecded91684413446b2672c8fc2247e719decf10b0f2bcab
e2a387f6a7cdac265c90c59daa4f30eeb1d183b8bcce4858384ab51d33c94533
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6b20a1535a6d3ca3d7a611ae199a6f4b464e0b67b450379ed43a7ef3e66957c
e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
eea25630b8a6a5f531c6ba4f7bb6bf5b379137fe1fe4503db5d2e307eb9e5dae
eeaafc10a5e42552267e66056edc72e09b0ab1a06cfa5e23b554d5b5f21ab33b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f4680e430c0a9c6f3afe29d817c2b2234e38f0094538c693cee666817d594b72
fdebef6c90fabbaefe29c56b879cd42bc546315e98def614d7855f61ee312e38
fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

credit.hoacucxanh.com Open in urlscan Pro 2606:4700:3034::6815:5c92 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

134 Requests

94 %HTTPS

59 %IPv6

13 Domains

17 Subdomains

17 IPs

4 Countries

1892 kBTransfer

4852 kBSize

13 Cookies

1 Outgoing links

Redirected requests

134 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

credit.hoacucxanh.com Open in urlscan Pro
2606:4700:3034::6815:5c92 Public Scan

Screenshot
Live screenshot

Full Image

134
Requests

94 %
HTTPS

59 %
IPv6

13
Domains

17
Subdomains

17
IPs

4
Countries

1892 kB
Transfer

4852 kB
Size

13
Cookies

134 HTTP transactions
3 data transactions